Saturday, June 25, 2022

Legal Briefs

OBA Legal Briefs – January 2005 – June 2022

June 2022 OBA Legal Briefs

  • Please help us to help you (Part 2)
  • Oklahoma Mini-TCPA
  • Tit. 47 O.S. § 1110 (Perfection of Security Interest)
  • Tit. 47 O.S. § 427A/§ 1105A (Electronic filing, etc., of Titles) – REVISED
  • Changes in UCCC amounts effective 7/1/22

Please help us to help you (Part 2)

by Andy Zavoina

Last month, Pauli asked you to include certain information in your signature block when emailing us a question. This month, we ask you to avoid sending unnecessarily encrypted emails. We often find they are used for basic questions without information requiring such safeguards. It takes more time to register with an email provider and establish an acceptable password than to answer some questions. In many of these situations it may be faster just to call us.

When you do call, you may have to leave a voice mail. Please provide a detailed description of your question so that the appropriate person can call or email you and have the necessary resources available. And please, take the time to state clearly your questions, and especially your name, bank name and location, and call-back number.

[Editor’s note: In early May, an email security change at OBA locked the OBA Compliance Team out of the OBA email system, and we had to set up a temporary email account very quickly for the team. We are very happy to report that we regained access to our compliance@oba.com mailbox after only a few days. If any of you changed our email address in your contacts lists, please change it back. We appreciate your patience while we worked with the temporary setup.]

Oklahoma Mini-TCPA

By Andy Zavoina

The federal Telephone Consumer Protection Act (TCPA) was passed in 1991 and is well seasoned and understood by some and misunderstood by others. (“Your car warranty is expiring. This is your final notice.” Yeah, you wish it was final.) The law restricts certain telemarketing phone calls, text messages, and facsimiles. I’m not sure who is still using a fax so for the purposes of this article I will refer to telephone calls and text messages. Include faxes if your bank is using that delivery channel.) It also places restrictions on the use of automatic dialing systems and artificial or prerecorded voice messages.

In 2021 states began showing more interest by adding to the consumer protections. In particular, Florida passed its Florida Telephone Solicitation Act (FTSA). This included new and broader restrictions on telemarketing operations. Oklahoma has largely copied the FTSA in passing its own Oklahoma Telephone Solicitation Act. The Oklahoma version is often referred to as the mini-TCPA. It was signed by Governor Stitt in May and will be effective about five months later, beginning November 1, 2022. It will be codified in the Oklahoma Statutes as Section 775C.3 of Title 15.

There are a few key provisions we will focus on this month. The intent is consumer protection for Oklahoma residents, so the mini-TCPA expands on telemarketing restrictions. As with most telemarketing laws, this requires telemarketers to have a prior express written consent before they  contact a consumer. This is a term that is defined and means there is a written agreement that:

  1. bears the signature of the called party,
  2. clearly authorizes the person making or allowing the placement of a commercial telephonic sales call by telephone call, text message, or voicemail transmission to deliver or cause to be delivered to the called party a commercial telephonic sales call using an automated system for the selection or dialing of telephone numbers, the playing of a recorded message when a connection is completed to a number called, or the transmission of a prerecorded voicemail,
  3. includes the telephone number to which the signatory authorizes a commercial telephonic sales call to be delivered, and
  4. includes a clear and conspicuous disclosure informing the called party that:

(1) by executing the agreement, the called party authorizes the person making or allowing the placement of a commercial telephonic sales call to deliver or cause to be delivered a commercial telephonic sales call to the called party using an automated system for the selection or dialing of telephone numbers or the playing of a recorded message when a connection is completed to a number called, and

(2) he or she is not required to sign the written agreement directly or indirectly or to agree to enter into such an agreement as a condition of purchasing any property, goods, or services; and

This signature may be electronic as well as traditional wet ink.

In addition, telemarketers should pay special attention to four provisions of the Oklahoma law in particular. Let’s look at those four provisions.

One – There is no clarification over what is defined by the term “auto-dialer.” This has caused great concern and fueled litigation. The recent Supreme Court case of Facebook v Duguid established a limited definition to only the equipment which produces numbers using a random or sequential number generator. Without clarity the mini-TCPA could be more broadly interpreted making it more onerous on banks with marketing programs using applicable technologies. This new law refers only to, “an automated system for the selection or dialing of phone numbers.” This definition could refer to virtually any device which is not dialed manually.

Two – The mini-TCPA will limit the number of telephone calls and text messages which a telemarketer can send to any one consumer in a day. More specifically it limits contacting a consumer more than three times in a 24-hour period pertaining to the same subject matter or issue. This means the telemarketer must either track the calls and text messages to a given number based on the subject matter or have a system in place, be it software or some form of a database, that tracks and prevents any fourth or subsequent telephone or text message. If you ask me to define the “same subject matter or issue,” I cannot do that. It could be broadly or narrowly defined just as an auto-dialer may be. If a consumer was contacted once about opening a deposit account to take advantage of great rates and low fees, once about a new checking product, and then about a new savings account, could those three be bundled as one subject – deposit accounts? This may be up to legal interpretations and/or the courts.

Three – Although the “day” means a 24-hour period, the mini-TCPA passed for Oklahoma is a bit more limiting than many other states when it comes to time limits when the consumer may actually be contacted. The mini-TCPA limits contact to the 12-hour period from 8 a.m. until 8 p.m., local time. That is the consumer’s local time, not the bank’s. This has been a contentious issue in the past and will continue to be, because with mobile phones you have no idea where your consumers actually are. The area codes are not necessarily an indicator of your consumer’s local time, and this is especially true with military customers and those who travel and work or go to school in another time zone. Be sure to review item four (below) on this issue. Many other state laws and the federal TCPA allow contact from 8 a.m. until 9 p.m., so this new law is a bit more limiting.

Four – The new law does include a rebuttable presumption that your telephone calls and text messages to an Oklahoma area code are being made to an Oklahoma resident. So, for any of the state’s five area codes there is a defensible position as to when it is the customer’s local time. But unlike land lines that are geographically limited, your customer travels with their mobile phone and may permanently reside elsewhere. Be sure to cross reference addresses on file, because having sent bank statements to a consumer’s address in any other time zone may eliminate your rebuttable presumption.

Exemptions

The new mini-TCPA does provide exemptions that may apply to your bank. There are a number of exemptions, but I will draw your attention to number 20. It specifically exempts a “person soliciting business from prospective consumers who have an existing business relationship with or who have previously purchased from the business enterprise for which the solicitor is calling if the solicitor is operating under the same business enterprise.” This exemption alone may be enough to cause you to dismiss the mini-TCPA as a non-event but ensure you are familiar with it to avoid problems. And while this may be an exemption from the mini-TCPA, the bank may not enjoy the same exemptions from the federal TCPA.

Recommended actions

We recommend the bank evaluate all current telemarketing activities. There may be a concerted marketing effort in-house or outsourced for solicitations, or a branch may have taken upon itself an effort to contact new customers for sales in an effort to achieve periodic goal requirements. It happens and some employees will take the initiative. But a violation would be a violation regardless of the motivating factors. Know what is happening in and on behalf of your bank.

The bank should update policies and procedures addressing telemarketing activities even if called by another name, marketing, officer call programs, etc. that are impacted by the mini-TCPA.

Train staff so they all understand the basic requirements of the new mini-TCPA. Specifically focus on what activities are included and what they must do to comply both with the law itself and with the bank’s policies and procedures. This may include obtaining permission from customers as well as management to conduct any activities and following established procedures to comply with the new requirements.

Review and update any outsourcing agreements. Call centers that provide such marketing activities will be subject to the mini-TCPA whether they are a third party or part of the bank making “cold calls.” The bank may delegate authority to third parties, but it cannot delegate responsibilities. It is still the bank’s burden to ensure compliance and the bank has the ultimate responsibility. That said, any agreements may be reviewed to displace as much responsibility to a third party as possible for the actions of that third party.

Penalties

The mini-TCPA does contain a private right to action for consumers. The per call or text message penalties range from between the lesser of actual damages to $500 and to $1,500 for a willful violation. And with regulatory agencies using all possible penalties in enforcement actions, a problem or series of telemarketing problems could result in both state and federal TCPA actions. If the problem is large enough this could result in a class action suit.

There is time, but …

With several months between the date of this article and the November 1, 2022, effective date, there is time to accomplish these actions even with the summer months running interference. But banks are urged not to wait until the last minute and be forced to play catchup.

You will find HB3168 here,

Tit. 47 O.S. § 1110 (Perfection of Security Interest)

by Pauli Loeffler

Sec. 1110 was amended effective May 4, 2022, with regard to transfers of title when there is a lien entry filed by a commercial lender on a vehicle. The amendment provides:

A.

8. When there is an active lien from a commercial lender in place on a vehicle, motor license agents shall be prohibited from transferring the certificate of title on that vehicle until the lien is satisfied, except when the title is transferred:

a) to a person whose name is included on the loan for which the lien is placed pursuant to an agreement by the lender and any party to the title,

b) to a trust created by a person whose name is included on the loan for which the lien is placed, or

c)from a person who has died, upon the submission of a death certificate.

The provisions of this paragraph shall not be construed to release any lien or debt based solely upon a transfer of certificate of title.

The only way to perfect a security interest in a vehicle is by lien entry. As long as the lien remains on the title, the bank can repo the collateral, get a repo title, and sell the collateral. The original borrowers or their estates if the borrower is deceased will remain liable on the note regardless of whether they retain title or not.

Under the amendment if a co-borrower is NOT on the title to the vehicle, the title may only be transferred to the co-borrower if s/he provides proof of status as a co-borrower. Likewise, if the borrower is a natural person, title may be transferred to his or her trust subject to the lien. Note that a garnishment or levy will reach the settlor’s trust,

8.c. covers the situation where the borrower is deceased. The rationale for 8.c. is intended to cover the situation when the sole owner/borrower dies, and there is no other borrower, and no one is making loan payments, so the loan is in default. The problem facing the bank in repossessing and selling the vehicle is determining who must receive notice of the sale. If there is a probate, the bank can deal with the person appointed to represent the estate, but when there is no probate, things get messy.

If the owner provided a Transfer on Death Application (Tit. 47, Sec. 1107.5), title can be transferred to the named person, but such transfer is not allowed as long as the lien remains unsatisfied. Basically, 8.c. would allow the transfer provided payment of the loan has either been made, or the bank is willing to allow the individual named as Transfer on Death beneficiary to assume the loan. Note that if the TOD beneficiary neither pays off the loan nor assumes the loan, the bank can still repossess the vehicle, however, the TOD beneficiary will have no personal liability.

If the deceased owner/borrower had a will, then the title can be transferred using the OTC’s Affidavit of Small Estate. Again, as long as the lien remains on the title, there isn’t a problem, and the loan will have to be paid or provided for, e.g., the heir will assume the note or refi the loan. If there is no will, then the affidavit can’t be used. If the owner died intestate (no will), and there is no probate, then the bank has to determine who the deceased owner’s known heirs are and mail them notice of sake as well as provide publication notice to the unknown heirs. This is time and labor intensive which makes it more expensive to repo the vehicle and sell it. It remains to be seen whether 8.c. allows OTC to transfer title subject to the lien in such case. I believe that in order for this to be permitted, the OTC will need to promulgate new rules and forms.

Tit. 47 O.S. § 427A/§ 1105A (Electronic filing)

by Pauli Loeffler

I covered this in the October 2021 OBA Legal Briefs, but as we draw closer to its effective date on July 1, 2022, we need to review its provisions. This statute covers Electronic Filing, Storage and Delivery of Motor Vehicle Certificates of Title – Procedures. It provides for certificates of title and liens filed after June 30, 2022. Two provisions banks need to know are:

A. On or before July 1, 2022, the Oklahoma Tax Commission shall implement a program which will permit the electronic filing, storage and delivery of motor vehicle certificates of title and allow a lienholder to perfect, assign and release a lien on a motor vehicle in lieu of submission and maintenance of paper documents as otherwise provided in the provisions of Section 1101 et seq. of Title 47 of the Oklahoma Statutes…

B. The program authorized under subsection A of this section shall include, but not be limited to, procedures: 1. For the delivery of a certificate of title, on a paper document or in an electronic format, to the secured party having the primary perfected security interest in a vehicle in lieu of delivery to the record owner, notwithstanding the provisions of Section 1101 et seq. of Title 47 of the Oklahoma Statutes.  Provided, when electronic transmission of liens and lien satisfactions is used, a certificate of title need not be issued or printed until the last lien is satisfied and a clear certificate of title is issued to the owner of the vehicle at their request…

First, the Oklahoma Tax Commission will continue to offer both electronic and paper process on and after July 1, just as they do now. Second, instead of the vehicle’s owner receiving the title, the primary lien holder will receive the title. Since the OTC allows multiple lien entries on the title, lenders with inferior liens presumably have to request a copy of the title for their records, Finally, when all liens are released, it seems the owner will have to request a copy of the title.

Prior to July 1, 2022, the effective date of this legislation, there were only nine nontitle-holding states: Kentucky, Maryland, Michigan, Minnesota, Missouri, Montana, New York, Oklahoma, Wisconsin. In these states, the title is issued to the registered owner/operator of the vehicle, regardless of whether there is as a lien holder. In the other 41 states, titles are issued to the lien holder of the vehicle, who will hold the title until the loan is paid off. Oklahoma joins these title-holding states on July 1, 2022.

Changes in UCCC amounts effective 7/1/22

by Pauli D. Loeffler

Sec. 1-106 of the Oklahoma Uniform Consumer Credit Code  in Title 14A (the “U3C”) makes certain dollar limits subject to change when there are changes in the Consumer Price Index for Urban Wage Earners and Clerical Workers, compiled by the Bureau of Labor Statistics, U.S. Department of Labor.  You can download and print the notification from the Oklahoma Department of Consumer Credit by clicking here.   It is also accessible on the OBA’s Legal Links page under Resources once you create an account through the My OBA Member Portal. You can access the Oklahoma Consumer Credit Code as the changes in dollar amounts for prior years on that page as well.

Increased Late Fee

The maximum late fee that may be assessed on a consumer loan is the greater of (a) five percent of the unpaid amount of the installment or (b) the dollar amount provided by rule of the Administrator for this section pursuant to § 1-106. As of July 1, 2020, the amount provided under (b) will increase by $2.00 to $29.00

Late fees for consumer loans must be disclosed under both the UC3 and Reg Z, and the consumer must agree to the fee in writing. Any time a loan is originated, deferred, or renewed; the bank has the opportunity to obtain the borrower’s written consent to the increased late fee set by the Administrator of the Oklahoma Department of Consumer Credit.  However, if a loan is already outstanding and is not being modified or renewed, a bank has no way to unilaterally increase the late fee amount if it states a specific amount in the loan agreement.

On the other hand, the bank may take advantage of an increase in the dollar amount for late fees if the late-fee disclosure is worded properly, such as:

“If any installment is not paid in full within ten (10) days after its scheduled due date, a late fee in an amount which is the greater of five percent (5%) of the unpaid amount of the payment or the maximum dollar amount established by rule of the Consumer Credit Administrator from time to time may be imposed.”

§ 3-508A

This section of the “U3C” sets the maximum annual percentage rate for certain loans. It provides three tiers with different rates based on unpaid principal balances that may be “blended.” It also has an alternative maximum rate that may be used rather than blending the rates. The amounts under each tier are NOT subject to annual adjustment by the Administrator of the Oklahoma Department of Consumer Credit under §1-106. However, a new subsection (4) was added allowing the lender to charge a closing fee which IS subject to adjustment under § 1-106. The closing fee of $28.85 was effective for loans made on and after November 1, 2021. This amount has increased as follows:

(4)  In addition to the loan finance charge permitted in this section and other charges permitted in this act, a supervised lender may assess a lender closing fee not to exceed One Hundred Sixty-seven Dollars and thirty-three ($167.33) upon consummation of the loan.

Note that the closing fee, while not a finance charge under the OK U3C, and therefore not considered for purposes of Oklahoma usury IS a finance charge under Reg Z. Most banks use Reg Z disclosures. This means that it is possible that the fee under Reg Z disclosures will cause the APR to exceed the usury rate under § 3-508A. If that happens, document the file to show that the fee is excluded under the U3C in order to show that the loan does not in fact violate Oklahoma’s usury provisions. Please note that the bank is NOT required to charge a closing fee at all, and I know that at least one bank has stated it has decided to charge an amount less than the amount permitted under the statute.

You can access the § 3-508A Matrix here. (https://www.oba.com/wp-content/uploads/2021/11/Okla-3-508A-Max-APR-Chart-effective-11-1-2021.pdf)

§ 3-508B Loans

Some banks make small consumer loans based on a special finance-charge method that combines an initial “acquisition charge” with monthly “installment account handling charges,” rather than using the provisions of § 3-508A with regard to maximum annual percentage rate.

The permitted principal amounts for § 3-508B is adjusting from $1,6200.00 to $1,740.00 for loans consummated on and after July 1, 2022.

Sec. 3-508B provides an alternative method of imposing a finance charge to that provided for Sec. 3-508A loans. Late or deferral fees and convenience fees as well as convenience fees for electronic payments under § 3-508C are permitted, but other fees cannot be imposed. No insurance charges, application fees, documentation fees, processing fees, returned check fees, credit bureau fees, nor any other kind of fee is allowed. No credit insurance even if it is voluntary can be sold in connection with in § 3-508B loans. If a lender wants or needs to sell credit insurance or to impose other normal loan charges in connection with a loan, it will have to use § 3-508A instead.  Existing loans made under § 3-508B cannot be refinanced as or consolidated with or into § 3-508A loans, nor vice versa.

As indicated above, § 3-508B can be utilized only for loans not exceeding $1,740.00. Further, substantially equal monthly payments are required. The first scheduled payment cannot be due less than one (1) calendar month after the loan is made, and subsequent installments due at not less than 30-day intervals thereafter. The minimum term for loans is 60 days. The maximum number of installments allowed is 18 months calculated based on the loan amount as 1 month for each $10.00 for loan amounts between $173.94 and $580.00 and $20 for loan amounts between $580.01 – $1,740.00.

Lenders making § 3-508B loans should be careful and promptly change to the new dollar amount brackets, as well as the new permissible fees within each bracket for loans originated on and after July 1st. Because of peculiarities in how the bracket amounts are adjusted, using a chart with the old rates after June 30 may result in excess charges for certain small loans and violations of the U3C provisions.

Since §3-508B is “math intensive,” and the statute whether online or in a print version does NOT show updated acquisition fees and handling fees, you will find a modified version of the statute with the 2022 amounts toward the bottom of the Legal Links page here. Again, you will need to register an account with the OBA in order to access it.

The acquisition charge authorized under this statute is deemed to be earned at the time a loan is made and shall not be subject to refund, if the loan is prepaid in full, refinanced or consolidated within the first sixty (60) days, the acquisition charge will NOT be deemed fully earned and must be refunded pro rata at the rate of one-sixtieth (1/60) of the acquisition charge for each day from the date of the prepayment, refinancing or consolidation to the sixtieth day of the loan. The Department of Consumer Credit has published a Daily Acquisition Fee Refund Chart for prior years with links on this page, (https://www.ok.gov/okdocc/Licenses_We_Regulate/Supervised_Lender/index.html)  but had not done so at the time this article was written. Note if a loan is prepaid, the installment account handling charge shall also be subject to refund. A Monthly Refund Chart for handling charges for prior years can be accessed on the page indicated above, as well as § 3-508B Loan Rate (APR) Table. I expect the charts and table for 2022 to be added shortly.

NOTE: Sec. 3-508B was amended this last legislative session with changes that are effective November 1, 2022. I will cover the changes in a future Legal Briefs article prior to the effective date.

§ 3-511 Loans

I frequently get calls when lenders receive a warning from their loan origination systems that a loan may exceed the maximum interest rate. Nearly always, the banker says the interest rate does not exceed the alternative non-blended 25% rate allowed under § 3-508A according to their calculations. Usually, the cause for the red flag on the system is § 3-511. This is another section for which loan amounts may adjust annually. Here is the section with the amounts as effective for loans made on and after July 1, 2020, in bold type.

Supervised loans, not made pursuant to a revolving loan account, in which the principal loan amount is $5,800.00 or less and the rate of the loan finance charge calculated according to the actuarial method exceeds eighteen percent (18%) on the unpaid balances of the principal, shall be scheduled to be payable in substantially equal installments at equal periodic intervals except to the extent that the schedule of payments is adjusted to the seasonal or irregular income of the debtor; and

(a) over a period of not more than forty-nine (49) months if the principal is more than $1,740.00, or

(b) over a period of not more than thirty-seven (37) months if the principal is $1740.00 or less.

The reason the warning has popped up is due to the italicized language: The small dollar loan’s APR exceeds 18%, and it is either single pay or interest-only with a balloon.

Dealer Paper “No Deficiency” Amount

If dealer paper is consumer-purpose and is secured by goods having an original cash price less than a certain dollar amount, and those goods are later repossessed or surrendered, the creditor cannot obtain a deficiency judgment if the collateral sells for less than the balance outstanding. This is covered in Section 5-103(2) of the U3C. This dollar amount was previously $5,400.00 and increases to $5,800.00 on July 1.

May 2022 OBA Legal Briefs

  • Please help us help you
  • Lender credits on the TRID closing disclosure
  • MLA and GAP
  • Overdraft fees are not interest

Please help us help you

By Pauli D. Loeffler

You may have missed the notice on the Oklahoma Bankers Association’s webpage regarding issues the OBA Legal and Compliance team is experiencing with emails sent to us. Regardless of the fact that we hope to have the issue resolved shortly, we found that many bankers fail to provide vital contact information in their email signature blocks. This delays or prevents us from providing a quick response.

Specifically, the signature block needs to have not only your name and the name of the bank but also your email address, phone number (with extension, if any), and the city where you are located. There are times when a phone call to get additional information to answer a question is better than a series of emails. We certainly can look up the phone number for the main bank, but most banks have branches which results in making additional calls.

We appreciate your understanding and patience during the resolution of the email issue and look forward to answering your legal and compliance questions.

Lender credits on the TRID closing disclosure

By John S. Burnett

There are two types of lender credits that are disclosed under Regulation Z’s “TRID” disclosure requirements. In this discussion, we will review how those two types of lender credits should be used and disclosed.

First, however, let’s review what lender credits include. They are (1) payments, such as credits, rebates, and reimbursements, that a creditor provides to a consumer to offset closing costs the consumer will pay as part of the mortgage loan transaction; and (2) premiums in the form of cash that a creditor provides to a consumer in exchange for specific acts, such as for accepting a specific interest rate, or as an incentive, such as to attract consumers away from competing creditors.   (https://www.consumerfinance.gov/compliance/compliance-resources/mortgage-resources/tila-respa-integrated-disclosures/tila-respa-integrated-disclosure-faqs/#lender-credits)

Another way of separating lender credits into two types is to use the terms “specific lender credits” and “general lending credits.” These are the ways in which lender credits are disclosed that our discussion is focused on.

General lender credits

Your bank may decide, for example, that it will pay up to $1,000 in borrower third-party closing costs, without specifying which third-party costs are included. Because you want the lender credit to appear on the loan estimate, you show that lender credit as a negative amount in the estimated closing costs on page one and in section J on page 2. You also disclose your good faith estimates of closing costs for the loan your applicant has applied for – the origination charges, title work costs, taxes and recording fees, prepaids and all the rest –  that collectively will most likely be paid in connection with the loan, without indicating which of those costs your promised $1,000 will cover. The “calculating cash to close” box starts with the total closing costs reduced by the general lender credit, so it flows through to the Estimated Cash to Close – the approximation of what the applicant can expect to bring to (or receive from) the closing.

Note: Completing the loan estimate this way does present a risk that the closing costs to be covered end up totaling less than the general lender credit amount at closing time. Because lender credits are considered “negative closing costs,” a lender cannot reduce the general lender credit that appears on the loan estimate unless the lender credit is directly affected by a changed circumstance affecting the lender credit as part of the pricing of the loan. However, this is the usual way to complete a loan estimate when the lender intends to provide a general lender credit toward closing costs.

General lender credits for tolerance violations

We just discussed an example of a planned or intentional general lender credit. There’s also the chance that your bank will have to provide an unexpected general lender credit if its closing costs estimates fall short of the actual closing costs, and the differences are more than permitted under the tolerance limits in Regulation Z §§ 1026.19(e)(3)(i) and 1026.19(e)(3)(ii) — the zero percent and ten percent tolerance rules, respectively.

When a lender determines that it has exceeded the tolerance limits under either or both of those sections, it has to adjust the amount due to or from the consumer by the amount by which the tolerance limits were exceeded. A general lender credit (or an increase to a general lender credit already provided) is one way to get that done.

In such a case, the amount of the excess closing costs will appear (itself or as part of a Lender Credits amount) in three places on the closing disclosure:

  1. On the Lender Credits line in section J on page 2, the amount of the excess closing costs will appear in parentheses in the label after the words “Lender Credits.” The statement in the parentheses will read “(Includes $XXX credit for increase in Closing Costs above legal limit)” and the total Lender Credit amount (including the excess closing costs and any other planned general lender credit) appears as a negative amount in the Borrower Paid At Closing column.
  2. On the Total Closing Costs line of the Calculating Cash to Close table on page 3, if the actual closing costs exceed the estimated closing costs, and tolerance violations have occurred, the total amount of the tolerance violations will appear in a second bullet list entry in the “Did this change?” response, saying “Increase exceeds legal limits by $XXX. See Lender Credits on page 2.”
  3. On page 1, on the Closing Costs line of the Costs at Closing table, the amount of the total tolerance violations (the amount to be credited in the general lender credit) appears as part of the Lender Credits after the minus sign and before the words “in Lender Credits,” so the statement to the right of the total closing costs figure reads: “Includes $XXXX.xx in Loan Costs + $XXXX.xx in Other Costs = $XXXX.xx in Lender Credits.”

Specific lender credits

If your bank wants to pay selected closing costs that consumers are typically charged as part of your residential mortgage lending strategy, there are two ways to prepare the loan estimate. You can simply omit those selected costs that the consumer will not be charged from the loan estimate completely (your applicants won’t be charged for these services, so they don’t have to be included on the loan estimate). Make sure you disclose any costs that the consumer will be charged (an application fee, for example).

Another way to complete the loan estimate is to include all the costs the lender estimates will be involved (including those the lender intends to absorb) and show a general lender credit. In that way, the consumer sees all those costs, but also sees the amount of those costs the lender plans to cover.

But this section is about specific lender credits, you’re thinking. That’s right, it is. Because when it’s time to issue the closing disclosure, you get down to specifics. For each loan cost or other cost on page 2 that the lender intends to cover, insert the amount of that cost in the Paid By Others column and (optionally) identify it as a lender credit by including “(L)” before the dollar amount (without the quotation marks, of course). That reduces the costs due from the consumer because there’s no cost for the service in the Borrower Paid column. You’ve correctly disclosed a specific lender credit. Now, do the same for each cost that the lender is absorbing.

Suppose that the loan estimate for the loan included a general lender credit. The total of specific lender credits and general lender credits on the closing disclosure must equal or exceed the amount of the general lender credit on the loan estimate. What do you do if you overestimated a cost on the loan estimate, or one of the services listed there was not used, and now your loan estimate has a general lender credit amount that’s $50 more than the total specific lender credits on the closing disclosure? You include a general lender credit of $50 on the closing disclosure in Section J on page 2 and in the Costs at Closing table at the bottom of page 1.

What about tolerance violations?

Earlier, we said that a lender can issue a loan estimate without including the costs that the lender intends to absorb. When it’s time for closing, you must include all costs, regardless of who pays them. We’ve described above the way to avoid tolerance violations, by putting the costs to be absorbed in the Paid by Others column on the closing disclosure.  Just to make it interesting, let’s assume that the lender did not intend to absorb the cost of the appraisal, and included that service on the loan estimate in section B as “not shoppable,” with a cost estimate of $750.  For whatever reason, the actual cost of the appraisal ends up at $900, and the lender did not elect to issue a revised loan estimate for a changed circumstance. So there is a $150 tolerance violation (it is a 0 percent tolerance service cost). Does the lender have to treat that as an “increase exceeding legal limits” and include that $150 in Section J and in the Costs at Closing table?

No. There’s an easier (and better, in this author’s view) way to handle it. Just break the cost of the appraisal into two parts: $750 goes in the Borrower Paid column and (L) $150 goes in the Paid by Others column.

The same strategy can be used for a cost omitted by mistake from the loan estimate or any other cost that would become a tolerance violation if paid by the consumer. If the lender is facing an excessive increase in 10-percent limit costs, enough costs to bring the “10 percent bucket” back to a 10 percent increase or less can be shifted from the Borrower Paid column to the Paid by Others column.

Whichever method is used, the total paid by the consumer will be the same. The only difference is how the lender credits are shown – as general or specific lender credits.

One important caveat – don’t use the specific lender credit method if you’re dealing with a prepaid finance charge. For some loan origination systems, doing so can alter the finance charge amounts and affect the APR.

 MLA and GAP

By Andy Zavoina

It is no surprise that the Department of Defense is not a fan of GAP coverage on loans to service members. When the Military Lending Act regulation (MLA) was revised and later clarified with guidance in Q&A form, the DoD essentially said that an automobile loan was exempt from MLA restrictions when the funds from the loan were used for the purchase of the collateral, but if there were additional funds such as for non-essential items, the loan would lose the exemption.

This could then require more disclosures on a loan and attention to the 36 percent Military Annual Percentage Rate (MAPR) cap which is the Annual Percentage Rate on steroids. The MAPR is inclusive of such fees as GAP and credit insurance and the 36 percent rate is easily within reach with these fees included. This is a reason those financing vehicles want the exclusion from disclosures and the 36 percent usury rate. The DoD dislikes GAP insurance as well as some other costs like credit life insurance. Many banks like them as they can be profitable for the banks especially in competitive low-rate environments.

The DoD views many costs as unnecessary and expensive to the service member borrower. Banks and auto dealers do make a profit on these add-ons and many of these serve a key and important role, when needed. As to insurance, more than once I have seen a service member who had no equity in the collateral be saved from a deficit balance when a car was totaled or an estate saved from a debt when a service member passed. If the insurance is never needed it may seem expensive. But for those who paid a fraction of what was later paid out in a claim, it was worthwhile. The DoD sees the payouts as an exception and greed, or unnecessary costs to a service member anyway, as the rule.

In 2016 the DoD attempted to clarify the wording of the MLA exemption requirements with Guidance instead of revising the regulation itself. In the text below you can read that the exemption was lost with certain additional items being financed, a hybrid loan, but not others. Cash out being included in the loan would clearly void the exemption. GAP was not directly discussed and many lenders believed it was an essential component of a loan.

Here is Question 2 from the original August 2016 Guidance from the DoD:

  1. Does credit that a creditor extends for the purpose of purchasing personal property, which secures the credit, fall within the exception to “consumer credit” under 32 CFR 232.3(f)(2)(iii) where the creditor simultaneously extends credit in an amount greater than the purchase price?

Answer: No.  Section 232.3(f)(1) defines “consumer credit” as credit extended to a covered borrower primarily for personal, family, or household purposes that is subject to a finance charge or payable by written agreement in more than four installments. Section 232.3(f)(2) provides a list of exceptions to paragraph (f)(1), including an exception for any credit transaction that is expressly intended to finance the purchase of personal property when the credit is secured by the property being purchased.  A hybrid purchase money and cash advance loan is not expressly intended to finance the purchase of personal property, because the loan provides additional financing that is unrelated to the purchase.  To qualify for the purchase money exception from the definition of consumer credit, a loan must finance only the acquisition of personal property.  Any credit transaction that provides purchase money secured financing of personal property along with additional “cash-out” financing is not eligible for the exception under § 232.3(f)(2)(iii) and must comply with the provisions set forth in the MLA regulation

In December 2017 that question was modified to include the section on personal property as well as on vehicles. They mirror one another, and it always seemed odd they separated the two forms of collateral but treated them exactly the same, less the original Guidance which discussed just vehicles. The revised Guidance was more detailed as you can read below, and was specific to state GAP would in fact void the MLA exemption.

  1. Does credit that a creditor extends for the purpose of purchasing a motor vehicle or personal property, which secures the credit, fall within the exception to “consumer credit” under 32 CFR 232.3(f)(2)(ii) or (iii) where the creditor simultaneously extends credit in an amount greater than the purchase price of the motor vehicle or personal property?

Answer: The answer will depend on what the credit beyond the purchase price of the motor vehicle or personal property is used to finance.  Generally, financing costs related to the object securing the credit will not disqualify the transaction from the exceptions, but financing credit-related costs will disqualify the transaction from the exceptions.

Section 232.3(f)(1) defines “consumer credit” as credit offered or extended to a covered borrower primarily for personal, family, or household purposes that is subject to a finance charge or payable by written agreement in more than four installments. Section 232.3(f)(2) provides a list of exceptions to paragraph (f)(1), including an exception for any credit transaction that is expressly intended to finance the purchase of a motor vehicle when the credit is secured by the vehicle being purchased and an exception for any credit transaction that is expressly intended to finance the purchase of personal property when the credit is secured by the property being purchased. 

 A credit transaction that finances the object itself, as well as any costs expressly related to that object, is covered by the exceptions in § 232.3(f)(2)(ii) and (iii), provided it does not also finance any credit-related product or service.  For example, a credit transaction that finances the purchase of a motor vehicle (and is secured by that vehicle), and also finances optional leather seats within that vehicle and an extended warranty for service of that vehicle is eligible for the exception under § 232.3(f)(2)(ii).  Moreover, if a covered borrower trades in a motor vehicle with negative equity as part of the purchase of another motor vehicle, and the credit transaction to purchase the second vehicle includes financing to repay the credit on the trade-in vehicle, the entire credit transaction is eligible for the exception under § 232.3(f)(2)(ii) because the trade-in of the first motor vehicle is expressly related to the purchase of the second motor vehicle.  Similarly, a credit transaction that finances the purchase of an appliance (and is secured by than appliance), and also finances the delivery and installation of that appliance, is eligible for the exception under § 232.3(f)(2)(iii).

 In contrast, a credit transaction that also finances a credit-related product or service rather than a product or service expressly related to the motor vehicle or personal property is not eligible for the exceptions under § 232.3(f)(2)(ii) and (iii).  For example, a credit transaction that includes financing for Guaranteed Auto Protection insurance or a credit insurance premium would not qualify for the exception under § 232.3(f)(2)(ii) or (iii).  Similarly, a hybrid purchase money and cash advance credit transaction is not expressly intended to finance the purchase of a motor vehicle or personal property because the credit transaction provides additional financing that is unrelated to the purchase.  Therefore, any credit transaction that provides purchase money secured financing of a motor vehicle or personal property along with additional “cash out” financing is not eligible for the exceptions under § 232.3(f)(2)(ii) and (iii) and must comply with the provisions set forth in the MLA regulation.

In this 2017 Guidance the DoD says a loan that finances the purchase of a motor vehicle and is secured by that vehicle can also finances optional leather seats, negative equity and an extended vehicle warranty as an example of a loan that would be eligible for the MLA exemption.  In contrast the Guidance used a credit transaction which includes financing for GAP insurance or a credit insurance premium as examples of a credit transaction that would not be exempt from the MLA.

Many banks and auto dealers stopped offering GAP coverage to those subject to the MLA, even when the loan was under the 36 percent usury cap. Some lenders’ systems were not ready to make all the other MLA disclosures that would be required. The wording of the MLA has been interpreted by some to understand that the MLA does not allow the financing to be secured by the purchased vehicle’s title. This caused further doubts as to lending to covered service members.

In 2019 many banking and vehicle trade groups tried to assist their members in dealing with the Guidance and the loss of exemptions citing reports of actual harm to the service members themselves as they now had limited options for loans and the ancillary products they historically had access to. Several trade organizations wrote and asked for clarity.

Then, in 2020, the DoD withdrew its earlier interpretation and it opened the window for GAP by removing the explicit statement that it voided the exemption.  The question was again re-phrased, now using just the term personal property apparently to include vehicles and other household items with the answer as follows:

  1. Does credit that a creditor extends for the purpose of purchasing personal property, which secures the credit, fall within the exception to “consumer credit” under 32 CFR 232.3(f)(2)(iii) where the creditor simultaneously extends credit in an amount greater than the purchase price?

Answer: No. Section 232.3(f)(1) defines ‘‘consumer credit’’ as credit extended to a covered borrower primarily for personal, family, or household purposes that is subject to a finance charge or payable by written agreement in more than four installments. Section 232.3(f)(2) provides a list of exceptions to subparagraph (f)(1), including an exception for any credit transaction that is expressly intended to finance the purchase of personal property when the credit is secured by the property being purchased. A hybrid purchase money and cash advance loan is not expressly intended to finance the purchase of personal property, because the loan provides additional financing that is unrelated to the purchase. To qualify for the purchase money exception from the definition of consumer credit, a loan must finance only the acquisition of personal property. Any credit transaction that provides purchase money secured financing of personal property along with additional ‘‘cash- out’’ financing is not eligible for the exception under § 232.3(f)(2)(iii) and must comply with the provisions set forth in the MLA regulation.

So if the GAP example was removed, that must mean that financing the GAP product was now allowed, right? Many banks and other lenders jumped on that bandwagon and resumed financing such purchases. In the 2020 announcement what the DoD said was that it was withdrawing its answer because of “unforeseen technical issues” and, “absent additional analysis, (the DoD) takes no position on any of the arguments or assertions advanced as a basis for withdrawing” its 2017 guidance.

The on again, off again and still without clarity roller coaster brings us to today. A 2021 court case decided by the U.S. District Court for the Eastern District of Virginia involves the MLA and GAP. In Davidson v. United Auto Credit, Davidson was a covered borrower under the MLA when he purchased and financed a vehicle with GAP coverage included at a cost of $350. The complaint was that the retail installment contract violated the MLA because it did not disclose the MAPR plus it had other MLA defects.

The trial court ruled that GAP being added to the contract did not void the MLA exemption. The judge said the clear language in the law and regulation did not void the exemption while Davidson argued the 2016 Guidance was not affected by withdrawal of the 2017 revision and that the loan for the vehicle purchase was still subject to the MLA requirements. The judge found Davidson’s argument unpersuasive, stating that the GAP coverage was “inextricably” tied to the purchase of the vehicle.

So far, this is good news for the banks and other lenders. But the case has been appealed to the U.S. Court of Appeals for the Fourth Circuit. In January 2022 the Consumer Finance Protection Bureau (CFPB) filed an amicus brief in favor of Davidson. The CFPB takes the position that when GAP coverage is included in the vehicle’s financing the exemption is voided and the loan requires complete compliance with the MLA. The DoD,  joined in the CFPB’s amicus brief. The DoD said it “strongly concurs” with the CFPB on the issue. Now it is established that the CFPB as well as the DoD do not look favorably to the financing of GAP coverage on vehicle loans.

It is unknown what or when the court will rule. We have seen the CFPB take very proactive consumer protection positions and itself reversing Trump period provisions which were deemed “pro business.” The DoD controls and interprets 32 CFR 232. Many do not believe it would get back on the roller coaster and again revise its guidance, but its position is clear. GAP is not as prevalent, but this case is service member specific. I doubt we would see a retroactive reversal of loans with GAP coverage being impacted but as future plans are considered for loan products, banks with high volumes of loans to service members, with GAP may opt to temper any high sales penetration goals or at least recognize that what the DoD gave, it can take back.

Overdraft fees are not interest

By Andy Zavoina

It was a split decision at the U.S. Court of Appeals for the Tenth Circuit as it ruled on Walker v. BOKF, Nat’l Ass’n, (10th Cir. April 8, 2022). Oklahoma is in the Tenth Circuit. This court affirmed a lower court’s dismissal of a suit claiming that the bank was charging usurious interest on overdrafts.

In this case Walker created an overdraft in his checking account in the amount of $25. The bank paid the item and added to that a fee of $34.50. The bank also charges a daily fee of $6.50 per business day after five days that the account remains in the overdraft. This is disclosed as an “extended overdraft charge.” There were 36 daily overdraft charges accrued before the deposit account reached a positive balance. The original NSF fee plus 36 daily fees total to $268.50.

Walker maintains that these fees equate to interest charged on the original $25 overdraft and that this amount is usurious. BOKF is a national bank. The National Banking Act of 1864 allows a national bank to charge an interest rate no greater than the rate allowed by the state in which the bank is chartered. In the case of Oklahoma this allows a rate of 6 percent. Doing the math, 6 percent per annum on $25 is $.00411 per day which is a lot less than the fee charged by BOKF.

The bank moved for dismissal and the District Court granted that motion. The District Court held that overdraft fees are fees for deposit account services and were not interest and therefore not subject to the National Banking Act or the 6 percent rate allowed by the state. “Back in the day,” paper items were presented and reviewed against deposit balances and manual decisions were made to pay or return an item. There were people involved and hard costs in addition to the opportunity costs of the funds themselves. The process has been automated today but the theory remains the same.

The District Court’s ruling was appealed to the Tenth Circuit Court where there was a dissenting opinion. This argued that the banking regulation was not ambiguous and that overdraft fees do meet the definition of interest. The dissenting opinion maintains that  “When [the Bank] decides to cover a customer’s overdraft, it pays for the item and expects to be paid back. For example, despite [Plaintiff’s] inability to afford the original charge due to insufficient funds, [the Bank] made money available to him by purchasing the item for him. [The Bank] deducted the cost from [Plaintiff’s] account and charged him an overdraft fee, which it also deducted. But the bank expected to be paid back. By covering an overdraft, [the Bank] thus makes a temporary provision of money with the expectation of repayment. In other words, [the Bank] makes a loan.” Others may also see a daily fee as being a time-price differential or a cost for the use of the funds on that daily basis and consider that akin to an interest charge.

The majority of the Tenth Circuit judges did not agree. They affirmed the lower court’s findings based on Interpretive Letter 1082 issued in 2001, in which the OCC maintains that overdraft fees are designed to compensate the bank for “services directly connected with the maintenance of a deposit account,” and “therefore the bank was not creating a ‘debt’ that it then ‘collected’ by recovering the overdraft and the overdraft fee from the account.  Instead, the bank was ‘providing a service to its depositors’ that the accountholder had agreed to pay for.” So, the OCC determined 21 years ago that fees for “deposit account services” (under 12 CFR 7.4002(a)) were not interest and were fees for agreed upon services which were offered, accepted and performed. The majority agreed that IL 1082 was entitled to an “Auer deference” — agency’s interpretation of its own ambiguous regulation is controlling unless plainly erroneous or inconsistent with the regulation — because 12 CFR 7.4001(a) addresses interest and is ambiguous.

April 2022 OBA Legal Briefs

  • Nacha warranties and old unauthorized ACH debits
  • P2P complaints
  • Fair banking

Nacha warranties and old unauthorized ACH debits

By John S. Burnett

Your bank just wrapped up its investigation of a consumer’s Regulation E claim involving a series of unauthorized ACH debits made by a gymnasium. Your customer, Sam, got a notice that the gym was being closed “temporarily” on August 10, 2019, for some major renovation work. He assumed the gym would suspend charging his account for his monthly membership fee, but the regular $39.95 charge showed up on his account on August 26, 2019. So, Sam emailed the gym’s owner/manager on August 27, 2019, to cancel the authorization for the monthly changes  and got an emailed response that no further charges would be made to his account, and the August 26 charge would be credited to his membership for the first month when the gym was allowed to reopen.

For whatever reason, Sam didn’t check his account again until March 10, 2022, when he wasn’t able to withdraw $50 at the bank’s ATM. Those of you who are used to handling Reg E claims know what he found – the gym didn’t stop charging his account, and there was a series of 30 monthly debits from September 25, 2019, through February 25, 2022, that he was not expecting to see.  On March 11, Sam, rightfully embarrassed by his lack of attention to his account, brought copies of his statements (which had been made available to him on the bank’s online banking portal on the last day of each month) into his local bank branch, each with a $39.95 ACH debit from the gym circled in red, along with a copy of his August 27, 2019, email to the gym manager and the manager’s response, and asked what the bank could do about getting his money back.

Your branch manager checked with the bank’s deposit operations manager, who suggested that Sam could get back the January 25 and February 25, 2022, debits quickly if the branch manager got him to complete and sign a Written Statement of Unauthorized Debit (WUSD) on those two transactions, but Operations would need to handle the Reg E claim on the earlier debits. Sam signed two WSUDs while the branch manager was copying the statements Sam had brought in. One WSUD covered the two most recent debits (totaling $79.90), as requested by the operations manager, and the other covered the 28 earlier debits (which totaled $1,118.60).

Sam’s documentation made it easy for Operations to complete a speedy investigation, and they agreed that all 30 of the ACH debits were unauthorized. Then they plugged the dates and amounts into their Regulation E Consumer Liability Calculation spreadsheet and determined that Sam should be reimbursed for the unauthorized transactions that posted to his account on or before November 29, 2019 (60 days after the September 2019 statement was available). That would include the September 25, October 25, and November 25, 2019, debits, for a total of 3 times $39.95, or $119.85. Operations also returned the ACH debits that hit Sam’s account on January 25 and February 25, 2022. Within three business days of filing his claims, Sam received credits of $119.85 and $79.90 to his account, and a couple of days later he got a letter explaining that the bank agreed that all thirty of the disputed debits were unauthorized, the bank had refunded only $119.85 for the first three debits, and Sam was responsible for the rest of them because he had failed to review his account statements and promptly notify the bank of the unauthorized debits. The letter then explained that, because he had provided the WSUD covering the two transactions that were less than 60 days old, the bank had been able to return them, and had credited him with $79.90. That leaves Sam with a loss of $998.75 due to his lack of attention to his account.

Using Nacha’s authorization warranty to recover more

The operations manager had done some further research and discovered that Nacha rules include a warranty of authorization that’s given by the Originating Depository Financial Institution (ODFI) in favor of the Receiving Depository Financial Institution (RDFI). That warranty covers two periods for consumer accounts — (11) the first 95 days from the settlement date of the first unauthorized entry to the consumer’s account (which generally corresponds to the period of time the RDFI would be responsible for unauthorized entries under Regulation E § 1005.6(b)(3)); and (2) after the first 95 days but with settlement dates less than two years old. [For non-consumer accounts, the Nacha warranty covers entries with Settlement Dates no more than one year old.]

Buoyed by what she found, the operations manager checked with the bank’s legal department, which suggested she:

  1. Identify the ODFI and its head office address.
  2. Compose a letter stating a claim for breach of warranties under section 2.4.1.1 of Nacha Rules (Warranty that the entry is authorized by the Originator and Receiver) with respect to the unauthorized entries on September 25, 2019, and during the 95 days following that date (that would include the transactions through December 29, 2019), and the entries with Settlement Dates later than two years ago but before January 1, 2022 (the two entries occurring later than January 1, 2022, had been returned).
  3. Include a schedule of the posting dates and amounts of the entries covered by the claim.
  4. Include a statement in the claim letter that the Receiver (Sam, your customer) revoked the authorization and the Originator had acknowledged and accepted that revocation on August 27, 2019.
  5. Include copies of the August 27, 2019, emails between Sam and the gym owner/manager.

She completed the claim letter and faxed it to the ODFI on March 24, 2022.

What happens next depends on how the ODFI treats the warranty claim. This is, of course, a contrived story designed to illustrate the fact that the ability to make an “extended return” of an unauthorized ACH debit up to 60 days after its Settlement Date is not the “last resort” attempt at recovering funds for the bank or its depositor. Nacha Rules warranty provisions provide this additional tool. In fact, Nacha has a handy tool to explain its warranty at https://www.nacha.org/content/warranty-claims-tool

Let’s suppose the ODFI honors the claim and sends full payment for 4 unauthorized debits during the 95-day period (9/25/19 through 12/29/19) and 22 debits covered under the two-year period (3/24/20 through 3/24/22, but the January and February 25, 2022, debits aren’t part of the claim because they had been successfully returned earlier). What should the operations manager do with the $1,038.70 check?

The RDFI gets reimbursed for the three early debits that it had to return to Sam. And, because the RDFI can’t profit from the warranty claim, it credits the remaining $918.85 to Sam’s account, which covers most of his loss. He’s still out $79.90 for the January and February 2020 debits, which fall into the gap between the two Nacha warranty periods.

Of course, not every ODFI would honor such a claim. If the claim is denied, the RDFI can file a rules violation case with Nacha or press the claim in a civil court suit after weighing the cost/benefit of such a course. In our contrived example, however, the ODFI reviewed a strong claim that the debits were clearly unauthorized and decided not to fight it.

P2P complaints

By Andy Zavoina

In December 2021, the Consumer Financial Protection Bureau released an updated Compliance Aid for Reg. E, in the form of FAQs. We wrote about the FAQs extensively this last January and February. Central to these FAQs were P2P, or Peer-to-Peer payment programs from companies like Venmo, Zelle and Cash App. About a week after the updated FAQs were released 33 state attorneys general wrote to CFPB Director Rohit Chopra wanting stronger safeguards for consumers using these P2P apps. Oklahoma’s Attorney General was not on the letter.

It is estimated that in 2023 more than $1 trillion in transactions will happen using these apps. Usage has increased during the pandemic and the public seems to have accepted these programs for many uses. Some people see them as an extension of their bank accounts and it makes it easy to split a dinner bill, pay for a Pampered Chef order or pay a vendor for services rendered.

But when a transaction goes south, whom do they call? It could be your bank, who will refer them to the P2P vendor for customer service. With the updated FAQs we now know that the concerns of the attorneys general were partially answered in the FAQs as the CFPB opined that in many cases banks will have to shoulder the burden of handling claims, however. We covered that in January and February but as a short recap, if a bank has an agreement with a P2P vendor handling transactions the bank cannot deflect a claim for unauthorized use to the vendor. The CFPB opined that if the bank and P2P vendor share a credit card agreement such as both accept Visa or Mastercard, that constitutes “an agreement.”

Aside from banks now shouldering the claims burden, the letter to the CFPB complained that the P2P vendors have poor customer service. It was noted that reaching an actual person was difficult and usually included long hold times. It was also difficult to email or use a chat program to work out problems. Consumers found an inability to use their funds at times without warning when the P2P vendor held them. Restricted use could include paychecks from an employer or government benefits. Likely many of these people were unbanked and using the P2P service for banking. Lastly there were scammers stealing funds with various ruses. “Grandma, I was in an accident. I’m OK but we came to Mexico on spring break. Mom and dad can’t know, but I need $500 to get out of this jam,” is an example.

The CFPB’s mission is to protect consumers. Certainly, after reading about the three common complaints from consumers cited by the attorneys general, you will agree that banks strive not to have such issues and perform better than the P2P vendors. It was noted in the letter to the CFPB that the unbanked were often the more damaged consumers. Regardless, the claims problem has largely been handed to banks and that may be viewed a spart of the solution to the problem.

Some takeaways include banking the unbanked when they are qualified to have a bank account. While banks do not typically have rigorous qualification criteria for deposit accounts, some of these consumers may have burned their bridges with banks with charge-offs or poorly handled accounts. Still, there are some good consumer relationships out there that banks can market to and experience a win-win relationship with. These new and existing customers need to be reminded of security issues. We’ve expanded on some BBB tips for using a P2P payment app safely:

  • Only use it with someone you know and trust. Consider sending a test transfer of say $1 before sending the other $99 for that purchase. Scammers do this to see if an account is good and our customers can learn from this.
  • Take your time entering payment information and double-check it before hitting send. It is usually possible to talk to a person and get the instructions as the data is being entered.
  • Enable security settings and other measures offered by the app, including multifactor authentication that requires another form of verification besides just a username and password. And use a unique password.
  • Remember that public Wi-Fi at places like coffee shops or libraries may not be secure for use in conducting financial transactions.
  • Be wary of any business that only accepts P2P payment apps.
  • When using a mobile device like a smartphone or tablet, lock the device when not in use and do not lend the device to someone to make a call who may then be able to access a P2P app and conduct any transfer using the owners account.
  • When any device, be it a smartphone, tablet, game console or similar device has financial data stored on it, wipe the device before it is sold, donated or otherwise repurposed.

These tips need to be given repeatedly to bank customers just as they should be routinely reminded not to write a PIN on their debit card. Drive the point home. The dollars saved may be the bank’s money.

The last item here is a deliverable to bank management. Whoever is best suited to review Reg E claims for the last year or two should analyze the claims, both approved and denied (including those referred to a P2P vendor). Use this information to estimate what increase the bank may see based on the CFPB’s FAQs and the placement of responsibility on the bank for many of the P2P claims you would not have paid in the past. Management should be aware if this will be substantial. Some banks have reported seeing a significant increase and we can now assume that the pressure is on for banks to make up for these vendors’ shortcomings.

Any time bank management has the ear of a legislative influencer, it may be worth asking why, based on the above, Reg E cannot require the P2P vendors to be responsible for claims they are involved in. It is that vendor who has all the transaction information pertinent to a claim and who profited from the transaction, not your bank. And that vendor doesn’t even have to assist in any investigation. The CFPB should have the ability to police those vendors, not to shift the vendors’ responsibilities to banks.

Fair banking

By Andy Zavoina

In March, the CFPB announced it would be targeting unfair discrimination in consumer finance. “Consumer finance” seems like a broad term and it is. It takes in all types of consumer financial products, not just those involving credit. Banks will certainly be included in the Bureau’s reach, as we have the lion’s share of deposit accounts, and it is important to recognize how these changes will apply.

For years we have been asked questions related to deposit accounts. A customer complained and said the bank was discriminating based on race or gender but only had a savings account, or Marketing was asking if ads for new checking accounts needed to have the same pictorial diversification as home loan ads, showing both men and women and with various racial characteristics. Often the safe answer was “there is no fair lending equivalent for deposits.” While that is true, I and others have argued for years that “fair banking” should always be considered, and I believe most banks do keep that in mind. But under the heading of “what gets checked, gets done” this fair banking procedure will be going to a much higher level.

What the CFPB said was, “In the course of examining banks’ and other companies’ compliance with consumer protection rules, the CFPB will scrutinize discriminatory conduct that violates the federal prohibition against unfair practices. The CFPB will closely examine financial institutions’ decision-making in advertising, pricing, and other areas to ensure that companies are appropriately testing for and eliminating illegal discrimination.”

Note what that statement said — the CFPB will examine for discriminatory conduct, as this would be an unfair practice. Unfair is the “U” in UDAAP — Unfair, Deceptive or Abusive Acts or Practices. We have seen large UDAAP penalties, and because there is no statute of limitations, we have seen enforcement orders that went back for many years. While we often associate UDAAP enforcement actions with the CFPB, the prudential agencies still enforce UDAP as was the case in 2021 when the FDIC penalized Umpqua Bank. The FDIC determined that Umpqua Bank engaged in Section 5 violations (that’s UDAP in the FTC Act) related to collection practices involving commercial equipment financing through its wholly owned subsidiary, Financial Pacific Leasing, Inc. (FinPac).  The FDIC determined that FinPac’s collection fee practices were unfair and deceptive.  Specifically, FinPac charged various undisclosed collection fees to 17,000 borrowers whose accounts were past due, such as collection call and letter fees and third-party collection fees. So, the bank was fined for what its subsidiary was doing and paid restitution of $1.7 million and a civil money penalty of $1.8 million. (FDIC-20-0156k)

From July to October 2020 there were nine separate advertising enforcement actions against mortgage lenders totaling $4.446 million. Triggering terms were missed, ads were poorly arranged which made them misleading and in some cases the numbers were just wrong, or payments quoted were not obtainable.  There were also instances of products being offered which were not being made at the time they were advertised.

While UDAAP and UDAP can bring a high dollar penalty and restitution amounts, this is in part based on how many consumers were disadvantaged and to what dollar amounts. As an example, a 2018 enforcement action included Community Trust Bank, Inc. of Pikesville, Kentucky, as it was hit with a UDAP penalty. Key points in this Federal Reserve enforcement action are that the bank would pay at least $4.75 million in penalties and restitution. The penalty arises from add-on products of a minimal cost, but it reached back to 1994. That was 24 years prior to the action taken. If there is a product and it has a UDAAP/UDAP defect since inception, the next question is when did it launch? From that date forward consumers with that product were harmed and compensation must be paid to the consumer harmed, reimbursements for unfair charges, and civil money penalties to the agency.

We have seen UDAAP used as an enforcement tool on other regulatory requirements such as Reg E where disclosures were made but additional requirements imposed, like requiring a police report to file a claim. Banks are not permitted to add requirements like that and UDAAP has more severe consequences that Reg E itself, so it became the enforcement tool of choice.

(1) CFPB Director Rohit Chopra stated, “When a person is denied access to a bank account because of their religion or race, this is unambiguously unfair,” and “We will be expanding our anti-discrimination efforts to combat discriminatory practices across the board in consumer finance.” So, no time limit and high dollar penalty amounts are associated with UDAAP actions. With this announcement of discriminatory practices on non-loan issues the CFPB released its revised UDAAP section of its exam manual. [https://files.consumerfinance.gov/f/documents/cfpb_unfair-deceptive-abusive-acts-practices-udaaps_procedures.pdf]

The Equal Credit Opportunity Act (ECOA) and its implementing Regulation B, along with the Fair Housing Act and data gathering requirements under the OCC’s Fair Housing Home Loan Data System and the Home Mortgage Disclosure Act have long been bundled together as anti-discrimination requirements for general loan and home mortgage loans. The revisions to the UDAAP examination manual coupled with a definitive tying of “unfair” to any discrimination, even involving non-loan related products and services, adds an enforcement tool.

The March 2022 Legal Briefs looked at UDAAP in some detail. That was published before this action by the CFPB. We refer you back to that edition for the details, but here I will point out that under the section of some act or practice “causing substantial harm” to a consumer, we find in the exam procedures that this, “may result from discriminatory behavior.”

Discrimination or discriminatory behavior is referenced 25 times in this 19-page document. It is used as an example under collections activities, under the section where a consumer cannot avoid an injury, such as a discriminatory practice, and elsewhere. With a discriminatory practice being unfair, both unintentional discriminatory practices and practices that fall outside  the scope of ECOA now meet the test for being unfair. So, there is a longer reach. It also notes that what is discriminatory may be unfair, violating UDAAP, and at the same time violate other laws such as ECOA. Remember the CFPB does not have to pick one or the other of these laws to use for enforcement action, it can compound them and cite both as each is being violated if you have a loan or home mortgage product.

The revised UDAAP section states, “A discriminatory act or practice is not shielded from the possibility of being unfair, deceptive or abusive even when fair lending laws do not apply to the conduct. For example, not allowing African-American consumers to open deposit accounts or subjecting African-American consumers to different requirements to open deposit accounts, may be an unfair practice even in those instances when ECOA does not apply to this type of transaction.” This brings us to a new awareness level of UDAAP.

When Compliance or Legal has been involved in the development or revision of a product or service, UDAAP and risks have been examined from many perspectives. Traditionally ECOA and Reg B were included in a mindset when a loan was mentioned — Who does it appeal to? Where will it be offered? How will it be advertised? — and the focus was on marital status, race, gender, gender identification and similar topics. Those demographics were considered for loans while deposit products and services would have considered different demographics, potential deposit product appeal based on income, balances on deposit, services required to support the deposit relationship, etc. Now the latter requires the same mindset, or perspective if you will, as the loan discussions.

When reviewing loan products, the bank has demographic information for its lending area and on its home mortgages. The bank can easily review HMDA and other data points to determine if there are any disparities in where applications are coming from, for homes in certain areas, from applicants based on gender, race, marital status and other key categories. This is not as easy when the bank wants to know if there are any discriminatory concerns on auto loans, unsecured loans or other products which exclude the gathering of any demographics.

If the bank wants to generate a fair lending or fair banking analysis it will have to use a proxy for that information that it does not specifically have. This is not a new technique, but it may be one the bank wants to employ against various loan and deposit products as well as complaints. Here is an excerpt from a 2013 CFPB blog post on the topic.

Let’s say a responsible auto lender wanted to make sure that their female customers are not paying more for a loan than similarly situated men. Before analyzing the pricing patterns, the lender needs to calculate the likelihood that a borrower is male or female. Without actually recording the gender of each borrower, to substitute, or “proxy,” for gender, responsible lenders often rely on a first name database  from the Social Security Administration. The public database contains counts of individuals by gender and birth year for first names occurring at least five times for a particular gender in a birth year. Using statistics, they can determine a probability that a particular applicant is male or female based on the distribution of the population across gender categories for the applicant’s first name. [https://www.consumerfinance.gov/about-us/blog/preventing-illegal-discrimination-in-auto-lending/]

The above cites a first name database that should be available at minimal or no cost. There may well be others or established programs available complete with databases for various checks and verifications. The CFPB published a 37-page booklet in 2014, “Using publicly available information to proxy for unidentified race and ethnicity – A methodology and assessment” [https://files.consumerfinance.gov/f/201409_cfpb_report_proxy-methodology.pdf] which may also help control costs while accomplishing a large project.

The CFPB has used this methodology many times in the past on the files it has from banks and consumers. If the bank can extract certain field from its CIF files, once that process is established many different products and services could be analyzed. Having multiple uses for the one-time costs of establishing the program can prove beneficial. The results of this analysis may prove useful for fair lending, fair banking and have a positive impact on the Community Reinvestment Act file and exams as well. The methodology should be well documented and proven for accuracy.

Naturally if there are shortcomings the bank would need a strategy to correct them. Any corrective actions would be based on the specific product or service and the results of the bank’s analysis. This could be any solution from adjusting marketing media, to community outreach, to a branch or mobile branch serving an under-banked area. Similar to some fair lending strategies, the bank may also consider using bank counsel to facilitate some of this analysis for confidentiality and discovery reasons. That is obviously at the bank’s discretion. It may also be something to only explore at this point and to commit to as fair banking issues develop and mature within regulatory agencies and the industry. It should be worth exploring at this point to know what the time and cost requirements would be, and how it might integrate with future expansion and strategic plans of the bank.

Your bank may not have the CFPB examining it. But as a lead agency, and with other agency’s following it, this is something all banks should prepare for.  The CFPB manual has redefined “unfair acts or practices” and this is the mindset banks should begin adopting across the board.

Borrowing from UDAAP, one element of an unfair act or practice is whether a consumer is “reasonably able to avoid the injury. “ As noted above, this includes examples that the “consumer cannot reasonably avoid discrimination” and “typically cannot avoid the harms of discrimination.” Expect that as the CFPB expands its scope of exams that it will find and address cases of “unfairness” when it feels a consumer was harmed, or could be harmed by such a practice, product or service. Think outside the loan box. Examiners have new marching orders, and your bank should also, to ensure that:

  • The bank has a process to prevent discrimination in relation to all aspects of consumer products or services it offers. Evaluate all policies, procedures and processes for discrimination prior to implementation or making changes and continue monitoring for discrimination after implementation.
  • The bank’s compliance management program includes an established process for periodic analysis and monitoring of all decision-making processes used in connection with consumer products or services and a process to take corrective action to address any potential UDAAP concerns including discrimination.
  • The bank has established policies and procedures to review, test, and monitor any decision-making processes used for potential UDAAP concerns, including discrimination.
  • The bank has established policies and procedures to mitigate potential UDAAP concerns, including discrimination.
  • The bank’s policies, procedures and practices do not target or exclude consumers from products and services, or offer different terms and conditions, in any discriminatory way.
  • The bank has appropriate training for customer service personnel to prevent all forms of illegal discrimination.

Banks should be proactive in internal audits and test, as examiners will, to:

  • Evaluate any product targeted to particular demographics to ensure the marketing, disclosures, and other materials are designed for the target market and will be understood by that market. Appropriateness of the product or service to a consumer is a key.
  • Ensure there is equal treatment among qualified consumers as to terms and conditions of products and services offered without bias based on demographics.
  • Avoid offering or provide more products or services to one customer demographic as compared to another.
  • Customer service representatives should treat all customers the same meaning they provide the same level of assistance and service to all. In the past, paired testing used for loan discrimination cases included criticisms when one applicant was offered beverages while another was not.
  • Review all targeted advertising for potential discrimination.
  • Determine whether the bank uses any decision-making processes to determine eligibility, underwriting, pricing, servicing or collection actions which could result in illegal discrimination.
  • See whether the bank periodically evaluates for, and takes corrective actions to prevent, illegal discrimination.

 

 

March 2022 OBA Legal Briefs

  • The Beneficial Ownership Rule hasn’t gone away
  • UDA(A)P is becoming all the rage!

The Beneficial Ownership Rule hasn’t gone away

By John S. Burnett

The Corporate Transparency Act of 2021 (CTA) was enacted by Congress on January 1, 2021, as Title XIV of the William M. Thornberry National Defense Authorization Act for 2021, Public Law 116-283. It added a new section 31 U.S.C. 5336 to the Bank Secrecy Act.

The CTA requires that most private domestic U.S. entities formed on or after January 1, 2021, must self-report to FinCEN certain basic information about themselves, their beneficial owners and those individuals authorized to act on their behalf. The stated purpose of the CTA is to “discourage the use of shell corporations as a tool to disguise and move illicit funds” as part of the broader federal attempts to prevent and combat money laundering, tax fraud and terrorist financing.

The CTA requires FinCEN to promulgate regulations implementing the Act. No entity reporting to FinCEN can start until the final implementing regulations are issued and effective, and the structure for that reporting (presumably an online portal and a huge database) is completed.

What’s been completed so far?

FinCEN has begun the process of promulgating the regulations. In fact, FinCEN appears to be moving on the CTA requirements fairly quickly.

On April 1, 2021, FinCEN issued an Advance Notice of Proposed Rulemaking— a form of “heads up” that it was working on the rules and an invitation for stakeholders to offer suggestions and comments on the process.

On December 8, 2021, FinCEN published its proposed rules in the Federal Register [86 FR 69920], with a comment period ending February 7, 2022. There were 250 public comments submitted through Regulations.gov. We don’t know how many comments were sent directly to FinCEN itself.

As of this writing (early March 2022) no final regulation has been issued.

The CTA and financial institutions

Financial institutions have been required since May 11, 2018, to comply with 31 CFR 1010.230 (Beneficial ownership requirements for legal entity customers). The CTA has not changed that fact, and the regulations are still in effect.

It is true that the CTA was enacted with the intent to shift some of the burdens of gathering beneficial ownership information away from financial institutions and make it a government responsibility. It is also true that at some future time — FinCEN has unofficially suggested it will be a year or more after implementation of its final CTA beneficial ownership regulations — there will be a change for financial institutions, which will probably begin verifying entity ownership information against the CTA database, rather than gathering certifications of ownership information repeatedly during the existence of entity customer relationships.

To get to that time, FinCEN will first need to set up a secure and confidential portal through which financial institutions can make those verifications. How that will be done, or what information they will be required to verify, and what will happen if they are not able to successfully verify the information, has yet to be determined.

And yet, we have heard that bank examiners have identified financial institutions that totally misinterpreted — was this wishful thinking? — what FinCEN has so far done as a license to discontinue obtaining beneficial ownership certifications and stopped obtaining them around the time FinCEN announced the December 2021 proposed rule. If it is true that examiners have found financial institutions that made such an error, I can only imagine the sinking feeling the management, BSA officer or compliance officer at those institutions must have had when confronted with their error.

What to do about it

I sincerely hope your institution was not one of those making that mistake. But if it is, it is fortunate that only about three months have passed since the FinCEN proposed rule was published (in December 2021). If that’s when your institution stopped complying with § 1010.230, you can limit the damage by doing a look-back to identify each of the occasions on which you should have obtained beneficial ownership certification (or certification that information you were provided earlier was still correct) and start communicating with the entity customers involved to get those missing certifications.

If, instead, your institution made the wrong decision back in April 2021 when the advance notice of proposed rulemaking was published, you have a bit more digging to do — almost a year’s worth of account openings, renewals, etc.

Don’t assume that, once FinCEN finally eliminates § 1010.230 (remember there will be a different rule replacing it that you will have to follow), it will not matter that your institution jumped too soon to stop complying with § 1010.230. It will matter, so don’t postpone your remedial action to collect those missing certifications.

 

UDA(A)P is becoming all the rage!

By Andy Zavoina

I was recently reviewing enforcement actions published over approximately the last 18 months and saw what I believe is a trend not too many bankers are talking about. As an example, on a mortgage servicing topic the Consumer Finance Protection Bureau (CFPB) used the phrase, “…identified various Regulation Z and Regulation X violations, as well as unfair and deceptive acts or practices.” As past due fees were charged it was noted, “Examiners found that mortgage servicers engaged in unfair acts or practices…” and “Examiners found that lenders engaged in unfair acts or practices when they debited or attempted one or more additional, identical, unauthorized debits from consumers’ bank accounts after consumers called to authorize a loan payment by debit card and lenders’ systems erroneously indicated the transactions did not process.” In this article we will examine in more detail some of these violations that were made public. Like an iceberg, we know there is much more to it that we can not see, and we are not certain how much is there. But we do know we don’t want to run into it ourselves.

First, let’s cover some of the rules involving Unfair, Deceptive, or Abusive Acts or Practices so we can understand how broadly they can be applied in different scenarios.

UDAAP penalties can go up to $5,000 per day and if they are deemed “reckless” violations they could be $25,000 per day. Yes, it gets worse. Knowingly violating UDAAP can run a penalty of $1 million a day. Do we expect to see these maximum penalties? That would be a “no.” But the penalties can be severe. Consider that there are civil money penalties for the violations, and we have seen these go back for years and years.

Say a bank creates an add-on product to a deposit account. This product requires the customer to enroll with the bank and provide some affirmation such as that they are in good health, and they need to sign and return this form. But they fail to do this for one reason or another. The bank was diligent however, in charging the customer each month for a service that was never provided and technically could not be. That is a UDAAP violation. It may violate another law or regulation as well, and that law or regulation may also be referenced, but UDAAP has big teeth as we already mentioned the fines available. Because there seems to be no statute of limitations, UDAAP penalties at only hundreds of dollars a month add up quickly when a problem goes back 5 or 10 years.

“Seems outlandish, never going to happen,” you might say. Consider the penalty assessed against First Tennessee Bank by the Office of the Comptroller of the Currency (OCC). The bank sold an add-on product which required two things from the customer. They needed to enroll, and they needed to provide personal verification information. With this service, they would have credit monitoring services. Customers who failed to provide the verification information for whatever reason were charged a monthly fee for a service that was not performed for them. This penalty was in 2016, and the product was launched in 2000. The bank needed to look at 16 years of records. The bank paid a $1 million civil money penalty.

But UDAAP does not stop there. The CFPB can require that agreements be amended or terminated, that customers are refunded for charges that were improper, that restitution be ordered so that the bank understands the severity of the penalty, that profits from the act in question are surrendered and that the government be repaid for the time and effort put into the case. This is all on top of the work spent trying to review 16 years of files and responding to every customer and former customer who claims to have had that product and wants a refund.

There are some basic things that are considered a UDAP issue (one “A,” which omits “Abusive” which was added by the Dodd-Frank Act and is an addition the CFPB enforces) while prudential regulators still look at the Federal Trade Commission Act Section 5 rules for Unfair or Deceptive Acts or Practices. Some basic issues blatantly considered UDAP include prohibited provisions in agreements:

  1.  a confession-of-judgment;
  2.  a waiver of exemption in which the consumer relinquishes rights protecting their home and other necessities from seizure to satisfy a judgment,
  3. a n assignment of wages; and
  4.  the taking of household goods as loan collateral.

Also prohibited is the pyramiding of late fees. If you are not familiar with that concept, assume a borrower is late on a loan payment. They send the exact payment, and the bank applies it by first taking the late fee owed, then interest due and the remainder to principal. But the principal payment is short because of the late fee, so another late fee is accrued. And when the exact scheduled payment is made on time the following month, another late fee is paid and so on. That is pyramiding. I’m sure it doesn’t happen in your bank because automated routines control how payments are applied and interest and principal are always collected first, then fees.

But consider a case discussed more below where the borrower rounded up their payment. The extra principal was simply deposited to escrow. That is an improper application and has a similar impact as late fee pyramiding. The bank has certain remedies it can follow and compliance and/or audit needs to ensure the proper actions are taken.

Lastly, UDAP addresses the Holder in Due Course rule which involves the buying and selling of credit contracts and specifically also prohibits a bank from misrepresenting a co-signer’s liability and requires the bank to give a co-signer, prior to becoming obligated in a consumer credit transaction, a disclosure notice which explains the nature of the co-signer’s obligations and liabilities under the contract.

As already noted, it was the Dodd-Frank Act which empowered the CFPB to prevent unfair, deceptive, or abusive acts or practices. The other agencies enforce the FTC Act, Section 5. Rest assured for all intents and purposes they are similar as it pertains to the ability to right a perceived wrong.

The CFPB has definitions bankers must be familiar with to navigate compliance with UDAP and UDAAP. These are definitions that must be applied broadly when the bank is designing a new product, service, or policy.

Unfair: a practice that is “unfair” is one that:

a)  Causes or is likely to cause substantial injury to consumers;

(Substantial injury usually involves monetary harm. Monetary harm includes, for example, costs or fees paid by consumers as a result of an unfair practice. An act or practice that causes a small amount of harm to a large number of people may be deemed to cause substantial injury.

Actual injury is not required in every case. A significant risk of concrete harm is also sufficient. However, trivial or merely speculative harms are typically insufficient for a finding of substantial injury. Emotional impact and other more subjective types of harm also will not ordinarily amount to substantial injury. Nevertheless, in certain circumstances, such as unreasonable debt collection harassment, emotional impacts may amount to or contribute to substantial injury.)

b)  The injury is not reasonably avoidable by consumers;

An act or practice is not considered unfair if consumers may reasonably avoid injury. Consumers cannot reasonably avoid injury if the act or practice interferes with their ability to effectively make decisions or to take action to avoid injury. Normally the marketplace is self-correcting; it is governed by consumer choice and the ability of individual consumers to make their own private decisions without regulatory intervention. If material information about a product, such as pricing, is modified after, or withheld until after, the consumer has committed to purchasing the product, however, the consumer cannot reasonably avoid the injury. Moreover, consumers cannot avoid injury if they are coerced into purchasing unwanted products or services or if a transaction occurs without their knowledge or consent.

A key question is not whether a consumer could have made a better choice. Rather, the question is whether an act or practice hinders a consumer’s decision-making. For example, not having access to important information could prevent consumers from comparing available alternatives, choosing those that are most desirable to them, and avoiding those that are inadequate or unsatisfactory. In addition, if almost all market participants engage in a practice, a consumer’s incentive to search elsewhere for better terms is reduced, and the practice may not be reasonably avoidable.

The actions that a consumer is expected to take to avoid injury must be reasonable. While a consumer might avoid harm by hiring independent experts to test products in advance or by bringing legal claims for damages in every case of harm, these actions generally would be too expensive to be practical for individual consumers and, therefore, are not reasonable.

and,

c) The injury is not outweighed by countervailing benefits to consumers or to competition.

To be unfair, the act or practice must be injurious in its net effects — that is, the injury must not be outweighed by any offsetting consumer or competitive benefits that also are produced by the act or practice. Offsetting consumer or competitive benefits of an act or practice may include lower prices to the consumer or a wider availability of products and services resulting from competition.

Costs that would be incurred for measures to prevent the injury also are taken into account in determining whether an act or practice is unfair. These costs may include the costs to the institution in taking preventive measures and the costs to society as a whole of any increased burden and similar matters.

In determining whether an act or practice is unfair, the CFPB may consider established public policies as evidence to be considered with all other evidence. Such public policy considerations may not serve as a primary basis for such determination.

UDAP’s unfairness prong applies not only to overt acts and practices, but also to those that unreasonably impair a consumer’s ability to make an informed decision, such as withholding material information until after a consumer has purchased a product.  But a bevy of UDAP case law creates nuances. For instance, “substantial injury” can be monetary or reputation harm, but there must be a significant risk of concrete harm rather than a speculation that harm might occur. An act is not  considered unfair if its benefits outweigh any injuries caused. Some  examples of benefits include lower prices or the availability of products  and services to a wider range of consumers.

A representation, omission, act or practice is deceptive when—

  • The representation, omission, act, or practice misleads or is likely to mislead the consumer;
  • The consumer’s interpretation of the representation, omission, act, or practice is reasonable under the circumstances; and
  • The misleading representation, omission, act, or practice is material. This applies when it misleads or is likely to mislead the consumer.

Written disclosures may be insufficient to correct a misleading statement or representation, particularly where the consumer is directed away from qualifying limitations in the text or is counseled that reading the disclosures is unnecessary. Likewise, oral or fine print disclosures or contract disclosures may be insufficient to cure a misleading headline or a prominent written representation. Similarly, a deceptive act or practice may not be cured by subsequent truthful disclosures.

Acts or practices that may be deceptive include making misleading cost or price claims; offering to provide a product or service that is not in fact available; using bait-and-switch techniques; omitting material limitations or conditions from an offer; or failing to provide the promised services.

The FTC’s “four Ps” test can assist in the evaluation of whether a representation, omission, act, or practice is likely to mislead:

  • Is the statement prominent enough for the consumer to notice?
  • Is the information presented in an easy-to-understand format that does not contradict other information in the package and at a time when the consumer’s attention is not distracted elsewhere?
  • Is the placement of the information in a location where consumers can be expected to look or hear?
  • Finally, is the information in close proximity to the claim it qualifies?

A representation may be deceptive if the majority of consumers in the target class do not share the consumer’s interpretation, so long as a significant minority of such consumers is misled.

Exaggerated claims or “puffery” are not deceptive if a reasonable consumer would not take the claims seriously.

A representation, omission, act, or practice is material if it is likely to affect a consumer’s choice of, or conduct regarding, the product or service. Information that is important to consumers is material.

Certain categories of information are presumed to be material such as costs, benefits, or restrictions on the use or availability.

Express claims made with respect to a financial product or service are presumed material. Implied claims are presumed to be material when evidence shows that the institution intended to make the claim (even though intent to deceive is not necessary for deception to exist).

Claims made with knowledge that they are false are presumed to be material. Omissions will be presumed to be material when the financial institution knew or should have known that the consumer needed the omitted information to evaluate the product or service.

If a representation or claim is not presumed to be material, it still would be considered material if there is evidence that it is likely to be considered important by consumers.

The Dodd-Frank Act makes it unlawful for any covered person or service provider to engage in an “abusive act or practice.”  This is an act or practice which—

  1. materially interferes with the ability of a consumer to understand a term or condition of a consumer financial product or service; or
  2. takes unreasonable advantage of—

a) a lack of understanding on the part of the consumer of the material risks, costs, or conditions of the product or service;

b) the inability of the consumer to protect the interests of the consumer in selecting or using a consumer financial product or service; or

c) the reasonable reliance by the consumer on a covered person to act in the interests of the consumer.

Combined, this definition of “abusive” indicates terms, disclosures and advertisements for products need to be clear and easily understood without reliance on micro-font footnotes or other disclosures that may be “legalese” or have “hidden” terms. It also tells us that the more complex a product or service is, the more it may need to be explained and this will also depend on the market it is provided for. Lastly it says the bank has to act in the best interest of the consumer. It will not be enough to say, “we made the full disclosure, so we are covered for liability.”

Consumer complaints play a key role in the detection of unfair, deceptive, or abusive practices. As a general matter, consumer complaints can indicate weaknesses in elements of the institution’s compliance management system, such as training, internal controls, or monitoring. Complaints against subsidiaries, affiliates and third parties which pertain to your institution and its products and services are included in this analysis. While the absence of complaints does not ensure that unfair, deceptive, or abusive practices are not occurring, complaints may be one indication.

Now let’s examine some recent penalties and while I will use one specific example, as you read this and contemplate the issues, think broadly. As an example, this first penalty involves a credit card product. Do not discount it because it is a credit card, and your bank may not offer them but pay attention to it because it is about the advertising of the product, the training of staff, and the failure to deliver what was advertised.

The advertisement was targeted to sell new credit card accounts. Both existing customers and new ones were the target market. The intent was to have them qualify for the new card and then to meet prescribed spending requirements to qualify for a bonus. The plain terms on the face of the advertisement stated what was required as to the spending threshold. The bonus was central to the advertisement.  Remembering the criteria for UDAAP compliance, in this case a consumer could reasonably conclude that if they qualified for the new card and met the spending limit, they would receive the bonus.

The issuers of the product failed to state that the bonus would be offered only to consumers who applied online. This made the advertisements misleading as they were incomplete. Staff were not correctly trained on how to program these accounts, which further lead to bonuses not being paid. And because not all consumers would qualify for the bonus because of how they applied, the ads were deceptive. This is like many of the UDAAP enforcement actions taken on add-on products. That is poor marketing, poor training and charging fees without ensuring that all the qualifications were disclosed, programmed, and understood by both staff and the consumer.

A second case examines debt collection and the Fair Debt Collections Practices Act (FDCPA). Do not skip this section because you do not believe that the FDCPA does not apply to your bank because you collect your own debts. I believe the CFPB could connect the FDCPA to UDAAP dots in this manner. The FDCPA states in many places that certain acts or practices can be unfair or deceptive. As an unfair or deceptive act, UDAAP can then apply and using this proxy, UDAAP is violated while collection one’s own debt because of how it was done. I have not yet seen this in practice, but is it worth testing the action? I would not.

The FDCPA prohibits the use of any false representation or deceptive means to collect or attempt to collect any debt.   What examiners found was debt collectors proposing an alternate payment plan with past due borrowers. It was noted the new payment plan, when repaid, would improve the borrower’s credit because they paid the revised plan and extinguished the debt. That has to be better and lead to an improved credit rating, right? But there are many factors affecting creditworthiness and a person’s credit score, including repayment of the debt.  Saying that paying just this loan would improve their credit score and lead to increased borrowing power could be misleading.  Examiners found that the least sophisticated consumer could conclude from this discussion was that deleting derogatory information by paying this loan would result in improved creditworthiness, and this created the risk of a false representation and was a deceptive means to collect the debt. This is then defined as a UDAAP issue. You may not be subject to the FDCPA, but you are to UDAP and UDAAP.

Mortgage servicing is a hot issue as many borrowers are exiting pandemic protection forbearance plans on their home loans and may be ill equipped to resume payments. Mortgage servicing exams have identified various Reg Z and X violations, as well as UDAP problems. Remember UDAAP is brought up when a product or service: (1)  causes or is likely to cause substantial injury; (2) the injury is not reasonably avoidable by consumers; and (3) the substantial injury is not outweighed by countervailing benefits to consumers or to competition.

Examiners found that mortgage servicers engaged in the following unfair acts or practices by:

  • charging delinquency-related fees to borrowers in CARES Act forbearance plans. (Refer to the Coronavirus Aid, Relief, and Economic Security Act, Section 4022(b)(3) prohibits a mortgage servicer from imposing fees, penalties, or interest beyond the amounts scheduled or calculated as if the borrower made all contractual payments on time and in full under the terms of the mortgage contract);
  • failing to stop electronic fund transfers after receiving notice that the consumer’s bank account was closed, and an NSF fee had been assessed; and
  • assessing fees for services that exceeded the actual cost of the services performed.

Read this and look for those UDAAP buzzwords. The CFPB report said that consumers experienced substantial injury in the form of illegal fees, which were considered significant because these are the consumers experiencing hardships from the pandemic.  The mortgage servicers failed to refund some of the fees until almost a year after they were assessed.  These consumers  likely suffered further harm when because of these fees, they could not pay other expenses they had.  The injury was to a large number of consumers.  The consumers could not reasonably avoid the injury because they could not anticipate that the mortgage servicers would assess unlawful fees and they had no reasonable means to avoid the fees from being charged.  Charging the illegal fees did not provide any countervailing benefit to consumers.

Expanding on the second bullet above, what examiners found were mortgage servicers that engaged in unfair acts or practices by failing to terminate preauthorized EFTs that the servicer should have realized were from closed or inactive accounts. Examiners found that servicers received notices of account closures but continued to initiate EFTs from the closed accounts each month until the consumer affirmatively canceled the preauthorized EFT.  Borrowers experienced substantial injury because the mortgage servicers’ practices resulted in repeated NSF charges.  Borrowers could not reasonably avoid the injury because they could not anticipate that the mortgage servicers would continue to attempt the EFTs, even where the EFT agreement disclosed that the EFTs would terminate when the “from” account was closed.  The continued attempts to withdraw payment from closed accounts and fees associated with the subsequent NSF transactions did not provide any countervailing benefit to consumers.

Another issue examiners found was that mortgage servicers engaged in deceptive acts by incorrectly disclosing transaction and payment information in borrowers’ online mortgage loan accounts. They found violations of Reg X (RESPA) requirements to evaluate a borrower’s complete loss mitigation applications within 30 days of receipt. Reg Z requirements relating to overpayments to borrowers’ escrow accounts and Homeowners Protection Act (HPA) requirements to automatically terminate PMI as required were subtopics found with the online statement errors.

Still on the topic of mortgage servicing, some practices were deemed deceptive because  inaccurate descriptions of payment and transaction information was provided in online mortgage statements.  The inaccurate descriptions and information were likely to mislead borrowers because the information was false.  It would be reasonable for borrowers to rely on their mortgage servicers to report accurate mortgage payments and account transaction histories wherever the information was offered.  The inaccurate descriptions and information were material because they were likely to affect borrowers’ conduct regarding their mortgage payments.

February 2022 OBA Legal Briefs

  • Reg E FAQs – Part II

Reg E FAQs – Part II

By Andy Zavoina

Last month I introduced you to the updated Reg E FAQ Guidance issued by the Consumer Financial Protection Bureau (CFPB). The FAQ is a Compliance Aid as defined by the CFPB. It is not a new rule, but guidance on compliance with an existing rule. When a Compliance Aid such as an FAQ is issued, it can be periodically revised as is the case here.  In this instance the existing rules are addressing Reg E concerns. Unlike the first iteration of Reg E FAQs issued in June 2021 this update addresses new concerns and not just what bankers were getting wrong. In this iteration, issued December 13, 2021, there are several issues addressed on Person-to-Person payments and specifically on liability.  The interpretation is not favorable for banks.

The purpose of the Compliance Aid is not to write new rules, but to clarify how the CFPB interprets what is already in the laws, regulations and official interpretations without having to go through a rule writing process.

In January’s Reg E FAQ – Part I, we explained how the CFPB was going back to the bare definitions of what is an electronic fund transfer (EFT) and what is a financial institution. Briefly, EFTs are electronic transfers to or from a consumer’s account. Financial institutions include banks and can include P2P providers. And if a P2P provider does not hold the consumer’s account, issues its own access device such as the logon for an app, and has no agreement with a bank to do such transfers, under 1005.14 that vendor has Reg E liability and responsibility. Lastly, we ended last month’s Part 1 with the CFPB interpretation that if the bank and the P2P vendor have an ACH agreement to move funds and share another agreement such as each accepting the others debit cards, then the exception at 1005.14 placing error resolution liability on the P2P provider does not apply. The fact that each entity will accept the other’s debit cards satisfies the need for an “agreement.” We also noted the CFPB expressed this opinion to bankers at least nine months in advance of issuing the FAQ, so it was a somewhat accepted opinion within the CFPB.

Now, let’s continue a review of the third and fourth sections of the Reg E FAQs as updated in December 2021 and we will add a few compliance recommendations.

Error Resolution

In this section the CFPB restates much of what the regulation and prior iteration of the FAQ had with two of the questions shown as new.

1,  What is an error for purposes of EFTA and Regulation E?

While shown as a new question, the information is not changed from the regulatory verbiage, but this is intended to be a foundational topic on which claims will build.

An error under EFTA and Regulation E includes any of the following:

  • An unauthorized EFT.
  • An incorrect EFT to or from the consumer’s account.
  • The omission from a periodic statement of an EFT to or from the consumer’s account that should have been included.
  • A computational or bookkeeping error made by the financial institution relating to an EFT.
  • The consumer’s receipt of an incorrect amount of money from an electronic terminal.
  • An EFT not identified in accordance with the requirements of 12 CFR 1005.9 or 1005.10(a).
  • A consumer’s request for any documentation required by 12 CFR 1005.9 or 1005.10(a) or for additional information or clarification concerning an EFT

(12 CFR 1005.11(a)(1)).

The term “error” does not include:

  • A routine inquiry about the consumer’s account balance;
  • A request for information for tax or other recordkeeping purposes; or
  • A request for duplicate copies of documentation.

(Comment 11(a)-6).

2. What are a financial institution’s error resolution obligations under Regulation E?

Again, this is not new information but is necessary to build on in the following FAQs.

In general, Regulation E requires that after a financial institution receives oral or written notice of an error from a consumer, the financial institution must do all of the following:

  • Promptly investigate the oral or written allegation of error.
  • Complete its investigation within the time limits specified in Regulation E.
  • Report the results of its investigation within three business days after completing its investigation.
  • Correct the error within one business day after determining that an error has occurred.

12 CFR 1005.11(c)(1).

The investigation must be reasonable, including a reasonable review of relevant information within the financial institution’s own records.  2019-BCFP-0001.  The Bureau found that a financial institution did not conduct a reasonable investigation when it summarily denied error disputes if consumers had prior transactions with the same merchant, and the financial institution did not consider other relevant information such as the consumer’s assertion that the EFT was unauthorized or for an incorrect amount.  2019-BCFP-0001.  If the error is an unauthorized EFT, certain consumer liability limits apply.  12 CFR 1005.6.

3.  If private network rules provide less consumer protection than federal law, can a financial institution rely on private network rules?

The CFPB indicates this is not an update. It does reiterate what has been noted in practice for many years, that a consumer’s rights may not be adversely affected by an agreement.

Although private network rules and other agreements may provide additional consumer protections beyond Regulation E, less protective rules do not change a financial institution’s Regulation E obligations.  [See 15 USC  1693l.  For example, some network rules require consumers to provide notice of an error within 60 days of the date of the transaction, even though Regulation E, 12 CFR 1005.11(b)(1)(i), allows consumers to provide notice within 60 days after the institution sends the periodic statement showing the unauthorized transaction.  Other network rules allow a financial institution to require a consumer to contact the merchant before initiating an error investigation, even though 1005.11(b)(1) triggers error investigation obligations upon notice from the consumer.  The Bureau discussed instances where examiners found financial institutions had violated the 60-day notice requirement in the Summer 2020 edition of Supervisory Highlights.

4.  Can a financial institution require a consumer to file a police report or other documentation as a condition of initiating an error resolution investigation?

This is not updated from June 2021 but is reposted here so as to be a complete reference to the reader.

No.  A financial institution must begin its investigation promptly upon receipt of an oral or written notice of error and may not delay initiating or completing an investigation pending receipt of information from the consumer.  See Comments 11(b)(1)-2 and 11(c)-2.  In the past, Bureau examiners found that one or more financial institutions failed to initiate and complete reasonable error resolution investigations pending the receipt of additional information required by the institution.  These examples can be found in the Bureau’s Summer 2020 edition of Supervisory Highlights and Fall 2014 edition of Supervisory Highlights.  The Bureau cited similar violations in 2019-BCFP-0001.

Error Resolution: Unauthorized EFTs

With EFT errors defined and some basic responsibilities set, the FAQ looks deeper at unauthorized transfers and provides guidance banks will need to evaluate their practices and procedures.

1.  What is an unauthorized EFT?

While the CFPB’s answer has a December date as a new addition, it is regulatory verbiage that has not changed, so accept it as a reminder of the rules as it helps express the duties and liabilities of the bank.

An unauthorized EFT is an EFT from a consumer’s account initiated by a person other than the consumer without actual authority to initiate the transfer and from which the consumer receives no benefit. 12 CFR 1005.2(m). Unauthorized EFTs include transfers initiated by a person who obtained a consumer’s access device through fraud or robbery and consumer transfers at an ATM that were induced by force.  Comments 2(m)-3 and 4.

The term unauthorized EFT does not include an EFT initiated through any of the following means:

(1) By a person who was furnished the access device to the consumer’s account by the consumer, unless the consumer has notified the financial institution that transfers by that person are no longer authorized.  12 CFR 1005.2(m)(1).  This exclusion does not apply to transfers initiated by a person who obtained a consumer’s access device through fraud or robbery.  Comment 2(m)-3.

(2) With fraudulent intent by the consumer or any person acting in concert with the consumer.  12 CFR 1005.2(m)(2); or

(3) By the financial institution or its employee, 12 CFR 1005.2(m)(3).

This FAQ is important and often misunderstood by claims investigators. It is important to understand that a consumer loaning their debit card to someone does not provide evergreen authorization for use until the consumer reports to the bank that the person is no longer authorized to use the card. Essentially that person given the card is authorized until the consumer customer retrieves the card or notifies the bank. Once the customer re-secures the card the authorization has ended. If that authorized user remembers the PIN and steals the card, that’s fraud or robbery and not authorized use. If a bank has a problem with these types of losses remind the users of security precautions, the ability to get a new card or change the PIN, and the possibility that the bank will rescind the card and not re-issue it if the bank chooses. There is no legal right to have a debit card. That is a feature of having a deposit account at your bank. Many bankers have also not read the back of the debit cards they issue. All I have looked at specifically states the card is the property of the bank. That provides the bank with the option to rescind that card and make it non-usable.

2.  If a transfer meets the Regulation E definition of unauthorized EFT, how does a financial institution determine the consumer’s liability, if any?

Not an updated response from the first FAQ – but in short if the claim is valid, § 1005.6 is used to determine liability based on when the transfers happened, if an accepted access device was used, and when the bank was notified. The response is as follows:

“If a consumer has provided timely notice of an error under 12 CFR 1005.11(b)(1) and the financial institution determines that the error was an unauthorized EFT, the liability protections in Regulation E section 1005.6 would apply. Depending on the circumstances regarding the unauthorized EFT and the timing of the reporting, a consumer may or may not have some liability for the unauthorized EFT. See 12 CFR 1005.6(b).”

The three basic tiers of liability are up to $50 for a timely notice of the claim within 2 business days of the consumer learning of the loss or theft [of an access device], up to $500 if the notice is beyond 2 business days and potentially unlimited for those transfers occurring after 60 days after the first statement was sent to the consumer reflecting an unauthorized transfer.

3.  Is an EFT from a consumer’s account initiated by a fraudster through a non-bank P2P payment provider considered an unauthorized EFT?

Shown as a new question and using P2P as an example, the CFPB states, “Yes.  Because the EFT was initiated by a person other than the consumer without actual authority to initiate the transfer – i.e., the fraudster – and the consumer received no benefit from the transfer, the EFT is an unauthorized EFT.  12 CFR 1005.2(m).  This is true even if the consumer does not have a relationship with, or does not recognize, the non-bank P2P payment provider.”

Succinctly, in this case it is a basic theft because the consumer did not do, authorize, or benefit from the transaction. Whether the customer had a relationship already with the P2P provider is immaterial.

4.  Does an EFT initiated by a fraudster using stolen credentials meet the Regulation E definition of an unauthorized EFT?

The response is still a basic example of a theft but specifically uses stolen credentials to execute the transfer.

“Yes.  As discussed in Electronic Fund Transfers Error Resolution: Unauthorized EFT Question 1, Regulation E defines an unauthorized EFT as a transfer from a consumer’s account initiated by a person other than the consumer without actual authority to initiate the transfer and from which the consumer receives no benefit.  12 CFR 1005.2(m).  When a consumer’s account access information is obtained from a third party through fraudulent means such as computer hacking, and a hacker uses that information to make an EFT from the consumer’s account, the transfer is an unauthorized EFT under Regulation E.

For example, the Bureau is aware of the following situations involving unauthorized EFTs:

  • A consumer shares their account access information in order to enter into a transaction with a third party, such as a merchant, lender, or employer offering direct deposit, and a fraudster obtains the consumer’s account access information by hacking into the computer system of the third party. The fraudster then uses a bank-provided P2P payment application to initiate a credit push payment out of the consumer’s deposit account.
  • A consumer shares their debit card information with a P2P payment provider in order to use a mobile wallet. A fraudster then hacks into the consumer’s phone and uses the mobile wallet to initiate a debit card transfer out of the consumer’s deposit or prepaid account.
  • A thief steals a consumer’s physical wallet and initiates a payment using the consumer’s stolen debit card.

See Electronic Fund Transfers Error Resolution: Unauthorized EFTs Question 5 for more examples of unauthorized EFTs.

All of the financial institutions in these examples, including any non-bank P2P payment provider or deposit account holding financial institution, must comply with the error resolution requirements discussed in Electronic Fund Transfers Error Resolution Question 2, as well as the liability protections for unauthorized transfers in 12 CFR 1005.6.

5.  A third party fraudulently induces a consumer into sharing account access information that is used to initiate an EFT from the consumer’s account. Does the transfer meet Regulation E’s definition of an unauthorized EFT?

A key to this June 2021 question is that the consumer was duped into providing account access information and the while the consumer did provide it, it was not with the intent of creating a transfer. That was done fraudulently, and Reg E is a consumer protection regulation. The CFPB provided the following guidance:

“Yes.  As discussed in Electronic Fund Transfers Error Resolution: Unauthorized Fund Transfers Question 1, Regulation E defines an unauthorized EFT as an EFT from a consumer’s account initiated by a person other than the consumer without actual authority to initiate the transfer and from which the consumer receives no benefit.  12 CFR 1005.2(m).  Comment 1005.2(m)-3 explains further that an unauthorized EFT includes a transfer initiated by a person who obtained the access device from the consumer through fraud or robbery.  Similarly, when a consumer is fraudulently induced into sharing account access information with a third party, and a third party uses that information to make an EFT from the consumer’s account, the transfer is an unauthorized EFT under Regulation E.

For example, the Bureau is aware of the following situations where a third party has fraudulently obtained a consumer’s account access information, and thus, are considered unauthorized EFTs under Regulation E: (1) a third-party calling the consumer and pretending to be a representative from the consumer’s financial institution and then tricking the consumer into providing their account login information, texted account confirmation code, debit card number, or other information that could be used to initiate an EFT out of the consumer’s account, and (2) a third party using phishing or other methods to gain access to a consumer’s computer and observe the consumer entering account login information.  EFTs stemming from these situations meet the Regulation E definition of unauthorized EFTs.”

6.  If a third-party fraudulently induces a consumer to share account access information, are subsequent transfers initiated with the fraudulently obtained account information excluded from Regulation E’s definition of unauthorized electronic fund transfer because they are initiated “[b]y a person who was furnished the access device to the consumer’s account by the consumer”?

As in the example above, the subsequent transfers were not the intent of the consumer. Even if the consumer authorized one transfer, the intent was for that one transfer, not any additional. Perhaps more to the exact question, any and all transfers that use fraudulently obtained access can be part of a valid EFT claim because there was no intent for the transfers and the consumer received no benefit. So, the CFPB states, “No.  A consumer who is fraudulently induced into providing account information has not furnished an access device under Regulation E.  As explained above in Electronic Fund Transfers Error Resolution: Unauthorized EFTs 3, 4, and 5, EFTs initiated using account access information obtained through fraud or robbery fall within the Regulation E definition of unauthorized EFT.  See Comment 1005.2(m)-3.”

7.  Can a financial institution consider a consumer’s negligence when determining liability for unauthorized EFTs under Regulation E?

The regulation has never allowed a consumer’s negligence to be used in denying a claim of unauthorized use. The Reg commentary even uses the example of a consumer writing their PIN on the card. In that case the claim would still be valid because there was no intended use allowed. Some vendors may offer enhanced liability protections such as zero liability and some of those enhancements may be reduced because of negligence. But the basic requirements of Reg E do not change, only the enhanced protections.

The June FAQ stands, “No.  Regulation E sets forth the conditions in which consumers may be held liable for unauthorized transfers, and its commentary expressly says that negligence by the consumer cannot be used as the basis for imposing greater liability than is permissible under Regulation E.  12 CFR 1005.6; Comment 6(b)-2.  For example, consumer behavior that may constitute negligence under state law, such as situations where the consumer wrote the PIN on a debit card or on a piece of paper kept with the card, does not affect the consumer’s liability for unauthorized transfers under Regulation E.  Comment 1005.6(b)-2.”

8.  If a financial institution’s agreement with a consumer includes a provision that modifies or waives certain protections granted by Regulation E, such as waiving Regulation E liability protections if a consumer has shared account information with a third party, can the institution rely on its agreement when determining whether the EFT was unauthorized and whether related liability protections apply?

This restated response further illustrates that rights granted under Reg E may not be taken away. I will add that there are times a consumer will call and make a claim. Perhaps they are on vacation and a great distance away and when told the card will be canceled and reissued in a few days, they protest. They say they will accept the liability because they cannot be without their card while away. That is not an option. The consumer cannot accept that additional liability because to do so would amount to the bank taking away the consumer’s legal rights.

“No.  EFTA includes an anti-waiver provision stating that “[n]o writing or other agreement between a consumer and any other person may contain any provision which constitutes a waiver of any right conferred or cause of action created by [EFTA].”  15 U.S.C. § 1693l.  Although there may be circumstances where a consumer has provided actual authority to a third party under Regulation E according to 12 CFR 1005.2(m), an agreement cannot restrict a consumer’s rights beyond what is provided in the law, and any contract or agreement attempting to do so is a violation of EFTA.”

9.  If a consumer provides notice to a financial institution about an unauthorized EFT, can the financial institution require that the consumer first contact the merchant about the potential unauthorized EFT before the financial institution initiates its error resolution investigation?

Remember that the consumer has basic requirements to file a claim with the bank, and the bank is required to determine if it was an unauthorized use and to investigate and determine liability. The only things the consumer is required to do is indicate who they are and why they believe their account had an unauthorized transfer. Nothing allows the bank to refuse a claim and impose additional requirements beyond what the EFTA has required.

The CFPB’s response: “No.  A financial institution must begin its investigation promptly upon receipt of an oral or written notice of error and may not delay initiating or completing an investigation pending receipt of information from the consumer.  See Comments 11(b)(1)-2 and 11(c)-2.  For example, in 2019-BCFP-0001, the Bureau found that the practice of requiring a consumer to contact the merchant before initiating an error resolution investigation was a violation of Regulation E.  Similarly, the Fall 2014 edition of Supervisory Highlights discussed instances where examiners found that one or more financial institutions had instructed consumers to contact the merchant instead of promptly initiating an error investigation.”

10.  Do private network rules, such as provisions that a transfer is final and irrevocable, impact whether a P2P credit-push transfer meets the Regulation E definition of unauthorized EFT?

This is a new question and addresses specifically a P2P payment. Many P2P agreements indicate that when a transfer is sent and is based on, for example, a cell phone number, the transfer is completed and not reversible once it is accepted by the recipient. There is no process to reverse the transfer from the recipient. This question emphasizes that the bank’s consumer is protected regardless of any network rules. This is a question demonstrating additional liability on the bank. There is no process requiring the consumer to contact the cell number that received the funds and demand the return of those funds. The bank or P2P vendor may attempt this as a part of the investigation but likely there would be no response from the receiver of the funds, especially if the transfer was part of a fraud transaction.

“No.  Although private network rules and other commercial agreements may provide for interbank finality and irrevocability, they do not reduce consumer protections against liability for unauthorized EFTs afforded by the Electronic Fund Transfer Act.  See 15 USC 1693g(e). Moreover, no agreement between a consumer and any other person may waive any right provided by the EFTA.  See 15 USC 1693l.  Accordingly, any financial institution in this transaction must comply with the error resolution requirements discussed in Electronic Fund Transfers Error Resolution Question 2, as well as the liability protections for unauthorized transfers.”

11.  A fraudster initiates an EFT through a non-bank P2P payment provider that the consumer does not have a relationship with from the consumer’s account with a depository institution. Is the depository institution considered a financial institution with full error resolution obligations under Regulation E?

This is another new and P2P specific question. If a fraudster sets up an account using someone else’s identity and account information, transfers can be valid claims.

The Bureau’s response:

“Yes.  As discussed in Electronic Fund Transfers Coverage: Financial Institutions Question 1, the definition of financial institution includes a bank, savings association, credit union, or any other person that directly or indirectly holds an account belonging to a consumer, or that issues an access device and agrees with a consumer to provide EFT services.  12 CFR 1005.2(i). Here, the account-holding financial institution holds the consumer’s account, and is thus considered a financial institution under Regulation E.  Any entity defined as a financial institution under Regulation E has error resolution obligations in the event that a consumer notifies the financial institution of an error, with limited exceptions.  12 CFR 1005.11.  As discussed in Electronic Fund Transfers Error Resolution: Unauthorized Transfers Question 4, since the transaction is an unauthorized EFT, the depository institution must comply with any applicable liability protections for unauthorized transfers in 12 CFR 1005.6.”

Expectations:

Based on this interpretation in the FAQs regarding P2P transactions and liability, we can expect more examiner scrutiny on any claim pertaining to P2P losses by consumers. Prior to the FAQs many in the industry interpreted the needed “agreement” under 1005.14 to be a specific agreement defining the duties of the P2P vendor and the bank and this could have included liability. It may have also addressed daily transactions limits and many P2P vendors allow greater limits on transactions than banks do. Banks consciously keep daily limits low to protect the consumer’s balances and reduce losses. Exceptions are generally granted upon request and verification by the consumer. With the bank having to bear the burden of claims processing and payment liability the P2P vendor’s transaction limitations now control the amount of losses banks may have.

Under Reg E and the Electronic Fund Transfer Act (EFTA) consumers are granted certain rights. While the bank and a vendor may have separate agreements addressing some of these same rights – such as monetary liability for unauthorized transactions, the consumers rights always stand and may not be adversely limited by any of these agreements. You can always treat a consumer better, but never worse than the law or regulation provides.

In many cases, because of the CFPB’s interpretation pertaining to a broad definition of what an agreement with the bank is, banks will see an increase in liability for Reg E claims involving P2P transfers reported as unauthorized if the banks were pushing these claims to the P2P vendors in the past. If the P2P vendor allows a $1,200 daily limit and the bank has a $400 daily limit, two similar transfers will arrive at the bank in different ways. The P2P vendor will ACH the funds but a consumer would have directly been allowed say only $400 using their debit card. If the transfer is claimed as unauthorized, the bank now has a greater chance of losing $1,200 rather than $350. Remember the consumer typically has liability for the first $50 when an accepted access device is used. An ACH directly from the consumer’s account is not using an accepted access device between the consumer and the bank. It is easy to see how, in an example such as this, losses could grow over prior years.

Recommended Actions:

If the data is readily available, your bank may want to review EFT claims to determine, based on the new guidance, how many and what amount of EFT claims were P2P related in the past year or two and what new liability the bank may have. This may be a budgeting issue that needs to be addressed depending on the volumes you have seen. You must recognize if this will be a complication and how severe it may be.

Bank staff involved in any part of the claims process may require training to recognize P2P claims as valid EFT claims on which the bank is now deemed responsible. Where these may have been referred to the P2P vendor in the past, that may no longer be allowed.

Advise customers of ways to protect themselves – and the bank. Do not write PINs on debit cards. Secure their cell phones. Use multifactor authentication. Review balances and transactions regularly and even advertise services the bank has where it can advise a consumer of their balance and/or large transactions, etc.

When using P2P transfers, the consumer needs to absolutely verify the recipient that funds will be going to is the intended recipient. And watch out for fraudsters. If a consumer will buy hundreds or thousands of dollars in gift cards and send that information to a fraudster, they will certainly take the convenient track and P2P the funds to an unknown person.

For now, we have Reg E guidance that will, for many banks, increase Reg E liability for more valid claims than in the past. Bank management and the industry as a whole will need to determine if these are valid risks banks want to accept, or if the banks want to find other ways to reduce these claims without disadvantaging consumers and certainly without reducing any Reg E rights. Can ACH transfers require sone customer authentication or verification? Can a limit be placed on daily transfers or each transfer over a given amount?

Lastly, determine if this guidance will require any changes to bank policies and procedures and react appropriately.

January 2022 OBA Legal Briefs

  • The FDCPA Regulation—Part 2
  • The CFPB’s Reg E FAQ—Part 1

Don’t Ignore the FDCPA Regulation (Part 2)

By John Burnett

Part 1 of our update on the CFPB’s Regulation F (12 CFR Part 1006), “Fair Debt Collection Practices Act,” appears in our November 2021 Legal Briefs.

False, deceptive, or misleading representations or means

To remain compliant with section 1006.18 of the regulation, debt collectors cannot use any false, deceptive, or misleading representation or means in connection with their collection of any debt.

The regulation provides examples of the things that a compliant debt collector cannot do in paragraphs (b) through (d) of this section.

False, deceptive or misleading representations: Debt collectors must not falsely represent or imply that—

  • they are vouched for, bonded by, or affiliated with federal or state government including through the use of a badge, uniform, or facsimile of a badge or uniform
  • they operate or are employed by a consumer reporting agency (credit bureau)
  • they are attorneys or that any communication is from an attorney
  • the consumer committed any credit or other conduct, in order to disgrace the consumer
  • a sale, referral, or other transfer of any interest in a debt causes or will cause the consumer to:
    • lose any claim or defense to payment of the debt, or
    • become subject to any practice banned by the regulation
  • accounts have been turned over to innocent persons for value
  • documents are legal process
  • documents are not legal process forms or do not required action by the consumer

Debt collectors also must not falsely represent the character, amount, or legal status of any debt, or falsely represent any services rendered, or compensation that may be lawfully received, by the debt collector for the collection of a debt.

Many, many complaints to the CFPB included collectors who had incorrect information about the amount of the debt, and in some cases the debts had already been paid off or settled and no amount was owed. The consumers had to prove to the collector that an aged bill had been paid and this can take a lot of time and effort and the “official loan records” which the collector should have, are really what’s needed. Did the creditor accept payments after a loan was sold?  Did a settled amount not get properly written off? These are issues the consumer can’t easily fix and the collector is not interested in doing because they are interested in collecting money, as perhaps their income depends on how much they bring in. But the collector must know what’s owed.

Debt collectors mustn’t represent or imply that nonpayment of a debt will result in a person’s arrest or imprisonment, or the seizure, garnishment, attachment or sale of a person’s property or wages, unless such action is lawful, and the debt collector or creditor intends to take such action.

False, deceptive, or misleading collection means:

  • Threatening to take any action that cannot legally be taken or that is not intended to be taken (such as threatening to sue when you don’t or won’t sue to collect the debt)
  • Communicating or threatening to communicate to any person credit information that the debt collector knows or should know is false, including the failure to communicate that a disputed debt is disputed.
  • Using or distributing any written communication that simulates or that the debt collector falsely represents to be a document authorized, issued, or approved by any court, official, or agency of the U.S. or any state, or that creates a false impression about its source, authorization, or approval.
  • Using any business, company or organization name other than the true name of the debt collector’s business, company or organization.

False representations or deceptive means. Use of any false representation or deceptive means to collect or attempt to collect a debt or to obtain information concerning a customer is forbidden by the regulation. This is a catch-all that can cover any deceptive tactic that isn’t specifically listed.

For example, in a social media context, it would be a false representation or implication for a debt collector to request to be added as one of a consumer’s contacts or “friends” on a social media platform marketed for social or professional networking purposes if they do not disclose their identity as a debt collector in the request.

Or assume that a debt collector communicates privately with a friend or coworker of a consumer on a social media platform, for the purpose of getting location information about the consumer. The debt collector must identify himself or herself individually by name when communicating for the purpose of acquiring location information. To avoid violating that requirement, the debt collector must communicate using a profile that accurately identifies the debt collector’s individual name. (There is a limited exception for the consistent use of assumed names. See “Use of assumed names” below.) The debt collector also must comply with the other applicable requirements for obtaining location information (e.g., with respect to stating that the debt collector is confirming or correcting location information concerning the consumer and, only if expressly requested, identifying the name of the debt collector’s employer), for communicating with third parties and for communicating through social media.

Initial communication with debtor: A collector must disclose in their initial communication with a consumer that the debt collector is attempting to collect a debt and that any information obtained will be used for that purpose. If the debt collector’s initial communication with the consumer is oral, the debt collector must repeat the disclosure that they are attempting to collect a debt in its initial written communication with the consumer.

In each subsequent communication with the consumer, the debt collector must disclose that the communication is from a debt collector. These disclosures must be in the same language or languages used for the rest of the communication.

Use of assumed names. A debt collector’s employees can use assumed names when communicating or attempting to communicate with a person, but only if the employee uses the assumed name consistently and the debt collector can readily identify any employee using an assumed name.

Unfair or unconscionable means

Debt collectors cannot use unfair or unconscionable means to collect or attempt to collect any debt, including any of the following conduct:

Collection of unauthorized amounts, such as interest, fees, charges or expenses not expressly authorized by the loan note or other agreement creating the debt or permitted by law. Many collectors were in the habit of collecting more than legally permitted, on the theory that excess funds collected could always be returned.

Acceptance or use of postdate payment instruments, such as a check or other instrument post-dated more than five days, unless the consumer is notified in writing of the debt collector’s intent to deposit the check or instrument no more than 10 nor less than 3 days (excluding weekends and legal public holidays) before making the deposit.

Solicitation of post-dated checks or other payment instruments for the purpose of threatening or instituting criminal prosecution (“Give me a post-dated check and I won’t have you arrested.”)

Depositing (or threatening to) any post-dated check before its date (“You gave me four post-dated checks. I will run them all if you don’t come up with a cash payment!”)

Causing charges resulting from concealment of purpose. That’s a fancy way of saying a debt collector can’t pose as a friend or family member to make a collect telephone call to get a consumer to answer the telephone. The word “telegram” is included in this paragraph of the rule just in case someone figures out how to send a collect telegram. There are still ways to make collect phone calls, and they can be expensive for the person who accepts such a call.

Taking or threatening to take any nonjudicial action to effect dispossession or disablement of property if the creditor or debt collector has no current right to take possession of or to disable the property or has no present intention to take possession of it, or the property is exempted by law from dispossession or disablement.

Restrictions on use of certain media. Debt collectors are not allowed to:

  1. Communicate with a consumer about a debt by postcard
  2. Use any language or symbol other than the debt collector’s address, on any envelope when communicating with a consumer by mail (the debt collector’s business name may appear on the envelope if it does not show that the debt collector is in the business of debt collection).
  3. Communicate or attempt to communicate with a consumer by email sent to an email address the debt collector knows is provided to the consumer by the consumer’s employer, unless the consumer has directly given the debt collector prior consent to use that address, or the consumer has sent the debt collector an email from that address and has not subsequently rescinded the expressed or implied consent to use of the address.
  4. Communicate (or attempt to) with a person about collection of a debt through a social media platform if the communication or attempt can be viewed by the public or the person’s social media contacts.

Time-barred debts

Every state has statutes of limitations that prescribe the time limit for bringing a legal action to collect a debt. In some cases, these time limits can vary by the type of debt.

A time-barred debt is one for which the applicable statute of limitations has run or expired.

Under the FDCPA regulation, a debt collector is not allowed to bring or threaten to bring a legal action against a consumer to collect a time-barred debt.

Other prohibitions and requirements

There are miscellaneous other requirements in the regulation that prohibit certain actions and mandate others.

  • 1006.30—Other prohibited practices.
  • 1006.34—Notice for validation of debts.
  • 1006.38—Disputes and requests for original-creditor information.
  • 1006.42—Sending required disclosures.
  • 1006.100—Record retention

Why is this important for bankers?

The Fair Debt Collection Practices Act itself and the FDCPA regulation (Regulation F) are replete with prohibitions against actions that are deemed Unfair, Deceptive, or Abusive, the first three words abbreviated in UDAAP. If a bank were found to engage regularly in the unfair, deceptive, or abusive actions banned in this regulation, it would not be unreasonable for a regulator to bring an enforcement action against the bank under the UDAP provisions of the FTC Act or for the Bureau to bring an action against a large bank for violations of the UDAAP provisions of the Consumer Protection Act of 2010.

The more immediate concern, however, is that a bank that hires an outside debt collection firm has responsibility to verify that firm’s and its collectors’ compliance with the FDCPA and the regulation.

The CFPB’s Reg E FAQ – Part 1

By Andy Zavoina

In one episode of the TV sitcom Big Bang Theory, Leonard asked Sheldon, “What you would be if you were attached to another object by an incline plane wrapped helically around an axis?” And Sheldon answered appropriately, “Screwed.” When I teach Reg E, I typically say more than once that “Reg E is not fair to banks, and it is not meant to be. Reg E is a consumer protection regulation.” But the Electronic Fund Transfers FAQs issued in December 2021 by the Consumer Financial Protection Bureau have taken these protections up a notch. Using its interpretive authority without requesting input from the industry or public, The CFPB has made banks liable for more transactions than in the past, at least based on the common interpretations of the past.

This guidance is in the form of FAQs which the CFPB considers a Compliance Aid. Compliance Aids were introduced in February 2020. Refer to the Federal Register / Vol. 85, No. 17, January 27, 2020, page 4579. The CFPB stated it is not intended that Compliance Aids will bind banks and other entities to new rules. Unlike actual regulations and official interpretations, Compliance Aids are not “rules” under the Administrative Procedures Act.  Instead, Compliance Aids present the requirements of existing rules and statutes in a manner that is useful for those who must comply with the rules as well as the public and others interested in the topics. Compliance Aids can include practical suggestions for how to properly comply with these rules. An FAQ Compliance Aid from the CFPB is simply an explanation of how it connects the dots and interprets an existing rule. It is not new, but it is how those currently in the driver’s seat at the CFPB understand the rule. Again, above all, Reg E, which implements the Electronic Fund Transfer Act, is intended to protect consumers, and the CFPB will read and interpret it from that perspective. It is not intended to be fair to the banks or others.

Now, let’s preview the Reg E FAQs. This December 13, 2021, issuance is an update of the original FAQs on Reg E the CFPB issued on June 4, 2021. It is not all new content. There are four major categories and questions and answers under each.

  • “Coverage: Transactions” is the first section and it contains five new questions and answers. This general topic lays the foundation for interpretations that follow.
  • The second section, “Coverage: Financial Institutions” has four new questions and answers. This section is intended to add clarity as to who the banks and other entities such as “Person to Person” (P2P) vendors are. By defining the roles of these players, we are better able to define the responsibilities of each based on the transactions and relationships between the players.
  • Section three is “Error Resolution,” and it is a general topic. There are four questions and answers, of which two are new to the topic and two were issued in June 2021.
  • The fourth and final section is “Error Resolution: Unauthorized EFTs.” It includes six restated questions and answers from June 2021 and five new ones specific to the topic at hand as Reg E drills into some liability issues particular to P2P payments.

Section two on Coverage is perhaps one of the more controversial. As I read the FAQs the last question is where I annotated “gotcha” in the column. As far back as March 2021 one banker on the BOL threads referred to a conversation with an attorney at the CFPB who opined banks could not displace error resolution responsibilities and liabilities to a P2P third-party vendor as they were believing they could under § 1005.14. And nine months later we received this in print.

Under § 1005.14 a person that provides an electronic fund transfer service to a consumer (think P2P providers like Zell, Venmo, CashApp, etc.) but does not hold the consumer’s account, is subject to the error resolution requirements if the person meets a two-pronged test:

  1. The person issues a debit card (or other access device) that the consumer can use to access the consumer’s account held by a bank, and
  2. The person has no agreement with the account-holding institution regarding such access.

P2P providers often have an agreement directly with a bank to provide services to that bank’s customers. In that case the bank still has Reg E error resolution responsibilities. But when that company is acting on its own it assumes these responsibilities. At least that is how many bankers interpreted the rules.

Under that common understanding, most P2P providers issue logon credentials for access in an app or to a web site such as with a smartphone and this constitutes an access device. Therefore § 1005.14 applies when 1) the service provider offers EFT services and 2) the provider does not have an agreement with the bank who holds the account in question.  So, when a bank consumer customer loans their smartphone to someone who then without authority uses the P2P app to transfer money, the bank simply executed the debit order and sent the funds through the P2P provider to a destination not known by the bank. The P2P provider issued an access device, does not hold the deposit account, and has no agreement to execute such orders with the bank. Section 1005.14 has been used by many banks because of this understanding to refer the harmed consumer to the P2P provider they selected on their own, for satisfaction of a claim.

A. Coverage: Transactions

1. What transactions are covered by the Electronic Fund Transfer Act and Regulation E?

This is new to the FAQ, but the answer provided is not. It is straight out of Reg E, but it must be understood as it is a foundation for most of what follows. Per § 1005.3(a) the answer reminds us this is all about electronic fund transfer requests to a financial institution (FI) to debit or credit a consumer’s account. It applies to checking, savings and other consumer asset accounts, held directly or indirectly by a FI and established primarily for personal, family or household use.

The rules apply to any transfer of funds that is initiated through an electronic terminal, telephone, computer, or magnetic tape for the purpose of ordering, instructing, or authorizing a FI to debit or credit a consumer’s account, 1005.3(b)(1). Here the CFPB states inclusively that Reg E applies to any P2P or mobile payment transaction that meets the definition of EFT, including debit card, ACH, prepaid account and other EFTs to or from a consumer account. So, an EFT to or from a P2P vendor is an EFT to your consumer customer’s account.

2. Can person-to-person or “P2P” payments be EFTs under Regulation E?

This reinforces what was just presented as the short CFPB answer is “Yes.” The specific answer is that in general, yes, so long as the P2P payment meets the definition of an EFT, it is under Reg E.

3. Is a P2P payment that uses the consumer’s debit card to transfer funds considered an EFT?

Short answer, “Yes.” This allows the tying of a debit card to the P2P account and clearly includes such transfers.

4. Is a credit-push P2P payment that transfers funds out out of a consumer’s deposit, prepaid, or mobile account considered an EFT? (The FAQ uses “out” twice.)

Short answer is again, “Yes.” It ties back to the definition of an EFT and this meets that definition while associating the transfer as out of a consumer deposit. It further explains that a credit-push P2P transfer is considered an EFT even if the payment was initiated by a third party that fraudulently obtained access to the consumer’s account. An example is by using login credentials stolen in a data breach or obtained through fraudulent inducement. The credit-push P2P transfer would be considered an unauthorized EFT. The consumer neither did it, authorized it nor benefitted from the EFT and the credentials were obtained fraudulently. Remember, too, that if the access device as defined under 1005.2(a)(1) was not an accepted device, the consumer’s liability under 1005.6(a)-(b) may be eliminated and become the responsibility of the bank.

5.  Is a P2P debit card “pass-through” payment considered an EFT?

Another “Yes” plus the explanation that a “pass-through” payment transfers funds from the consumer’s account held by an external FI to another person’s account held by an external FI.Now the FAQ introduces a third-party P2P vendor. It tells us a “pass-through” payment is initiated through a FI that does not hold a consumer’s account, such as a non-bank P2P provider. It restates the foundational question and answer 1 above, that Reg E applies to any EFT that authorizes a debit or credit from a consumer’s account. Therefore, debit card “pass through” payments are EFTs.

B. Coverage: Financial Institutions

In this section the FAQ better defines who the financial institution players are to assist in defining liability and responsibility.

1. What is a financial institution under EFTA and Regulation E?

 Simply put it includes banks, savings associations, credit unions, and:

any other person that directly or indirectly holds an account belonging to a consumer, or

any other person that issues an access device and agrees with a consumer to provide electronic fund transfer (EFT) services.

This includes providers of P2P payment and bill payment services if they directly or indirectly hold an account belonging to a consumer, or if they issue an access device and agree with a consumer to provide EFT services.

So far so good, except that more of the answer clarifies how the P2P provider may become liable itself (it states essentially the two-pronged test under 1005.14), and then how that liability can revert to the FI based on another agreement. It states, “In narrow circumstances, a financial institution can also be considered a “service provider” under Regulation E. A financial institution who provides EFT services to a consumer but does not hold the consumer’s account is a service provider under Regulation E if the financial institution: (1) issues an access device that the consumer can use to access the account and (2) no agreement exists between the access device-issuing financial institution and the account-holding financial institution.  12 CFR 1005.14(a).  The automated clearing house (ACH) rules alone do not generally constitute an agreement for purposes of whether a financial institution meets the definition of “service provider” under Regulation E. However, an ACH agreement combined with another agreement to process payment transfers – such as an ACH agreement under which members specifically agree to honor each other’s debit cards – is an “agreement,” and thus section 1005.14 does not apply. Comment 14(a)-2.” So, the ACH agreement, plus another agreement such as acceptance of each other’s debit cards is sufficient to eliminate the § 1005.14 exception.

In the past many have interpreted that second agreement as one being between the P2P provider and the bank such as when the bank is endorsing and using Zelle. That would eliminate that § 1005.14 exception, but the CFPB tells us that both accepting each other’s debit cards, as an example, constitutes that agreement regardless of specific terms as to liability.

2. Can non-bank P2P payment providers be considered financial institutions under Regulation E?

The CFPB says, “Yes” as expected and refers to what is defined as a FI. It goes on to explain that the FI has certain responsibilities, as it states that even, “non-account-holding providers of P2P payment or bill payment services are considered covered financial institutions under Regulation E if the provider issues an access device and agrees with a consumer to provide EFT services. 12 CFR 1005.2(i).  For example, a P2P provider may enter into an agreement with a consumer for a mobile wallet that the consumer can use to initiate debit card transactions from their external bank account to another person’s external bank account.

Any entity defined as a financial institution under Regulation E has error resolution obligations in the event that a consumer notifies the financial institution of an error, with limited exceptions.”

3. If a non-bank P2P payment provider initiates a debit card “pass-through” payment from the consumer’s account held by a depository institution to a different person’s account at another institution, is the non-bank P2P payment provider considered a financial institution under Regulation E?

Response from the CFBP is “generally yes.” It references the definitions of what is an FI and states that “an entity, including a non-bank P2P payment provider, enters into an agreement with a consumer to provide EFT services and issues an access device, and initiates a debit card “pass-through” payment, then that entity would be covered as a financial institution under Regulation E.  Any entity defined as a financial institution under Regulation E has error resolution obligations in the event that a consumer notifies the financial institution of an error. So, we still can read that when there is liability for unauthorized EFTs, the FI will hold liability. But at this point we commonly have the bank, which is an FI, and a P2P provider, which can be an FI. The key to liability is that the bank is liable unless 1005.14 and the two-pronged test can come into play.

4.  If a consumer uses a non-bank P2P payment provider to initiate a debit card “pass-through” payment from the consumer’s account held by a depository institution, is the depository institution considered a financial institution under Regulation E, even though the transfer was initiated through the non-bank P2P payment provider?

The answer is Yes, and this has the definitive “Gotcha.” The bank holding the deposit account has full Reg E error resolution responsibilities as there is a narrow circumstance that redirect those responsibilities when 1005.14 applies. This exception is not applicable when there is an ACH agreement combined with another agreement to process payment transfers – such as an ACH agreement under which members specifically agree to honor each other’s debit cards. This constitutes an “agreement,” and 1005.14 does not apply. Comment 14(a)-2.

Conclusively, the FAQ states, where an EFT is initiated through a non-bank P2P payment provider using a consumer’s debit card information, the P2P provider and the account-holding financial institution are parties to an agreement to honor each other’s debit cards – the debit card network rules – and the service provider provision in 12 CFR 1005.14 does not apply.  The account-holding financial institution has full error resolution responsibilities.

5.  I know many bankers will state that the card acceptance issue is not an agreement per se with the P2P provider and liability is not addressed, plus the P2P provider controls the daily limits that are here said to be the bank’s liability. That is all true but again, the CFPB is protecting the consumer and looking at the raw definitions. Until the industry can come to terms on the specifics to an “agreement,” banks will have the responsibility in most P2P disputes. Remember too, that a bank may not reduce any consumer rights afforded by the EFTA and Reg E. It may have other agreements with vendors, but the consumer’s rights may not be diminished.

The final two sections of the Reg E FAQs and recommended actions will be covered in next month’s Legal Briefs.

 

December 2021 OBA Legal Briefs

  • 2022 to-dos today
  • New year, new rule—Computer-security incident notification
  • Foreclosure forbearance reminder
[Editor’s note: Due to the timeliness of this months articles, Part 2 of last month’s article on the new Fair Debt Collection Practice Act regulation will appear in our January 2022 Legal Briefs.]

_________________________________

2022 to-dos today

By Andy Zavoina

It is hard to believe that we are at the end of the year so soon. On the other hand, it seems like 2021 has lasted two years already. Still, we have worked through most of a pandemic but started bringing many if not all workers back into the branches, as well as our customers and soon we may expect examiners. It is time to get ready for 2022 and that means some of the light housekeeping may be in order. Let’s review some of your annual compliance chores to ensure they are tidy and cared for.

Security, Annual Report to the Board of Directors § 208.61 – The Bank Protection Act requires that your Security Officer report at least annually to the board of directors on the effectiveness of the security program. The substance of the report must be reflected in the minutes of the meeting. The regulations don’t specify if the report must be in writing, who must deliver it, or what information should be in the report. It is recommended that your report span three years and include last year’s historical data, this year’s current data and projections for the next year.

Similar to compliance reporting to the board, this may include a personal presentation, or it may not. I recommend that it is, as it is an opportunity to express what is being done to control what has happened as well as foreseeable events and why, as that can assist you in getting the budget and assets necessary in the coming year. While the year end is not necessarily the most desirable time to make such a presentation, take whatever time you do get and use it wisely. Annual presentations such as this are better done when the directors can focus more on the message so try to avoid quarter ends, and especially the fourth quarter. This is not a “how-to” on the annual security report, but you can find more on the topic, free, on the BankersOnline Tools by searching on “annual security program.”

Regulation O, Annual Resolution §§ 215.4, 215.8 – In order to comply with the lending restrictions and requirements of 215.4, you must be able to identify the “insiders.” Insider means an executive officer, director, or principal shareholder, and includes any related interest of such a person. Your insiders are defined in Reg O by title unless the Board has passed a resolution excluding certain persons. You are encouraged to check your list of who is an insider, verify that against your existing loans, and ensure there is a notification method to keep this list updated throughout the year.

Reg BB (CRA), Content and availability of Public File § 228.43 – Your Public Files must be updated and current as of April 1 of each year. Many banks update continuously, but it’s good to check. You want to ensure you have all written comments from the public from the current year plus each of the two prior calendar years. These are comments relating to the bank’s efforts in meeting community credit needs (your SBA loans may play a key role here) as well as any responses to comments. You also want a copy of the last public section of the CRA Performance Evaluation. That must be placed here within 30 days of receipt. Ensure you are keeping up with branch locations and especially ATMs, as those may change. The regulation has more on the content of this file. It may be best to review it with an audit workpaper to use as a checklist to avoid missing any required items.

CRA Notice and Recordkeeping  § 228.42, 228.44, 1003.5 – CRA data, which can include small business and small farm as well as home mortgages are gathered based on specific reporting requirements for the Loan Application Registers (LAR). CRA and HMDA information, if applicable, must be submitted by March 1, for the prior calendar year. If you are a reporter of either LAR you should start verifying the data integrity now to avoid stressing the process at the end of February. HMDA mortgage data should be compiled quarterly so this should not be a huge issue, but a thorough scrubbing as the new year starts and submission preparation readies is always warranted.

Pertaining to this, national banks should ensure they have reviewed and updated as needed the CRA, FHA and ECOA notices in accordance with the Aug. 5, 2021, OCC Bulletin 2021-35. This bulletin provided updated content for the appropriate names and addresses for notices required by the Community Reinvestment Act and Equal Credit Opportunity Act, and for posters under the Fair Housing Act. National banks were required to make the appropriate changes to their notices and posters within 90 days of the issuance which then had a mandatory compliance date of Nov. 3, 2021.

Fair Credit Reporting Act – FACTA Red Flags ReportSection VI (b) (§ 334.90) of the Guidelines (contained in Appendix J) require a report at least annually on your Red Flags Program. This can be reported to either the Board, an appropriate committee of the Board, or a designated employee at the senior management level.

This report should contain information related to your bank’s program, including the effectiveness of the policies and procedures you have addressing the risk of identity theft in connection with the opening of covered accounts and with respect to existing covered accounts, as well as service provider arrangements, specifics surrounding and significant incidents involving identity theft plus management’s response to these and any recommendations for material changes to the bank’s program. Times change, customers habits change, and importantly criminals change and each may require tweaks to the bank’s program.

Reg E § 1005.8– If your consumer customer has an account to or from which an electronic fund transfer can be made, an error resolution disclosure is required. There is a short version that you may have included with each periodic statement. If you’ve used this, you are done with this one. But if you send the longer version that is sent annually, it is time to review it for accuracy and ensure it has been sent or is scheduled to be. Electronic disclosures under E-SIGN are allowed here.

This is also a good time to review §1005.7(c) (additional electronic fund transfer services) and determine if any new services have been added and if they were disclosed as required. Think Person-to-Person transfers like Zelle, Venmo or Square. These require disclosure and inaccurate disclosures may affect your claims processing.

HMDA Notice and Recordkeeping § 1003.4, 1003.5 – HMDA data are gathered as home mortgage loans are applied for and are compiled quarterly if your bank is a HMDA reporter. There are specific and detailed reporting requirements for the Loan Application Register (LAR) itself. The LAR must be submitted by March 1 for the prior calendar year. If you are a reporter, you should start verifying the data integrity now and this is of vital importance if you have a large volume of records to report. When a systemic error is found it can be very time consuming to scrub all files for errors and correct them.

Annual MLO Registration § 1007.102 – Mortgage Loan Originators must go to the online Registry and renew their registration. This is done between November 1 and December 31. If this hasn’t been completed, don’t push it to the back burner and lose track during the holidays and then have to join a year-end rush to complete this task. This is also a good time to plan with management and Human Resources any MLO bonus plans. Reg Z Section 1026.36(d)(1)(iv)(B)(1) allows a 10 percent aggregate compensation limitation on total compensation which includes year-end bonuses.

Reg P § 1016.5 –There are exceptions allowing banks which meet certain conditions to forgo sending annual privacy notices to customers. The exception is generally based on two questions, does your bank share nonpublic personal information in any way that requires an opt-in under Reg P, and have you changed your policies and practices for sharing nonpublic personal information from the policies and procedures you routinely provide to new customers? Not every institution will qualify for the exception, however. John Burnett wrote about the privacy notice conundrum in the July 2017 Legal Briefs. That article has more details on this.

When your customer’s account was initially opened, you had to accurately describe your privacy policies and practices in a clear and conspicuous manner. If you don’t qualify for the exception described above, you must repeat that disclosure annually as well. Ensure that your practices have not changed and that the form you are sending accurately describes your practices.

For Reg P and the Privacy rules, annually means at least once in any period of 12 consecutive months during which that relationship exists. You may define the 12-consecutive-month period, but you must apply it to the customer on a consistent basis, so this is not necessarily a December or January issue, but it could be. And each customer does not have their own “annual date.” If a consumer opens a new account with you in February, you provide the initial privacy notice then. That is year one. You can provide the annual privacy notice for year two at any time, up until December 31 of the second year.

It is important to note that unlike most other regulatory requirements, Reg P doesn’t require E-SIGN compliance for your web-based disclosures. You can use e-disclosures on your bank website when the customer uses the website to access financial products and services electronically and agrees to receive notices at the website, and you post your current privacy notice continuously in a clear and conspicuous manner on the website. So, the demonstrable consent requirements and others in E-SIGN’s 15 USC Sect. 7001(c) do not apply, but there must still be acceptance to receive them on the web. Alternatively, if the customer has requested that you refrain from sending any information regarding the customer relationship and your current privacy notice remains available to the customer upon request this method is acceptable.

Fair Credit Reporting Act – Affiliate Marketing Opt-Out § 1022.27(c) – Affiliate marketing rules in Reg V place disclosure restrictions and opt out requirements on you. Each opt-out renewal must be effective for a period of at least five years. If this procedure is one your bank is using, you must know if there are there any expiration dates for the opt-outs and have these consumers been given an opportunity to renew their opt-out?

Annual Escrow Statements § 1024.17 – For each escrow account you have, you must provide the borrower(s) an annual escrow account statement. This statement must be done within 30 days of the completion of the escrow account computation year. This need not be based on a calendar year. You must also provide them with the previous year’s projection or the initial escrow account statement, so they can review any differences. If your analysis indicates there is a surplus, then within 30 days from the date of the analysis you must refund it to the borrower if the amount is greater than or equal to $50. If the surplus is less than that amount, the refund can be paid to the borrower, or credited against the next year’s escrow payments.

Reg Z Thresholds and Updates § 1026.00– These changes are effective January 1, 2022. You should ensure they are available to staff or correctly hard coded in your systems:

  • For open-end consumer credit plans under TILA, the threshold that triggers requirements to disclose minimum interest charges will remain unchanged at $1.00
  • For open-end consumer credit plans under the CARD Act amendments to TILA, the adjusted dollar amount in 2022 for the safe harbor for a first violation penalty fee will increase to $30 and the adjusted dollar amount for the safe harbor for a subsequent violation penalty fee will increase to $41
  • For HOEPA loans, the adjusted total loan amount threshold for high-cost mortgages in 2022 will be $22,969.
  • The adjusted points-and-fees dollar trigger for high-cost mortgages in 2022 will be $1,148.
  • For qualified mortgages (QMs) under the General QM loan definition in § 1026.43(e)(2), the thresholds for the spread between the annual percentage rate (APR) and the average prime offer rate (APOR) in 2022 will be:
    • 2.25 or more percentage points for a first lien covered transaction with a loan amount greater than or equal to $114,847
    • 3.5 or more percentage points for a first lien covered transaction with a loan amount greater than or equal to $68,908 but less than $114,847
    •  6.5 or more percentage points for a first lien covered transaction with loan amount less than $68,908
    • 6.5 or more percentage points for a first lien covered transaction secured by a manufactured home with a loan amount less than $114,847
    • 3.5 or more percentage points for a subordinate-lien covered transaction with a loan amount greater than or equal to $68,908
    • 6.5 or more percentage points for a subordinate-lien covered transaction with a loan amount less than $68,908
  • For all categories of QMs, the thresholds for total points and fees in 2022 will be:
    • 3 percent of the total loan amount for a loan greater than or equal to $114,847
    • $3,445 for a loan amount greater than or equal to $68,908 but less than $114,847
    • 5 percent of the total loan amount for a loan greater than or equal to $22,969 but less than $68,908
    • $1,148 for a loan amount greater than or equal to $14,356 but less than $22,969
    • 8 percent of the total loan amount for a loan amount less than $14,356
  • For Higher Priced Mortgage Loans (HPMLs), the special appraisal requirement exemption amount will be $28,500
  • The consumer lease (Reg M) and consumer credit transaction (Reg Z) exemption thresholds will be $61,000.

BSA Annual Certifications – Your bank is permitted to rely on another financial institution to perform some or all the elements of your CIP under certain conditions.  The other financial institution must certify annually to your bank that it has implemented its AML program. Also, banks must report all blockings to OFAC within ten days of the event and annually by September 30, concerning those assets blocked as of June 30.

Information Security Program part of GLBA – Your bank must report to the board or an appropriate committee at least annually. The report should describe the overall status of the information security program and the bank’s compliance with regulatory guidelines. The reports should discuss material matters related to the program, addressing issues such as: risk assessment; risk management and control decisions; service provider arrangements; results of testing; security breaches or violations and management’s responses; and recommendations for changes in the information security program.

IRAs, IRS Notice 2002-27  If a minimum distribution is required from an IRA for a calendar year and the IRA owner is alive at the beginning of the year, the trustee that held the IRA on the prior year-end must provide a statement to the IRA owner by January 31 of the calendar year regarding the required minimum distribution.

Training – An actual requirement for training to be conducted annually is rare, but annual training has become the industry standard and may even be stated in your policies. There are six areas that require training (this doesn’t mean you don’t need other training, just that these regulations have stated requirements).

  • BSA (12 CFR §21.21(c)(4) and §208.63(c)(4) Provide training for appropriate personnel.
  • Bank Protection Act (12 CFR §21.3(a)(3) and §208.61(c)(1)(iii)) Provide initial & periodic training
  • Reg CC (12 CFR §229.19(f) Provide each employee who performs duties subject to the requirements of this subpart with a statement of the procedures applicable to that employee)
  • Customer Information Security found at III(C)(2) (Pursuant to the Interagency Guidelines for Safeguarding Customer Information), training is required. Many banks allow for turnover and train as needed, imposing their own requirements on frequency.)
  • FCRA Red Flag (12 CFR 222.90(e)(3)) Train staff, as necessary, to effectively implement the Program;)
  • Overdraft protection programs your bank offers. Employees must be able to explain the programs’ features, costs, and terms, and to explain other available overdraft products offered by your institution and how to qualify for them. This is one of the “best practices” listed in the Joint Guidance on Overdraft Protection Programs issued by the OCC, Fed, FDIC and NCUA in February 2005 (70 FR 9127, 2/24/2005), and reinforced by the FDIC in its FIL 81-2010 in November 2010.

Miscellany – Some miscellaneous items you may address internally in policies and procedures include preparation for IRS year-end reporting, vendor due diligence requirements including insurance issues and renewals, documenting ORE appraisals and sales attempts, risk management reviews, records retention requirements and destruction of expired records, and a designation by the bank’s board of the next year’s holidays. And last but not least, has there been a review of those staffers who have not yet taken vacation or “away time” to the five consecutive business days per the Oklahoma Administrative Code 85:10-5-3 “Minimum control elements for bank internal control program”?

New year, new rule – Computer-security incident notification

By Andy Zavoina

On November 18, 2021, there was a joint release by the OCC, FDIC and the Federal Reserve concerning a new rule intended to close a gap on computer-security incident reporting requirements. The new final rule does several things. Succinctly, a bank will have 36 hours to report certain computer related security incidents to its prudential regulator. That sounds like a tight time frame, and it is, but the 79-page final rule provides a lot more details. We will leave it to the group within your bank to slice and dice the details, but we wanted to give you a detailed overview of these new requirements so that it can be discussed intelligently and planned for accordingly.

As FDIC Chairman Jelena McWilliams put it, the rule “addresses a gap in timely notification to the banking agencies of the most significant computer-security incidents affecting banking organizations.” For many years banks have been tasked with reporting computer related security incidents to its regulator whether that be a formal requirement or in informal one. This final rule has a mandatory compliance date of May 1, 2022. Preparations for compliance will therefore be mixed with still working through the pandemic, the holiday season, CRA and HMDA scrubs and all things IRA and IRS. There is a lot to do in the next five months.

The new requirements are imposed not just on your bank to report to its federal regulator, but on certain of the bank’s service providers to report incidents to you. This allows the bank to then make a determination as to whether or not it must then in turn report up the food chain to its regulator, the OCC, FDIC or Fed.

So, let’s get to the nitty gritty.

When: The bank must notify its federal regulator as soon as possible and not later than 36 hours after determining a “notification incident” has occurred.

The rule separately requires your service providers to notify your bank as soon as possible when the service provider determines it has experienced “a computer-security incident that has caused, or is reasonably likely to cause, a material service disruption or degradation for four or more hours.”

You may be questioning the service provider’s timing requirement of “as soon as possible.” Read that to include a sense of urgency. The proposal wanted immediate notification but that is a very high benchmark and virtually impossible to follow. Timing is something the bank should discuss with its providers in advance, as well as whether there will be a designated point of contact with a back-up named, or if by default the contact is the chief executive or chief information officer or a comparable position.

What: The focus here is broadly described as “computer-security incident that materially disrupts or degrades, or is reasonably likely to materially disrupt or degrade, covered services provided by a bank service provider.”

The final rule attempts to partially synchronize the definition of a computer-security incident with an existing definition from the National Institute of Standards and Technology (NIST). The final rule defines “computer-security incident” as an occurrence that results in actual harm to an information system or the information contained within it.  Computer related incidents “may include major computer-system failures; cyber-related interruptions, such as distributed denial of service and ransomware attacks; or other types of significant operational interruptions.”

As defined in the final rule, a notification incident is a computer-security incident that has materially disrupted or degraded, or is reasonably likely to materially disrupt or degrade, a banking organization’s: (i) ability to carry out banking operations, activities, or processes, or deliver banking products and services to a material portion of its customer base, in the ordinary course of business; (ii) business line(s), including associated operations, services, functions, and support, that upon failure would result in a material loss of revenue, profit, or franchise value; or (iii) operations, including associated services, functions and support, as applicable, the failure or discontinuance of which would pose a threat to the financial stability of the United States.”

There is obviously a lot in the final rule, and it may depend on your actual involvement in the IT area as to how deep your role will go. There will obviously be several subject matter experts involved in the task of compiling a risk strategy prior to completing any policy and procedures for compliance with the rule.

Why: The bank is required to notify its regulator within such a short period because the intent is to promote early awareness of the threat and the fact that others in the industry may be subject to similar threats. If there is a broader risk, it must be immediately addressed. This is the same reason a service provider is required to notify its bank customer – so that the bank can determine the risk to itself and the banking customers. A notification from a service provider may trigger a bank’s notification to its regulator.

This is separate from the requirements on the bank to address potential exposure or the actual loss of customer information and the reporting requirements that are triggered from that.

Practical Application: The bank needs to define some critical examples of the incidents it could foresee and ensure that there is room for interpretation as technology and attacks on it vary and change with time. The service providers fitting into these critical roles are those subject to the Bank Service Company Act. You may refer to 12 USC 18 Bank Service Companies as well as FIL-49-99 Required Notification for Compliance with the Bank Service Company Ac and FIL-19-2019 Technology Service Provider Contracts for more on who is subject to the rule and the responsibilities of the parties involved. If not referenced in contracts with these service providers already, amended and future contracts may mandate notifications requirements for qualified incidents.

Of importance is defining the moment that the 36-hour window opens is when the bank determines that a notification incident has occurred. The proposal started this clock when there was a “good faith belief” so the bank will want to best define these terms based on the descriptions and examples in the final rule. It is recommended the bank use clear procedures to evaluate the risk of any system compromise or failure that qualifies.

Because the final rule is targeted toward an occurrence that results in actual harm to an information system or the information contained within it, material incidents such as systems failures and the ever-increasing threat of ransomware attacks are an instigator for these rules. If your bank has insurance against ransomware attacks you may incorporate procedures associated  with that with procedures for the new rules. Pay attention to the term “actual harm” as that was a key variation from the proposal. The NIST definition was broader and the regulators wanted to narrow the reportable incidents to those that actually occurred. The regulators expressed that the changes were made to “narrow the focus of the final rule to those incidents most likely to materially and adversely affect banking organizations.” One example was a large-scale distributed denial of service attack that disrupts customer account access for an extended period of time, meaning longer than four hours.

Foreclosure forbearance reminder

By Andy Zavoina

The CFPB is all about protecting consumers and that point was reiterated in a November 10, 2021, release, “CFPB Takes Action to Prevent Avoidable Foreclosures.”

The Bureau announced that working in concert with other agencies (the FDIC, NCUA, OCC and others) they were prepared to enforce the protections in place for families and homeowners who are at risk of losing their homes. Protections were put in place to provide alternatives to foreclosure, and there are an estimated one million home loans with forbearance programs put in place due to COVID-19 which are due to expire at the end of 2021.

CFPB Director Rohit Chopra  said, “Failures by mortgage servicers and regulators worsened the impact of the economic crisis a decade ago…. Regulators have learned their lesson, and we will be scrutinizing servicers to ensure they are doing all they can to help homeowners and follow the law.” The agencies mentioned above issued a joint statement in April 2020 advising they would relax enforcement of Reg. X because of the pandemic. The recent statement is clear that lenders and servicers have had ample opportunity to adapt and the requirements of Reg. X all apply at this time.

It reminds servicers there needs to be attention to the borrower’s needs. Borrowers need a meaningful chance at loss mitigation programs, not lip service. This means the servicer must have adequate staff to handle the accounts and to communicate to borrowers what may be available to them. There are many options available for streamlined loss mitigation programs and servicers should be familiar with what is available to qualified applicants. There should be consistency in who is communicating with a borrower and efforts to avoid unnecessary handoffs and disqualification from a program followed by option to start a new process for some alternative program with someone else.

Those borrowers ending a forbearance program should also be allowed to resume scheduled payments. Determine if most or all of any missed payments can be deferred to the end of the current Note obligation under a deferral agreement. If needed, explore options to modify an existing loan and lower their payments if necessary and if feasible. Lastly, in many areas it is a sellers’ market and it may be an option that allows them to lessen any loss of equity in their home.  Your efforts at avoiding foreclosure should be well documented.

It is recommended that a pre-foreclosure checklist be used to ensure all the banks records are in order before a home is put into a foreclosure process. Document efforts to avoid foreclosure, to find loss mitigation programs, modifications available, deferral amounts and the borrower’s ability to maintain any restructuring that could be done. Then verify that all the bank’s disclosures required for the loan (think TRID and Reg B) were complete and accurate. If there are any deficiencies, consider how material they may be and if a plaintiff’s attorney could take advantage of them. Then, and only then, act accordingly.

 

November 2021 OBA Legal Briefs

  • Don’t ignore the FDCPA regulation coming November 30 (Part 1)
  • New Stuff on Legal Links

Don’t ignore the FDCPA regulations

By John S. Burnett
The Consumer Financial Protection Bureau’s revisions to Regulation F become effective on November 30, 2021, less than a month from now. While on their face the rules in Reg F will apply to debt collectors who collect debts owed to other parties, there is plenty to be concerned about in the Fair Debt Collection Practices Act itself and in revised Reg F for first-party creditors, including banks, who handle their collection of debts owed to them in-house.

But first, some background.

The current rule

Until May 3, 2021, the current CFPB regulation implementing the Fair Debt Collection Practices Act (FDCPA, 15 U.S.C. 1692 et seq.) did not actually implement the statute. As originally written, the FDCPA did not provide for implementing regulations at all. Instead, the Federal Trade Commission was given enforcement authority, and any violation of the FDCPA was deemed an unfair or deceptive act or practice (UDAP) in violation of the Federal Trade Commission Act. The Federal Reserve Board, Office of the Comptroller of the Currency, and the Federal Deposit Insurance Corporation were given enforcement powers under the Federal Deposit Insurance Act, and the National Credit Union Administration was assigned enforcement responsibilities under the Federal Credit Union Act. Similar enforcement powers were granted to the Secretaries of Transportation and Agriculture.

Until May 3, 2021, 12 CFR Part 1006 (Regulation F), dealt only with procedures and criteria for states to apply to the Bureau for exemption of a class of debt collection practices within the applying state from the provisions of the FDCPA.

Subpart B added

On April 22, 2021, the CFPB published an interim final rule to add Subpart B to the regulation, with § 1006.9 (Debt Collection Practices in Connection with the Global COVID-19 Pandemic), which became effective May 3, 2021. This addition was made without the usual proposal, comment period, and final rule steps required under the Administrative Procedures Act due to the immediacy of the concerns the new section was issued to address.

Section 1006.9’s purpose is “to eliminate certain abusive debt collection practices by debt collectors related to the global COVID-19 pandemic, to ensure that debt collectors who refrain from using such abusive debt collection practices are not competitively disadvantaged, and to promote consistent State action to protect consumers against such debt collection abuses.” It remains effective during the effective period of the order issued by the Centers for Disease Control and Prevention titled Halt in Residential Evictions to Prevent the Further Spread of COVID–19 (86 FR 16731 (Mar. 31, 2021)), as extended. That order has expired, so Section 1006.9 is no longer effective.

The CFPB overhaul of Reg F

The Consumer Financial Protection Act of 2010 (CFPA, 12 U.S.C. 5561 et seq.), the portion of the Dodd-Frank Act that gave life to the Consumer Financial Protection Bureau and transferred the authority and responsibility for issuing regulations under a number of consumer protection statutes, included the FDCPA among the statutes for which the Bureau “may prescribe rules with respect to the collection of debts by debt collectors.”

The CFPB also has rulemaking authority to issue regulations for providers of financial products and services with regard to activity deemed by the Bureau to be “unfair, deceptive or abusive acts or practices” (UDAAP).

In May 2019, the Bureau issued proposed rules to implement provisions of the FDCPA. See 84 FR 23274. There was a comment period of 90 days.

The Bureau followed by issuing two final rules. The first (see 85 FR 76734 published on November 30, 2020 completely revised and reissued Regulation F, moving the existing provisions on state exemption applications to a new § 108 in a new Subpart D and new Appendix A. The second rule (see 87 FR 5766 published on January 19, 2021, finalized required disclosures by debt collectors and prohibited threats of suits or suits to collect time-barred debts under applicable statutes of limitations. The second rule also requires certain actions by debt collectors before furnishing information on a consumer’s debt to a consumer reporting agency.

Effective dates

Both of these final rules were to take effect on November 30, 2021. However, on April 19, 2021, the Bureau proposed delaying that date 60 days, to January 29, 2022. That proposal was withdrawn on July 30, 2021, leaving the effective date on November 30, 2021.

Frequently asked questions released

On October 1, 2021, the Bureau released frequently asked questions on limited-content messages and the call frequency provisions in the Debt Collection Rule. On October 29. 2021, additional FAQs were added to that document to address the validation information provisions in the Rule. As the Bureau compiles additional FAQs on the Rule, they will add them to the current FAQ document. You should check the link periodically to ensure you have the most current guidance from the CFPB.

Structure of the rule

The Regulation is set out in four subparts and three appendices (and Official Interpretations)—

• Subpart A includes the usual references to the legal authority for the regulation, its purpose and coverage. Persons covered by the rule include debt collectors, as defined in § 1006.2, except for motor vehicle dealers that are predominately engaged in the sale and/or leasing and servicing of motor vehicles.

• Subpart B comprises the substantive provisions of the regulation, providing rules for debt collectors. Much of this section of the rule focuses on communications.

• Subpart C is reserved.

• Subpart D includes miscellaneous requirements such as record retention, the relationship of the rule to state laws, and the provisions for state applications for exemption from portions of the regulation (due to similar state law requirements).

• Appendix A includes more detailed information and requirements for states seeking exemptions from portions of the regulation

• Appendix B includes Model Forms for compliance with the regulation

• Appendix C addresses the Bureau’s issuance of advisory opinions concerning the regulation (one such opinion was published at 81 FR 71977 on October 19. 2016

• Supplement I comprises Official Interpretations of the regulation by the CFPB. In the BankersOnline.com Regulations pages for Regulation F, these interpretations are broken out and included after the sections or paragraphs of regulatory text they interpret.

Applicability: “Debt collector”

Section 1006.2(a)(1) defines the term debt collector as “any person who uses any instrumentality of interstate commerce or mail in any business the principal purpose of which is the collection of debts, or who regularly collects or attempts to collect, directly or indirectly, debts owed or due, or asserted to be owed or due, to another. … the term debt collector includes any creditor that, in the process of collecting its own debts, uses any name other than its own that would indicate that a third person is collecting or attempting to collect such debts. For purposes of § 1006.22(e), the term also includes any person who uses any instrumentality of interstate commerce or mail in any business the principal purpose of which is the enforcement of security interests.”

Does that make your bank a debt collector? It’s clear that if your bank does collection work on debts owed to someone else, your bank is a debt collector subject to the regulation. There are some technical exceptions, which we’ll review in a moment. Does your bank, when collecting its own debts, use any name other than its own in its communications that might suggest it is using a third person to collect its debts? If so, the language in bold text in the definition above should concern you, because using that other name pulls the bank directly under the regulation’s requirements.

What are the exceptions? Paragraph 1006.2(it)(2) lists exceptions to the debt collector definition.

(i) Any officer or employee of a creditor while the officer or employee is collecting debts for the creditor in the creditor’s name;

(ii) Any person while acting as a debt collector for another person if:

(A) The person acting as a debt collector does so only for persons with whom the person acting as a debt collector is related by common ownership or affiliated by corporate control; and

(B) The principal business of the person acting as a debt collector is not the collection of debts;

(iii) Any officer or employee of the United States or any State to the extent that collecting or attempting to collect any debt is in the performance of the officer’s or employee’s official duties;

(iv) Any person while serving or attempting to serve legal process on any other person in connection with the judicial enforcement of any debt;

(v) Any nonprofit organization that, at the request of consumers, performs bona fide consumer credit counseling and assists consumers in liquidating their debts by receiving payment from such consumers and distributing such amounts to creditors;

(vi) Any person collecting or attempting to collect any debt owed or due, or asserted to be owed or due to another, to the extent such debt collection activity:

(A) Is incidental to a bona fide fiduciary obligation or a bona fide escrow arrangement;

(B) Concerns a debt that such person originated;

(C) Concerns a debt that was not in default at the time such person obtained it; or

(D) Concerns a debt that such person obtained as a secured party in a commercial credit transaction involving the creditor; and

(vii) A private entity, to the extent such private entity is operating a bad check enforcement program that complies with section 818 of the Act.

Consider paragraph (ii) in bold print in that list. Can a holding company or affiliate do debt collection on behalf of its subsidiary banks or other affiliates? It would seem so, but the exemption would not apply if the affiliate’s principal business is debt collection.

Be wary of the reach of UDAAP

Any violation – by anyone collecting debts – of the requirements of Regulation F can be deemed an Unfair, Deceptive, or Abusive Act or Practice (UDAAP), even when the person doing the debt collection is collecting its own debts.

Prior to Dodd-Frank in 2010, the FTC primarily enforced the FDCPA and UDAP and there was often a cross-over. The FTC reported common tactics debt collectors would use included telling a debtor they had committed a crime like check fraud, and unless they paid the debt, they could be arrested, be sued, have their wages garnished and go to jail. Many collectors harassed debtors, even after being provided with evidence that the debts had already been paid off. Some would illegally contact family, friends, and employers about the past due debts. So, the final rule is very much about communications in connection with debt collection and prohibitions on harassment or abuse, false or misleading representations, and unfair practices in debt collection.

Let’s connect the dots. If your bank did something deemed unfair or abusive in the way it communicated with a borrower, and the FDCPA or Regulation F said it was a UDAAP issue, could an examiner say the bank, while not subject to FDCPA, is subject to UDAAP/UDAP and it did something categorized as a UDAAP/UDAP violation? It’s easy to see that connection.

And, of course, there is the always-present requirement for vendor due diligence if the bank has a third party collecting debts owed to the bank.

Some definitions

Attempt to communicate means any act to initiate a communication or other contact with any person through any medium, including by soliciting a response from such person. This is very broad and is all encompassing. It also includes “limited content messages” which is a defined term defined a few paragraphs below.

The act of initiating communication or contact about a debt is an attempt regardless of whether it is successful. Example – you dial the number of a past due borrower. Whether or not you reach them, that is logged as an attempt.

Communicate or communication means conveying information about a debt directly or indirectly to any person through any medium. Leaving a “limited content message” is not “conveying information.” Similarly communicating something such as a marketing message is not conveying information as it is not debt related.

Debt is any obligation of a consumer to pay money arising from a transaction in which the money, property, insurance, or services are primarily for personal, family, or household purposes.

Limited-content message means a message for a consumer that includes all of the content in (j)(1) and may include any of the optional content described in (j)(2), and it includes no other content.

(1) Required content. …includes all of the following:

(i) The caller’s business name which is not indicative that this is a debt collection call

(ii) A request that the consumer reply to the message;

(iii) The name of a person or persons whom the consumer can contact in reply;

(iv) A telephone number the consumer can use for the reply:

(2) Optional content. In addition to the content described, you may include one or more of the following:

(i) A salutation;

(ii) The date and time of the message;

(iii) Suggested dates and times for the consumer to reply to the message, and

(iv) A statement that the return call they can speak to any rep from the company.

These limited content messages may really come into play on voicemails. They are not “communications” which, as you will see, come with frequency limitations. A call to a third party is not a limited content message because it isn’t to the debtor, such as to a “will call” who accepts messages. This is ok to the debtor – “This is Andy Zavoina calling from Last National Bank. Please contact me or John Burnett at 1-800-555-1212.”

Consumer – any natural person, whether living or deceased, obligated or allegedly obligated to pay any debt. For purposes of § 1006.6 – Communications, the term consumer includes “persons” (and see below).

Persons is broad and includes natural persons, corporations, companies, associations, firms, partnerships, societies, and joint stock companies.
For purposes of this section (on Communications), the term consumer includes:

(1) The consumer’s spouse;
(2) The consumer’s parent, if the consumer is a minor;
(3) The consumer’s legal guardian;
(4) The executor or administrator of the consumer’s estate, if the consumer is deceased;
and
(5) A confirmed successor in interest, as defined in Regulation X, 12 CFR 1024.31, and Regulation Z, 12 CFR 1026.2(a)(27)(ii).

Communications

Communications with the consumer in general

We will discuss some exceptions in a moment, but there are restrictions in contacting a consumer.

§ 1006.6(b) says a debt collector must not communicate or attempt to communicate with a consumer to collect a debt as prohibited by paragraphs (b)(1) through (3):

(1). Prohibits collection communication with a consumer based on time and place that is:

(i) At any unusual time, Unless the collector knows different based on a schedule, before 8:00 a.m. and after 9:00 p.m. local time to the consumer is inconvenient;

There have been complaints when a cell phone is called, and the consumer is now in a different time zone. These cases place the burden on the collector to know where the consumer is. It is difficult and courts have not allowed much latitude.

(ii) At any unusual place, or at a place that the collector knows or should know is inconvenient.

It may have been mentioned not to call at a time when the consumer says he’ll be in a meeting, or during a religious service or funeral the collector knows the consumer will be at.

(2) Except as provided in paragraph (b)(4) [below]…, a debt collector must not communicate or attempt to communicate with a consumer in connection with the collection of any debt if the debt collector knows the consumer is represented by an attorney with respect to such debt and knows, or can readily ascertain, the attorney’s name and address, unless the attorney:

(i) Fails to respond within a reasonable period of time to a communication from the debt collector; or

(ii) Consents to the debt collector’s direct communication with the consumer.

(3). A collector must not communicate or attempt to communicate with a consumer in connection with the collection of any debt at the consumer’s place of employment, if the collector knows or has reason to know that the employer prohibits the consumer from receiving the communication.

Places like a plant, for example, have employees working assembly lines. It can be a big deal to have someone’s work interrupted to come to a telephone. The consumers employment could be in jeopardy. Typically, if the employee tells you not to call at work, you must oblige. If you know the employer’s policy is to restrict such calls, don’t call.

If the consumer requests they not be contacted at work, they generally cannot be but can be asked how and when they should be contacted. Under 1006.22(f)(3) – “Unfair or unconscionable means” prohibits sending an email to an address that the collector knows is provided by the consumer’s employer. There are some nuances that allow this if the consumer has used it with you on the debt. That’s under 1006.22(f)(3). [More on emails later.]

Exceptions to the prohibitions on contact

Section 1006.6(b)(4) includes a couple of exceptions to the prohibitions on time, place, attorney and employer prohibitions in §§ 1006.6(b)(1) – (3). The prohibitions do not apply in the case of (1) prior consent from the consumer given directly to the debt collector during a communication that was not in violation, and (2) with the express permission of a court.

Refusal to pay or “cease communication” notice

Section 1006.6(c)(1) provides that, with limited exceptions, if a consumer notifies a debt collector in writing that the consumer refuses to pay a debt or that the consumer wants the debt collector to cease further communication with the consumer, the debt collector must not communicate or attempt to communicate further with the consumer with respect to such debt.

What are the exceptions?

This prohibition does not apply with a debt collector communicates or attempts to communicate further with respect to the debt—

(i) To advise the consumer that the debt collector’s further efforts are being terminated

(ii) To notify the consumer that the debt collector or creditor may invoke specified remedies that the debt collector or creditor ordinarily invokes

Do not make idle threats, but if repossession or foreclosure may be a remedy and it is used by the debt collector or creditor, you may indicate it will be considered. Small claims suits can also fit here.

(iii) Where applicable, to notify the consumer that the debt collector or creditor intends to invoke a specified remedy.

For example, if you must send a notice of intent to foreclose or repossess, it is allowed here.

Mortgage servicing exceptions.

The Official Interpretations to § 1006.6(c)(2) indicate that the written early intervention notice required by 12 CFR 1024.39(d)(3) falls within the exceptions to the cease communication provision. They also indicate that mortgage servicers who are subject to the FDCPA with respect to a mortgage loan is not liable under the FDCPA for complying with certain servicing rule provisions, including requirements to provide a consumer with disclosures regarding the forced placement of hazard insurance as required by 12 CFR 1024.37, a disclosure regarding an adjustable-rate mortgage’s initial interest rate adjustment as required by 12 CFR 1026.20(d), and a periodic statement for each billing cycle as required by 12 CFR 1026.41.

Prohibitions on communications with third parties

Section 1006.6(d)(1) includes a general prohibition on debt collector communications with third parties. Communications about the debt must only be with—

i. The consumer
ii. The consumer’s attorney
iii. A consumer reporting agency, if otherwise permitted by law
iv. The creditor
v. The creditor’s attorney, or
vi. The debt collector’s attorney

Exceptions: Section 1006.6(d)(2) includes these exceptions from those restrictions:

(i) For the purpose of acquiring location information, as provided in § 1006.10 (home address and telephone and place of employment)
(ii) With the prior consent of the consumer given directly to the debt collector;
(iii) With the express permission of a court of competent jurisdiction; or
(iv) As reasonably necessary to effectuate a post-judgment judicial remedy.

A case in point: the Eleventh Circuit Court of Appeals has held that a debt collector (as defined under the FDCPA) who transmits debtor information to a third party violates section 1692c(b) of the FDCPA, which prohibits debt collectors from communicating consumers’ personal information to third parties “in connection with the collection of any debt.” Hunstein v. Preferred Collection & Management Services, Inc., 994 F.3d 1341 (11th. Cir. 2021). If your bank farms out some of its collections to third-party collectors, part of your vendor due diligence should be verifying that the third party doesn’t contract out any part of that effort, including mailing services, etc.

Full disclosure: The Eleventh Circuit’s holding was made by a three-judge panel, from which one of the judges dissented. It is only binding in the states of Alabama, Florida, and Georgia, and the case was remanded back to the District Court to determine whether any unauthorized disclosure actually occurred, and whether the plaintiff is entitled to damages. Other cases involving debt collectors sharing debtor information with third parties are being brought in both federal and state courts. The issue should not be considered settled.

Communications via email and text

Sections 1006.6(d)(3) and (4) permit debt collectors to communicate with a debtor using an email address or phone number (for text messaging) recently used by the debtor regarding the debt unless the debtor subsequently opted out of using that address. But the debt collector may not use an email address or phone number that the debt collector knows has led to a prohibited disclosure of information. The debt collector must have procedures to ensure their use of email or text messaging remains compliant.

A collector who uses a specific email address, telephone number for text messages, or other electronic-medium address of a consumer must include in each such message a clear and conspicuous statement describing a reasonable and simple method by which the consumer can opt out of further electronic communications by the collector to that address or number. The collector may not require, directly or indirectly, that the consumer pay any fee to the collector or provide any information other than the consumer’s opt-out preferences and the email address, telephone number for text messages, or other electronic-medium address they do not want contact thru.

Assume that a debt collector sends a text message to a consumer’s mobile telephone number. The text message includes the following instruction: “Reply STOP to stop texts to this telephone number.” Assuming that it is readily noticeable and legible to consumers, this instruction constitutes a clear and conspicuous statement describing a reasonable and simple method to opt out.

Harassing, oppressive, or abusive conduct
Under § 1006.14(a) there is a general rule of conduct:
“A debt collector must not engage in any conduct the natural consequence of which is to harass, oppress, or abuse any person in connection with the collection of any debt, including, but not limited to, the conduct described in paragraphs 1006.14(b) through (h).”

b) Phone calls: Repeated or continuous calls prohibited. A collector violates this prohibition by placing a telephone call to a particular person in connection with collection of a particular debt either more than seven times within seven consecutive days, or within a period of seven consecutive days after having had a telephone conversation with the person in connection with the collection of that debt (the date of this conversation is the first day of the seven-day period).

Student loan debts: The term “particular debt” means all student loan debts that a consumer owns or allegedly owes that were serviced under a single account number at the time the debts were obtained by a debt collector.

Exclusions from frequency limits: Calls placed to a person do not count toward the frequency limits if they are (1) made with the person’s prior consent given directly to the debt collector within the last seven days; (2) not connected to the dialed number; or (3) with the consumer’s attorney, the creditor’s attorney, or the collector’s attorney.

Unconnected calls: A debt collector’s telephone call does not connect to the dialed number if, for example, the debt collector receives a busy signal or an indication that the dialed number is not in service. Conversely, a telephone call placed to a person counts toward the telephone call frequencies described in § 1006.14(b)(2)(i) if it connects to the dialed number, unless an exclusion in § 1006.14(b)(3) applies. A debt collector’s telephone call connects to the dialed number if, for example, the telephone call is answered, even if it subsequently drops; if the telephone call causes a telephone to ring at the dialed number but no one answers it; or if the telephone call is connected to a voicemail or other recorded message, even if it does not cause a telephone to ring and even if the debt collector is unable to leave a voicemail. [Comment 14(b)(3)(ii)-1]

c) Violence: A collector must not use or threaten violence or harm to a person, their reputation or property

d) Obscene language: A collector must not use obscene language or language deemed abusive to the listener or reader.

e) Debtor’s list: A collector must not publish a list of consumers who refuse to pay debts, except to a consumer reporting bureau

f) Coercive advertisements: A collector must not advertise for sale any debt to coerce payment of the debt.

g) Meaningful disclosure of identity: A collector must not place phone calls without meaningfully disclosing the caller’s identity, except as provided in § 1006.10 [when communicating with a person other than the consumer for the purpose of acquiring location information].

h) Prohibited communication media: Communication is prohibited with a consumer through a medium if the consumer has requested that it not be used. However, a collector may ask follow-up questions regarding preferred media to clarify statements by the person
If a consumer opts out in writing of receiving electronic communications from a collector, the collector may send a confirmation the consumer’s request to opt out, provided that the reply contains no information other than a statement confirming the consumer’s request;
If a consumer initiates contact with a debt collector using an address or a telephone number that the consumer previously said not to use, the collector may respond once using that. Or

If otherwise required by law, a collector may communicate about the collection of any debt through a medium of communication that the person has requested they not use [think required periodic statements].

To be continued

Our discussion of the new FDCPA regulation will conclude in our December 2021 Legal Briefs.

New stuff on Legal Links

By Pauli D. Loeffler

In response to legislative changes (see August, September, and October Legal Briefs), new and updated information and forms have been added to the OBA’s Legal Links web page under the Templates, Forms, and Charts. You will need to create an account through the My OBA Member Portal to gain access if you have already done so.
In response to the changes under Banking Code § 901, there is a summary of how PODs are paid based on whether the POD designations were made before November 1, 2021, as well as those made on and after that date.

With amendments to § 906 which deals with the use of an Affidavit of Heirs for deposits when there are no PODs, there is a new Affidavit form that incorporates statutory language regarding probates as well as an optional Indemnity and hold harmless clause.

Under the Miscellaneous subsection, there are links to all the statutes for both the Power of Attorney Act in Title 58 and for the Statutory Form Power of Attorney Act in Title 15. I have also provided a Power of Attorney Checklist you may find helpful when the bank receives a POA.

October 2021 OBA Legal Briefs

  • Regulatory priorities
  • Consumer complaints
  • 2021 OK legislation—Part III
    • OK Banking Code
    • Judgment liens
    • Motor Vehicles
    • OK Tax Code
    • OK POA Act—Part II
    • Uniform Consumer Credit Code (“U3C”) § 3-508A
    • Uniform Interstate Depositions and Discovery Act of 2021

 

Regulatory Priorities

By Andy Zavoina

You spend your days preparing for meetings, going to meetings, auditing your bank for various compliance topics, and answering questions about what can and cannot be done, and that is all before lunch. We understand you are busy, and your time is limited. Still, one of the issues you must address is forecasting changes that impact your bank and part of this is what the regulators’ priorities are. We watch what Congress and the agencies are doing and proposing and want to take time this month to condense a few of these potential issues before you commit to budgets and audit schedules and all those “next year” things that are about to happen to you in the weeks to come.

As to priorities, the regulatory agencies have a focus on fair lending and equal access to credit. Let me first mention a potential addition to Reg. B and the Equal Credit Opportunity Act (ECOA). HR 166, short titled “Fair Lending for All Act” is intended to clarify, if not expand, protected classes under the ECOA by adding specificity that, (i) sexual orientation, (ii) gender identity, and (iii) location based on zip code or census tract, are also protected classes under the ECOA.

Be sure to also read the section on the Consumer Financial Protection Bureau’s (CFPB) analysis of complaints as it specifically correlates race to census tract to types of complaints submitted. These are fair lending issues and is the first time the CFPB has done such an in-depth review and used census data to get there. Census data will play a larger role in more Reg B changes as well.

CFPB acting Director David Uejio said earlier this year that the CFPB had a new focus and priorities. He said, “I am going to elevate and expand existing investigations and exams and add new ones to ensure we have a healthy docket intended to address racial equity.” He went on, “This of course means that fair lending enforcement is a top priority and will be emphasized accordingly. But we will also look more broadly, beyond fair lending, to identify and root out unlawful conduct that disproportionately impacts communities of color and other vulnerable populations.” He also appeared in a CFPB produced video in which he said, “the CFPB will take action against institutions and individuals whose policies and practices prevent fair and equal access to credit or take advantage of poor, underserved, and disadvantaged communities.”

Acting Director Uejio is not alone; Acting Comptroller of the Currency Michael J. Hsu said, “There is no place for discrimination in the federal banking system,” and added, “The OCC will use the full force of our authority to correct fair lending violations with our supervisory and enforcement tools, including civil money penalties, cease and desist orders, and requiring restitution for customers harmed as a result of any discriminatory practices.”

The Federal Trade Commission took enforcement actions last year in one case requiring $1.5 million in refunds. This was the first time the FTC had charged an auto dealer with illegal racial discrimination said FTC Commissioner Rohit Chopra. Yes, this Commissioner is the incoming CFPB director now that his nomination has been confirmed by the Senate. One would reasonably believe that Chopra and Uejio have shared information as well as objectives and goals.

The OCC recently joined with the Department of Justice in taking actions against Cadence Bank for fair lending discrimination issues which resulted in a $3 million penalty and pledge to invest $5.5 million to increase credit opportunities in some Houston areas (think census tracts) that are predominantly Black and Hispanic neighborhoods.

While fair lending changes are projected, increased enforcement has already begun.

Another change to Reg B is out for comment. Section 1071 of the Dodd-Frank Act requires banks to collect, maintain and report to the CFPB, data on credit applications made by women-owned, minority-owned, and small businesses. This has been a slow-moving change but is now becoming a reality. The Bureau’s 1,000-page proposal will require many small business lenders to essentially collect LAR-like data you are accustomed to under HMDA and CRA for these small business loans when criteria are met. It will also restrict access to certain parts of the information, require recordkeeping and retention as well as publication of the collected data. While a potentially huge undertaking for small business lenders, this rule has some issues and conflicts to resolve and will be finalized within 18 months after its 10/8/2021 publication in the Federal Register . The CFPB is also proposing a transitional period permitting collection of the data such as the owners’ ethnicity, race, and sex and this could extend the required implementation to 2025.

If you are thinking that allows three years, yes, that is the way it looks now. But like the 2018 HMDA overhaul, preparations should begin when you know what you will have to address and that should start in 2022. Monitoring the bank’s lending activity to small business and the minimum thresholds in the final rule may put a bank into or outside data collection requirements.

Consumer Complaints

By Andy Zavoina

On September 23, 2021, the CFPB issued a report, “Consumer complaints throughout the credit life cycle, by demographic characteristics.” We know that complaint management is crucial to your compliance management program as complaints are critical in detecting and resolving issues before they become UDAP, fair lending or other compliance issues. Think of complaint resolution as a way to “nip it in the bud” and avoid a problem from becoming a pattern or practice.

This report used one million complaints from 2018 to 2020 and matches complaints to census tracts, and then uses census tract data to assimilate demographics of the complainant. What was deduced was that complaints from wealthier communities and communities with higher percentages of white, non-Hispanic residents complained about loan origination and performing servicing, and complaints from communities of color and lower income communities complained about credit reporting, identity theft, and delinquent servicing.

Complaints may then be categorized by type, to income and race, based on this methodology. CFPB Acting Director Dave Uejio said, “Our consumer complaint data is a crucial tool for understanding varying consumer experiences, including across racial and economic divides.”

Additional general findings were that:

  • Loan origination complaints increased 50% during the year, driven by higher-income areas with fewer people of color.
  • Areas with the highest share of whites complain twice as much as predominantly Black areas.
  • Predominantly Black areas complain twice as much (per resident) as others.
  • Lower income census tracts submit 30% more complaints per resident.

One reason this is important in my mind relates to the recent action by HUD to rescind the 2020 rule on disparate impact which will make it easier to “prove” discrimination exists based on generalizations. Disparate impact is one method used to show evidence of lending discrimination under ECOA and the Fair Housing Act. The methodology is controversial because it allows a person to claim a fair lending violation when a neutral practice is applied uniformly to all applicants but has a discriminatory effect on a prohibited basis. Could one connect the dots between complaints, income and race that then lead to Reg B – ECOA violations of equal treatment?

Action Items:

1) Stay abreast of the bills and proposals pending. Comment on them when it is of interest to your bank. Be aware of changes and how they impact your operations.

2) As changes are made, keep your policies and procedures current to new requirements. Even if changes are not necessary, document your review so any auditing will see that they are current.

3) Remember that fair lending starts with advertising and flows through the loan process, servicing, and collections. In the last year we have seen big enforcement penalties based on poorly crafted advertising and we see complaints on servicing and credit reporting.

4) Train staff to be aware, ultra-aware of lending issues and complaints and to treat all of them equally and thoroughly as a lending issue may more easily be deemed a fair lending issue today.

2021 OK legislation – Part III

By Kelsey Hull

Hello! My name is Kelsey Hull, and I am an extern for the Oklahoma Bankers Association for the fall semester. I’m currently in my last year at Oklahoma City University School of Law. My hometown is Waynoka, Oklahoma, and I hold a bachelor’s degree in International Studies from the University of Oklahoma. I’m very grateful for the opportunity to write this article, and I hope you find it helpful.

OK Banking Code

Title 6 O.S. § 908. This new section of the Banking Code covers Savings Promotion Raffles. In 2014, Congress passed the American Savings Promotion Act, and Andy Zavoina wrote about the Act in the March 2015 OBA Legal Briefs, which you can access online. While the federal Act excluded these raffles from being an illegal lottery under federal law, it was up to each state to enact legislation to allow these raffles under state law. See Can Contests Help Fill Americans’ Savings Gap?, Pew Charitable Trusts (Nov. 9, 2018); Caroline Ratcliffe, et. al., Evidence-Based Strategies to Build Emergency Savings, Consumer Financial Protection Bureau (July 2020).

Effective November 1, 2021, Oklahoma banks and credit unions may begin offering savings promotion raffles under § 908:

As used in this section, the term “savings promotion raffle” means a contest in which the sole consideration required for a chance of winning designated prizes is obtained by the deposit of a specified amount of money in a savings account or other savings program and each ticket or entry has an equal chance of being drawn, with such contest being subject to regulations that may from time to time be promulgated by the bank’s or credit union’s primary regulator. Oklahoma banks and credit unions are authorized to offer savings promotion raffles.

The only difference between Oklahoma’s Section 908 and the federal Act is in the last sentence. In the federal Act, the last sentence ends by saying “…to be promulgated by the appropriate prudential regulator (as defined in section 1002 of the Consumer Financial Protection Act of 2010 (12 U.S.C. 5481)).” In Oklahoma’s statute, it refers to the bank’s or credit union’s primary regulator.

If any questions remain as to whether saving promotion raffles are lotteries, the definition of “lottery” was changed under 12 U.S.C §25A in 2014, specifically excluding such raffles: “The term ‘lottery’ includes any arrangement, other than a savings promotion raffle…”

Judgment liens

Title 46 O.S. § 15 (Mortgage Code) and Title 36 O.S. § 5008 (Insurance Code). Bankers may recall that Title 47 of the Mortgage Code § 15 requires the release of mortgage be recorded within 30 days after the debt has been paid. If the release is not timely recorded, the mortgagor or the title insurer may demand release, and the mortgagee has 10 days to record the release or face penalties. Beginning 11/1/21 this section will apply to judgment lien holders as well as mortgagees.

Title 36 O.S. § 5008 in the Oklahoma Insurance Code provides that If a mortgagee fails to execute and deliver a release of mortgage to the mortgagor or designated agent of the mortgagor within sixty (60) days after the date of receipt of payment of the mortgage in accordance with a payoff statement provided by the mortgagee or servicer, an authorized officer of a title insurance company or its duly appointed agent may execute and record an affidavit with the county clerk where the real property is located on behalf of the mortgagor or a transferee of the mortgagor together with documentation of the payment. Effective 11/1/21, this section will also apply to judgment liens.

Motor vehicles

Title 47 O.S. § 1110 Perfection of Security Interest

Effective November 1, 2021, the following new provision is added under subsection A:

  1. When there is an active lien from a commercial lender in place on a vehicle, motor license agents shall be prohibited from transferring the certificate of title on that vehicle until the lien is satisfied.

Title 47 O.S. § 427A.  Electronic filing of certificates of title, liens, assignments, and releases. This is a new law under Title 47—Motor Vehicles, which takes effect November 1, 2021. The central idea of this law is the creation of an electronic filing, storage, and delivery of motor vehicle title certificates program. Additionally, the program allows the perfection, assignment, and release of a lien by a lienholder through electronic means rather than paper documents. This program will start on or before July 1, 2022. A qualified system developer will help with providing and accessing the necessary software and equipment to actually implement this digital transformation. However, this new system will only affect applications filed after June 30, 2022. Okla. Stat. Tit. 47, § 427A Sec. A.

Section B of the statute covers various procedures that are available for the program, although the list is nonexclusive.  Okla. Stat. tit. 47, §1105A(B)(1)-(6). First up on the list is delivery of a certificate of title. If a party chooses to use the electronic route, the certificate need only be issued or printed upon the satisfaction of the last lien. The next two examples regard the service provider, and basically say that the vendor will be qualified and charge reasonable fees. In the fourth example, the statute states that the program will allow access to electronic records of the filed items. Part five allows motor license agents to participate in the program and for their receipt of all fees provided by the Oklahoma Vehicle License and Registration Act. Finally, the program accepts electronic or digital signatures.

Section C concerns definitions, which match with those listed throughout the existing statutes in sections 1101 and beyond.

Section D addresses the validity of the documents created, stored, or delivered through the program. All the documents are in fact valid, even with scanned or electronic signatures. As long as the document is a certified copy of the Oklahoma Tax Commission’s electronic record, it will be admissible in court proceedings, if needed.

Section E deals with financing the program. Essentially, the Tax Commission can spend the necessary funds needed to implement the program.

Finally, section F allows the Tax Commission to consult third parties specifically including the Oklahoma Bankers Association to help with the program’s development.

Tax Code

Title 68 O.S. § 2370. This section is amended for taxable years beginning after December 31, 2021. The Oklahoma privilege tax of doing business within Oklahoma for state banking associations, national banking associations and credit unions organized under the laws of this state, located or doing business within the limits of the State of Oklahoma is reduced from the rate of 6% to 4% of the amount of the taxable income.

Title 68 O.S. § 2370.1. This section of the Oklahoma Tax Code is amended effective January 1, 2021, with regard to credit for SBA guaranty of 7(a) program loans. The new timeframe for these credits will be on or after January 1, 2022, and before January 1, 2025.

 Oklahoma POA Act – Part II

By Pauli D. Loeffler

I need to correct a statement made in the newspaper and email versions of the September 2021 OBA Legal Briefs indicating that some but not all the sections under the Durable Power of Attorney Act (“DPOA Act”) were repealed. In fact, all sections (Title 58 O.S. §§ 1071 – 1077) are repealed effective November 1, 2021. How does this affect DPOAs executed prior to November 1, 2021?

Appointment of guardian. Does appointment of a guardian terminate powers granted an AIF under a DPOA? The appointment of a guardian does not automatically revoke the DPOA under either ACT. § 1074 of the old DPOA Act and § 3008 of the new POA Act are similar but not identical. Under both Acts, the principal may nominate a guardian or conservator in the DPOA, and the court shall appoint such person unless s/he is disqualified or for good cause shown.  The AIF is accountable to both the principal and the guardian. The main difference between the two Acts is that under § 1074 (old), the guardian had the power to revoke or amend the DPOA, while under § 3008 (new) the AIF’s authority continues unless limited, suspended or terminated by the court. Note that if the POA is not durable, the powers granted the AIF terminate.

If the AIF under a non-durable POA has no actual knowledge that a guardian has been appointed, actions of the AIF on behalf of the principal are binding. This is true under § 1075 of the DPOA Act and under § 3010 of the new POA Act. On the other hand, even if the AIF does not know of the guardianship, if the bank has actual knowledge that a guardian has been appointed, if the bank allows the transaction under a non-durable POA, it may be liable.

Appointment of Rep Payee or Federal Fiduciary. Neither the Social Security Administration nor the Veteran’s Administration will accept a POA/DPOA. There is a presumption that every beneficiary is capable of handling his or her own money, and the appointment of a Rep Payee does not carry the same notice and hearing requirements as a guardianship. The question of whether appointment of a rep payee or federal fiduciary is effective to terminate a non-durable power of attorney is somewhat uncertain, but I would argue that it doesn’t necessarily amount to a determination of incapacity. Why do I say this? If the rep payee or the federal fiduciary dies or is determined by a court to require a guardian, the bank must notify the SSA or VA and return any benefit payments received. When this happens, the SSA and the VA will send checks directly to the beneficiary until such time as these agencies determine a new rep payee/federal fiduciary needs to be appointed. It is not uncommon for a beneficiary to have one individual named as rep payee/federal fiduciary and someone else appointed as guardian. Until the SSA or VA acknowledges the guardianship and directs payments to the guardian, the guardian will have to work with the current rep payee/federal fiduciary.

Death of the principal. Whether the POA is durable or not, the AIF’s authority terminates upon the principal’s death. Yes, I have actually seen DPOAs that say they are unaffected by death of the principal, but that isn’t true. On the other hand, both the DPOA Act (§ 1075) and the POA Act (§ 3010) provide that if the AIF does not have actual knowledge of the principal’s death and the acts performed are solely for the benefit of the principal, such acts are binding upon the principal’s heirs and successors. Again, if the bank has actual knowledge of the principal’s death, the bank has no protection if it allows the AIF to make transactions.

Protecting the bank. Section 1076 of the DPOA Act provided protection for the bank in making transactions with an AIF if the bank had concerns whether the POA or DPOA may have been revoked, a guardian may have been appointed for the principal if the POA was non-durable, or the principal had died. The bank could require the AIF to sign an Affidavit of Lack of Knowledge and be protected. As was mentioned in the September article, § 3042 of the POA Act provides an optional form that the bank may require the AIF to fill out and execute before a notary Certifying Facts Concerning Power of Attorney. Use of this form will protect the bank.

  • 3024 Authority and Restrictions. I review a lot of POAs/DPOAs to determine whether the AIF can add himself as joint owner or POD, add, remove, or otherwise change PODs, add an authorized signer to an account, directly make transactions on the principal’s living trust, etc. This section of the POA Act clearly sets forth restrictions on the authority of the AIF to do certain act unless explicitly granted in writing under the POA. It supports the positions and answers I have given for the past 17 years. In order for an AIF to create, amend, revoke or terminate an inter vivos trust, make a gift, create or change rights of survivorship, create or change a beneficiary designation, add an authorized signer, waive the principal’s right to be a beneficiary of a joint and survivor annuity, including a survivor benefit under a retirement plan, or exercise fiduciary powers that the principal has authority to delegate (e.g., appoint an authorized signer on a corporation, LLC, etc. account), these powers must be explicitly granted. Further, an AIF who is not an ancestor, spouse or descendant of the principal may not exercise authority under a power of attorney to create in the AIF, or in an individual to whom the AIF owes a legal obligation of support, an interest in the principal’s property, whether by gift, right of survivorship, beneficiary designation, disclaimer or otherwise.

Attorneys generally put in the catch-all provision granting the AIF the power to do any act that the principal may himself do.  I often have to defend my requirement that certain acts, such as adding the AIF as joint owner or a POD require explicit authority.  Subsection C. of this statute provides that subject to subsections A, B, D and E of this section, if a power of attorney grants to an agent authority to do all acts that a principal could do, the agent has the general authority described in Sections 27 through 39 of the POA Act while the grant of the power to make a gift is explained in detail under § 3040.

Uniform Consumer Credit Code (“U3C”) § 3-508A

Title 14A O.S. § 3-508. This section of the “U3C” sets the maximum annual percentage rate for certain loans. It provides three tiers based with different rates based on unpaid principal balances that may be “blended.” It also has an alternative maximum rate that may be used rather than blending the rates. The amounts under each tier were subject to annual adjustment by the Administrator of the Oklahoma Department of Consumer Credit under §1-106, however. The annual adjustment of tier amounts was removed effective August 22, 2014, and a loan made under §3-508A could not have a repayment term of less than 12 months from the date the loan is made which provision was removed effective November 1, 2015.

The loan amount subject to tier (2)(a)(i) has greatly increased as well as the maximum annual percentage rate allowed for that tier. The maximum annual percentage rate for the other two tiers did not increase, but the loan amounts under the second and third tier have. The alternative maximum annual percentage rate allowed in lieu of blending the tiers under (2)(b) remains unchanged.

Maximum Rates by Tier Amounts. §3-508A as amended limits the maximum APR under the three tiers as follows:

(2) The loan finance charge, calculated according to the actuarial method, may not exceed the equivalent of the greater of either of the following:

(a)  the total of:

(i)  thirty-two percent (32%) [currently 27%] per year on that part of the unpaid balances of the principal which is Seven Thousand Dollars ($7,000.00) [currently $2,910] or less;

(ii)  twenty-three percent (23%) [no change] per year on that part of the unpaid balances of the principal which is more than Seven Thousand Dollars ($7,000.00) [currently $2,910.01] but does not exceed Eleven Thousand Dollars ($11,000.00) [currently $6,200.00]; and

(iii)  twenty percent (20%) [no change] per year on that part of the unpaid balances of the principal which is more than Eleven Thousand Dollars ($11,000.00) [currently $6,200.00]; or

(b)  twenty-five percent (25%) [no change] per year on the unpaid balances of the principal.

The Dollar Amounts under the three tiers of §3-508A Loans are NOT subject to annual adjustment, but a new subsection (4) has been added allowing the lender to charge a closing fee IS subject to adjustment under § 1-106:

(4)  In addition to the loan finance charge permitted in this section and other charges permitted in this act, a supervised lender may assess a lender closing fee not to exceed Twenty-eight Dollars and eighty-five cents ($28.85) upon consummation of the loan.

Note that the closing fee, while not a finance charge under the OK U3C, IS a finance charge under Reg Z. Most banks use Reg Z disclosures. This means that it is possible that the fee under Reg Z disclosures will cause the APR to exceed the usury rate under § 3-508A. If that happens, document the file to show that the fee is excluded under the U3C to show that the loan does not in fact violate Oklahoma’s usury provisions.

You can access the § 3-508A Matrix here.

 

Uniform Interstate Depositions and Discovery Act of 2021

By Pauli D. Loeffler

This new Act is codified in Title 12, the Civil Procedure Code, and contains §§ 3250 – 3257. Per § 3257 the Act applies to requests for discovery in cases pending on November 1, 2021.

A subpoena issued by a court of a state other than Oklahoma served on a bank without branches in the state issuing the subpoena had to be logged by the court clerk in the county where the bank was located before service in order to have jurisdiction over the Oklahoma bank. If this wasn’t done, I advised the bank to use the “No Jurisdiction Letter” template available on the OBA’s Legal Links page found under Templates, Forms, and Charts.  On and after 11/1/21, the procedures under the new Act will apply.

§ 3251 contains definitions. “Foreign jurisdiction” is a state other than Oklahoma while a “foreign subpoena” is one issued under the authority of a court of record of a foreign jurisdiction. “State” means the United States, the District of Columbia, Puerto Rico, the United States Virgin Islands, a federally recognized Indian tribe or any territory or insular possession subject to the jurisdiction of the United States. The Act covers subpoenas requiring attendance and giving of testimony at a deposition, production of documents (Subpoena Duces Tecum), and inspection of premises.

§ 3252 requires a party to submit the foreign subpoena to the court clerk of the county in which discovery is to be conducted. Generally, this would be the county where the main bank is located. A request for the issuance of a subpoena does not constitute an appearance in the courts of this state. This is important if the attorney requesting the subpoena is not licensed to practice law in Oklahoma, because s/he would have to file a Motion Pro Hac Vice with the court and obtain a judicial order in order to appear in the Oklahoma court. The names, addresses and telephone numbers of all counsel of record in the proceeding and any unrepresented party have to be provided.

The subpoena issued by the Oklahoma court clerk must be served in compliance with § 2004.1 of the Civil Procedure Code just like any other subpoena. The duties to respond to the subpoena are also subject to § 2004.1.

Orders to enforce, quash, or modify the subpoena or for a protective order must be submitted to the county court in Oklahoma that issued the subpoena.

 

Consumer Complaints

By Andy Zavoina

On September 23, 2021, the CFPB issued a report, “Consumer complaints throughout the credit life cycle, by demographic characteristics.” We know that complaint management is crucial to your compliance management program as complaints are critical in detecting and resolving issues before they become UDAP, fair lending or other compliance issues. Think of complaint resolution as a way to “nip it in the bud” and avoid a problem from becoming a pattern or practice.

This report used one million complaints from 2018 to 2020 and matches complaints to census tracts, and then uses census tract data to assimilate demographics of the complainant. What was deduced was that complaints from wealthier communities and communities with higher percentages of white, non-Hispanic residents complained about loan origination and performing servicing, and complaints from communities of color and lower income communities complained about credit reporting, identity theft, and delinquent servicing.

Complaints may then be categorized by type, to income and race, based on this methodology. CFPB Acting Director Dave Uejio said, “Our consumer complaint data is a crucial tool for understanding varying consumer experiences, including across racial and economic divides.”

Additional general findings were that:

  • Loan origination complaints increased 50% during the year, driven by higher-income areas with fewer people of color.
  • Areas with the highest share of whites complain twice as much as predominantly Black areas.
  • Predominantly Black areas complain twice as much (per resident) as others.
  • Lower income census tracts submit 30% more complaints per resident.

One reason this is important in my mind relates to the recent action by HUD to rescind the 2020 rule on disparate impact which will make it easier to “prove” discrimination exists based on generalizations. Disparate impact is one method used to show evidence of lending discrimination under ECOA and the Fair Housing Act. The methodology is controversial because it allows a person to claim a fair lending violation when a neutral practice is applied uniformly to all applicants but has a discriminatory effect on a prohibited basis. Could one connect the dots between complaints, income and race that then lead to Reg B – ECOA violations of equal treatment?

Action Items:

1) Stay abreast of the bills and proposals pending. Comment on them when it is of interest to your bank. Be aware of changes and how they impact your operations.

2) As changes are made, keep your policies and procedures current to new requirements. Even if changes are not necessary, document your review so any auditing will see that they are current.

3) Remember that fair lending starts with advertising and flows through the loan process, servicing, and collections. In the last year we have seen big enforcement penalties based on poorly crafted advertising and we see complaints on servicing and credit reporting.

4) Train staff to be aware, ultra-aware of lending issues and complaints and to treat all of them equally and thoroughly as a lending issue may more easily be deemed a fair lending issue today.

The CFPB is also proposing a transitional period permitting collection of the data such as the owners’ ethnicity, race, and sex and this could extend the required implementation to 2025.

If you are thinking that allows three years, yes, that is the way it looks now. But like the 2018 HMDA overhaul, preparations should begin when you know what you will have to address and that should start in 2022. Monitoring the bank’s lending activity to small business and the minimum thresholds in the final rule may put a bank into or outside data collection requirements.

2021 OK legislation – Part III

By Kelsey Hull

Hello! My name is Kelsey Hull, and I am an extern for the Oklahoma Bankers Association for the fall semester. I’m currently in my last year at Oklahoma City University School of Law. My hometown is Waynoka, Oklahoma, and I hold a bachelor’s degree in International Studies from the University of Oklahoma. I’m very grateful for the opportunity to write this article, and I hope you find it helpful.

OK Banking Code

Title 6 O.S. § 908. This new section of the Banking Code covers Savings Promotion Raffles. In 2014, Congress passed the American Savings Promotion Act, and Andy Zavoina wrote about the Act in the March 2015 OBA Legal Briefs, which you can access online. While the federal Act excluded these raffles from being an illegal lottery under federal law, it was up to each state to enact legislation to allow these raffles under state law. See Can Contests Help Fill Americans’ Savings Gap?, Pew Charitable Trusts (Nov. 9, 2018), https://www.pewtrusts.org/en/research-and-analysis/issue-briefs/2018/11/can-contests-help-fill-americans-savings-gap; Caroline Ratcliffe, et. al., Evidence-Based Strategies to Build Emergency Savings, Consumer Financial Protection Bureau (July 2020), https://files.consumerfinance.gov/f/documents/cfpb_evidence-based-strategies-build-emergency-savings_report_2020-07.pdf

Effective November 1, 2021, Oklahoma banks and credit unions may begin offering savings promotion raffles under § 908:

As used in this section, the term “savings promotion raffle” means a contest in which the sole consideration required for a chance of winning designated prizes is obtained by the deposit of a specified amount of money in a savings account or other savings program and each ticket or entry has an equal chance of being drawn, with such contest being subject to regulations that may from time to time be promulgated by the bank’s or credit union’s primary regulator. Oklahoma banks and credit unions are authorized to offer savings promotion raffles.

The only difference between Oklahoma’s Section 908 and the federal Act is in the last sentence. In the federal Act, the last sentence ends by saying “…to be promulgated by the appropriate prudential regulator (as defined in section 1002 of the Consumer Financial Protection Act of 2010 (12 U.S.C. 5481)).” In Oklahoma’s statute, it refers to the bank’s or credit union’s primary regulator.

If any questions remain as to whether saving promotion raffles are lotteries, the definition of “lottery” was changed under 12 U.S.C §25A in 2014, specifically excluding such raffles: “The term ‘lottery’ includes any arrangement, other than a savings promotion raffle…”

Judgment liens

Title 46 O.S. § 15 (Mortgage Code) and Title 36 O.S. § 5008 (Insurance Code). Bankers may recall that § 15 in the Mortgage Code requires the release of mortgage be recorded within 30 days after the debt has been paid. If the release is not timely recorded, the mortgagor or the title insurer may demand release, and the mortgagee has 10 days to record the release or face penalties. Beginning 11/1/21 this section will apply to judgment lien holders as well as mortgagees.

§ 5008 in the Oklahoma Insurance Code provides that If a mortgagee fails to execute and deliver a release of mortgage to the mortgagor or designated agent of the mortgagor within sixty (60) days after the date of receipt of payment of the mortgage in accordance with a payoff statement provided by the mortgagee or servicer, an authorized officer of a title insurance company or its duly appointed agent may execute and record an affidavit with the county clerk where the real property is located on behalf of the mortgagor or a transferee of the mortgagor together with documentation of the payment. Effective 11/1/21, this section will also apply to judgment liens.

Motor vehicles

Title 47 O.S. § 1110 Perfection of Security Interest

Effective November 1, 2021, the following new provision is added under subsection A:

  1. When there is an active lien from a commercial lender in place on a vehicle, motor license agents shall be prohibited from transferring the certificate of title on that vehicle until the lien is satisfied.

Title 47 O.S. § 1105A.  Electronic filing of certificates of title, liens, assignments, and releases. This is a new law under Title 47—Motor Vehicles, which takes effect November 1, 2021. The central idea of this law is the creation of an electronic filing, storage, and delivery of motor vehicle title certificates program. Additionally, the program allows the perfection, assignment, and release of a lien by a lienholder through electronic means rather than paper documents. This program will start on or before July 1, 2022. A qualified system developer will help with providing and accessing the necessary software and equipment to actually implement this digital transformation. However, this new system will only affect applications filed after June 30, 2022. Okla. Stat. tit. 47, §1105A(A).

Section B of the statute covers various procedures that are available for the program, although the list is nonexclusive.  Okla. Stat. tit. 47, §1105A(B)(1)-(6). First up on the list is delivery of a certificate of title. If a party chooses to use the electronic route, the certificate need only be issued or printed upon the satisfaction of the last lien. The next two examples regard the service provider, and basically say that the vendor will be qualified and charge reasonable fees. In the fourth example, the statute states that the program will allow access to electronic records of the filed items. Part five allows motor license agents to participate in the program and for their receipt of all fees provided by the Oklahoma Vehicle License and Registration Act. Finally, the program accepts electronic or digital signatures.

Section C concerns definitions, which match with those listed throughout the existing statutes in sections 1101 and beyond.

Section D addresses the validity of the documents created, stored, or delivered through the program. All the documents are in fact valid, even with scanned or electronic signatures. As long as the document is a certified copy of the Oklahoma Tax Commission’s electronic record, it will be admissible in court proceedings, if needed.

Section E deals with financing the program. Essentially, the Tax Commission can spend the necessary funds needed to implement the program.

Finally, section F allows the Tax Commission to consult third parties to help with the program’s development.

Tax Code

Title 68 O.S. § 2370. This section is amended for taxable years beginning after December 31, 2021. The Oklahoma privilege tax of doing business within Oklahoma for state banking associations, national banking associations and credit unions organized under the laws of this state, located or doing business within the limits of the State of Oklahoma is reduced from the rate of 6% to 4% of the amount of the taxable income.

Title 68 O.S. § 2370.1. This section of the Oklahoma Tax Code is amended effective January 1, 2021, with regard to credit for SBA guaranty of 7(a) program loans. The new timeframe for these credits will be on or after January 1, 2022, and before January 1, 2025.

Oklahoma POA Act – Part II

By Pauli D. Loeffler

I need to correct a statement made in the newspaper and email versions of the September 2021 OBA Legal Briefs indicating that some but not all the sections under the Durable Power of Attorney Act (“DPOA Act”) were repealed. In fact, all sections (Title 58 O.S. §§ 1071 – 1077) are repealed effective November 1, 2021. How does this affect DPOAs executed prior to November 1, 2021?

Appointment of guardian. Does appointment of a guardian terminate powers granted an AIF under a DPOA? The appointment of a guardian does not automatically revoke the DPOA under either ACT. § 1074 of the old DPOA Act and § 3008 of the new POA Act are similar but not identical. Under both Acts, the principal may nominate a guardian or conservator in the DPOA, and the court shall appoint such person unless s/he is disqualified or for good cause shown.  The AIF is accountable to both the principal and the guardian. The main difference between the two Acts is that under § 1074 (old), the guardian had the power to revoke or amend the DPOA, while under § 3008 (new) the AIF’s authority continues unless limited, suspended or terminated by the court. Note that if the POA is not durable, the powers granted the AIF terminate.

If the AIF under a non-durable POA has no actual knowledge that a guardian has been appointed, actions of the AIF on behalf of the principal are binding. This is true under § 1075 of the DPOA Act and under § 3010 of the new POA Act. On the other hand, even if the AIF does not know of the guardianship, if the bank has actual knowledge that a guardian has been appointed, if the bank allows the transaction under a non-durable POA, it may be liable.

Appointment of Rep Payee or Federal Fiduciary. Neither the Social Security Administration nor the Veteran’s Administration will accept a POA/DPOA. There is a presumption that every beneficiary is capable of handling his or her own money, and the appointment of a Rep Payee does not carry the same notice and hearing requirements as a guardianship. The question of whether appointment of a rep payee or federal fiduciary is effective to terminate a non-durable power of attorney is somewhat uncertain, but I would argue that it doesn’t necessarily amount to a determination of incapacity. Why do I say this? If the rep payee or the federal fiduciary dies or is determined by a court to require a guardian, the bank must notify the SSA or VA and return any benefit payments received. When this happens, the SSA and the VA will send checks directly to the beneficiary until such time as these agencies determine a new rep payee/federal fiduciary needs to be appointed. It is not uncommon for a beneficiary to have one individual named as rep payee/federal fiduciary and someone else appointed as guardian. Until the SSA or VA acknowledges the guardianship and directs payments to the guardian, the guardian will have to work with the current rep payee/federal fiduciary.

Death of the principal. Whether the POA is durable or not, the AIF’s authority terminates upon the principal’s death. Yes, I have actually seen DPOAs that say they are unaffected by death of the principal, but that isn’t true. On the other hand, both the DPOA Act (§ 1075) and the POA Act (§ 3010) provide that if the AIF does not have actual knowledge of the principal’s death and the acts performed are solely for the benefit of the principal, such acts are binding upon the principal’s heirs and successors. Again, if the bank has actual knowledge of the principal’s death, the bank has no protection if it allows the AIF to make transactions.

Protecting the bank. Section 1076 of the DPOA Act provided protection for the bank in making transactions with an AIF if the bank had concerns whether the POA or DPOA may have been revoked, a guardian may have been appointed for the principal if the POA was non-durable, or the principal had died. The bank could require the AIF to sign an Affidavit of Lack of Knowledge and be protected. As was mentioned in the September article, § 3042 of the POA Act provides an optional form that the bank may require the AIF to fill out and execute before a notary Certifying Facts Concerning Power of Attorney. Use of this form will protect the bank. 3024 Authority and

§ 3024 Authority and Restrictions. I review a lot of POAs/DPOAs to determine whether the AIF can add himself as joint owner or POD, add, remove, or otherwise change PODs, add an authorized signer to an account, directly make transactions on the principal’s living trust, etc. This section of the POA Act clearly sets forth restrictions on the authority of the AIF to do certain act unless explicitly granted in writing under the POA. It supports the positions and answers I have given for the past 17 years. In order for an AIF to create, amend, revoke or terminate an inter vivos trust, make a gift, create or change rights of survivorship, create or change a beneficiary designation, add an authorized signer, waive the principal’s right to be a beneficiary of a joint and survivor annuity, including a survivor benefit under a retirement plan, or exercise fiduciary powers that the principal has authority to delegate (e.g., appoint an authorized signer on a corporation, LLC, etc. account), these powers must be explicitly granted. Further, an AIF who is not an ancestor, spouse or descendant of the principal may not exercise authority under a power of attorney to create in the AIF, or in an individual to whom the AIF owes a legal obligation of support, an interest in the principal’s property, whether by gift, right of survivorship, beneficiary designation, disclaimer or otherwise.

Attorneys generally put in the catch-all provision granting the AIF the power to do any act that the principal may himself do.  I often have to defend my requirement that certain acts, such as adding the AIF as joint owner or a POD require explicit authority.  Subsection C. of this statute provides that subject to subsections A, B, D and E of this section, if a power of attorney grants to an agent authority to do all acts that a principal could do, the agent has the general authority described in Sections 27 through 39 of the POA Act while the grant of the power to make a gift is explained in detail under § 3040.

Uniform Consumer Credit Code (“U3C”) § 3-508A

By Pauli D. Loeffler

Title 14A O.S. § 3-508. This section of the “U3C” sets the maximum annual percentage rate for certain loans. It provides three tiers based with different rates based on unpaid principal balances that may be “blended.” It also has an alternative maximum rate that may be used rather than blending the rates. The amounts under each tier were subject to annual adjustment by the Administrator of the Oklahoma Department of Consumer Credit under §1-106, however. The annual adjustment of tier amounts was removed effective August 22, 2014, and a loan made under §3-508A could not have a repayment term of less than 12 months from the date the loan is made which provision was removed effective November 1, 2015.

The loan amount subject to tier (2)(a)(i) has greatly increased as well as the maximum annual percentage rate allowed for that tier. The maximum annual percentage rate for the other two tiers did not increase, but the loan amounts under the second and third tier have. The alternative maximum annual percentage rate allowed in lieu of blending the tiers under (2)(b) remains unchanged.

Maximum Rates by Tier Amounts. § 3-508A as amended limits the maximum APR under the three tiers as follows:

(2) The loan finance charge, calculated according to the actuarial method, may not exceed the equivalent of the greater of either of the following:

(a)  the total of:

(i)  thirty-two percent (32%) [currently 27%] per year on that part of the unpaid balances of the principal which is Seven Thousand Dollars ($7,000.00) [currently $2,910] or less;

(ii)  twenty-three percent (23%) [no change] per year on that part of the unpaid balances of the principal which is more than Seven Thousand Dollars ($7,000.00) [currently $2,910.01 but does not exceed Eleven Thousand Dollars ($11,000.00); and

(iii)  twenty percent (20%) [no change] per year on that part of the unpaid balances of the principal which is more than Eleven Thousand Dollars ($11,000.00); or

(b)  twenty-five percent (25%) [no change] per year on the unpaid balances of the principal.

The Dollar Amounts under the three tiers of §3-508A Loans are NOT subject to annual adjustment, but a new subsection (4) has been added allowing the lender to charge a closing fee IS subject to adjustment under § 1-106:

(4)  In addition to the loan finance charge permitted in this section and other charges permitted in this act, a supervised lender may assess a lender closing fee not to exceed Twenty-eight Dollars and eighty-five cents ($28.85) upon consummation of the loan.

Note that the closing fee, while not a finance charge under the OK U3C, IS a finance charge under Reg Z. Most banks use Reg Z disclosures. This means that it is possible that the fee under Reg Z disclosures will cause the APR to exceed the usury rate under § 3-508A. If that happens, document the file to show that the fee is excluded under the U3C to show that the loan does not in fact violate Oklahoma’s usury provisions.

 

Uniform Interstate Depositions and Discovery Act of 2021

By Pauli D. Loeffler

This new Act is codified in Title 12, the Civil Procedure Code, and contains §§ 3250 – 3257. Per § 3257 the Act applies to requests for discovery in cases pending on November 1, 2021.

A subpoena issued by a court of a state other than Oklahoma served on a bank without branches in the state issuing the subpoena had to be logged by the court clerk in the county where the bank was located before service in order to have jurisdiction over the Oklahoma bank. If this wasn’t done, I advised the bank to use the “No Jurisdiction Letter” template available on the OBA’s Legal Links page found under Templates, Forms, and Charts.  On and after 11/1/21, the procedures under the new Act will apply.

§ 3251 contains definitions. “Foreign jurisdiction” is a state other than Oklahoma while a “foreign subpoena” is one issued under the authority of a court of record of a foreign jurisdiction. “State” means the United States, the District of Columbia, Puerto Rico, the United States Virgin Islands, a federally recognized Indian tribe or any territory or insular possession subject to the jurisdiction of the United States. The Act covers subpoenas requiring attendance and giving of testimony at a deposition, production of documents (Subpoena Duces Tecum), and inspection of premises.

§ 3252 requires a party to submit the foreign subpoena to the court clerk of the county in which discovery is to be conducted. Generally, this would be the county where the main bank is located. A request for the issuance of a subpoena does not constitute an appearance in the courts of this state. This is important if the attorney requesting the subpoena is not licensed to practice law in Oklahoma, because s/he would have to file a Motion Pro Hac Vice with the court and obtain a judicial order in order to appear in the Oklahoma court. The names, addresses and telephone numbers of all counsel of record in the proceeding and any unrepresented party have to be provided.

The subpoena issued by the Oklahoma court clerk must be served in compliance with § 2004.1 of the Civil Procedure Code just like any other subpoena. The duties to respond to the subpoena are also subject to § 2004.1.

Orders to enforce, quash, or modify the subpoena or for a protective order must be submitted to the county court in Oklahoma that issued the subpoena.

August 2021 OBA Legal Briefs

  • Reg Z’s business day definitions
  • Advance Child Tax Credits and closed accounts
  • 2021 Oklahoma legislation—Part I

Reg Z’s business day definitions

By John S. Burnett

Why Juneteenth caught lenders unprepared

Congress clearly doesn’t know (or care?) that two days’ notice isn’t enough to give lenders when they pass legislation creating a new federal legal public holiday. The kerfuffle that erupted over the addition of the Juneteenth National Independence Day to the list of holidays in 5 U.S.C. 6103(a) may not have ruffled Congress’s legislative feathers, but it raised a lot of questions among lenders, compliance officers, closing agents, investors and, yes, borrowers.

Why? Because it affected many mortgage loans for which closing disclosures had already been provided in the days immediately before the law was enacted on July 17, with closing dates set for early the following week. It also eliminated Saturday, June 19, as a business day for the purpose of counting rescission period days on loans that had closed on June 16 and 17.

In short, some lenders had to postpone closings by a day or more and others had to delay disbursement of loan proceeds, and, of course, borrowers weren’t happy that the new holiday forced those scheduling changes. For lenders who, for whatever reason, were not able to make the right moves, the risk is very real of litigation down the road over technical timing requirements in Regulation Z.

There is talk – or wishful thinking – that the CFPB can “fix” everything with an interpretation or ruling about the impact of the new holiday on mortgage loans closed with unavoidable errors. However, the Bureau can do what it can, but the courts will ultimately decide whether lenders’ concerns are real, and at what cost.

The “business day” definitions

The key to complying with any law or regulations is an understanding of its terms. That’s why there is usually a collection of important definitions, and for regulations, it is usually found in one of the first sections of the rule.

Regulation Z has so many technical timing requirements that include a count of business days that it should be no surprise that “business day” is a defined term in the regulation. In fact, there are two definitions of the term, and which definition applies in a given case depends on which timing requirement in the regulation is in question.

Regulation Z’s definitions of “business day” are found in section 1026.2(a), in paragraph 1026.2(a)(6), which includes two sentences.

The “general” definition. The first sentence of the paragraph reads—

Business day means a day on which the creditor’s offices are open to the public for carrying on substantially all of its business functions.

What does that sentence mean by “substantially all of its business functions”? Comment 2(a)(6)-1 explains—

Business function test. Activities that indicate that the creditor is open for substantially all of its business functions include the availability of personnel to make loan disbursements, to open new accounts, and to handle credit transaction inquiries. Activities that indicate that the creditor is not open for substantially all of its business functions include a retailer’s merely accepting credit cards for purchases or a bank’s having its customer-service windows open only for limited purposes such as deposits and withdrawals, bill paying, and related services.

So, for example, if your bank’s branches are open on Saturdays for handling deposits, check cashing, withdrawals and other routine teller responsibilities, but there are no staffers who can disburse loan proceeds, handle inquiries about loans or loan rates or open new accounts, your bank is not “open to the pubic for carrying on substantially all of its business functions,” and Saturday would not be a business day for your bank under the business day definition in the first sentence of section 1026.2(a)(6).

But if during your Saturday teller hours there is someone at all or most of your branches to open accounts, make loan disbursements and handle credit transaction inquiries, Saturdays would be a business day for your bank.

The term “business day” appears 72 more times in the text of the full regulation (excluding the Official Interpretations in Supplement I). This general definition — a day on which the creditor’s offices are open to the public for carrying on substantially all of its business functions — applies to most of those uses of the term.

However, there are thirteen sections or paragraphs of the regulation in which “business day” is used where the “precise” definition for “business day” is used. Those sections and paragraphs are listed in the second sentence of paragraph 1026.2(a)(6), which reads—

However, for purposes of rescission under §§ 1026.15 and 1026.23, and for purposes of §§ 1026.19(a)(1)(ii), 1026.19(a)(2), 1026.19(e)(1)(iii)(B), 1026.19(e)(1)(iv), 1026.19(e)(2)(i)(A), 1026.19(e)(4)(ii), 1026.19(f)(1)(ii), 1026.19(f)(1)(iii), 1026.20(e)(5), 1026.31, and 1026.46(d)(4), the term means all calendar days except Sundays and the legal public holidays specified in 5 U.S.C, 6103(a), such as New Year’s Day, the Birthday of Martin Luther King, Jr., Washington’s Birthday, Memorial Day, [Juneteenth National Independence Day,] Independence Day, Labor Day, Columbus Day, Veterans Day, Thanksgiving Day, and Christmas Day.

(I added Juneteenth to the list in the regulatory text.)

There are two important lists in that sentence:

  • The list of sections where the “precise” definition applies
  • The list of legal public holidays

The affected Regulation provisions: Here’s a list of the affected Reg Z sections with a brief description of each:

  • 1026.15 – Counting the three business days in the rescission period for certain open-end credit extensions for which there is a security interest in a consumer’s principal dwelling
  • 1026.23—Counting the three business days in the rescission period for certain closed-end credit transactions secured by a consumer’s principal dwelling
  • 1026.19(a)(1)(ii)—Counting the presumed three business days by which a consumer is deemed to have received good faith estimate disclosures in connection with a consumer’s application for a reverse mortgage to be secured by the consumer’s dwelling, if the disclosures are mailed to the consumer. The consumer cannot be charged a fee (except for the cost of a credit report) before the consumer receives (or is deemed to have received) the disclosures.
  • 1026.19(a)(2)—Those good faith estimate disclosures must also be delivered in person or placed in the mail not later than the seventh (precise definition) business day before consummation of the reverse mortgage loan. The precise definition is also used in counting three business days before consummation (and the presumed three-day delivery time if sent by mail) that a revised disclosure must be received if the APR in the early disclosures becomes inaccurate.
  • 1026.19(e)(1)(iii)(B)—Counting the seven business days before consummation to determine the latest day the creditor may send a TRID loan estimate (except for loans secured by a timeshare interest).
  • 1026.19(e)(1)(iv)—If a TRID loan estimate is not provided to the consumer in person, counting the three business days until the consumer is considered to have received it after it was delivered or placed in the mail
  • 1026.19(e)(2)(i)(A)—The consumer in a TRID transaction cannot be charged a fee (other that for a credit report) before the consumer has received the loan estimate and has expressed an intent to proceed with the transaction described in the loan estimate. Section 1026.19(e)(1)(iv) just above requires that, if the loan estimate isn’t given in person, the consumer is considered to have received the loan estimate three (precise) business days after delivery or mailing.
  • 1026.19(e)(4)(ii)—Counting the four business days before consummation by which the consumer must receive any required revised loan estimate and counting the three business days after non-in-person delivery by which the consumer is considered to have received a revised loan estimate.
  • 1026.(f)(1)(ii)—Counting three business days before consummation to determine when the consumer is required to have received the TRID closing disclosure.
  • 1026.19(f)(1)(iii)— If the TRID closing disclosure isn’t given in person, counting the three business days after placing them in the mail by which the consumer is considered to have received them.
  • 1026.20(e)(5)—Counting business days for the timing requirements for disclosures involved when closing a consumer’s mortgage escrow account.
  • 1026.31—Counting the three business days prior to consummation or account opening by which the creditor must provide disclosures required by § 1026.32 for a high cost mortgage or by § 1026.33 for a reverse mortgage
  • 1026.46(d)(4)—Counting the three business days after which a required disclosure for a private education loan is mailed to a consumer that the consumer is considered to have received the disclosure.

The public legal holidays. There are now 11 public legal holidays and 52 (or 53) Sundays that are not business days (even if your bank is open for all purposes) when the precise business day definition in Regulation Z applies. Six of those holidays —the Birthday of Martin Luther King, Jr., Washington’s Birthday, Memorial Day, Labor Day, Columbus (or Indigenous Peoples) Day, and Thanksgiving Day—are always weekdays (five Mondays and one Thursday), and have not caused anyone any confusion.

The other five public legal holidays fall on designated dates—January 1, June 19, July 4, November 11, and December 25—that can occur on Saturday or Sunday. When one of these holidays falls on Saturday, it is often observed the previous Friday, especially by federal employees. In those cases, whether or not the Federal Reserve Banks are closed (they normally are open under these circumstances) the observed holiday (Friday) is a business day when the precise business day definition is applied. The actual holiday (Saturday in such cases) is not a business day when the precise business day definition is applied, even if your bank is fully operational.

When one of the five designated dates occurs on Sunday (Juneteenth and Christmas in 2022, New Year’s Day in 2023), it is often observed on the following Monday, especially by federal agencies and offices. In such cases, the actual holiday is not a business day (both because it is one of the 11 public legal holidays and because it is a Sunday); the observed holiday on Monday (June 20 and December 26 in 2022, and January 2, 2023) is a business day when the precise business day definition applies, even though all Federal Reserve Bank offices will be closed.

For those of you who have read comment 2(a)(6)-2 and note that it says nothing about a designated date public legal holiday falling on Sunday, I agree. The Fed, when it added that little clarifying example of July 4 occurring on Saturday, ignored the fact that it also falls on Sundays with a Monday observance (as it did in 2021). In a phone conversation with a CFPB representative on Friday, July 2, I was assured that Monday, July 5 would be a business day.

In that conversation I suggested that the CFPB will probably be issuing an amendment to § 1026.2(a)(6) and comment 2(a)(6)-2 to add Juneteenth National Independence Day to their lists (hopefully they will make those amendments before Juneteenth arrives in 2022), and that when they make those amendments it would be the perfect opportunity to add an example to the commentary of one of the five designated date holidays (Juneteenth would be the perfect example to use) falling on Sunday. We’ll have to wait and see if the powers that be at the Bureau agree with that logical suggestion.

Don’t use the Reg Z definition elsewhere

Some of you may already be anticipating where this is going, and you’re wondering, “What about Regulation CC and its definition of “business day?” And this is the perfect time for the warning: Never “borrow” a definition from one regulation and apply it to a different regulation. It is a recipe for confusion (or worse) to do so.

Regulation CC is the perfect example, since it has its own “business day” definition in § 229.2(g):

Business day means a calendar day other than a Saturday or a Sunday, January 1, the third Monday in January, the third Monday in February, the last Monday in May, July 4, the first Monday in September, the second Monday in October, November 11, the fourth Thursday in November, or December 25. If January 1, July 4, November 11, or December 25 fall on a Sunday, the next Monday is not a business day.

Do you see the differences between this definition and either definition in Regulation Z?

  • It can never be a Saturday or a Sunday.
  • It doesn’t matter whether your bank is open for substantially all business (it does matter in the definition of “banking day”).
  • If one of the designated-date holidays occurs on a Sunday, the next Monday is not a business day (because the Fed isn’t open for check clearing, etc.)

The same list of public legal holidays is included in both regulations. The Fed should be amending the definition at some point to add Juneteenth to that list in Regulation CC (but, given the Fed’s track record on keeping the regulation current, I won’t hold my breath).

Advance Child Tax Credits and closed accounts

By John Burnett

The IRS started sending direct deposits of Advance Child Tax Credits (ACTC) on July 15, 2021. Additional ACTC credits will be sent on August 13, and the 15th of each month from September through December 2021.

Some of the direct deposits will be directed to accounts that have been closed by the depositor or the bank. This will probably mean that people in some banks will start thinking about “offsets.” But don’t go there!

Treasury regulations require that direct deposits of federal benefit payments directed to closed accounts be returned. The IRS will reissue the payments in check form. A bank cannot legally “reopen” a closed account to accept such a payment, and the payment cannot be diverted to recover on a charge-off. The payments should be returned even if the recipient has another account with your bank.

The IRS has an online tool – the Child Tax Credit Update Portal at https://www.irs.gov/credits-deductions/child-tax-credit-update-portal — for taxpayers to use to update bank account information.

2021 Oklahoma legislation – Part I

By Pauli D. Loeffler

Legislation was enacted amending two sections in the Oklahoma Banking Code (Title 6) and an entirely new section was added. The effective date for the amendments and the new section is November 1, 2021.

§ 901 – POD beneficiaries.

The amended provisions of this statute are emphasized.

B.

2.  A deposit account with a P.O.D. designation shall constitute a contract between the account owner, (or owners, if more than one) and the bank that upon the death of the last surviving owner of the account, and after payment of account proceeds to any secured party with a valid security interest in the account, the bank will hold the funds for or pay them to the named primary beneficiary or beneficiaries if living. If a primary beneficiary predeceases the account owner, the share of that primary beneficiary shall be distributed pursuant to either paragraph 4 or 5 of this subsection, whichever is applicable.

3.  Each P.O.D. beneficiary designated on a deposit account shall be a primary beneficiary unless specifically designated as a contingent beneficiary.

4.  If there is only one primary P.O.D. beneficiary on a deposit account and that beneficiary is an individual, the account owner may designate one or more contingent beneficiaries for whom the funds shall be held or to whom the funds shall be paid if the primary beneficiary is not living when the last surviving owner of the account dies. If there is more than one primary P.O.D. beneficiary on a deposit account, contingent beneficiaries shall not be allowed on that account.

5.  If the sole primary P.O.D. beneficiary is not living and one or more contingent beneficiaries have been designated as allowed by paragraph 4 of this subsection, the funds shall be held for or paid to the contingent beneficiaries who are alive at the time of the account owner’s death in equal shares, and shall not belong to the estate of the deceased primary beneficiary. If neither the primary beneficiary nor any contingent beneficiary is living at the time of the account owner’s death, the funds shall be paid to the account owner’s estate

7.  If only one primary P.O.D. beneficiary has been designated on a deposit account, the account owner may add the following, or words of similar meaning, in the style of the account or in the account agreement:

“If the designated P.O.D. beneficiary is deceased, then payable on the death of the account owner to (Name of Beneficiary), (Name of Beneficiary), and (Name of Beneficiary), as contingent beneficiaries, in equal share.”

8.  Adjustments may be made in the styling, depending upon the number of owners of the account, to allow for survivorship rights, and the number of beneficiaries.  It is to be understood that each beneficiary is entitled to a proportionate share of the account proceeds only after the death of the last surviving account owner, and after payment of account proceeds to any secured party with a valid security interest in the account.  All designated primary P.O.D. beneficiaries shall have equal shares.  All designated contingent P.O.D. beneficiaries shall have equal shares as if the sole primary beneficiary is deceased. In the event of the death of a beneficiary prior to the death of the account owner, the share of that beneficiary shall be divided among any surviving beneficiaries or distributed to contingent beneficiaries pursuant to paragraphs 4 and 5 of this subsection, if applicable.  If no beneficiaries are alive at the time of the account owner’s death, the funds should be held for, or paid to, the estate of the deceased account owner…

12. Subsequent to the effective date of this act, a bank shall provide a customer creating a P.O.D. account with a written notice that the distribution of the proceeds in the P.O.D. account shall be consistent with the provisions of this section.

 What you need to know:

  • First and most importantly, the changes apply ONLY with regard to POD beneficiary designations made on or after November 1, 2021. They do not apply to existing POD designations, so it is critical to take into account the date the POD designations were made in order to comply with the statute.
  • If only one natural person is named as POD beneficiary, the owner may name contingent beneficiaries. if a tax-exempt § 501(3)(c) beneficiary or a trust is named as POD beneficiary, no contingent beneficiaries can be named. These statements apply under both the current version of § 901 and the amended version.
  • If two or more natural persons are named as POD beneficiaries and one of them predeceases the last surviving owner of the account, under the current version of § 901 the funds will be split equally among the living PODs and the estate of the predeceasing POD beneficiary. Under the amended version, only those PODs alive at the time the last surviving account owner dies will receive equal shares.
  • If there is only one natural person named as POD beneficiary who predeceases the last surviving account owner and contingent beneficiaries are named, the contingent beneficiaries who are alive at the time the last account owner dies will receive equal shares under the amended statute as opposed to the current statute under which the estate of a predeceasing beneficiary would receive a share.
  • If all primary beneficiaries predecease the last surviving owner, the funds belong to the owner’s estate under the amended statute, Likewise, this is the result if the sole primary beneficiary and all named contingent beneficiaries predecease the owner.

§ 906 – Transfer of deposits or contents of safe deposit boxes to heirs.

Again, I have emphasized the amendments to this statute.

A. 1. When a deposit has been made in a bank or credit union in the name of a sole individual without designation of a payable-on-death beneficiary, upon the death of the sole owner of the account if the amount of the aggregate deposits held in single ownership accounts in the name of the deceased individual is Fifty Thousand Dollars ($50,000.00) or less, the bank or credit union may, without a requirement that heirs open an additional account, transfer the funds to the known heirs of the deceased upon receipt of an affidavit sworn to by the known heirs of the deceased which establishes jurisdiction and relationship and states that the owner of the account left no will; provided, however, that no probate proceedings are pending.  The affidavit shall be sworn to and signed by the known heirs of the deceased and the same shall swear that the facts set forth in the affidavit establishing jurisdiction, heirship and intestacy are true and correct. The affidavit may contain a clause indemnifying the bank from any damages related to the release of funds.  In the event the account is subject to pending probate proceedings, the release of the deposits in the account shall be determined by the court.

2.  Upon the death of an individual who is the sole renter of a safe deposit box in a bank or credit union, the bank or credit union may open the box in the presence of all known heirs and transfer or release the contents to such heirs upon receipt of an affidavit which establishes jurisdiction and relationship to the deceased and states that the renter of the safe deposit box left no will or that the contents of the safe deposit box are the only known assets of the deceased renter. The affidavit shall be sworn to and signed by the known heirs of the deceased and the same shall swear that the facts set forth in the affidavit establishing jurisdiction, heirship and intestacy or that the contents of the safe deposit box are the only asset of the deceased are true and correct.  Every known heir shall either be present in person or by a duly authorized agent.  If any known heir is unable to be physically present for the opening of the box and transfer of the contents, such heir may appoint an agent by executing authorization in writing in the following form:  “I hereby authorize (name of person) to act as my agent at the opening and transfer of contents of safe deposit box (number or other identification) at (name of financial institution).”  The authorization form shall be signed and dated by the heir and notarized.  The bank or credit union may impose its standard fee for drilling the box if the heirs cannot provide the key for opening.

B.  Receipt by the bank or credit union of the affidavit described in subsection A of this section shall be a valid and sufficient release and discharge to the bank or credit union for any transfer of deposits or contents made in good-faith reliance on the affidavit and shall serve to discharge the bank or credit union from liability as to any other party, including any heir, legatee, devisee, creditor or other person having rights or claims to funds or property of the decedent, and include a discharge of the bank or credit union from liability for any estate, inheritance or other taxes which may be due the state from the estate or as a result of the transfer.

C.  Any person who knowingly submits and signs a false affidavit as provided in this section shall be fined not more than Three Thousand Dollars ($3,000.00) or imprisoned for not more than six (6) months, or both. Restitution of the amount fraudulently attained shall be made to the rightful beneficiary by the guilty person.

Unlike the amendments to § 901, the amendments should have little or no impact on banks. If a) the aggregate deposits held in sole ownership without PODs do not exceed $50,000, b) the customer died a resident of Oklahoma, and c) did not have a will, the affidavit under § 906 was and is available for authority to disburse the funds. If there is a will, or the customer died a resident of another state, then an affidavit under this section is not an option, but the Affidavit under § 393 of the Oklahoma Probate Code (Title 58) might be used both for deposits and safe deposit boxes, if all conditions of that statute are met. I note that under the probate code the Affidavit requires a statement that there is no pending probate. Unlike an Affidavit submitted under § 393, the bank does not face liability for refusing to accept an affidavit under § 906 of the Banking Code for either deposits or safe deposit box contents.

I am mystified by some of the additional language. For instance, I have no clue why “without a requirement that heirs open an additional account” was added. I assume that some banks or credit unions may have had such a requirement that I didn’t know about. Allowing the bank to include an indemnity clause was not prohibited under the current statute, and in light of the provisions under subsections B. and C, I am not sure this change was needed. I note that charging a drilling fee was not prohibited under the prior version.

§ 909 – Powers of Authorized Signer — Form for Additional Powers

This is an entirely new statute. You may access both the statute and the form here.

A. Unless the deposit agreement states otherwise, an authorized signer on a deposit account shall have the following powers, regardless of whether the account is a consumer or commercial account:

 1.  Sign checks;

2.  Make deposits of checks payable to the account owner into the account;

3.  Make cash deposits into the account;

4.  Obtain an account balance;

5.  View copies of checks he or she has signed; and

6.  Obtain deposit slips when making a deposit.

B.  If additional authority is not expressly granted in the deposit account agreement, additional powers may be granted in writing by the owner of the account. If the account is an individual account, the owner may execute an additional authorization document.  It must be dated and in writing and may be revoked or amended at any time by the account owner.  If there are multiple owners, all must execute the additional authorization document.  If the account is owned by an entity, the entity must approve the grant of additional powers in the same manner as it appoints authorized signers.

C.  A customer may initial next to the additional powers to be granted and line through those that are not being granted, pursuant to subsection D of this section.

Form for Additional Powers for Authorized Signer:

I, the undersigned account owner or duly empowered representative of the account owner, hereby grant and approve the following additional powers for authorized signer(s) on account

# _______________________.  Bank name ______________________.

____________ Obtain and use a debit card or automated teller machine card

____________ Obtain copies of statements on the account from the bank

____________ Order checks

____________ Obtain copies of checks or other transactions on the account

____________ Authorize or terminate automated clearing house debits to the account

____________ Complete affidavits of forgery

____________ Initiate a change of address for the account

____________ Withdraw cash up to $___________

____________ Dispute a card transaction on the account

____________ Report a lost or stolen card on the account

____________ Use online banking to view transactions on the account

____________ Set up online bill payments

____________ Use the mobile app to access information about the account.

Important points. The list of powers granted to an authorized signer in subsection A. is not exclusive, and your account agreement may grant powers that aren’t listed in that subsection or restrict powers that are. Additionally, UCC § 4-403 provides that any person authorized on an account may stop payment or close the account and that power exists regardless of the omission from this statute.

There is no requirement that the bank use the additional powers form, and the bank is free to add to or delete powers from the form as it chooses. Please keep in mind that guardians and attorneys-in-fact are governed by other law, so neither the statute nor the additional powers form is appropriate for use in those cases.

July 2021 OBA Legal Briefs

  • Vacations — Required or recommended

Vacations – Required or recommended

By Andy Zavoina

We last wrote about vacation time in the September 2019 Legal Briefs. That was a short article on the recommended necessity of taking consecutive days off. After a year of COVID-19 and everyone being couped up, summer 2021 stands to be a record as people can finally get back out and take much needed vacation time. But rather than say, “here is a cite from the FDIC and Human Resources needs to enforce a policy…” I want to explore why a “vacation” policy should be required, where it is required as well as where it is not, and how to meet the spirit and intent. I put quotes around the key term, vacation, but that is misleading. I also want to explore not just being absent but also being disconnected, and why this is important. It is important to point out to both management and staff that such a policy is a safety and soundness issue, not a way to inconvenience staff or force them to group together the few days of vacation they have.

We will talk about a few real-life cases which reinforce why this policy needs to exist, and under what circumstances exceptions are allowed. By the time you are done, you will be able to ensure management has all the facts and the reasons for requiring many staff members are in fact absent from their duties, and how this is beneficial to both the bank and the employee. In short, it will help you understand why a policy is needed and how to craft it or tweak, if needed, what you already have in place, to best meet the spirit and intent of the rule.

Three cases of interest

Indirect vehicle financing. Fortunately, this was not my bank, but it was a bank about a block away from our main branch and we all knew many of the staff there. Many in my bank knew the woman in question. She had worked for the bank for over 20 years. She rarely took a vacation or sick day. She was seen as dedicated. She was seen as experienced. She was trusted.

It turned out what she was, was a thief, an embezzler. She worked in the indirect dealer area and handled drafts. With many larger floorplans there was a lot of money coming in and going out and that meant large suspense accounts. Those accounts had to be reconciled and checked. But when you have an employee of this caliber and with this experience, you ask her “why?” She will explain it and on you go, because these audits are such a pain to do and explain anyway.

But when she was on a very rare vacation, the employee filling in had questions. Nobody liked the answers because it was well over $100,000 that could not be reconciled and that is a shock for a small bank. She had been taking money and as the phrase goes, cooking the books. When she was not available to answer certain questions, the facts came pouring out because numbers do not lie.

First Community Bank, Cave City, AR. Two years ago, there was an incident in Cave City, Arkansas. This is “Home of the world’s sweetest watermelons.” In the 2010 census this was a town of less than 2,000 people, so a small town to say the least.

Today the bank involved has 28 locations in Arkansas and Missouri and the Cave City branch shows to have deposits of $22 million. For 18 years Carrie Porter worked at First Community Bank. She was a teller. For about 12 of those years Carrie would periodically take a stack of $100 bills. The first time she walked out of the bank with $10,000 in her purse that was not hers, it was not hard. She continued this every three or four months.

By the time she was caught the sum of her theft was calculated to be $285,125. She was very apologetic and confessed what she had done. She was cashing in her retirement and her family was harvesting trees from their property and selling land. She hoped to repay 80 percent of what she had stolen before she reported to prison for 18 months. She swore she would repay all of it. She said the money “was just gone” and really had nothing to show for it.

Carrie Porter will be about 51 years old when she is released and most certainly her family will be paying the price with her. Thefts such as this impact the bank, the employee, and the families of all involved.

Bank fraud, wire fraud, and money laundering (Oh, my!). In April of this year in New York, Gangadai Rampersaud Azim was arrested and charged with wire fraud, bank fraud, bank theft, money laundering, and conspiracy, for her role in a scheme to defraud the bank she worked at, of $1.7 million. These charges are pending, so the crime is alleged at this point.

Azim allegedly stole more than $1.7 million and concealed the crime until an absence from work led to its discovery. Yes, she had an illness that forced her to take leave. She was not there to cover her tracks.
In January 2021, the bank set off a customer’s deposit for a delinquent loan. The customer claimed the loan had been paid off in 2019, and the unravelling began. In 2019 the money was taken for the loan and the customer believed the loan was paid off. Azim kept that payoff and unbeknownst to the borrower, started a renewal of the loan for them. There is both a debit and credit, but Azim’s theft created an additional debit that had to be concealed in the future.

The investigation revealed Azim repeatedly made false entries in the bank’s systems, misappropriating funds paid to the bank by many borrowers who thought their loans were paid off. In fact, Azim was extending the maturity dates, so the bank believed it had assets, while the borrowers thought they had no debts. As loans came due, they were covered by new loans faked by Azim to replace them.

The criminal complaint says, “Between August 2008 and January 2021, Azim, a long-time employee of a New York, New York-based bank (“Bank-1”) stole approximately $1.7 million from her employer. Over the course of approximately 12 years, Azim executed hundreds of wire transfers of Bank-1 funds to co-conspirators and related companies, who then sent portions of the ill-gotten funds to Azim’s personal bank account.

“In furtherance of her scheme to defraud Bank-1, Axim repeatedly made false entries in Bank-1’s systems, misappropriating funds paid to Bank-1 by its clients to satisfy outstanding loan obligations and then extending the maturity dates of those loan obligations, making it appear as though the loan obligations had not yet been paid. When even the fraudulently extended maturity dates came due, Azim originated new, fraudulent loans. Azim utilized the proceeds of those fraudulent loans to satisfy the loans for which she had previously stolen the client payments. In doing so, Azim abused her position at Bank-1 and enriched herself at the expense of her employer.”

In all it appears there were 14 fraudulent loans without promissory notes for $1 million that were used to pay the fictitious debts Azim created, and five others for more than $700,000 with extended maturity dates where the borrower thought the loans had been satisfied. Over approximately 12 years, between 2008 and 2020, Azim made approximately 200 wire transfers of bank funds, each for an amount under $10,000, sent to third party accounts. Transfers were made to co-conspirators and related companies, which then returned portions of those funds to Azim.

We never would have thought …

The bank’s Security Officer will advise the bank to diligently have the internal control and other periodic audits completed because the bank must be diligent against theft. Banks and other companies often say when an embezzlement is found that that was the last employee they would have ever thought would steal from them. Unfortunately, many of the traits of a dedicated employee are also those of someone covering up a theft. Additionally, there are signs to look for in employees such as those living beyond their means, having financial difficulties, having unusually close relationships with vendors, and having excessive control issues such as over the account relationships they oversee.

Security programs will point out common warning signs seen when employee thefts have occurred. These are not definitive points, but rather are intended to raise awareness.

• The employee never wants to take vacation.

• The employee works a lot of overtime and enjoys the peace of quiet of being the only one there.

• The employee takes work home.

• There are signs of excessive personal spending, cars, vacations, collectibles, etc. Some of these may be converted to cash through sale, laundering if you will, and some may be for personal enjoyment.

• Frequent casino trips.

• Unusually close relationship with customers or vendors.

• Unverified expense reports for supplies or travel.

Disconnecting

Human Resource managers and health experts all agree that there is a reason for weekends and vacations regardless of the energy and dedication an employee has. Disconnecting from the job is needed for mental health. Therefore, your bank offers vacation time.

There are many reasons big vacations are not taken. Not every employee wants to travel or has the means to do so. There may be additional restrictions due to an employee’s health or that of someone they care for. Family schedules can be hard to sync and there can be many other reasons. But that does not prevent a person from using time off and disconnecting from the job.

There is the occasional employee who wants control. The work they do may be intricate and detailed and having a day-to-day knowledge of what has transpired assists them in keeping up to date and resolving problems quickly and accurately. “If I leave for a few days, I’ll just come back to a mess that will take weeks to clean up.” This may be a valid concern, but sometimes it is a sign of a controlling person who has falsified records and accounts and is concerned that anyone stepping into their job may find a discrepancy and that could lead to discovery. It is like a juggler with many balls in the air. If you miss one, many others may come down as well. They must be there, in control, to keep those balls in the air.

There are pros and cons of a mandatory vacation requirement. These should be recognized by management, HR, and the bank’s employees. Taking a short block of days, such as one week, gives the employee a chance to recharge their batteries. It can be a needed break.

This employee’s time off is also an opportunity for the bank to review the employee’s area. Have there been complaints from customers or staff that a supervisor was overstepping their authority? This is a chance for issues to come to the top so they can be resolved. It is also a time when workloads can be reviewed and balanced for the benefit of everyone. It also encourages cross training staff. No one person is irreplaceable and if they are, the bank needs to rectify that. People come and go but the business tasks continue as do deadlines. This gives the junior employee a chance to work at a higher level and to understand a job they may inherit or may not be suited for. In that case, it is better to know sooner rather than later. If that junior employee is in a rut, this may be an opportunity to help them as well. And if that seasoned employee were to decide to leave suddenly, the bank wants to know who can fill the position and what information may be needed to do so. A few vacation days may reveal that more cross training is required to be efficient, or that the written procedures are not adequate for the position in today’s environment.

After a year of so many telecommuting on a full or part time basis, this need is even more pressing today. It is rare that an employee will come back from a vacation more tired than when they left, even if they filled every day with activities. They either enjoyed the time off or looked forward to getting back to their routine. Either way, it is a positive position for the bank. That leads to happier employees, and makes future recruiting easier as well. It also makes planning easier for the bank and the employees because certain dates can be blacked out well in advance for the benefit of both the bank and staff.

Something that can be a short term “con” and a long term “pro” is that this advance planning reveals staffing concerns. Certain positions can be harder to fill and may stretch key employees very thin. Knowing this in advance assists in resolving the issue before it happens at a less controlled time.

Preplanned vacations may contribute to scheduling challenges as well. When several employees want the week off around given holidays like July 4th or Christmas, it can be taxing on those left to complete all the work. This may also draw down management’s time as increased supervision over a department or certain jobs becomes required. For this reason, adding planned maternity leaves into the calendar aids in the overall planning. A vacation will be easier to adjust than a parental leave.

Another challenge in having a mandatory vacation requirement is enforcing it. HR needs to be able to warn employees well in advance so there is not a concentration of employees who all need the last week of the year off. If planned events must be adjusted for whatever reason, they should be rescheduled immediately to avoid a bottleneck.

If an employee does not use their annual vacation time, either it accumulates which could cause the bank actual cash if it pays the employee for that time, or the employee could lose those days which could be seen in the long term as “theft of time” by the employee. That is, if their opinion of the bank sours, this will be one more thing they dislike about it and blame the bank. It also serves to support a bad employee as it adds justification to anything they are doing wrong.

How should the bank manage these situations? The bank controls the risks. The risk is the employee could be embezzling, but that is certainly not the norm and we do not assume it is, but we do recognize it as a red flag. It is a risk that is mitigated in part by ensuring employees use vacation time. You may hear arguments, “I don’t have enough vacation time to take an entire week off,” or “I’m a one-person department. If I’m not here to do my job, it will not get done.” This brings us back to risk mitigation. The bank truly needs someone else to understand that job and to be able to do it. In addition to the proverbial bus taking that employee out of their job, that employee limits their upward mobility in the bank, and if they ever choose to leave the bank there would be nobody cross-trained to fill in or take over. Again, risk mitigation is good for the bank and the employee in this case. Fortunately, this risk mitigation is also an audit control feature.

Audit Controls

The bank’s HR area should have a record of which employees have how many days of vacation. Proper procedures tell us the vacation days should be tracked. The bank needs to be aware of who uses, stockpiles, or loses vacation time. Proactively monitoring who has how many vacation days is a positive step for the bank in planning its calendar. When the bank has large projects coming up such as systems conversions, a new branch opening, or a major exam, certain employees may not be able to take vacation days. These need to blacked out and the employee needs to know this in advance.

Likewise, the employee should be able to identify at least one block of time they do want vacation, and this should be communicated to the bank. As an example, a bank with a mandatory five-day block of vacation needs to know when certain employees will be out. Additional vacation days may be broken up as some people enjoy short breaks and pairing one or two days with a holiday weekend provides interim breaks. But that five-day break helps detect possible ongoing fraud. Five days is often enough for one or more of those balls in the air to drop.

There may be a set period of days the bank identifies as “mandatory vacation.” If the bank determines that for a variety of reasons a five or even ten-day block of time is required, employees and the bank need to plan when this will be, so it meets the needs of both the staff and the bank. Employees may be restricted from having overlapping days with another key employee, so it may be necessary to create a hierarchy of who gets preference, the senior employee by position or time at the bank, the first one to request those days or some other methodology that works for your bank.

OK Administrative Code 85:10-5-3

To save you from looking this up, here is what the Administrative Code requires of your internal controls program as to being absent. The actual text is in italics, and I’ve injected my own comments after each paragraph, as needed, to reinforce certain points:

All internal control programs adopted by banks shall contain as a minimum the following:

(1) A requirement that each officer and employee, when eligible for vacation, be absent from the institution at least five consecutive banking days each calendar year, unless otherwise approved in writing by the bank’s bonding company for bank officers and employees generally and then each officer and employee who may be excepted from this requirement must be specifically approved by the bank’s board of directors and it shall be recorded in the board of director’s minutes, that the officer or the employee may be absent less than the five consecutive banking days. During the absence of an officer or employee, the duties of the absent officer or employee must be performed by other bank officers and employees.

This section says a lot. Some banks have expressed a policy of providing immediate vacation availability to meet this perceived five days off requirement. Note the text says, “when eligible for vacation.” If the bank’s vacation policy requires accrual and prohibits taking vacation in the first three or six months, then the requirement to take days off is based on eligibility and no time is available during that probation or accrual period. The bank may consider a policy such as “the employee will accrue 0.83 days of vacation per month yielding 10 days after one year. The employee will be eligible for vacation after 6 months, when five days have accrued. As vacations are planned, a five-day continuous block must be scheduled by the employee. Additional days may be taken at the convenience of the bank in one day increments, but at least one block of five days must be planned.” A policy such as this means that an employee hired after June will not have time to accrue the minimum five days required, July to December is six months, 6 x0.83=4.98 days, rounded up to the five needed, but the calendar year ends with the last accrual. In this case the accrued days could be taken in that year with the caveat that the 5-day block will be taken the following calendar year as there are more days accrued. Employees hired in May could feel resentment as a strict reading says they are eligible for five days of vacation in December and would have to take those days then to achieve the “each calendar year” requirement. The bank would then have to consider that is what is required, or an exception be granted or that vacations are simply not allowed in the first calendar year except by special permission.

Note next that the actual requirement is not that an employee take vacation days, but that they be absent for at least five consecutive days. In that this is an internal fraud control procedure the five days are business days – days in which problematic transactions such as those noted in the actual cases above could be detected. This means we do not count non-banking days such as weekends, holidays, or days when the bank is otherwise closed. This brings up an exception to consider. Say an employee is on a five-day vacation break and a winter storm closes your bank for two days. If there is no item processing, the intent of this break may not be met. The bank needs to consider extending that employees time off to accomplish the five-day break. Since the bank was closed those shouldn’t be vacation days anyway, but the employee may not have enough vacation days remaining for a five-day absence. If the vacation is not extended at that time, consider noting it as an unintended and unavoidable exception caused by an act of God.

Let’s consider another exception. Say an employee has a severe illness and has used their personal and vacation days. Some policies allow other employees to donate their days off to that sick employee. That may exhaust the donating employees vacation days and not allow the five-day absence requirement to be met. Such a policy should allow all but five days to be donated, unless the absence requirement has or will otherwise be met, so keep reading.

The real point here is that the issue is a five-day absence. Let’s assume the bank’s CFO is travelling out of town on Monday for a conference to be held Tuesday through Thursday. She then will travel home on Friday. All 5 of those days were business days. The 5 days of absence can be met with her not performing any of her duties in the bank – that is, if she was absent.

Now let’s consider what “absence” means. Remember that one motivating factor here is fraud detection. This means that employee is not conducting any of their functions or advising on issues while away. They should not be calling, texting, or emailing anyone about their job. Any message such as “Do not worry if it does not balance. Leave it as out and I will fix it/figure it out when I get back. No one will know” would completely defeat the purpose of the rule from an internal control perspective. Similarly, the bank should consider suspending the logon credentials of the absent employee. This protects the bank and the employee as the employee will without question not be able to go into the bank’s systems and make any changes, and any other employee using those credentials will be locked out. The bank’s IT department would be able to track attempted logons and determine if these credentials were compromised. That would be a separate issue, but an important internal control, nonetheless.

Exceptions can be allowed. These may require the approval of the bank’s bonding company, and the board of directors. The latter should be noted in the board meeting minutes. I was a common exception in my bank. It was a smaller bank, and I was the Compliance Department. This is a field requiring precise knowledge of laws and regulations and I was not easily replaceable. There were subject matter experts in various departments of the bank who could answer questions about their areas, but I tied it all together. I never worked on any general ledgers, debits or credits or handled cash or checks for processing. I did not grant or close loans. This put my position at a very low risk of conducting internal fraud and especially any fraud that would be detected because of my absence.

In a very small bank, another potential solution is cross-training. Two employees may switch positions, but it is imperative that they not conduct or advise each other about their duties as this could defeat the purpose of being absent. This is not ideal but may be permissible under certain circumstances.

Other Rules

The FDIC addressed this issue in FIL-52-95. Yes, that is from 1995 and it is still valid. In part it says, “The FDIC endorses the concept of a vacation policy that allows active officers and employees to be absent from their duties for an uninterrupted period of no less than two weeks.” Some larger banks do hold to a ten-day period but because of staffing issues, five days is often considered adequate to detect wrongdoing. The FIL is guidance, not a requirement. It states that if a bank is not following this guide, examiners should encourage the board of directors to annually review and approve the policy followed and the exceptions allowed. The March 2015 Internal Routine and Controls exam manual includes a section recommending a bank have a policy requiring employees (which includes officers) be absent for a two consecutive week period. I understand examiners will inquire about this, but that little else is done when risk management practices and strong internal controls exist. The exam manual calls for only a discussion with management when such a policy does not exist. It also states, “Any significant deficiencies in an institution’s vacation policy or compensating controls should be discussed in the ROE and reflected in the Management component of the Uniform Financial Institutions Rating System (UFIRS).” The exam manual also refers to the rotation of staff as an effective internal control and a valuable part of an employee’s training.

The Federal Reserve issued SR 96-37 in December 1996 discussing required absences. This was a guidance document. The FRB later issued Circular 10923 on February 10, 1997, where it provided guidance and recommended a ten-day absence. It is specific to sensitive positions and allows for well document exceptions.

I was in a national bank for over 20 years, and it was not an event during any of our exams. I have read that as national banks get bigger, the examiners do pay more attention and do point it out as a strong internal control. So, like the FDIC and FRB, they encourage a policy requiring absence, but it is not a requirement. It is mentioned in the OCC’s Internal Controls Manual. This references sensitive positions or risk-taking activities and asks, “Is there periodic unannounced rotation of duties for employees or vacation requirements that ensure their absence for at least a two-week period?” This is a question, but not a stated requirement.

The bank may opt to prioritize which positions would require a consecutive five- or ten-day absence from their positions and those handling cash and checks, approving and processing loans and similar “at-risk” tasks and positions may be the only ones required, or they may require a higher bar to request and have approved any exception. Risk rating the employee’s positions will not please all of them, but some may be happier than others. Changes to a position’s duties could influence this risk status, so remember to add that to a checklist, if applicable.

May 2021 OBA Legal Briefs

  • Dot your i’s, cross your t’s (employer workplace notice rules)
  • Foreclosures and evictions after a pandemic

Dot your i’s, cross your t’s

By Andy Zavoina

We, in the compliance and legal fields make it a habit of dotting our i’s and crossing out t’s because we are nitpickers. We look for little details and we agonize over potential terms like “the bank may…” If your mother said you “may” eat all your brussels sprouts does that seem like “may” means it is an option to do so or you must do so? And different people may interpret that statement differently, but we all need to know and follow the rules as best we can. Doing so is a risk issue. Sometimes that risk issue is of a regulatory nature and at others it may be a litigation issue.

Now let’s address one of those often-forgotten rules addressing signage. As nitpickers we periodically walk through our branches and we look for signage. There are funds availability notices near the teller line, equal lending posters near the loan area and a Customer Information Program notice near new accounts. We are very familiar with the signage requirements that are well defined in the regulations we deal with every day. But it is the odd requirements we could fail on because we are not well versed in personnel compliance matters, nor are our examiners who may or may not be checking them. These are signage requirements involving the bank as employer and its employees. These may be of little “importance” on day-to-day matters because it is not a consumer protection issue, but it may be an employee information issue. In my bank, I would include these human resource signage requirements in my compliance signage audits because as a bank officer, it was my job to protect the bank in all matters, extending beyond consumer compliance.

Has your bank ever been involved in litigation with an ex-employee? It might be like many marital divorces as the name calling and mudslinging begins. Signage could be an issue in these instances, because the bank never posted “that sign advising me of my rights, so the bank was negligent.” That may be heard from the ex-employee’s lawyer as they ask for back pay or some other compensation they feel they are now entitled to, or when the employee’s gripe may lead to a monetary penalty from a government agency like the Department of Labor.

When you do that walk-through (annually or at some other frequency based on your compliance audit program) in the branches with your signage checklist, you may be looking for the 5-in-1 Employment poster. On the BankersOnline Tools section for Signage Audits, this is noted as “Required to be visible to job applicants and employees, 42 USC 2000e-10(a). This poster should include five parts, and if not in a combined poster, individual signs must be posted in the manager’s office or lobby. The five laws are: Equal Employment Opportunity Act, Fair Labor Standards Act, Employee Polygraph Protection Act, Family Medical Leave Act, and OSHA’s Plain Language ‘It’s the Law’.”

There is also a Notice of Employee Rights poster under the National Labor Relations Act, the primary law governing relations between unions and employers in the private sector. See 29 CFR Part 471. Banks need this sign because they have FDIC deposit insurance, complete savings bonds transactions, and perhaps have government contracts. Post the notice conspicuously in offices where employees covered by the NLRA perform contract-related activity, including all places where notices to employees are customarily posted both physically and electronically.

Generally, there are several requirements your bank may need to follow from the Fair Labor Standards Act (FLSA), the Family and Medical Leave Act (FMLA), the Employee Polygraph Protection Act (EPPA), or the Service Contract Act (SCA). The SCA is also referred to as the McNamara-O’Hara Service Contract Act, a federal law controlling service contracts entered into between individuals or companies and the federal government, for the contractors to engage “service employees” to provide services for these government agencies. Most banks don’t have SCA concerns.

Sometimes these signage requirements are met with notices in a Human Resources area, where staff hiring and training is common, and perhaps in a breakroom where employees frequently gather for meetings and breaks. But how many times have employees seen these required notices since the pandemic sent them to work from home?

Many employees have been working from home for twelve months or more. While some staff may be returning to the branches to work, others may be rotating back and forth from a home office to the bank every other week or with some other frequency, and still others may be shifting to a home office on a permanent basis for any number of reasons. Many banks and other employers have ignored signage requirements because there were more pressing issues, and the home office was a temporary assignment. No regulators were asking about signage and it has not risen to being a formal issue, yet.

But as a nitpicker, part or your job assignment is to mitigate risk – and to avoid it when possible. As it pertains to compliance with federal employment laws, let’s talk about risk avoidance. Be sure to include Human Resources in this discussion both to ensure they are aware of what can be done, as well as to avoid duplicative efforts and to know that anything that has been done meets all the legal requirements. Two heads are better than one.

The Department of Labor (DOL) has provided some assistance in its Field Assistance Bulletin No. 2020-7 (FAB 2020-7). This bulletin was published last December and provides guidance explaining what can be done with electronic postings.

Early in FAB 2020-7, it separates the federal requirements of these notices which require continuous availability from those which are considered individual notices. The former includes FLSA, FMLA, and the EPPA. The latter group requires the bank to provide one-time, individual notices includes Section 14(c) of the FLSA. According to FAB 2020-7, the bank may meet posting and disclosure requirements for the first group by always making them available to home office workers on a website; the latter may be delivered by email. There are conditions for these substitutions and the bank may still have to keep those paper versions posted in the branches.

For laws or regulations which require a bank to “post and keep posted” certain signage “at all times” the Wage and Hour Division of the DOL says that it will consider electronic posting an acceptable substitute where three conditions are met. (1) All of the employer’s employees exclusively work remotely; (2) all employees customarily receive information from the employer via electronic means; and (3) all employees always have readily available access to the electronic posting. Let’s break down some of this and immediately clarify some points.

Like E-SIGN, the idea is that accessibility matters. Unlike E-SIGN there are no demonstrable consent requirements. If you have employees working remotely, it is assumed technology is not a problem and the employee can send and receive, view, and respond to all these work-related items. The requirement is that electronic postings and notices be as effective as the hard copy notices you have in branches. Next, when it says “all of the employer’s employees” it does not mean the entire work force must be working from remote locations for these disclosures to be permitted, but rather it is referring to all of those who are working remotely. It is also separating those who may be remotely working from those in the branches. Remote workers can get these notices electronically while those in the physical branches could have it available electronically but must also have it available via the traditional means of physical posters, as an example. The FAB explains that “where an employer has employees on-site and other employees teleworking full-time, for example, the employer may supplement a hard-copy posting requirement with electronic posting and the Department would encourage both methods of posting.” It also says “In most cases, these electronic notices supplement but do not replace the statutory and regulatory requirements that employers post a hard-copy notice. Whether notices are provided electronically or in hard-copy format, it is an employer’s obligation to provide the required notices to all affected individuals,” referring to EPPA and FMLA requirements.

The FLSA has a requirement for individual notices under Section 14(c) which pertains to subminimum wage provisions. I’m including some discussion here in the event Section 14(c) is applicable to some of our banks.

The FLSA provides for the employment at wage rates below the statutory minimum for certain individuals. These include students which could be high school vocational students, full-time students employed at the bank as well as college interns. Also included are individuals whose earning or productive capacities are impaired by a physical or mental disability. These may be related to age or injury. Employment at less than the minimum wage is authorized to encourage employment opportunities for this class.

Section 14(c) requires delivery of individual notices to applicable employees. Notice requirements may be met using email or something similar, such as through an intranet, but only if the employee typically receives communications from the bank in this same manner. So, this is not a channel exclusively used for these notices.

To meet the requirements of delivery via an electronic medium, the employee must have “access.” This means they must be able to readily see a copy of the required postings, and the electronic postings must meet the same requirements as worksite postings in the branches. This effectively means the employee must have access to the postings without first acquiring any special permissions such as links or passwords that they would not typically already have. It is not an effective substitute if the postings are in an unknown or little-known location. If this were the case the DOL might consider the disclosures to effectively be hidden from view. The bank would be required to inform employees how to access these notices and provide that employees easily be able to identify which postings apply to them. If the bank does not customarily post notices to affected employees electronically, then doing so just for these notices would not be considered an effective substitute.

Fair Labor Standards Act

The FLSA applies to employers whose annual revenues total $500,000 or more or who are engaged in interstate commerce. The interstate commerce sounds like it may be a disqualifier for some banks, but courts have ruled that this is a very low bar. In fact, some courts ruled that using the postal service to send and receive mail to and from other states qualifies and so can using bank telephones to make and accept calls from other states. There are exemptions for executive, administrative and professional workers in many cases, but it is unlikely everyone in the bank is exempt.

Banks with employees subject to the FSLA rules on overtime, minimum wage or Break Time for Nursing Mothers are required to have a disclosure continually available. This signage must be in a conspicuous place in each branch (or office) so the employees can easily see it.

When the three conditions described above are met, the bank can satisfy its posting requirements using electronic format.

Family and Medical Leave Act

The FMLA applies to all public agencies, all public and private elementary and secondary schools, and companies with 50 or more employees. In our case, it requires banks meeting the criteria to provide an eligible employee with up to 12 weeks of unpaid leave each year for various reasons including for the birth and care of an employee’s newborn, new adoption, or new foster child, to care for an ill immediate family member, and more.

Similar to the FLSA, a notice in the branches and offices must be posted and kept continually available with prescribed information for the employees. It must be in a prominent place to be seen, in this case, by existing employees and applicants for employment. It must be easily readable. In this case, having the FMLA notice in an area accessible by existing staff is not sufficient if the bank is hiring staff using a web site. Remember as these notices are placed, they must be where the applicable persons will see them. Again, review the three conditions above to satisfy the FMLA signage requirements when doing so electronically.

Employee Polygraph Protection Act

The EPPA prohibits the bank (and most private employers) from using polygraph tests for pre-employment screening and during employment. The bank cannot require that someone take a polygraph test, fire, discipline or discriminate against someone because they refuse to take one and exercise their rights under this law. But there are some exceptions to the rules. The bank may obtain a polygraph when that person is reasonably suspected of involvement in a bank incident (theft, embezzlement, etc.) that resulted in economic loss or injury to the bank. If one is done, it must be completed by an examiner licensed by the state where the test is done, they must be bonded and have professional liability coverage. Additionally, the test must include a pretest, test and posttest following strict standards.

This is a poster that must be continually available. It must be in a prominent and conspicuous place in every branch or office so employees will see it. The online EPPA poster specifically says in red, capitalized text, “THE LAW REQUIRES EMPLOYERS TO DISPLAY THIS POSTER WHERE EMPLOYEES AND JOB APPLICANTS CAN READILY SEE IT.” https://www.dol.gov/sites/dolgov/files/WHD/legacy/files/eppac.pdf Note we have another instance of applicability to job applicants. While the DOL has these notices in English and Spanish, the latter is optional. The current required poster was revised in July/August 2016 and has a “REV 07/16” date in the lower right corner.

In the cases of the FLSA, FMLA and EPPA, if you have staff in a branch or office, those persons are not intended to rely on these electronic versions for notice. Do not remove the paper versions that should be posted already.

Section 14(c) of the Fair Labor Standards Act

The requirements of this section are described above. Of note, this is the only notice discussed here requiring that each worker (in this case with a disability) and, as applicable, the parent or guardian of the worker, be informed orally and in writing by the bank of the terms of the employment. These terms will be according to the DOL certificate allowing the subminimum wage. In addition, employers must display the Wage and Hour Division poster, Notice to Workers with Disabilities Paid at Special Minimum Wages described and available here –https://www.dol.gov/agencies/whd/posters/section-14c.

Generally, Section 14(c) notices are posted in a conspicuous place where it will be seen by the disabled workers and their parents or guardians, as well as other workers. If the bank feels the notice would be inappropriate to post, the regulations allow you to comply by providing the poster directly to all employees subject to its terms. Therefore, the bank can meet the Section 14(c) requirements by emailing or direct mailing the poster to the Section 14(c) workers, or their parents or guardians. For compliance here it may be necessary to have more than just the employees contacted and to inform others concerning where to find the disclosures required.

Action Steps: Some action steps the bank should take depend first on determining if electronic notices are needed based on where employees are working and how often they may have access to all required disclosures. Remember that electronic versions may be a substitute in some cases but can always supplement those in the branches.

  • Based on applicable laws and regulations, which may apply? The DOL has a tool to assist all employers on this at https://webapps.dol.gov/elaws/posters.htm.
  • To meet the needs of continuously available notices, the three conditions above must be met if they are to be made only in electronic form. Otherwise, paper type notices are required in the branches.
  • For individual or one-time notices, consider how the bank normally communicates with employees. How are conference calls set up, or work assignments and pay stubs delivered and are those same channels appropriate for these notices?
  • If a website or intranet is used, factor in how often the employee uses it and if it is commonly used for other notices and information the employee regularly accesses.
  • If the bank is posting many items in the same area, ensure the employee will be able to readily determine which applies to them.
  • Consider employing some positive acknowledgment of the required notices by the applicable employees. If the notices are available via links or in an online PDF manual, requiring a click-through affirmation helps the bank provide a virtual paper trail demonstrating compliance. Much the same way the bank uses non-bypassable disclosures to meet consumer compliance requirements where one item must be acknowledged to go to the next step, the same process may be used here.

The guidance provided in FAB 2020-7 will apply to these federal requirements controlled by the DOL. Much the same as HUD could not provide a legal interpretation of RESPA applicable to your bank, the FAB does not provide guidance on other federal or state laws not enforced by the DOL.

Foreclosures and evictions after a pandemic

By Andy Zavoina

The Consumer Financial Protection Bureau (CFPB) has proposed a ban on foreclosures until 2022. There are an estimated three million homeowners past due on mortgage payments of government backed loans. Evictions are in a similar holding pattern where rent is owed and there are COVID-19 hardships. Those who are owed mortgage and rental payments seem to have had their financial wellbeing put aside with few ways to take action and remedy the situation.

The inability to conduct evictions started when the Centers for Disease Control and Prevention (CDC) used its authority and issued orders limiting evictions. In short, anyone with the rights to evict a tenant is prohibited from doing so. The tenant must meet certain conditions.

  1. The tenant must declare they have used their best efforts to obtain any available government rental or housing assistance.
  2. In 2020 they did not earn more than $99,000 or $198,000 if taxes were filed jointly and they do not expect to earn more than that in 2021, or they did not have to file taxes or they received Economic Impact Payments – stimulus checks.
  3.  They cannot pay the rent due to a loss of income due to a loss of work or extraordinary medical bills.
  4. The tenant has made their best efforts to make even partial payments.
  5. Eviction would likely make them homeless or force them to live in close quarters in a shared living environment. These seem to be low bars to qualify as a covered person. But the last qualification is a key to the medical justification and would likely apply to foreclosures as well.

Many people have sought to challenge the CDC order, but a recent study led by researchers at the University of Pennsylvania, Johns Hopkins University, and the University of Illinois at Urbana-Champaign found that local and federal eviction moratoria are in fact a “warranted and important component of COVID-19 control.” There was a recent article in phillymag.com that focused on this study, how it was being used and the article, while Philadelphia-centric, could be applicable to other cases, and in fact is being used in courts to justify the actions.

The City of Philadelphia was sued by the Homeowners Association of Philadelphia. Researchers determined that preventing the moves due to evictions (and presumably foreclosures) helped limit or delay the necessary lockdown measures many cities had to take and in fact, “likely prevented thousands of excess COVID-19 infections for every million metropolitan residents.” Researchers said, “defense lawyers ended up contacting us to provide evidence in support of the city’s efforts to stop the spread of infection.” And “When the CDC announced they were halting residential evictions nationwide from the beginning of September through December 31st (which was recently extended through the end of June), we got flooded with requests for an evidence-based model that would help show that such policies are warranted when it comes to epidemic control.”

Using real time infectious patterns, historic and predictive population movements the study determined that the displaced household could increase the risk to themselves as well as whomever they moved in with, be it at a residence or homeless shelter. “We also spent a lot of time assessing the transmission risk evictions might have on those who are not directly impacted by evictions and found that spillover impact was significant (a.k.a. increased infection rates). That helped demonstrate that eviction moratoria were in the interest of public health, not simply for a specific group, as they help reduce risk of infection for all residents.” As they modeled a study around Philadelphia demographics, eviction rates and anonymous mobile phone data, the study found, “that the greater the eviction rate, the greater number of cases that would likely result, highlighting that allowing evictions to resume would have substantially increased the number of cases among different socioeconomic populations in Philadelphia, including those experiencing a low number of evictions, by the end of 2020.”

The article also noted, “Much remains uncertain about what will happen to countless renters across the country when the federal eviction moratorium is lifted. Though, the federal government has committed significant resources to localities to develop rent relief programs aimed at keeping people housed. What we do know is that renters have amassed significant debt, as they have extended all other forms of savings and credit to remain housed. A survey of rent relief applicants in Philadelphia by the Housing Initiative at Penn found that almost 63 percent of survey respondents in Philadelphia delayed the payment of other bills to pay rent, and over 25 percent went without medicine or medical care in order to remain housed.”

Many people initially perceive these tenants and homeowners on forbearance plans as potentially abusing the system and taking advantage of the rules, and that is likely happening in some cases. But many are suffering genuinely difficult times financially.
Homeowners on forbearance and deferral programs should fare better than renters as they emerge from pandemic protections, whenever that may be. The homeowners should be able to resume payments without being excessively delinquent on payments seemingly impossible to catch up on. Much of the successes will depend on the forbearance programs and formal agreements the lenders and servicers have with the borrowers.

The CARES Act provided a 180-day forbearance period with an allowance for an additional period of 180 days upon request. The CARES Act also provides for interest during this period as it stated that interest would not accrue “beyond the amounts scheduled or calculated as if the borrower made all contractual payments on time and in full under the terms of the mortgage contract ….” The intent here seemed to be to control interest penalty or default rates by maintaining no higher rate than the contractual rate paid while the account was current. But some experts in the industry believe there is uncertainty as to how interest is calculated for an account that is paid off, reinstated or in a loss mitigation program.

The contention comes into play because there are two common ways interest is calculated when for example, an account that has not paid is paid off. One is very simple; the unpaid principal balance is multiplied by the daily rate of interest and that is applied for each day since interest was owed and unpaid. The second method is more common when mortgage loans are coming out of a modification program. Interest in this case is applied based on the amortizing balance as though the payments were made as scheduled.

During good times management may have considered the occasional loan where interest would be “eaten” based on a projected amortization example a cost of doing business, a preferred method to receive a return of the money before a return on the money, and not worth the time to dispute. Obviously, the income difference between these two methods could be significant, especially when multiplied by a large volume of accounts that have been on forbearance and deferral programs. Using the amortized payment method amplifies the lost income opportunity of the principal that was in fact outstanding and effectively not interest bearing.

An argument for the CARES Act says that the outstanding principal balance method is not justifiable because it is not, “as if the borrower made all contractual payments on time and in full.” But many servicers (and banks servicing their own accounts) use the actual principal balance method to calculate past due interest at payoff. The servicers and banks that use this method to calculate a payoff and do not change this method for borrowers in a CARES Act forbearance status may be in error. They run the risk of charging interest amounts greater than what the CARES Act allows and that may bring with it litigation and penalty if the methodology used cannot be justified.

Renters on the other hand may have a more difficult time as past due rents are, well, past due rents. Banks may want to help any landlord borrowers they have, ensuring they are aware of any rental assistance programs that are becoming available on a state and federal level. These programs may be a win-win as otherwise either the tenant goes, or some payment plans will be required potentially delaying cash flows many more months into the future.

The ongoing stimulus payments for eligible families may provide some relief beginning with the scheduled July payments. The same law providing the last round of $1,400 EIP stimulus payments is set to provide working families up to $3,300 per child. Half of that will come in the form of cash at $250 to $300 per month, per child, and the IRS said these will start in July 2021. The remainder will be a tax credit claimed when the next federal return is filed in 2022 for 2021. The latter is not a cash flow that will assist in rental payments, but the cash payments could.

Lastly, as it pertains to those renters, on April 19, 2021, the CFPB clarified in an interim final rule that debt collectors must provide written notice to tenants of their rights under the eviction moratorium, and this prohibits debt collectors from misrepresenting tenants’ eligibility for protection from eviction. Violators of this rule face prosecution at both the federal and state levels for violations of the Fair Debt Collections Practices Act (FDCPA). Further, an attorney representing a client in such an eviction is deemed a debt collector. Expect more i’s to be dotted and t’s to be crossed when it comes to evictions, and costs will increase. We know the CFPB will be taking aim at any violators it finds and if the target is clear in its sights, the CFPB will likely make an example of them to send a message.

April 2021 OBA Legal Briefs

  • Third round of stimulus payments (EIP3)
  • Reg B has expanded: What you need to do
  • UDAAP U-turn
  • More reasons to watch the Bureau

Third round of stimulus payments (EIP3)

By Pauli D. Loeffler

Basics. To receive the third stimulus payment (“IEP3”) the payee(s) must be U.S. citizens or U.S. resident aliens. The payee must have a social security number issued by the Social Security Administration. This means that a person who has an Individual Taxpayer Identification Number (“ITIN”), 9-digit number, beginning with the number “9” issued by the IRS isn’t eligible. If the payee died before January 1, 2021, s/he is not eligible for the third stimulus (EIP) payment.

Deceased payee. If the payee died before January 1, 2021, return the direct deposit. If it is a paper check do not cash or deposit the paper check. Like the first and second stimulus payments, it is the customer’s responsibility (not the bank’s) to return any funds attributable to a deceased joint payee or dependent.
Taxes, child support, garnishment, and offset. The third stimulus payment will not be reduced for federal taxes owed nor will state tax and child support intercepts apply. On the other hand, direct deposits do not have the two XXs identifying them as subject to the Garnishment of Federal Benefits rule, which means the bank does not include them in determining the protected amount under the rule. Direct deposits of EIP3 payments are subject to garnishment and child support levies. If the account is open and overdrawn, the bank may use offset to collect the overdrawn amount.

Closed accounts. If the account is closed, the bank cannot reopen it to accept the direct deposit. Return the ACH entry using R02 (account closed). The customer will receive a paper check sent to the address used on the 2019 or 2020 tax return. We get a lot of questions regarding re-opening a charged off account that receives a direct deposit. I know how tempting this is, but the short and definitive answer is an adamant “No!”

What if the account was administratively closed because it hit a zero balance? This is problematical if the customer does not have another account (deposit account or loan) since the bank needs to perform CIP and the existing customer exception is not available. Often the customer is not aware that the account will automatically close if the balance is zero and had no intention to close the account. The best way to avoid the problem is to set the automatic closure to occur a few days after the balance reaches zero when the customer has not indicated his/her intention to close the account. A more time-consuming measure is to check for zero balance accounts daily and contact the customer to find out if s/he intended to close the account, and if not, override its automatic closure.

Reg B has expanded: What you need to do

By Andy Zavoina

Background

OK, so you heard the Consumer Financial Protection Bureau announced an interpretive rule on Regulation B. Anti-discrimination efforts are front and center for the CFPB and, it appears, for the new administration now supporting it. In a nutshell the interpretation says the prohibition against sex discrimination under the Equal Credit Opportunity Act and its implementing Reg B includes protection against any discrimination based on sexual orientation or gender identity. This includes discrimination based on actual or perceived nonconformity with sex-based or gender-based stereotypes and discrimination based on an applicant’s “associations.” We will explore what this all means in a moment.

This may seem, at first blush, like much ado about nothing because discrimination in your bank is a non-issue. There is none. But that is not necessarily the case here. Not that you have any lending discrimination happening, but that there are things to be done because of this interpretation. This ruling is not intended to be a guidance document that would qualify as advice and not be binding. It is an interpretation of the law that says, “this is how we read the regulatory requirements and you must conform with them.” You should recognize that you now have a task list resulting from this interpretive rule and it is already in effect. More on the task list further in this article.

This is not a “new” interpretation and it is not coming from nowhere. It has roots in both prior interpretations and in legal cases that have gone as far as the Supreme Court (SCOTUS). In 2016 the CFPB responded to an inquiry from SAGE, the Services & Advocacy for GLBT Elders. SAGE says it “stands proudly with the LGBT pioneers across the country who’ve been fighting for decades for their right to live with dignity and respect.” SAGE queried the CFPB about sex discrimination resulting from sexual orientation and gender identity.

The CFPB opined and concluded that ‘‘the current state of the law supports arguments that the prohibition of sex discrimination in ECOA and Regulation B affords broad protection against credit discrimination on the bases of gender identity and sexual orientation, including but not limited to discrimination based on actual or perceived nonconformity with sex based or gender-based stereotypes as well as discrimination based on one’s associations.” The CFPB said further that it was monitoring legal developments and that ECOA and Reg B would reflect the precedents and interpretations of sexual discrimination laws. This position, which the CFPB took five years ago, is the same as it is taking now.

Fast forward to June 2020 and a case before the Supreme Court, Bostock v. Clayton County, Georgia, which involved sex discrimination under Title VII of the Civil Rights Act of 1964. Specifically, this was the case of an employer who allegedly fired a long-time employee simply for being homosexual or transgender. SCOTUS relied on three key findings to reach its decision: (1) Sexual orientation discrimination and gender identity discrimination necessarily involve consideration of sex; (2) Title VII’s language requires sex to be a “but for” cause of the injury but need not be the only cause; and (3) Title VII’s language covers discrimination against individuals, and not merely against groups. SCOTUS basically connected the dots as it stated in its opinion, “An employer who fires an individual for being homosexual or transgender fires that person for traits or actions it would not have questioned in members of a different sex. Sex plays a necessary and undisguisable role in the decision, exactly what Title VII forbids.“ These three points, emphasized by the opinion, easily translate from this employment case to credit situations under ECOA and Reg B. In the Federal Register announcing this interpretation the CFPB said, “It is well established that ECOA and Title VII are generally interpreted consistently.”

The CFPB said it would monitor legal actions and react accordingly. The language from SCOTUS is very much in alignment with the interpretation the CFPB offered in 2016 and it certainly fuels this new CFPB interpretation which essentially expands Reg B protections. The reality is, ECOA and Reg B have not expanded, but the CFPB is making clear that sexual orientation and identification are included as prohibited bases under sex discrimination. No one questions a woman dressing as a woman. But if a man does so, it may be viewed in a derogatory manner because he is not a woman – and that stereotyping is based on his sex.

Details

The CFPB’s interpretive rule intended to clarify that ECOA and Reg B prohibitions against discrimination on the basis of sex include discrimination based on sexual orientation and/or gender identity. The rule was considered effective on the date of publication in the Federal Register, March 16, 2021.

ECOA prohibits discrimination based on sex. It does not require that it be a primary issue in any complaint or action to be an issue, it can be a contributing factor in any case. Sex discrimination is often thought of as an “all males” compared to “all females” problem such as having a higher denial rate for female applicants who are similarly qualified to approved male applicants. But sex discrimination also applies at an individual level. Additionally, discrimination may be based not only on the characteristics of an applicant but also on the characteristics of a person with whom an applicant associates.

The CFPB “owns” Reg B and is therefore the only entity empowered to provide binding interpretations. It clarifies in this rule that under Reg B: (1) sexual orientation discrimination and gender identity discrimination necessarily involve consideration of sex; (2) an applicant’s sex must be a ‘‘but for’’ cause of the injury, but need not be the only cause; and (3) discrimination against individuals, and not merely against groups, is covered. The Bureau also clarifies that ECOA’s and Reg B’s prohibition against sex discrimination encompasses discrimination motivated by perceived nonconformity with sex based or gender-based stereotypes, as well as discrimination based on an applicant’s associations.

Fact One: Sexual orientation discrimination and gender identity discrimination do involve consideration of sex, which would violate Reg B on a prohibited basis. If a male applicant is denied a loan in whole or in part because that male applicant is attracted to other males, that is discriminatory based on sex, because a female who is attracted to males would be approved. The male attracted to other males is “failing to fulfill traditional sex stereotypes.”

If a loan workout specialist declines the forbearance application on a home loan of a transgender borrower who was identified as male at birth but who now identifies as female, but a similarly qualified applicant who was identified as female at birth and continues to identify as female was approved, the specialist will be seen to have discriminated against the transgender borrower because the bank accepted the female applicant who was identified as female at birth and continues to do so. In these examples, the individual applicant’s sex plays an unmistakable and impermissible role in the credit decision and thus this conduct constitutes discrimination on the basis of sex in violation of ECOA and Regulation B.

The interpretation from the CFPB above is consistent with the SCOTUS conclusion in Bostock that “it is impossible to discriminate against a person for being homosexual or transgender without discriminating against that individual based on sex.” (Sometimes this is easier to grasp if in your mind you consider “gender” or “gender identification” in place of “sex.” This may also assist students when they are being trained.)

Fact Two: Basing any decision on a loan under consideration or already funded in whole or in part on the sex of a person (or gender identification) is discriminatory and it does not matter if sex was a primary or secondary factor, it simply may not be any factor in a decision.

As a practical example, when the bank rejects an applicant on the basis of that person’s being gay or transgender, there could be two contributing factors in the decision and while both the person’s sex and something else, a collateral issue, contributed to the decision, the fact that just one factor was based on a prohibited basis attaches the liability of discrimination to the decision if collateral in this example alone would not have been enough. Having been on the loan desk for many years I have been in the discussion where it is stated, “I don’t like this, but this alone is not reason to deny it, and I don’t like that, but that alone is not reason enough to deny it, but if you consider this and that, deny the loan.” If either “this” or “that” are reflective of a prohibited basis, it may deemed discriminatory.

Fact Three: The rules against sex discrimination apply to individuals and not just situations which apply to all men, or all women.

A case in point is a lender who denies a loan request from any woman he feels is not feminine enough. Perhaps he objects to her short hair, “manly” gestures or that she is dressed in a man’s suit. The lender applies this treatment universally however, in that he also denies any man he feels is too feminine. Perhaps the man wears makeup, uses feminine gestures, or has long fingernails. The lender is treating each group equally and may justify the actions saying it is equal treatment. But in fact, each group was discriminated against in violation of ECOA and Reg B based on sex and the lender’s perception or stereotype of what is acceptable. Going back to Lending 101, many of us were taught the five Cs of credit – character, capacity, capital, collateral, and conditions. Do not confuse the lender’s stereotyping with character. Character is addressing the credit rating and a person’s desire and determination to pay their bills in a timely manner. In this example the lender is not mitigating a bias by applying misguided logic against both men and women, he is compounding the problem by doubling it. As noted by the CFPB, “It is no defense for a creditor to argue that it is equally happy to reject male and female applicants who are gay or transgender because each instance of discriminating against an individual applicant because of that individual’s sex is an independent violation of ECOA and Regulation B.”

In this example, the point is that applying a bias equally may be equal treatment, but that does not make it non-discriminatory.

Fact Four: The last example provided in the interpretive rule addresses discrimination based on sex, when the discriminatory acts are based on gender specific stereotypes like what I used immediately above. Generally speaking, these are stereotypes related to gender identity and/or sexual orientation, as well as discrimination based on an applicant’s associations.

Specifically, an example could include a transgender applicant wanting a small business loan for a nursery. Jane, the small business lender received an email from John Smith on this topic which started with “happy spring to you,” and she replied with an invitation to visit her office and discuss the loan request. When John appeared for the meeting he was not dressed as a man and he was interested in setting up a daycare and nursery in town. Jane sent John home to change without discussing the loan. Her actions were based on John’s dress and told him that this was inappropriate attire — it was not suitable for the bank or for such a loan request. The CFPB views this as discriminatory stereotyping and supports that opinion with various court cases including EEOC v. Boh Bros. Constr. Co. as well as others cited in the Federal Register document finalizing this rule.

In the Boh Bros. case the company settled with the EEOC for $125,000 resulting from the actions of a superintendent against a worker on a bridge construction project. The 2009 case included verbal abuse, taunting gestures of a sexual nature, and the superintendent exposing himself. He admitted he harassed Woods, the plaintiff, because he thought Woods was feminine and did not conform to his gender stereotypes of “rough iron workers.” There was also a jury trial in which Boh Bros was found to have permitted a hostile work environment and sexual harassment, which is illegal sex discrimination under Title VII. Again, the CFPB relies on the similarities between Title VII and ECOA. It is also worth noting Woods was awarded $451,000 by the jury for back pay and compensatory and punitive damages. The district court reduced this to $301,000 because of statutory limits. One point here is that you can easily substitute the lender–bank relationship for the superintendent–company relationship.

Actions based on stereotyping a person must be discouraged when the stereotyping is based on a prohibited basis, the same as actions based on the associates or associations of that person. Discrimination based on sex, including sexual orientation and/or gender identity, of the persons with whom the individual associates is prohibited. The rule tells us, a “creditor engages in such associational discrimination if it, for example, requires a person applying for credit who is married to a person of the same sex to provide different documentation of the marriage than a person applying for credit who is married to a person of the opposite sex.”

Task List

The interpretive rule was published on March 16, 2021, and was “effective” that day. Because it was not a change to Reg B there was no comment period required or offered. The CFPB has simply said this is how the rule needs to be viewed, and we can expect that it will be enforced based on this.

Does your bank regurgitate Reg B in any policies or procedures? It may be time to review any that may and determine if edits are necessary to demonstrate not just a willingness to comply, but an affirmation to do so. Consider reviews of policies, procedures and actual practices, underwriting guidance, credit scoring and compliance monitoring systems.

Will training documents, presentations, videos, or computer-based training require edits to include the points made by the interpretive rule? Remember that Reg B and the ECOA apply to all phases of your loans, consumer, commercial and real estate, whether they are in the advertising or application stage, payment period or past due and in a workout status. Being preemptive is more desirable than being reactive after an exam criticism or a complaint. Having loan staff aware of the rule immediately is best. The four Facts and Examples above may be excellent training points. Likewise, it is recommended that Compliance use any opportunity to mention the rule and the bank’s reactions to senior management and the board to ensure they are aware of what has been clarified and how the bank has ensured implementation.

The CFPB referenced President Biden’s Executive Order 13988, “Preventing and Combatting Discrimination on the Basis of Gender Identity or Sexual Orientation.” President Biden’s order mandates all federal agencies must fully enforce Title VII and other laws that prohibit discrimination based on gender identity or sexual orientation. Federal agencies must take all lawful steps to make sure that federal anti-discrimination statutes that cover sex discrimination also prohibit discrimination based on sexual orientation and gender identity.

UDAAP U-turn

By Andy Zavoina
On March 11, 2021 the CFPB announced it was rescinding its “Statement of Policy Regarding Prohibition on Abusive Acts or Practices,” originally published January 24, 2020. Many in banking, regulation and even Congress repeated the same question, “what is abusive, how does it differ from or supplement the rest of UDAAP and how is it enforced?” The 2020 policy statement clarified this, as you will see below. This 2021 rescission was effective March 19, 2021.

CFPB Acting Director Dave Uejio shared in a blog post that he planned to reverse policies of the Trump Administration “that weakened enforcement and supervision,” some of which included rescinding public statements proclaiming a relaxed approach to enforcement. The UDAAP policy statement was one of the first to be reversed.
We are back to what the Dodd-Frank Act considers as abusive:

  • Materially interferes with someone’s ability to understand a product or service;
  • Takes unreasonable advantage of someone’s lack of understanding;
  • Takes unreasonable advantage of someone who cannot protect themselves; and
  • Takes unreasonable advantage of someone who reasonably relies on a company to act in their interests.

The 2020 policy statement outlined three principles which were to guide the CFPB in supervisory and enforcement actions pertaining to abusive acts or practices:

1) The CFPB would focus on citing conduct as abusive in supervision and challenging conduct as abusive in enforcement if it concluded that the harm to consumers outweighed the benefits.

2) The CFPB would generally avoid challenging conduct as abusive where an alleged violation relied on all or nearly all the same facts as those deemed unfair or deceptive. This helped prevent piling on violations for the same thing. Where an act or practice was deemed abusive, the CFPB intended to be very clear and show the legal analysis of the claim and what separated these actions from others.

3) Generally, the CFPB would not seek monetary remedies for abusive acts or practices if the bank had made a good faith effort to comply with the law and a reasonable interpretation of it.

If your bank revised any UDAAP policies or procedures based on this guidance, be aware that Acting Director Uejio has rescinded it and adjustments to the materials noted and training the bank conducts may need adjustments as well. Adjustments may be guided based on the reasoning by the CFPB. The rescission was done for several reasons as noted in the Federal Register on March 19, 2021.

The CFPB said it reviewed what had happened since the 2020 policy went into effect and concluded that the principles in the statement “do not actually deliver clarity to regulated entities” and in actuality may, “afford the CFPB considerable discretion in its application and uncertainty to market participants.” Not citing a violation as abusive because it may overlap with an unfair or deceptive conduct or based on other principles in the statement “has the effect of slowing the CFPB’s ability to clarify its statutory abusiveness authority by articulating abusiveness claims as well as through the ensuing issuance of judicial and administrative decisions.”

By only citing conduct as abusive in exams or in enforcement actions, if the CFPB concludes that the harm to consumers from the conduct outweighed the benefits, the CFPB would be applying the abusiveness standard “differently from the normal considerations that guide the CFPB’s general use of its enforcement and supervisory discretion.”

If the CFPB fails to apply the full scope of the statutory standard according to the statement, it “has a negative effect on the CFPB’s ability to achieve its statutory objective of protecting consumers from abusive practices.” The policy of not seeking civil money penalties for abusive acts or practices “is contrary to the CFPB’s current priority of achieving general deterrence through penalties and other monetary remedies and of compensating victims for harm caused by violations of the Federal consumer financial laws through the CFPB’s Civil Penalty Fund.” Similarly, not citing conduct as abusive when that conduct is also unfair or deceptive “is contrary to the CFPB’s current priority of maximizing the CFPB’s ability to assert alternative legal causes of action in a judicial or administrative hearing.” The CFPB plans to continue its practice of considering the factors that it typically does in using its prosecutorial discretion.

The policy standard was not required and “stated an intent to refrain from applying the abusiveness standard even when permitted by law.” If Congress intended to limit the CFPB’s authority to fully apply the abusiveness standard, it could have prescribed a narrower prohibition but did not. The Dodd-Frank language “provides sufficient notice for due process purposes.”

Many saw the “friendlier” CFPB as a regulatory agency that was not always confrontational and considered the industry while protecting consumers. However, the phrase above, “…the CFPB’s current priority of achieving general deterrence through penalties and other monetary remedies and of compensating victims…” brings us back to the CFPB’s early years and regulation by enforcement. That said, there may have been more written about the confusion surrounding “abusive” behavior than it being used in enforcement actions. It simply has not been cited much at all.

Considering the changes to Reg B and to UDAAP, compounded by the increased enforcement activity we expect to see from the CFPB, banks may consider a full review of policies, procedures and training materials involving Reg B/ECOA, UDAP/UDAAP and the bank’s general compliance management program for needed updates. After the tremendously disruptive year-plus that banks have had to work under pandemic conditions, it would be easy to see how some tasks went undone. The new administration is moving fast in our industry, the CFPB is leading the way to install changes and the prudential regulatory agencies will follow suit to some degree.

More reasons to watch the Bureau

By Andy Zavoina

Acting CFPB Director Uejio has advised Bureau personnel that there are new priorities for the Bureau’s Supervision, Enforcement, and Fair Lending Division (SEFL), specifically involving COVID-19 relief to consumers and racial equity. He believes that strong oversight can have a meaningful impact on pandemic recovery. One of his directives to CFPB staff is to “always determine the full scope of issues found in its exams, systemically remediate all of those who are harmed, and change policies, procedures, and practices to address the root causes of harms.” Uejio indicated this change includes active Prioritized Assessments. Another directive was for “SEFL to expedite enforcement investigations relating to COVID-19” in order to send a “message that violations of law during this time of need will not be tolerated.”

Any bank taking specific actions, or not taking actions, on credit reporting, overdrafts, PPP loans, loan extensions or forbearance programs, and loan servicing may want to review their actions and be prepared to support the position taken with customers. As to racial equity, Uejio indicated that he plans to expand scheduled exams and add new ones to “have a healthy docket intended to address racial equity” and that fair lending enforcement will serve as “a top priority” at the CFPB. The CFPB will look for opportunities “to identify and root out unlawful conduct that disproportionately impacts communities of color and other vulnerable populations.”

Related to future acts, the CFPB will resume supervising lenders for compliance with the Military Lending Act (MLA). In 2018, then Acting Director Mick Mulvaney had the CFPB stop its supervisory MLA activities because he believed that by virtue of the law itself, the CFPB did not have explicit statutory authority for this. Director Kathy Kraninger, who followed Mulvaney, held this same position, even providing Congress with text for a bill which would rectify this. That request was never acted on with many Democrats maintaining it was not necessary to enforce the law. Acting Director Uejio has already started to reverse “policies of the last administration that weakened enforcement and supervision.” He has taken action not only on the MLA, but on Unfair, Deceptive, or Abusive Acts or Practices (UDAAP). He has already had the CFPB “rescind [seven] public statements conveying a relaxed approach to enforcement of the laws in our care.” https://www.consumerfinance.gov/about-us/newsroom/2020-hmda-data-on-mortgage-lending-now-available/
It’s clear from these early actions that banks can expect a more consumer-centric, proactive CFPB. It is a safe assumption that Uejio is not operating in a vacuum and is in contact with the nominated director, Rohit Chopra. Chopra told a Senate panel during confirmation hearings that he plans to prioritize the enforcement of fair lending laws and scrutinize the large technology companies wanting to break into the financial services industry. He currently is a commissioner at the Federal Trade Commission, where he has campaigned for stricter consumer privacy rules and enforcement penalties. He helped establish the CFPB and worked under Senator Elizabeth Warren while doing so. He was an ombudsman for student loans when Richard Cordray was the first CFPB Director.