Monday, October 7, 2024

Legal Briefs

September 2024 OBA Legal Briefs

  • 2024 Oklahoma Legislation – Part II
  • More Deceased Customer Q&As

2024 Oklahoma Legislation – Part II

Oklahoma Uniform Directed Trust Act of 2024
Oklahoma Trust Act (Amended) – Title 60 O.S. §§ 175.01 – 175.57 (Effective 11/1/2024)
Registration and Pre-Registration – Transfer of License Plates – Contracts and Agreements for Electronic System – Title 47 O.S. § 1111.2 (Effective 9/1/2024)

By Pauli Loeffler

Oklahoma Uniform Directed Trust Act of 2024.

The Oklahoma’s legislators passed the “Oklahoma Uniform Directed Trust Act of 2024” during the last legislative session. I will refer to this Act as the “2024 Uniform Trust Act” or 2024 UTA. Like the Uniform Special Deposits Act that I covered in the August 2024 Legal Briefs, this is another Act promulgated by the Uniform Laws Committee. The 2024 UTA is found in Title 60 O.S. §§ 1201A – 1217. Its provisions take effect November 1, 2024. Note that the Oklahoma Trust Act (“OK Trust Act” or “OTA”) is also in Title 60 O.S. §§ 175.01 – 175.57. This Act still exists, but certain sections have been repealed or amended. The legislature also passed the Oklahoma Qualified Dispositions into Trust Act codified in Title 60 O.S. §§ 1301-1390 effective November 1, 2024, which I will not cover. I will note new § 1401 in Title 60 Trusts – Non Application of Rules Against Perpetuities is effective November 1, 2024. Inasmuch as all attorneys groan at the mere mention of the Rules Against Perpetuities, I will only mention the statute and leave it to an estate planner or your bank counsel to explain. Another new statute is Title 60 O.S. § 1402 – Trustee and Qualified Beneficiaries – Binding Nonjudicial Settlement Agreement – Validity – Matters that May be Resolved – Request of Approval from Court.

Let’s start with the 2024 UTA. I strongly suggest making a strong pot of coffee to keep you awake as we explore this Act.

Section 1202 provides definitions of terms used under the 2024 UTA. “Breach of trust” means a violation by a trust director or trustee of a duty imposed on that director or trustee by the terms of trust, the 2024 UTA, or laws of this state other than the 2024 UTA.

I read at least a couple of trusts each week sent by bankers who have questions regarding trusts provided by customers. The 2024 UTA has definitions that I have not encountered before: “Directed trust,” “Directed trustee, and “Power of direction.” The definition for the first term means “a trust for which the terms of the trust grant a power of direction; the second term means a trustee that is subject to a trust director’s power of direction; and the third term means a power over a trust granted by the terms of the trust to the extent the power is exercisable while the person is NOT serving as trustee. It includes a power over investment, management, or distribution of trust property or trust administration.

Section 1203 provides that the 2024 UTA applies to a trust whenever created that has its principal place of administration in Oklahoma if the trust is created before November 1, 2024, provided the decision or action occurs on or after the Act’s effective date, and 2) if the principal place of administration is changed to Oklahoma on or after the effective date the 2024 UTA applies only to a decision or action occurs on or after the date of change. In other words, we are talking about an existing trust.

Section 1205 defines “power of appointment” as a power that enables a person acting in a nonfiduciary capacity, e.g., a non-trustee, to designate a recipient of an ownership interest in or another power of appointment over trust property. The 2024 UTA does not apply to a power of appointment, a power to appoint or remove a trustee or trust director, power of a settlor over a trust with the power to revoke the trust. A power to designate a recipient of an ownership interest in power of appointment over trust property while not a trustee is a power of appointment rather than a power of direction.

Section 1206 permits a trust to grant a power of direction to a trust director and a trust director may exercise or nonexercise a power of direction. Under the 2024 UTA, Trust directors with joint powers must act by majority decision. I know bankers aren’t going to be thrilled with this provision. Of course, the trust could include language allowing trust co-directors to act independently if more than one trust director is named, and this would negate the Act’s requirement. I note § 175.17 of the OTA in subsection C. specifically allows a current co-trustee to execute a power of attorney naming another current co-trustee to act on his or her behalf. You will find a Template on the OBA Legal Links web page under Templates, Forms, and Charts under the subheading “Trusts.” Even though § 1208 of the 2024 UTA states that trust directors have the same fiduciary duty and liability as a trustee, I am unsure whether the co-trustee POA under the OTA can be used.

Section 1208 provides that a trust director has the same fiduciary duty and liability as a trustee. Section 1210 requires a trust director to provide a trustee or another trust director with information.

Under § 1211, unless required by terms in the trust, a trustee has no duty to monitor a trust director, inform or give advice to a settlor, beneficiary, trustee or trust director.

Oklahoma Trust Act.

Turning now to the OK Trust Act § 175.24 – Powers of Trustees – Bond – Payment from Trust – Legal Proceedings – Attorney-Client Relationship was amended effective November 1, 2024. Most of the changes are minor, dealing with gender neutrality such as the use of spouse rather than husband or wife. However, Subsection B. is new.

1. In the exercise of its authority under paragraph 9 of subsection A of this section, a trustee may pay, from the assets of the trust, reasonable compensation and costs incurred in connection with employment of attorneys, accountants, agents, and brokers reasonably necessary in the administration of the trust estate.

2. In the event of any legal proceeding regarding the trust, a trustee may pay the costs or attorney fees incurred in any proceeding from the assets of the trust without the approval of any person and without court authorization unless otherwise ordered by the court in such legal proceeding.

3. Unless expressly provided otherwise in a written employment agreement, the creation of an attorney-client relationship between an attorney and a person serving as a fiduciary shall not impose upon the attorney any duties or obligations to other persons interested in the estate, trust estate, or other fiduciary property, even though fiduciary funds may be used to compensate the attorney for legal services rendered to the fiduciary. This paragraph is intended to be declaratory of the common law and governs relationships in existence between attorneys and persons serving as fiduciaries and any such relationship hereafter created.

4. Whenever an attorney-client relationship exists between an attorney and a fiduciary, communications between the attorney and the fiduciary shall be subject to attorney-client privilege unless waived by the fiduciary, even though fiduciary funds may be used to compensate the attorney for legal services rendered to the fiduciary. The existence of a fiduciary relationship between a fiduciary and a beneficiary does not constitute or give rise to any waiver of the privilege for communications between the attorney and the fiduciary.

C. The following rules of administration shall be applicable to all express trusts but such rules shall not be exclusive of those otherwise imposed by law unless contrary to these rules:

1. Where a trustee is authorized to sell or dispose of land, such authority shall include the right to sell or dispose of part thereof, whether the division is horizontal, vertical, or made in any other way, or undivided interests therein;

2. Where a trustee is authorized by the trust agreement creating the trust or by law to pay or apply capital money subject to the trust for any purpose or in any manner, the trustee shall have and shall be deemed always to have had power to raise the money required by selling, converting, calling in, or mortgaging or otherwise encumbering all or any part of the trust property for the time being in possession;

3. A trustee shall have a lien and may be reimbursed with interest for, or pay or discharge out of the trust property, either principal or income or both, all advances made for the benefit or protection of the trust or its property and all expenses, losses, and liabilities, not resulting from the negligence of the trustee, incurred in or about the execution or protection of the trust or because of the trustee holding or ownership of any property subject thereto; and

4. When the happening of any event, including marriage, divorce, attainment of a certain age, performance of educational requirements, death, or any other event, affects distribution of income or principal of trust estates, the trustees shall not be liable for mistakes of fact prior to the actual knowledge or written notice of such fact.

D. The powers, duties, and responsibilities stated in the Oklahoma Trust Act or the Oklahoma Uniform Prudent Investor Act shall not be deemed to exclude other implied powers, duties, or responsibilities not inconsistent herewith.

E. The trustee shall pay all taxes and assessments levied or assessed against the trust estate or the trustee by governmental taxing or assessing agencies.

F. No trustee shall be required to give bond unless the instrument creating the trust, or a court of competent jurisdiction in its discretion upon the application of an interested party, requires a bond to be given.

Section 175.47 – Duration of Trust is amended with regard to Subsection C. effective November 1, 2024, with regard to the Rule Against Perpetuities in line with § 1401, discussed above:

C. Except as provided in this section, the common law rule against perpetuities shall not apply to a trust subject to the trust laws of this state.

Section 175.57 – Breach of Trust – Accounting and Approval

A. A violation by a trustee of a duty the trustee owes a beneficiary is a breach of trust.
B. To remedy a breach of trust that has occurred or may occur, the court may:

1. Compel the trustee to perform the trustee’s duties;
2. Enjoin the trustee from committing a breach of trust;
3. Compel the trustee to redress a breach of trust by payment of money or otherwise;
4. Order a trustee to account;
5. Appoint a receiver or temporary trustee to take possession of the trust property and administer the trust;
6. Suspend or remove the trustee;
7. Reduce or deny compensation to the trustee;
8. Subject to subsection I of this section, void an act of the trustee, impose an equitable lien or a constructive trust on trust property, or trace trust property wrongfully disposed of and recover the property or its proceeds; or
9. Grant any other appropriate remedy.

C. A beneficiary may charge a trustee who commits a breach of trust with the amount required to restore the value of the trust property and trust distributions to what they would have been had the breach not occurred, or, if greater, the profit that the trustee made by reason of the breach.

D. In a judicial proceeding involving a trust, the court may in its discretion, as justice and equity may require, award costs and expenses, including reasonable attorney fees, to any party, to be paid by another party or from the trust which is the subject of the controversy.

E. 1. For purposes of this subsection, “accounting” means any interim or final report or other statement provided by a trustee reflecting all transactions, receipts, and disbursements during the reporting period and a list of assets as of the end of the period covered by the report or statement.

2. For any trust that is before a district court under subsection A of Section 175.23 of this title, the trustee may submit an accounting and seek approval of the accounting by the court. Such accounting and the final approval by a district court, whether or not such accounting is contested, shall be conclusive against all persons interested in the trust, and the trustee, absent fraud, intentional misrepresentation, or material omission, shall be released and discharged from any and all liability as to all matters set forth in the accounting.

3. If a trust is not before a district court under subsection A of Section 175.23 of this title and if no objection has been made by a beneficiary who is an eligible distributee or permissible distributee of the trust’s income or principal within one hundred eighty (180) days after a copy of the trustee’s accounting has been provided to such beneficiaries together with written notice of the provisions of this section, the distribution beneficiary is deemed to have approved such accounting of the trustee, and the trustee, absent fraud, intentional misrepresentation, or material omission, shall be released and discharged from any and all liability to all beneficiaries of the trust as to all matters set forth in such accounting.

4. If paragraphs 2 and 3 of this subsection do not apply, absent fraud, intentional misrepresentation, or material omission, an action to recover for breach of trust against a trustee who is a resident of this state or who has its principal place of business in this state, or an officer, director, or employee of such trustee may be commenced only within two (2) years of a trustee’s accounting for the period of the breach. In the case of fraud, intentional misrepresentation, or material omission, the limitation period shall not commence until discovery of the breach of trust.

5. For the purpose of this subsection, a beneficiary is deemed to have received a report or other statement:

a. in the case of an adult, if it is received by the adult personally, or if the adult lacks capacity, if it is received by the adult’s conservator, guardian, or agent with authority, or
b. in the case of a minor, if it is received by the minor’s guardian or conservator or, if the minor does not have a guardian or conservator, if it is received by a parent of the minor who does not have a conflict of interest.

6. Except as otherwise provided by the terms of a trust, while the trust is revocable and the settlor has capacity to revoke, the rights of the beneficiaries are held by, and the duties of the trustee are owed exclusively to, the settlor; the rights to be held by and owed to the beneficiaries arise only upon the settlor’s death or incapacity. The trustee may follow a written direction of the settlor, even if contrary to the terms of the trust. The holder of a presently exercisable power of withdrawal or a testamentary general power of appointment has the rights of a settlor of a revocable trust under this section to the extent of the property subject to the power.

F. 1. A term of the trust relieving a trustee of liability for breach of trust is unenforceable to the extent that it:

a. relieves a trustee of liability for breach of trust committed in bad faith or with reckless indifference to the purposes of the trust or the interest of the beneficiaries, or

b. was inserted as the result of an abuse by the trustee of a fiduciary or confidential relationship to the settlor.

2. An exculpatory term drafted by or on behalf of the trustee is presumed to have been inserted as a result of an abuse of a fiduciary or confidential relationship unless the trustee proves that the exculpatory term is fair under the circumstances and that its existence and contents were adequately communicated to the settlor.

G. A beneficiary may not hold a trustee liable for a breach of trust if the beneficiary, while having capacity, consented to the conduct constituting the breach, released the trustee from liability for the breach, or ratified the transaction constituting the breach, unless:

1. The beneficiary at the time of the consent, release, or ratification did not know of the beneficiary’s rights and of the material facts that the trustee knew, or with the exercise of reasonable inquiry, the beneficiary should have known, and that the trustee did not reasonably believe that the beneficiary knew; or

2. The consent, release, or ratification of the beneficiary was induced by improper conduct of the trustee.

H. 1. Except as otherwise agreed, a trustee is not personally liable on a contract properly entered into in the trustee’s fiduciary capacity in the course of administration of the trust if the trustee in the contract discloses the fiduciary capacity.

2. A trustee is personally liable for obligations arising from ownership or control of trust property, or for torts committed in the course of administering a trust, only if the trustee is personally at fault, whether negligently or intentionally.

3. A trustee who does not join in exercising a power held by three or more trustees is not liable to third persons for the consequences of the exercise of the power. A dissenting trustee who joins in an action at the direction of the majority co-trustees is not liable to third persons for the action if the dissenting trustee expressed the dissent in writing to any other co-trustee at or before the time the action was taken.

4. A claim based on a contract entered into by a trustee in the trustee’s fiduciary capacity, on an obligation arising from ownership or control of trust property, or on a tort committed in the course of administering a trust, may be asserted against the trust in a judicial proceeding against the trustee in the trustee’s fiduciary capacity, whether or not the trustee is personally liable on the claim.

I. 1. A person who in good faith assists a trustee or who in good faith and for value deals with a trustee without knowledge that the trustee is exceeding or improperly exercising the trustee’s powers is protected from liability as if the trustee properly exercised the power.

2. Dealing in good faith with another person with knowledge that the other person is a trustee does not place a third person on notice to inquire into the extent of the trustee’s powers or the propriety of their his or her exercise.

3. A person who in good faith deals with another person with knowledge that the other person is a trustee is not solely on that account placed on notice to inquire into the extent of the trustee’s powers or the propriety of their his or her exercise or to see to the proper application of assets of the trust paid or delivered to a trustee.

4. A person who in good faith assists a former trustee or who for value and in good faith deals with a former trustee without knowledge that the person is no longer a trustee is protected from liability as if the former trustee were still a trustee.

5. The protection provided by this section to persons assisting or dealing with a trustee is secondary to that provided under comparable provisions of other laws relating to commercial transactions or to the transfer of securities by fiduciaries.

You will note that I have highlighted Subsection E. 6. The reason for the emphasis it that this provision allows the settlor of the trust to indorse a check payable to the Trust and deposit the check into an account owned by the settlor that is not under the trust. It also allows the settlor to name a non-trustee as an authorized signer on the Trust account or add a deputy to a safe deposit box leased by the Trust. You will find a template for adding a non-trustee authorized signer to a Trust account as well as one to add a deputy to a safe deposit box on the Legal Links web page noted above.

Title 47 O.S. § 1111.2 Registration and Pre-Registration – Effective September 1, 2024.

A. The license plate and certificate of registration shall be issued to, and remain in the name of, the owner of the vehicle registered and the license plates shall not be transferable between motor vehicle owners. When a vehicle is sold or transferred in the state, the following registration procedures shall apply:

1. When a current and valid Oklahoma motor vehicle license plate has been obtained for use on a motor vehicle and the vehicle has been sold or otherwise transferred to a new owner, the license plate shall be removed from the vehicle and retained by the original plate owner;

2. In the event an owner purchases, trades, exchanges, or otherwise acquires another vehicle of the same license registration classification, Service Oklahoma shall authorize the transfer of the current and valid license plate previously obtained by the owner to the replacement vehicle for the remainder of the current registration period. In the event the owner acquires a vehicle requiring payment of additional registration fees, the owner shall request a transfer of the license plate to the newly acquired vehicle and pay the difference in registration fees. The fee shall be calculated on a monthly prorated basis. The owner shall not be entitled to a refund:

a. when the registration fee for the vehicle to which the plate(s) is to be assigned is less than the registration fee for that vehicle to which the license plate(s) was last assigned, or

b. if the owner does not have or does not acquire another vehicle to which the license plate may be transferred;

4. When a lender or lender’s agent repossesses a vehicle and the license plate has not been removed in accordance with this section, the lender or lender’s agent shall not be subject to the provisions of this section and the license plate shall be considered removable personal property and may be reclaimed from the repossessed vehicle…

6. a. Within two (2) business days of the date of sale or transfer of the motor vehicle, either the seller or the purchaser of the motor vehicle shall complete the pre-registration of the vehicle by submitting documentation to Service Oklahoma or a licensed operator identifying the motor vehicle subject to the sale or transfer, purchaser information, and any associated state-issued license plate on the vehicle. Pre-registration may be accomplished either in person at Service Oklahoma or a licensed operator location or by means of an electronic transaction or online system established by Service Oklahoma in accordance with Section 1132B of this title.

B. 1. The new owner of a motor vehicle shall, within two (2) months from the date of vehicle purchase or acquisition, make application to record the registration of the vehicle with Service Oklahoma or the licensed operator and shall pay all taxes and fees provided by law.

2. Any person failing to register a motor vehicle by timely transferring the license plate as provided by this section shall pay the penalty levied in Section 1132 of this title.

C. A surviving spouse, desiring to operate a vehicle devolving from a deceased spouse, shall present an application for certificate of title to Service Oklahoma or the licensed operator in his or her name within two (2) months of obtaining ownership. Service Oklahoma or the licensed operator shall then transfer the license plate to the surviving spouse.

More Deceased Customer Q&As

By Pauli Loeffler

Distributions after probate has closed.

Q. Sole account owner is deceased. The husband brings in the “Decree of Settlement of Final Account, Adjudication of Heirship and Distribution of Estate” that lists him as the estate’s personal representative and the beneficiary of the estate.
Hypothetically, if he never set up an estate account for his wife, could he indorse the check made payable to the estate as personal representative and convert it to a check made payable to himself?
This isn’t happening. This is just a discussion that our bank officers were having.

A. If the probate has been settled and the husband brings in the document you described, the bank now has documentation of the accountholder’s death and of the husband’s authority to claim the account for the estate. The bank can issue its cashier’s check payable to “Estate of [decedent’s name], [husband’s name], Personal Representative,” and he can indorse it as it is issued, add his own personal indorsement, and exchange it for a check payable to himself.
The bank would want to retain a copy of the court order.

Safe deposit box, no probate

Q. We have a deceased safe deposit box customer. There are four living children. There is a will but no probate. Is there a way all others can allow just one of them to enter the safe deposit box without them?
A. The heirs will all need to sign the § 906. A.2 affidavit of heirs which is available on the OBA Legal Links web page under Templates, Forms, and Charts. All heirs under the will must either be present when the box is opened or designate an agent to act for them. You will find a Template for Appointment of Agent on the Legal Links web page as well. The § 906 A. 2 affidavit is the appropriate affidavit to use, and it will need to be signed by whoever is/are the residuary heir(s) under the will. If a trust is the residuary heir under the will, the only person who must sign the Affidavit would be the current trustee.

August 2024 OBA Legal Briefs

In this issue:

  • 2024 Oklahoma Legislation – Part I
  • A potpourri of deceased customer Q&As
  • Still more on the FDIC’s revisions to part 328

2024 Oklahoma Legislation – Part I

By Pauli D. Loeffler

Uniform Special Deposits Act – Tit. 6 O.S. § 910 et seq.

This is an entirely new Act that has only been adopted in the states of Oklahoma,
Colorado, and Washington and has been introduced in three other states: West
Virginia, Rhode Island, and Delaware.

There is no requirement that a bank offer accounts subject to the Special Deposit Act.

First, in order to be a “special deposit,” the deposit must be designated as “special” in
an account agreement. Second, the account must be for the benefit of at least two
beneficiaries. One or more of the beneficiaries may be the depositor. It must be
denominated in money defined as a medium of exchange authorized by a domestic or
foreign government for a permissible purpose, meaning a governmental, regulatory,
commercial, charitable, or testamentary objective. Finally, the account must be subject
to a contingency specified in the account agreement that is not certain to occur but if it
does, it creates the bank’s obligation to pay a beneficiary.

Quite frankly, the bank already has certain deposit accounts which are essentially
“special deposits.” For instance, funeral homes and cemeteries which sell plots and pre-
need funeral policies under Title 36 O.S. Sec. 7103 and Sec. 7126 the of the Oklahoma
Statutes would meet the definition of a special deposit. Another example are CDs
required by the Oklahoma Corporation Commission as bond for plugging wells. A third
example is under the Residential Landlord Tenant Act requiring the establishment of an
escrow account for security deposits of the tenant. These and similar relationships such
as those mentioned above will continue as they are.

The Act clarifies what a “special deposit” is. A special deposit must be (i) designated as
“special deposit” in an account agreement governing the deposit at a bank, (ii) for the
benefit of at least two beneficiaries (one or more of which may be a depositor), (iii)
denominated in money, (iv) for a permissible purpose identified in the account
agreement, and (v) subject to a contingency specified in the account agreement that is
not certain to occur, but if it does occur, creates the bank’s obligation to pay a
beneficiary. The examples I mentioned above meet all the criteria EXCEPT for being
designated a “special deposit” in the account agreement.

Inasmuch as only three states have adopted this Uniform Act, whether your current
deposit software provider will produce a specific form or add a check box to the existing
forms to designate the account as subject to the Special Deposit Act is a question I cannot answer. If a customer provides his own “Special Account” agreement, you need to discuss this with bank counsel.

I will add that the Uniform Laws Committee that promulgated the Uniform Special
Deposit Account Act has produced a one hour video I viewed and that you may access
via this link.

Title 19 O.S. § 298 – Change in margin size for recording with County Clerk

The margins for deeds, mortgages, releases, etc., presented to the county clerk for
recording on and after November 1, 2024, are changing. The top margin is increasing
from at least one inch to at least two inches, and all other margins are increasing from
at least one-half (1/2) inch to one inch. I would note that by increasing the size of the
margins, the number of pages being recorded may also increase. Banks will need to
keep the change in mind when providing cost disclosures for consumer loans.

B.

The top margin of all documents shall be at least two (2) inches and all other
margins shall be at least one (1) inch.

C. Despite any provision in this section to the contrary, the county clerk shall accept for
filing any document that fails to meet the requirements of subsection B of this section if:

1. The document is an original or a certified copy of an original;
2. The document is legible without the aid of magnification or other enhancement
of the text;
3. The document is xerographically reproducible by the copying equipment in use
by the county clerk;
4. The document meets all other statutory requirements for recordation; and
5. The person offering the instrument for recording pays the additional fee
provided in Section 32 of Title 28 of the Oklahoma Statutes for nonconforming
documents.

If the bank does not comply with the new margin requirements, there will be an
additional fee under § 32 of Title 28:

13. For recording the first page of deeds, mortgages, and any other instruments
which are nonconforming pursuant to subsection C of Section 298 of Title 19 of
the Oklahoma Statutes – $25.00
14. For recording each additional page of an instrument which is nonconforming
pursuant to subsection C of Section 298 of Title 19 of the Oklahoma Statutes –
$10.00

A potpourri of deceased customer Q&As

By Pauli D. Loeffler

The OBA Legal and Compliance Team receives a lot of questions regarding deceased
customers. Here are just a few of the many we received in the last month.

Finding the POD

Q. We have a checking account that has a POD beneficiary named and the customer
has passed away. However, it is an older account and all we have is a name with no
other identifying information for the beneficiary, not even a phone number. To
complicate matters further, the beneficiary is not one of the customer’s children. One of
the customer’s sons has been named special administrator of the estate. However,
since the account had a POD named it doesn’t become part of the estate. Can we tell
the son that the account has a POD beneficiary, and he is not it? Is there anything he
can do or provide to us that would require us to share who the POD beneficiary is?

A. The son appointed as Special Administrator of the estate stands in the shoes of the
deceased customer and can have any and all information regarding the account
including the signature card naming the POD. Perhaps the son may be able to provide
information regarding the POD. You will have to advise him that the funds are not part
of the estate, and if the bank cannot locate the POD, the funds will be escheated as
unclaimed property for the POD to claim.

Minors as PODs

Q. The owner passed away in March of 2021 leaving two CDs. One of the CDs has his
granddaughter, age 17, listed as his beneficiary, and the other has his grandson, age
14, listed. We have made numerous attempts to have the father of the grandchildren,
who was also a representative for the estate, come and close the accounts for the
benefit of his children. He will not come. We can only speculate on the reasons why.
The money is now due to be sent as unclaimed property to the state. We really do not
want to do that to these kids. Can we make checks payable directly to children and
bypass the father? Do we have other options? I do have a way to contact the
granddaughter directly. She was informed that she has funds here.

A. First, we are talking about CDs that I presume automatically renew. These have a
much longer period before reporting and remitting to the Oklahoma Treasurer as
unclaimed property:

Tit. 60 O.S. Sec. 652

D. Automatically renewable time deposits shall be subject to this section, except that
automatically renewable time deposits shall be presumed abandoned fifteen (15) years
following the expiration of the initial time period of the time deposit unless, during that
period the owner has:

1. Increased or decreased the amount of the deposit;

2. Communicated in writing with the banking or financial organization concerning
the property;

3. Otherwise indicated an interest in the property as evidenced by a
memorandum or other record on file prepared by an employee of the banking or
financial organization; or

4. Had another relationship with the banking or financial organization concerning
which the owner has:

a. communicated in writing with the banking or financial organization, or
b. otherwise indicated an interest as evidenced by a memorandum or
other record on file prepared by an employee of the banking or financial
organization and if the banking or financial organization communicates in
writing with the owner with regard to the property that would otherwise be
presumed abandoned under this section at the address to which
communications regarding the other relationship are regularly sent.

Upon presumed abandonment of the automatically renewable time
deposit, the holder shall report the presumed abandonment to the State
Treasurer and may, at the holders option, either retain the property or pay
or deliver it to the State Treasurer.

In other words, the CDs may not yet be due for reporting as Unclaimed Property. Even if
the CDs are required to be reported by the bank, it has the option to retain the CDs.
There is also the possibility that the grandchildren were named in the will, and there
may have been custodians named to manage those funds, in which case, the bank can
make the checks payable to the custodians.

Still more on the FDIC’s revisions to part 328

By John S. Burnett

In the June and July 2024 issues of Legal Briefs, I analyzed first the effects of the
FDIC’s Part 328 revisions on an insured depository institution’s (IDI’s) ATMs and other
digital deposit-and like devices (June 2024 Legal Briefs), and then other significant
changes to the regulation (July 2024 Legal Briefs). So, what else is there to discuss?

First, we learned in mid-July that the ABA, the Bank Policy Institute, and the Consumer
Bankers Association had written to the FDIC to ask that it “continue to work with
member institutions and other industry stakeholders to determine those aspects of the
final rule where comprehensive and clarifying implementation guidance is necessary for
institutions to be able to properly implement the rule, and this guidance, which could
take the form of FAQs, for example, be published by the end of 2024.” The letter went
on to request that the FDIC extend the compliance deadline by 12 months to January 1,
2026, to “provide institutions with sufficient time to comply with the rule, as clarified by
the guidance.”

Whether or not the FDIC will extend the compliance deadline is unknown. At the time
this Legal Briefs article was written, the deadline was still January 1, 2025.

Clarification and guidance in a Q&A document

The FDIC has posted “Questions and Answers related to the FDIC’s Part 328 Final
Rule,” [https://www.fdic.gov/resources/deposit-insurance/questions-and-answers-
related-to-the-fdics-part-328-final-rule.html]. The Q&A may be updated from time to
time. Make note of the “Last Updated” date (currently August 16, 2024) to see if there’s
anything added since your last review of the webpage.

What follows is taken from the FDIC’s responses in the July 16, 2024, Q&As; the
“Observations” are mine

FDIC Official Sign
Q1. Does the rule require the current FDIC official sign to be posted at new accounts
desk?

A. If a banker at a new accounts desk “usually and normally” receives and processes
deposits (e.g., processes a check deposit at the new accounts desk), then the official
sign must be posted at the new accounts desk. In a scenario where the banker at the
new accounts desk always walks the initial deposit over to the teller line, then the teller
is “receiving” the deposit and the official sign posted at the teller window is sufficient;
therefore, in that situation, an official sign would not be required at the new accounts
desk.

Observation: This is not new information. Apparently, bankers continue to ask the
question, however, so including it in this Q&A is helpful.

Q2. Are insured depository institutions (IDIs) required to provide any initial disclosures
about FDIC insurance coverage, either orally or in writing, before opening an account?

A. No. Part 328 does not require IDIs to provide “initial disclosures” about FDIC
coverage before account opening.

Observation: This is also not new information.

Q3. Is the FDIC official sign required at night drop facilities?

A. No. The official sign is required wherever deposits are usually and normally received.
FDIC staff does not view that deposits are usually and normally received by the IDI
when placed in a night depository.

Observation: Again, not new, but some banks have posted the FDIC official sign at
their night depositories. That is not prohibited, but it is unnecessary.

Q4. The new FDIC official digital sign is generally required to be displayed in the colors
navy blue and black. Does the final rule modify the physical official sign color
requirements?

A. No. The final rule does not modify color requirements for the physical FDIC official
sign. The rule continues to require use of the standard, in-branch official FDIC sign,
which is …. [the response continues with a description of the physical sign, using the
wording of section 238.3(b)(4) of the rule].

Non-Deposit Sign

Q1. Is the non-deposit sign required to be displayed in the individual offices within IDIs
where non-deposit products are offered?

A. Yes. Under 12 CFR § 328.3(c)(2), an IDI must continuously, clearly, and
conspicuously display the required non-deposit signage at each location within the
premises where non-deposit products are offered. If non-deposit products are offered in
individual offices, the non-deposit sign should be visible in those offices.

Placement and Display of Official Digital Sign

Q1. Are IDIs’ websites considered deposit-taking channels for purposes of the digital
signage requirements?

A. Under part 328, the FDIC official digital sign must be displayed on “digital deposit
taking channels,” which includes IDIs’ “websites and web-based or mobile applications
that offer the ability to make deposits electronically and provide access to deposits at
insured depository institutions.” 12 CFR § 328.5(a). If an IDI’s website is purely
informational, with no ability to make deposits or access deposits, it would not be
a digital deposit-taking channel.

Observation: And if it is not a digital deposit-taking channel, you are not required to use
the FDIC official digital sign. But don’t forget, if you promote deposit accounts on the
site, you will need to comply with new § 328.6 (Official advertising statement
requirements), as you probably have been all along.

Q2. Can the official digital sign appear only on the IDI’s “home page” and not on the
other web pages that make up the website?

A. No. The FDIC official digital sign must be displayed on the (1) initial or homepage of
the IDI’s website or application, (2) landing or login pages, and (3) pages where a
customer may transact with deposits. For example, the FDIC official digital sign should
be displayed where a mobile application allows customers to deposit checks remotely,
because this electronic space is in effect a digital teller window. 12 CFR § 328.5(d).

Q3. Where are we required to place the official digital sign on a bank webpage or app to
ensure compliance with the “clear,” “continuous,” and “conspicuous” placement of the
digital sign?

A. In general, the FDIC would expect to see official digital signs displayed on the
applicable pages in a manner that is clearly legible to all consumers to ensure they can
read it easily. The official digital sign could be displayed above the IDI’s name, to the
right of the IDI’s name or below the IDI’s name, but under all circumstances, the official
digital sign continuously displayed near the top of the relevant page or screen and in
close proximity to the IDI’s name would meet the clear and conspicuous standard under
the rule.

Here is an example:

Q4. Can the official digital sign be dismissed once a customer logs in?

A. No. The final rule requires that the official digital sign be displayed “in a continuous
manner,” which means it must remain visible on the (1) initial page or homepage of the
website or application, (2) landing or login pages, and (3) pages where the customer
may transact with deposits. 12 CFR § 328.5(d). The final rule, however, does not require the official digital sign to continue to follow the user as they scroll up or down the
screen.

Q5. Does the official digital sign need to be linked to the FDIC’s website?

A. No. Part 328 does not require the official digital sign to be linked to the FDIC’s
website. However, it may be helpful to consumers if IDIs link the official digital sign to
the FDIC’s optional online BankFind tool, so that consumers can more easily confirm
that the bank is FDIC-insured. This would help consumers better differentiate IDIs from
non-banks. Optional, downloadable versions of the FDIC official digital sign are
accessible to, and available for, bankers on FDICconnect, a secure website operated by
the FDIC that FDIC-insured institutions can use to exchange information with the FDIC.

Observation: Customers may or may not find the BankFind tool useful. Linking to it is
completely optional.

Q6. How should IDIs display the FDIC official digital sign on mobile devices with screen
resolutions that do not support the ability to display the entirety of the digital sign on one
line?

A. Generally, the FDIC official digital sign should be displayed as presented (shown
below) in the final rule at 12 CFR § 328.5(b), with no alteration to the text except for
color variation as noted in the regulation text.

However, if the image does not fit a particular device or screen, the official digital sign
can be scaled, “wrapped,” or “stacked” to fit the relevant screen and may satisfy the
“clear and conspicuous” requirement.

Observation: Scaling the image could render it illegible. I suggest you check it on a
number of mobile phones. “Wrapping” or “stacking” the text may be a better option on
narrower screens in portrait mode.

Q7. If an IDI’s name appears at the top of its website, and it also appears in the
website’s footer, does the new FDIC official digital sign need to be displayed at the top
of the page and also in the footer?

A. Under the final rule, IDIs are required to display the FDIC official digital sign “clearly
and conspicuously” in a continuous manner; the official digital sign continuously
displayed near the top of the relevant page or screen and in close proximity to the IDI’s
name would meet the clear and conspicuous standard under the rule. 12 CFR § 328.5(f).

IDIs are not required to display the FDIC official digital sign every time the IDI’s
name appears, such as in the footer of the website.

Q8. To satisfy the final rule’s official digital sign requirements, can the official digital sign
be placed in the footer of the webpage?

A. No. purposes of satisfying the final rule, IDIs are required to display the official digital
sign in a clear, continuous, and conspicuous manner. The official digital sign
continuously displayed near the top of the relevant page or screen and in close
proximity to the IDI’s name would meet the clear and conspicuous standard under the
rule. 12 CFR § 328.5(f). Therefore, placing the official digital sign in a footer of an IDI’s
webpage would not meet the clear, conspicuous, and continuous display requirement.

Observation: Questions 7 and 8 should have been combined.

Q9. If an IDI displays the FDIC official digital sign on its mobile app’s homepage and
alongside the IDI’s logo within the app, is it also necessary to include this signage on
the transaction portal before a customer completes a transaction?

A. It depends in part on what type of transaction is being completed. The FDIC official
digital sign must be displayed on the (1) initial or homepage of the bank’s website or
application, (2) landing or login pages, and (3) pages where a customer may transact
with deposits. 12 CFR § 328.5(d). For example, the FDIC official digital sign should be
displayed where an IDI’s mobile application allows customers to deposit checks
remotely, because this is an electronic space where a customer is transacting with
deposits.

However, if a consumer is completing a transaction by using an embedded third-party
payment platform that consumers: (a) access after logging into their IDI’s website; and
(b) utilize to initiate payments/move funds out of the IDI, then the official digital sign
should not be posted on those pages.

Observation: If your bank includes both of these types of transactions on the same
page, it will need to separate them as described in the FDIC’s response.

Q10. What are examples of “pages where the customer may transact with deposits” that
require the display of the FDIC official digital sign?

A. Examples of “pages where the customer may transact with deposits” that require the
display of the FDIC official digital sign include, but are not limited to: mobile application
pages that allow customers to deposit checks remotely; and, pages where customers
may transfer deposits between deposit accounts held within the same IDI (e.g.,
checking to savings or vice versa).

On the other hand, the FDIC would not expect an IDI to display the FDIC official digital sign on pages where a customer is transferring money from a deposit account to a non-deposit account.

Observation: Check your bank’s online and app pages that offer transfer capabilities to
see if some transfer types need to be set up on a separate page.

Q11. On which webpages should IDIs include non-deposit signs, and are we in
compliance if we place the non-deposit signs in the footer of the webpage?

A. With respect to which specific webpages the non-deposit signs must be displayed,
when an IDI offers both access to deposits and non-deposit products on its digital
deposit-taking channels, it must display a non-deposit sign indicating that non-deposit
products: are not insured by the FDIC; are not deposits; and may lose value. This non-
deposit sign must be displayed clearly, conspicuously, and continuously on each
page relating to non-deposit products.

With respect to whether the non-deposit signs can be placed in the footer, although
there is no requirement for the non-deposit sign to be displayed near the top of the
relevant page or screen, placing the non-deposit sign in a footer of an IDI’s webpage
would generally not meet the clear, conspicuous, and continuous display requirement.

In addition, the non-deposit products sign may not be displayed in close proximity to the
FDIC official digital sign. 12 CFR § 328.5(g)(1).

Observation: It may be “cleaner” to avoid offering or access to deposit and non-deposit
products on the same page.

Use of Advertising Statement on Digital Channels

Q1. Should IDIs include the “Member FDIC,” “Member of FDIC,” or “FDIC-Insured”
advertising statement on every page of their digital platforms?

A. The advertising statement (e.g., “Member FDIC”) must be displayed on
advertisements, consistent with 12 CFR § 328.6. It is not intended to overlap with the
official digital sign, and the advertising statement is not required on web pages where
an IDI displays the official digital sign, such as the bank’s homepage. However, an IDI is
not prohibited from displaying the advertising statement on a page that also includes the
official digital sign, so long as the use of the advertising statement on that page is
otherwise consistent with the official advertising statement requirements in 12 CFR §
328.6.

Automated Teller Machines or Like Devices

Q1. When implementing new official digital signage on ATMs, are IDIs required to
remove existing physical signs, or can both types of signage be displayed
simultaneously?

A. IDIs are not required to take down physical FDIC official signs attached to ATMs. For
an IDI’s ATM or like device that receives deposits but does not offer access to non-
deposit products, except as described below, the final rule provides flexibility to meet
the signage requirement by either (1) displaying the FDIC official digital sign
electronically on ATM screens (consistent with the image as described in 12 CFR §
328.5), or (2) displaying the physical official sign by attaching or posting it to the ATM.
However, IDIs’ ATMs or like devices that accept deposits and are put into service after
January 1, 2025, must display the official digital sign electronically (with no option to
satisfy the requirement through display of the physical official sign). 12 CFR § 328.4(e).

Observation: If an IDI’s ATM does not receive deposits, neither the official physical
sign nor the official digital sign is required to be displayed. If, however, a screen
displayed on the ATM includes an advertisement subject to § 328.6, the official
advertising statement or an optional short title or symbol should appear on that screen.

Social Media

Q1. Are IDIs required to post the new official digital sign on its social media
advertisements?

A. No. IDIs are not required to display the FDIC official digital sign on its social media
advertisements. IDIs should ensure that social media advertisements are compliant with
the official advertising statement requirements contained in 12 CFR § 328.6.
Observation: Social media are not digital deposit-taking channels.

Technical assistance

Q1. Where can IDIs obtain additional information about the final rule to support
compliance efforts?

A. The FDIC posted the slides from the FDIC’s banker webinar on Part 328 on
its website.
The FDIC issued a Financial Institution Letter and press release addressing the
issuance of the final rule.
The final rule was published in the Federal Register on January 18, 2024.

Q2. Where can IDIs obtain downloadable versions of the digital official sign?

A. The FDIC has made optional versions of the official digital sign available for IDIs
on FDICconnect, a secure website operated by the FDIC that FDIC-insured institutions
can use to exchange information with the FDIC. The requirement to display the new
FDIC official digital sign only applies to IDIs. Display of the FDIC official digital sign by
any non-bank third party would improperly imply that the non-bank is FDIC-insured and
would constitute a misrepresentation under part 328 subpart B.

Compliance and effective dates

Q1. Are there any changes that had to have been implemented by the final rule’s
April 1, 2024, effective date, or do IDIs have until January 1, 2025, to comply with all
requirements?

A. The compliance date for the amendments made to the final rule is January 1, 2025.
No changes had to be implemented by April 1, 2024, but IDIs can begin posting the
official digital sign and implementing other aspects of the regulation prior to January 1,
2025. For example, some IDIs have already posted the new official digital sign on their
websites. Similarly, some non-bank entities have updated their disclosures consistent
with the amendments to part 328 subpart B.

Advertising for Non-Deposit Products

Q1. In marketing materials that feature safe deposit boxes or credit products alongside
insured products like checking accounts, should IDIs include a disclosure stating that
these products are not FDIC-insured?

A. For the purposes of part 328, safe deposit boxes and credit products are excluded
from the definition of “non-deposit product.” Therefore, there is no requirement under
part 328 for an IDI to include such a disclosure in marketing material for these products.
Observation: Some banks have posted notices in their safe deposit areas and/or in
contracts for safe deposit service to advise customers that, despite the use of “safe
deposit” in the name of the service, the contents of a customer’s safe deposit box is not
insured by the FDIC or by the bank and that customers should consider insuring any
intrinsically valuable contents in a rider to their hazard insurance policies. These notices
are not affected by part 328.

July 2024 OBA Legal Briefs

More on the FDIC’s Revisions to Part 328

By John S. Burnett

In last month’s Legal Update, I offered an analysis of the changes the FDIC has made to the rules applicable to deposit-accepting ATMs (and similar equipment) in its regulations at 12 CFR Part 328 on Advertisement of Membership, False Advertising, Misrepresentation of Insured Status, and Misuse of the FDIC’s Name or Logo.

Before going further, I want to emphasize here that the new rules on FDIC signage on ATMs in new § 328.4 only apply to deposit-accepting ATMs (and like devices).

In this month’s issue, we review these other significant changes to the regulation:

  • The new definitions section
  • Reorganized and updated information on the FDIC’s official sign
  • New alternative official sign display options
  • Non-deposit product signage requirements
  • FDIC signs for digital deposit-taking channels
  • Another optional FDIC short title for ads
  • A “cleanup on aisle 10” change
  • Required policies and procedures
  • Changes to Subpart B

Definitions

There are now two sets of definitions in the regulation. Section 328.1 includes definitions applicable within the entire regulation, for “Branch,” “Corporation” (the FDIC), “Deposit,” “Digital deposit-taking channel” (websites, banking applications, and any other electronic communications method through which an insured depository institution accepts deposits), “Hybrid product,” “Insured depository institution,” and “Non-deposit product” (any product that is not a “deposit,” including, but not limited to: insurance products, annuities, mutual funds, securities and crypto-assets, but credit products and safe deposit boxes are excluded from this definition).

If you compare the old Subpart A with the new Subpart A, you will see that many of the definitions in the previous version appear with the first instance of the defined term in the text of the regulation, and some terms in the previous version are simply not defined.

Section 328.101 comprises definitions applicable only to Subpart B. More on that later.

Reorganized and updated information on the FDIC’s official sign

Under the “old” regulation, section 328.1 provides a description and definition of the FDIC’s official sign, which is the sign that FDIC-insured depository institutions (IDIs) must post at their teller stations. There is also a definition included of the “symbol” of the FDIC, which is essentially the official sign with the graphic and statement to the left of the initials FDIC cut off, and the horizontal lines removed.

Then, in the old regulation, section 328.2 provides the requirements for displaying the official sign; a provision allowing the use of signs that vary from the official sign in size, color, or material (with certain limitations on size and color combinations); information on procuring the official sign from the FDIC or from commercial sources in other sizes and colors; and a rule allowing the FDIC to require an IDI to “change the wording of the official sign in a manner deemed necessary for the protection of depositors or others.” I presume that addresses cases in which an IDI has not updated its signage when the FDIC makes a change (such as the change in the standard deposit insurance limit from $100,000 to $250,000 several years ago), or in which an IDI has bought non-conforming signs from a commercial source.

In the new regulation, all of that information is reorganized in sections 328.2 and 328.3. Section 328.2 includes the descriptions of the official sign and symbol, reworded information on procurement of signs, and the rule allowing the FDIC to require you to change its posted signs.

New section 328.3 governs signage within the premises of IDIs and adds requirements for signage when an IDI offers non-deposit products within their premises. And this is where we see some substantive changes.

New alternative official sign display options

To start, we see essentially the same old rules on displaying the FDIC’s official sign at teller stations (for banks that usually and normally receive insured deposits at teller windows or stations). You can still use signs that are larger than the standard 7 x 3 inches, and in colors other than black on gold (still limited to two colors with the logo, wording and graphics in one color and the background in another, as long as the color combination still makes the logo, graphics and wording legible).

NEW! If you do not offer non-deposit products on the premises, you can choose to replace those official signs at each teller station with official signs that are placed at one or more locations visible from the teller stations or windows in a manner that ensures a copy of the official sign is large enough to be legible from anywhere  in that area. For example, your lobby design team might want to blow the official sign up to 70 by 30 inches – ten times the standard size – with navy blue logo, graphics, and text against a gold background, to complement the color scheme of your lobby, and place it in only one spot, eight feet above floor level behind the center of your  teller line where no one can miss seeing it. Overkill, you say? Perhaps, but it gets across the point that you have this new option (but only if you do not offer non-deposit products on the premises).

Also new is a rule designed for café style bank lobbies or other non-traditional arrangements, whether or not non-deposit products are offered on the premises. If insured deposits are usually and normally received in areas of the premises other than teller windows or stations, you must display the official sign in one or more locations in a way that ensures a copy of the official sign is large enough so as to be legible from anywhere in those areas.

Non-deposit products signage requirements

Thirty years ago, the FDIC, Federal Reserve Board, OCC and Office of Thrift Supervision (for those of you new to banking, the OTS was eliminated by the Dodd-Frank Act of 2010) issued the “Interagency Statement on Retail Sales of Nondeposit Investment Products,” which was developed to eliminate customer confusion regarding what is insured and not insured among the various products available from FDIC-insured depository institutions.

The update of Part 328 by the FDIC has incorporated that guidance. Banks that offer non-deposit products should find the rules in section 328.3 familiar, and it is expected that compliance under the 1994 Guidance will comply with section 328.3.

There is a requirement for segregated areas to be used for the offering of non-deposit products and those areas are to be clearly delineated and distinguished from areas where insured deposit-taking activities occur. In cases of physical area limitations where there are challenges to offering non-deposit products in a distinct area,  you still must take prudent and reasonable steps to minimize customer confusion.

There is a familiar requirement for conspicuous signage in such areas indicating that the non-deposit products : are not insured by the FDIC; are not deposits; and may lose value.

You can use electronic media to display the official sign and the non-deposit sign as long as one related to the product being offered is continuously and conspicuously displayed while that product is being offered. So, for example, you could use an electronic sign board that displays the official sign most of the time but is switched off and replaced by the “not, not, may” sign when offering non-deposit products.

Signs for digital deposit-taking channels

In last month’s Legal Briefs, I introduced the FDIC’s new official digital sign that will appear on some ATMs. That new sign is officially described in new section 328.5, which governs signage for digital deposit-taking channels, “including IDIs’ websites and web-based or mobile applications that offer the ability to make deposits electronically and provide access to deposits at IDIs.” The design of the official digital sign is spelled out in meticulous detail in section 328.5(b), which I won’t repeat here, but I do recommend that you share that very technical description with whoever designs your website, banking app, and any other digital deposit-taking channels.

Display of the FDIC official sign (the one that appears at teller stations) or the use of the shorthand “Member FDIC” will no longer be acceptable, effective January 1, 2025, for use on bank websites or other digital deposit-taking channels.

Can you get by just by replacing the old FDIC symbol with the new official digital sign everywhere on your website or app?

No. The new official digital sign (or the “digital symbol” — essentially the digital sign without the gray graphic underscore) must appear on the following pages or screens:

  1. Initial or homepage of the website or application
  2. Landing or login pages
  3. Pages where the customer may transact with deposits (for example, make deposits on an IDI’s smartphone app). I believe this would also apply to any page in an online banking web or smartphone app on which a customer can make a transfer to or from the customer’s accounts.

The official digital sign must be clearly legible across all IDI deposit-taking channels. To be considered clear and conspicuous, the official digital sign should be placed near the top of the relevant page or screen and close to the bank’s name. That requirements means the bank’s name should appear on each such page or screen.

Burying the official digital sign in a universal footer for all pages of a website will not be acceptable.

What about web or application pages that offer  non-deposit products?

If a digital deposit-taking channel offers both access to deposits at an IDI and non-deposit products, the institution must clearly and conspicuously display signage indicating that the non-deposit products: are not insured by the FDIC; are not deposits; and may lose value, continuously on each page relating to non-deposit products. This non-deposit signage may not be displayed in close proximity to the FDIC’s official digital sign. As a matter of practicality, it’s probably best not to mix deposit products and non-deposit products on the same page or screen of the website or application.

Can a bank provide a link on the website or application allowing logged-in customers to access a third-party’s offering of non-deposit products?

Yes, but the IDI must provide a one-time per web session notification on its digital deposit-taking channel before the customer leaves the digital deposit-taking channel. The notification must be dismissed by an action of the bank customer before initially accessing the third party’s online platform and it must clearly and conspicuously indicate that the third party’s non-deposit products: are not insured by the FDIC; are not deposits; and may lose value. Optionally, the notification may also indicate that the bank customer is leaving the IDI’s website or other disclosures that may help prevent consumer confusion.

As with the FDIC’s official sign, the FDIC may require any IDI, with 30 days’ notice, to change the wording, color or placement of the FDIC official digital sign and other signs for digital deposit-taking channels when the FDIC deems it necessary for the protection of depositors or others or to ensure consistency with the requirements of subpart A of the regulation.

Changes in official advertising statement requirements

Old section 328.3 – “Official advertising statement requirements” has been reissued as section 328.6 under the same heading, with only one change other than updating cross-references to other sections of the update regulation. It does give your marketing department one additional “short title” that can be used in advertisements in place of the full official advertising statement “Member of the Federal Deposit Insurance Corporation.” In addition to the familiar short titles “Member of FDIC” and “Member FDIC,” and the symbol of the FDIC, your marketing department now has the option of using “FDIC-Insured” in ads subject to section 328.6.

For decades, bankers have asked probing questions about using “Member FDIC” in ads. Questions like “Do we need to include ‘Member FDIC’ on Frisbees we give away to kids at our booth at the county fair each  year if they have our bank name on them?” Questions that I tend to counter with “What other reason does the bank have for having its name on the Frisbees than to advertise the bank, and what about a Frisbee makes it impractical to include ‘Member FDIC’ along with the bank’s name?” The FDIC has included a list of ten types of advertisements that do not require the official advertising statement in old section 328.3 for as long as I can remember, and it hasn’t updated that list at all in the updated regulation.

Cleanup on aisle 10

That is, EXCEPT for item 10 on the list, which, until April 1, 2024, still referred to an FDIC insurance limit of $100,000 because it was not updated when the limit was boosted to $250,000 permanently in 2010. In the new section 328.6 the phrasing was changed to “or that its deposits or depositors are insured by the Federal Deposit Insurance Corporation to at least the standard maximum deposit insurance amount (as defined in § 330.1(o)) for each depositor.”

Policies and procedures

What self-respecting FDIC regulator would not include a requirement that parties subject to its regulation have policies and procedures for compliance with the regulation?

Until April 1, 2024, Part 328 did not have such a requirement. To be sure, the FDIC has always expected that IDIs (and others affected by the rule) comply with Part 328. But the  updated regulation, which has a required compliance date of January 1, 2025, now requires, in new § 328.8, that IDIs establish and maintain “written policies and procedures to achieve compliance with this part.” Not only must the policies and procedures be written, but they also must be “commensurate with the nature, size, complexity, scope, and potential risk of the deposit-taking activities of the insured depository institution and must include, as appropriate, provisions related to monitoring and evaluating activities of persons that provide deposit-related services to the insured depository institution or offer the insured depository institution’s deposit-related products or services to other parties.”

In the prefatory text published with the amendments on January 18, 2024, the FDIC expanded on its requirement that the policies and procedures address any third-party that provides deposit-related serves to an IDI:

“Here, the policies and procedures established and maintained by IDIs will facilitate compliance with part 328, including by ensuring that appropriate monitoring is conducted and evaluations are performed regarding activities of certain persons that provide deposit-related services to IDIs or offer an IDI’s deposit products or services to other parties. The policies and procedures will help ensure activities are conducted in compliance with applicable laws and that IDIs are aware of whether certain third parties are in violation of subpart B of part 328. Having these policies and procedures in place will help mitigate the risks of consumer harm and confusion, consistent with the statutory purpose underlying section 18(a) of the FDI Act and the FDIC’s mission to maintain and promote public confidence in the banking system.” [https://www.federalregister.gov/d/2023-28629/p-212].

That paragraph is significant. You may recall that the FDIC has been issuing “cease and desist” letters to various fintechs that were allegedly misrepresenting their non-deposit products to be FDIC-insured or making other misleading statements about FDIC coverage of funds invested with the fintechs. In some cases, those companies have said that their clients’ funds are placed with an IDI, making them “fully insured” or “guaranteed by the U.S. government,” which, of course, isn’t always the case because there is a cap on FDIC coverage per depositor per capacity.

The requirement that an IDI be aware of whether certain third parties are in violation of subpart B now makes it the IDI’s responsibility to monitor the activities and statements of third parties it may work with to ensure the third parties are not misrepresenting the facts with regard to FDIC coverage of their clients’ funds.

Changes to subpart B

Subpart B was not overhauled to the extent that subpart A was. Here’s a list of the changes.

Definitions: Section 328.101 now includes a definition of “deposit” and selected other definitions were cleaned up a bit or restated rather than citing back to subpart A.

Prohibition: Section 328.102 has added prohibitions against using FDIC-associated terms or images in a way that inaccurately states or implies that a person other than an IDI is insured by the FDIC. Also added are examples of material misrepresentations relating to FDIC coverage.

June 2024 OBA Legal Briefs

  • Bankers’ FAQs
  • Changes in UCCC amounts effective 7/1/24
  • ATMs and the FDIC’s new Advertisement of Membership Rule

Bankers’ FAQs

By Pauli Loeffler

Some of the questions submitted to the OBA’s Compliance team are asked with some frequency by our members. We’ve gathered some of these questions and responses to assist you when similar situations present themselves.

Altered check, indorsement claim

Q. We had a large check ($40,275.60) on which the payee was altered from United Health Care to Lizabeth Zambrano when it was deposited into JP Morgan Chase Bank. The payee, Lizabeth Zambrano endorsed the checked with her initials L.Z. instead of her full name. Can this check be returned because it was not endorsed correctly?

A. Your opportunity to return the check ended at midnight on the banking day after the check posted to your customer’s account. However, your customer, the check issuer, can have the intended payee (United Health Care) provide an affidavit that it did not receive, indorse, or receive the proceeds of the check, and the check issuer can provide an affidavit that the check was payable to United Health Care, the payee name was altered by person unknown to Lizabeth Zambrano, who appears to have indorsed the check and deposited it with JPMorgan Chase Bank (JPMCB).

Your bank then sends copies of the affidavits and a copy of the original check to JPMCB with a claim that JPMCB breached its Presentment Warranty under UCC 4-208 that the check was not altered.

Given the dollar amount involved, you may want to consider getting legal counsel involved. Time is of the essence — JPMCB’s liability to your bank under the presentment warranty can be reduced if you fail to notify them of the breach of warranty claim within 30 calendar days of learning of the alteration and of JPMCB’s involvement as the depositary bank. That includes obtaining the affidavits I mentioned above.

And, for whatever it is worth, “E.Z.” could be Elizabeth Zambrano’s actual signature. It does not have to contain all the letters of her given name.

Multiple payees, who must indorse

Q. When “and” appears on a check, I know both parties need to sign, but when one name appears below the other is that also the case? I have always assumed the answer is “no.” Am I wrong? What about when there is a “/”?
A. If there is an “and” or “&” between payee names, all payees must indorse or deposit the check into an account owned by all payees. If there is an “and/or,” “&/or,” “/,” or no conjunction between the names, any payee may indorse or deposit the check into an account s/he owns.
UCC Section 3-110 – Identification of Person to Whom Instrument is Payable
(d) If an instrument is payable to two or more persons alternatively, it is payable to any of them and may be negotiated, discharged, or enforced by any or all of them in possession of the instrument. If an instrument is payable to two or more persons not alternatively, it is payable to all of them and may be negotiated, discharged, or enforced only by all of them. If an instrument payable to two or more persons is ambiguous as to whether it is payable to the persons alternatively, the instrument is payable to the persons alternatively.
Oklahoma Code Comment
Sections 3-109 and 3-110 rewrote pre-revision Sections 3-110, 3-111, 3-116 and 3-117, for clarity and to modernize the language. Subsection 3-110(d) clarifies pre-revision Section 3-116 by seeking out guidelines for determining when an instrument payable to two or more payees must be indorsed by all of them. Essentially, in order to require indorsement by all the payees, their names must be joined in the conjunctive, as in “Jane Doe and John Doe” or “Jane Doe & John Doe.” Any other formulation will permit indorsement by only one payee, as with “Jane Doe or John Doe,” “Jane Doe/John Doe,” or “Jane Doe, John Doe.”

Payee is named as “Life Tenant”

Q. We were presented with a check payable to “John Doe, Life Tenant.” How do we handle this check?

A. As long as the life tenant payee is alive, the bank can deposit the check into his account. About a decade ago, oil and gas royalty checks started to include “Life Estate” after the name of the payee when the interest of the mineral owner would transfer on death to remaindermen.

If the life tenant is alive and kicking, the bank can deposit the check to any account he owns or cash it and totally ignore any persons named as remaindermen.

It is a different situation when the life tenant is deceased and name or names of the person(s) entitled to the funds are listed below the life tenant. “How do we handle the check?” Even if all remaindermen are present to indorse the check, I would suggest that the bank refuse to deposit the check or cash the check if it is not an “on-us” item. Why do I make this recommendation?

In order to get the deceased life tenant’s name from being the payee of future checks, a new division order for each remaindermen is required. The remaindermen need to notify the purchaser of the oil and gas of the death of the life tenant so 1099s are issued correctly to the remaindermen. I suggest that you tell the remaindermen to return the check along with a copy of the deceased’s death certificate to the purchaser so it will provide new Division Orders for them to execute, as well as a W-9. The royalties will be held in suspense pending receipt of those forms, at which point the payor will release any funds currently held and will issue separate checks to the remaindermen going forward.

Authorized signers on revocable trust accounts

Q. Can we add an authorized signer who isn’t a current trustee to a revocable trust?

A. If the settlor/trustee of a revocable trust wants to add a person who isn’t a trustee as an authorized signer, Sec. 175.57 of Title 60 applies:

E.

3. Except as otherwise provided by the terms of a trust, while the trust is revocable and the settlor has capacity to revoke, the rights of the beneficiaries are held by, and the duties of the trustee are owed exclusively to the settlor; the rights to be held by and owed to the beneficiaries arise only upon the settlor’s death or incapacity. The trustee may follow a written direction of the settlor, even if contrary to the terms of the trust. The holder of a presently exercisable power of withdrawal or a testamentary general power of appointment has the rights of a settlor of a revocable trust under this section to the extent of the property subject to the power.

While the settlor is alive and competent, he can add whomever he wants an authorized signer, and since the settlor is the only one who can claim a breach of fiduciary duty, and as the sole current beneficiary of the funds, he is estopped from making such claim. This is also the reason we allow the trustee/grantor of a revocable trust with an account at your bank to deposit checks payable to the trust or to himself as trustee to cash or deposit checks to his personal account.

I do like a “belt and suspenders” approach even in this situation, and you will find templates on the OBA’s Legal Links web page to use to add an authorized signer to a trust account as well one to add a deputy to a safe deposit box.

Joint tenants without right of survivorship, PODs

Q. Could you please clarify if there are any provisions that prevent each tenant from electing their own PODs? This would allow each elected POD to collect their equal share of the account funds upon the death of the signers.
Example: John Doe or Mary Doe, Joint Tenants in Common Without Rights of Survivorship
John Doe, POD Sally Doe and Bob Doe, in equal shares
Mary Doe, POD Sam Smith

A. Sec. 901 of the Banking Code covers PODs. This section has no provisions for tenants in common allowing them to independently name their own PODs, nor is this allowed for purposes of determining FDIC deposit insurance. The tenancy in common is terminated upon death of a tenant in common, and unless they designate some other proportion at the time the account is opened, 50% of the funds will be paid to the surviving tenant and the rest will be paid to the estate of deceased tenant.

Reg E

Q. We’ve had a situation where our customer is disputing some Cash App charges on his account, and I want to make sure what we’re responsible for. Any advice you have is greatly appreciated!

On 08/08/2023, our customer came into a branch location to question some Cash App charges on his account that he said were not his. The names associated with those posted transactions were his ex-wife and stepson. Being family, he was hesitant on how he wanted to handle the situation. Our employee suggested that he file a police report and get back to us. At that time, the employee shut down his current debit card, and issued a new card. He never signed any dispute forms, never brought in a police report, and we never heard back from him. Fast forward almost a year later, on 05/17/2024, he came to our main bank location and said he was advised by a lawyer to seek the full amount of these Cash App charges that occurred in the amount of $38K, and he did present a police report that he actually filed on 08/11/2023 that he never told us about. The first fraudulent charge happened on 03/09/2023. His next bank statement cycle was on 04/04/2023. And his last Cash App charge was on 08/09/2024. He was also notified by Fiserv Fraud Alert on 04/23/2023 of potentially fraudulent activity on his account, and he did confirm that to be legit. However, it was not a Cash App transaction, and he apparently didn’t review his statements at that time for other fraudulent charges.

Per Reg E, even though he didn’t actually sign any dispute forms, but verbally gave notice those wasn’t his transactions, would that bank be responsible for all transactions from the first unauthorized charge, up to 60 days after the next statement cycle, 03/09/23 through 06/04/23?

Due to untimely notice, the bank should not be liable for any transactions after that since we could have shut down his card and stopped all further transactions?
Due to untimely notice, would the bank also have been relieved from giving him any provisional credit on 08/08/2023 and had the right to investigate first?

Do you see any ground the bank has to stand on due to customer negligence, or since the customer didn’t follow through with our dispute procedures?

A. First, you cannot require the customer to file a police report. When the bank investigates the claim of a series of unauthorized EFTs (UEFT), and cannot determine they were authorized, the bank must apply the timing and liability rules in Regulation E section 1005.6 to determine which UEFTs the consumer is to be reimbursed for and which UEFTs the consumer must bear responsibility for.

In this case, because there was no lost or stolen access device involved, the first and second tiers of liability in paragraphs 1005.6(b)(1) and (b)(2), don’t apply. You go straight to the third tier of liability, in paragraph 1005.6(b)(3). Determine when the bank sent the periodic statement showing the earliest UEFT and add 60 days to that date. This is the date after which any UEFT in the claim is the consumer’s responsibility. Any UEFT on or before that date should be reimbursed to the consumer.

Although you don’t have to provide provisional credit or adhere to the investigation timing rules under the section 1005.11 rules if the claim is for a UEFT appearing on a statement sent more than 60 days before the claim is received, you do need to determine whether the EFTs listed in the claim were or were not authorized, and you must comply with section 1005.6.

Changes in Uniform Consumer Credit Code Amounts effective 7/1/24

By Pauli Loeffler

Sec. 1-106 of the Oklahoma Uniform Consumer Credit Code in Title 14A (the “U3C”) makes certain dollar limits subject to change when there are changes in the Consumer Price Index for Urban Wage Earners and Clerical Workers, compiled by the Bureau of Labor Statistics, U.S. Department of Labor. You can download and print the notification from the Oklahoma Department of Consumer Credit by clicking here. It is also accessible on the OBA’s Legal Links page under Resources once you create an account through the My OBA Member Portal. You can access the Oklahoma Consumer Credit Code with regard to changes in dollar amounts for prior years on that page as well.

Increased Late Fee

The maximum late fee that may be assessed on a consumer loan is the greater of (a) five percent of the unpaid amount of the installment or (b) the dollar amount provided by rule of the Administrator for this section pursuant to § 1-106. As of July 1, 2024, the amount provided under (b) will increase by $1.00 to $32.00.

Late fees for consumer loans must be disclosed under both the U3C and Reg Z, and the consumer must agree to the fee in writing. Any time a loan is originated, deferred, or renewed, the bank has the opportunity to obtain the borrower’s written consent to the increased late fee as set by the Administrator of the Oklahoma Department of Consumer Credit. However, if a loan is already outstanding and is not being modified or renewed, a bank has no way to unilaterally increase the late fee amount if it states a specific amount in the loan agreement.

On the other hand, the bank may take advantage of an increase in the dollar amount for late fees if the late-fee disclosure is properly worded, such as:

“If any installment is not paid in full within ten (10) days after its scheduled due date, a late fee in an amount which is the greater of five percent (5%) of the unpaid amount of the payment or the maximum dollar amount established by rule of the Consumer Credit Administrator from time to time may be imposed.”

§ 3-508A.

This section of the “U3C” sets the maximum annual percentage rate for certain loans. It provides three tiers with different rates based on unpaid principal balances that may be “blended” based on the amount of the loan under (a):

(a) the total of:

(i) thirty-two percent (32%) per year on that part of the unpaid balances of the principal which is Seven Thousand Dollars ($7,000.00) or less;

(ii) twenty-three percent (23%) per year on that part of the unpaid balances of the principal which is more than Seven Thousand Dollars ($7,000.00) but does not exceed Eleven Thousand Dollars ($11,000.00); and

(iii) twenty percent (20%) per year on that part of the unpaid balances of the principal which is more than Eleven Thousand Dollars ($11,000.00)…

It also has an alternative maximum rate that may be used rather than blending the rates under 2. (b): “twenty-five percent (25%) per year on the unpaid balances of the principal.

The amounts under each tier are NOT subject to annual adjustment by the Administrator of the Oklahoma Department of Consumer Credit under §1-106. However, subsection (4) added in 2022 allows the lender to charge a closing fee which IS subject to adjustment under § 1-106. The closing fee which was $178.87 has increased as follows:

(4) In addition to the loan finance charge permitted in this section and other charges permitted in this act, a supervised lender may assess a lender closing fee not to exceed One Hundred Eight-Four Dollars and Sixty-Four Cents ($184.64) upon consummation of the loan.

Note that the closing fee is NOT a finance charge under the OK U3C, and therefore not considered for purposes of usury. However, the fee IS a finance charge under Reg Z. Most banks use Reg Z disclosures. This means that it is possible that the fee under Reg Z disclosures will cause the APR to exceed the usury rate under § 3-508A. If that happens, document the file to show that the fee is excluded under the U3C in order to show the loan does not in fact violate Oklahoma’s usury provisions. Please note that the bank is NOT required to charge a closing fee at all, and banks may choose to not charge the fee at all or charge less than the amount permitted under the statute.
You can access the § 3-508A Table here.  (https://www.oba.com/wp-content/uploads/2022/11/3-508A-ABS-Chart.pdf)

§ 3-508B Loans

Some banks make small consumer loans based on a special finance-charge method that combines an initial “acquisition charge” with monthly “installment account handling charges,” rather than using the provisions of § 3-508A with regard to maximum annual percentage rate.

The permitted principal amounts for § 3-508B is adjusting from $3,450.00 to $3,540.00 for loans consummated on and after July 1, 2024.

Sec. 3-508B provides an alternative method of imposing a finance charge to that provided for Sec. 3-508A loans. Late or deferral fees and convenience fees as well as convenience fees for electronic payments under § 3-508C are permitted, but no other fees can be imposed. No insurance charges, application fees, documentation fees, processing fees, returned check fees, credit bureau fees, nor any other kind of fee is allowed. No credit insurance even if it is voluntary can be sold in connection with in § 3-508B loans. If a lender wants or needs to sell credit insurance or to impose other normal loan charges in connection with a loan, it will have to use § 3-508A instead. Existing loans made under § 3-508B cannot be refinanced as or consolidated with or into § 3-508A loans, nor vice versa.

As indicated above, § 3-508B can be utilized only for loans not exceeding $3,540.00. Further, substantially equal monthly payments are required. The first scheduled payment cannot be due less than one (1) calendar month after the loan is made, and subsequent installments due at not less than 30-day intervals thereafter. The minimum term for loans is 60 days. The maximum term of any loan made under this section shall be one (1) month for each Ten Dollars ($10.00) of principal up to a maximum term of eighteen (18) months. This would be loans not exceeding $621.00. Loans under subparagraphs e through i of paragraph 1 of this section ($621.01 up to $2,300.00) the maximum terms shall be one (1) month for each Twenty Dollars ($20.00) of principal up to a maximum term of eighteen (18) months, and under subparagraphs j and k of paragraph 1 of this section ($2,300.01 – $3,450), the maximum terms shall be one (1) month for each Twenty Dollars ($20.00) of principal to a maximum term of twenty-four (24) months.

Lenders making § 3-508B loans should be careful and promptly change to the new dollar amount brackets, as well as the new permissible fees within each bracket for loans originated on and after July 1st. Because of peculiarities in how the bracket amounts are adjusted, using a chart with the old rates after June 30 may result in excess charges for certain small loans and violations of the U3C provisions. Since §3-508B is “math intensive,” and the statute whether online or in a print version does NOT show updated acquisition fees and handling fees you must download and print the notification from the Oklahoma Department of Consumer Credit by clicking the link set out in the first paragraph of this article.

The acquisition charge authorized under this statute is deemed to be earned at the time a loan is made and shall not be subject to refund, but if the loan is prepaid in full, refinanced or consolidated within the first sixty (60) days, the acquisition charge will NOT be deemed fully earned and must be refunded pro rata at the rate of one-sixtieth (1/60) of the acquisition charge for each day from the date of the prepayment, refinancing or consolidation to the sixtieth day of the loan. The Department of Consumer Credit has published a Daily Acquisition Fee Refund Chart for prior years with links on this page, (https://www.ok.gov/okdocc/Licenses_We_Regulate/Supervised_Lender/index.html) but had not done so at the time this article was written. Note if a loan is prepaid, the installment account handling charge shall also be subject to refund. A Monthly Refund Chart for handling charges for prior years can be accessed on the page indicated above, as well as § 3-508B Loan Rate (APR) Table. I expect the charts and table for 2024 to be added shortly.

§ 3-511 Loans

I frequently get calls when lenders receive a warning from their loan origination systems that a loan may exceed the maximum interest rate. Nearly always, the banker says the interest rate does not exceed the alternative non-blended 25% rate allowed under § 3-508A according to their calculations. Usually, the cause for the red flag on the system is § 3-511. This is another section for which loan amounts may adjust annually. Here is the section with the amounts as effective for loans made on and after July 1, 2024 in bold type.

Supervised loans, not made pursuant to a revolving loan account, in which the principal loan amount is $6,400.00 or less and the rate of the loan finance charge calculated according to the actuarial method exceeds eighteen percent (18%) on the unpaid balances of the principal, shall be scheduled to be payable in substantially equal installments at equal periodic intervals except to the extent that the schedule of payments is adjusted to the seasonal or irregular income of the debtor; and

(a) over a period of not more than forty-nine (49) months if the principal is more than $1,920.00, or

(b) over a period of not more than thirty-seven (37) months if the principal is $1,920 or less.

The reason the warning has popped up is due to the italicized language: The small dollar loan’s APR exceeds 18%, and it is either single pay or interest-only with a balloon.

Dealer Paper “No Deficiency” Amount

If dealer paper is consumer-purpose and is secured by goods having an original cash price less than a certain dollar amount, and those goods are later repossessed or surrendered, the creditor cannot obtain a deficiency judgment if the collateral sells for less than the balance outstanding. This is covered in Section 5-103(2) of the U3C. This dollar amount was previously $6,200.00 and increases to $6,400.00 on July 1, 2024.

ATMs (and like devices) and the FDIC’s new Advertisement of Membership Rule

By John S. Burnett

If your bank has ATMs or similar devices that accept deposits, someone in your organization should be working on making sure those ATMs will be in compliance with the FDIC’s revised Advertisement of Membership, False Advertising, Misrepresentation of Insured Status, and Misuse of the FDIC’s Name or Logo regulation (12 C.F.R. Part 328) which has a compliance date of January 1, 2025.

The FDIC has created a new “official digital sign” for use on some ATMs (details below) and on bank websites, online banking sites, and smartphone banking apps. In this article, I will review only the requirements for ATMs.
The official digital sign includes the FDIC initials in bold text, followed by “FDIC-Insured. Backed by the full faith and credit of the U.S. Government” in italics. You can see a reproduction of the sign on the BankersOnline webpage for section 328.5 of the FDIC’s regulation (https://www.bankersonline.com/regulations/12-328-005-new).

What do you need to do to ensure your deposit-accepting ATMs are in compliance after January 1, 2025? It depends on which of the following three groups your ATM falls into:

  1. ATMs or like devices receiving deposits and offering access to non-deposit products, regardless of when they are placed into service
  2. ATMs or like devices receiving deposit and NOT offering access to non-deposit products, placed into service after January 1, 2025.
  3. ATMs or like devices receiving deposits and NOT offering access to non-deposit products placed into service before January 1, 2025.

Group 1

These machines must include the FDIC official digital sign displayed clearly, continuously, and conspicuously on their home page or screen and on each transaction page or screen relating to deposits. Presumably that includes screens used in making a deposit, withdrawal, or transfer to or from a deposit account and balance inquiries.
“Not, Not, May” disclosures. Each screen on each transaction page or screen relating to non-deposit products must display clearly, continuously, and conspicuously electronic disclosures indicating that such products : are not insured by the FDIC; are not deposits; and may lose value. This “Not, Not, May” disclosure may not be displayed in close proximity to the FDIC official digital sign.

Group 2

These machines that receive deposits for an insured depository institution and does not offer access to non-deposit products must display the FDIC official digital sign displayed clearly, continuously, and conspicuously on their home page or screen and on each transaction page or screen relating to deposits.

Group 3

If your bank has ATMs in this group, you can upgrade them at any time to conform to the requirements for Group 2 machines, or you can advertise your bank’s membership in the FDIC by affixing an FDIC’s physical official sign (similar to the sign used at each teller’s station, not the official digital sign) to the machine façade so that is displayed “clearly, continuously, and conspicuously.” If you elect this option for these “grandfathered” machines, you or your third-party ATM servicer must monitor the signage and promptly replace any FDIC physical official sign that is removed, defaced, or degraded by weather, vandalism, or otherwise. If the sign is no longer clear or conspicuous, it should be replaced.

May 2024 OBA Legal Briefs

Military Customers – A Protected Class?

By Andy Zavoina

For starters, service members are not a protected class under Reg B or ECOA, but note I added a question mark in the title of this article. The question is, do you want to treat them as a protected class? In my opinion, a bank often mitigates risks most effectively by putting service members in the same category as the Reg B protected categories of race, color, religion, national origin, sex, marital status, age (provided that the applicant has the capacity to enter into a binding contract), the fact that all or part of the applicant’s income derives from any public assistance program, or the fact that the applicant has in good faith exercised any right under the Consumer Credit Protection Act.

I remind you of these prohibited basis categories for two reasons: to drive home the point that violations of a service member’s rights can yield severe consequences similar to those of Reg B violations, and the fact that if your bank has a fair lending violation (Reg B included), the Department of Justice (DOJ) is the government agency that will enforce it, and the DOJ is the same agency that will enforce the Service members Civil Relief Act (SCRA) as well. Under the SCRA, the Attorney General is authorized to file a federal lawsuit against any person, or entity, who engages in a pattern or practice of violating this law. Does “a pattern or practice” remind you of a term you have heard in fair lending training? For clarity, the DOJ is directly responsible for enforcing the SCRA, whereas the CFPB monitors complaints and can enforce unfair, deceptive, or abusive practices against banks for mistreating service members.

Often, we hear about the homeless problem and there is a subcategory of those who are veterans and that seems to get more attention because it seems more wrong when a veteran is involved. If there is an action against a debt collector, a repossession agent, or a bank charging overdraft fees, it sounds bad in the media, and then they add, “and this included veterans and service members,” because that garners more attention as well. This is both a reputation risk issue and one compounded by the fact that the SCRA may have been violated and because it carries the same weight as the Reg B consumer categories that are mentioned above. Yes, service members and veterans have given up a lot to defend our country and way of life. But as to salary, service members are also paid for what they do, and unlike many years ago when the draft helped ensure the armed services had the required manpower that was needed, today many service members make as much or more in the military as they would in the civilian sector, so compensation is not necessarily lower, especially when the entire compensation and benefits package is considered. The pay and benefits are competitive as to regular duties, but certainly those making the ultimate sacrifice could never be paid enough.

Putting aside the original spirit and intent of this law, while a part of that is still intact, a big part of it is not, and has been replaced with the idea that the SCRA is a benefit of military service. That is how it is explained to many service members. The Consumer Financial Protection Bureau (CFPB) explains that “The SCRA is a law created to provide extra protections for service members in the event that legal or financial transactions adversely affect their rights during military or uniformed service. These protections enable service members to devote their entire energy to the defense needs of the Nation.” So, while there is little obligation on a service member to validate any financial hardship that adversely affects them, they do need to be able to focus on their mission and the defense of our country.

While this is not an educational substitute for a class in lending to the military or the SCRA, I would be remiss not to remind you that, in addition to service members, the SCRA also protects commissioned officers in active service of the Public Health Service (PHS) and the National Oceanic and Atmospheric Administration (NOAA). While the key focus of the SCRA is military, as we discuss this group, read it with the PHS and NOAA included.

As more support for informally adding service members to the Reg B protected bases, the CFPB has a separate department just for these matters, the Office of Service member Affairs (OSA). Annually the CFPB also provides separate reports on service members, including how this group fares in the submission and resolution of consumer complaints. They are specifically separated so that they may be evaluated as a sole category separate from all others. What you do and how you serve your military customers is under a microscope.

In June 2023 the CFPB published “The Office of Servicemember Affairs: Annual Report” for 2022. Complaints submitted by service members serve as a key initial indicator of emerging issues and continuing trends. The report provides data and analysis around the most common complaints submitted by service members.

The Bureau received approximately 66,400 complaints from military consumers in 2022. This was a 55.5 percent increase over 2021. Reviewing the complaints handled by the OSA allows us the opportunity to examine internal procedures for responding to complaints and to improve communication and training to avoid similar complaints in your bank.

This brings me back to the DOJ. In July 2022 the DOJ issued a joint letter with the CFPB that was not directed to banks, but to the auto industry. That absolutely does not mean banks could not learn from the message, and it absolutely does not mean banks have not been penalized for violating these guidance items since 2022. The message is as pertinent today as it was two years ago.

In that letter there are three main provisions they wanted auto lenders to be aware of. Banks make auto loans, and other loans might be applicable as well. The three issues that were addressed included:

Wrongful Vehicle repossessions

The SCRA prohibits repossession of a vehicle during a period of military service unless you (the lender) have a court order or that vehicle loan was made before the period of service, making the loan not covered by the SCRA. There is no notice requirement from your borrower to have this protection, because the burden of determining whether the borrower is protected is on you, the lender. Verification is easiest via the Defense Manpower Data Center (DMDC) website, and I recommend checking that before any repossession order is issued. It may be wise to check it again if you have any reason to believe the borrower may become protected and/or check it again after the repossession to ensure the borrower is not protected at that point. That does not cancel out the fact that the vehicle of a covered borrower was repossessed, but if you verified the DMDC database prior to repossession you should be able to claim a safe harbor from fault. And if you check right after the repossession you can proceed with the return of personal items and a commercially reasonable private sale or auction on the vehicle knowing you will not receive a claim of protection and have to “un-do” that sale, which can be difficult. The DMDC has no separate hard cost, so it is a minimal investment of an employee’s time for peace of mind.2. Failure to terminate vehicle leases without penalty

Failure to terminate vehicle leases without penalty

Under the SCRA, a service member can terminate motor vehicle leases early without penalty after entering service or upon receiving qualifying permanent change of station (PCS) or deployment orders. When service members terminate motor vehicle leases, the SCRA requires that they be refunded all lease amounts paid in advance after the effective date, including “capitalized cost reduction” amounts. This has been a major bone of contention for several larger leasing institutions. The lesson learned here for banks is that upfront fees and costs that are considered part of the overall loan, like a rate buy down, should be amortized and not considered “one and done” as a cost of the loan or lease.

Interest rate benefits

If a loan was incurred prior to military service, the SCRA limits the interest rate to 6 percent upon a proper request from the service member. A proper request should include a formal request and a copy of their orders. The CFPB encourages lenders to use the DMDC checks as proof by itself and to provide rate reductions based on that information. A service member’s commander could also write a letter confirming the service member’s status, and that would satisfy the requirement for any verification. The amount above 6 percent must be forgiven and not deferred or added to the final payment, and it must be effective as of the date of SCRA eligibility, not the date of the request. Remember too, when the borrower is on active duty or the reservist receives their activation orders, they are a covered borrower. This provision allows the service member to make their request during the period of service or within 180 days after leaving the service.

Are banks or other financial institutions better than the auto industry and not deserving of such guidance? Of course not. And to go a step farther, I would point out that another form of enforcement comes not from the regulators or DOJ, but from the courts. So, there are several fronts that pose a compliance enforcement risk on your bank.

DOJ cases

Let’s start with a few DOJ cases and then look in detail at class action lawsuits which can take years to resolve and result in highly expensive litigation. All of this should be considered in a risk assessment concerning loan products. I want to ensure you are aware of some of these cases because they are not typically in mainstream media.

In March 2023, the DOJ filed two statements of interest for cases involving arbitration. The first was Espin v. Citibank, N.A. and the second was Padao v. American Express National Bank. Both cases were in the U.S. District Court for the Eastern District of North Carolina and were concerned with the right of the service members to bring class action litigation under the SCRA instead of being forced into private arbitration proceedings on their own.

The service members were disputing adherence to the 6 percent interest rate rule and were seeking to bring class actions against the banks on behalf of themselves and other service members who may have been affected by violations of this requirement. The complaint alleged that Citibank failed to comply with Section 3937 of the SCRA, requiring lenders to limit the interest rate charged to covered service members to 6 percent during periods of military service. Citibank and American Express were seeking to have the cases dismissed and to require each service member to bring their own individual claim in private arbitration. The DOJ’s statements of interest urged the court to deny each bank’s motion and allow the plaintiffs’ SCRA class claims to proceed.

On September 29, 2023, the court denied Citibank’s motion to compel arbitration in Espin v. Citibank. This class action lawsuit brought by four service members who held credit cards issued by, or had other interest-bearing obligations to, Citibank. In its statement, the DOJ argued that the SCRA gives service members pursuing SCRA claims the right to participate in a class action case in federal court even where a defendant seeks to enforce a contract clause mandating individual arbitration. The DOJ also argued that the relevant portion of the SCRA applies even where the arbitration agreements were executed before the change in law in 2019. The court’s opinion adopted the position advocated by the DOJ.

The Padao case was a class action lawsuit brought under the SCRA by a single service member on behalf of a class of service members who held credit cards issued by, or had other interest-bearing obligations to, the bank. While this was a different lender and plaintiff, the dispute was the same as was the specific Section 3937 reference to the 6 percent rate. The difference here is that this case was based on a single service member’s complaint and expanded to a class. The Padao case is still pending.

In these two cases, the banks are both large. Oftentimes a small community bank sees these very large banks as all-knowing. They have plenty of legal staff to understand all the requirements and react to them. But case after case shows that is not always true. Some like to push the limits or rely on their own interpretations of a requirement. What is your bank’s appetite for risk?

I want to draw attention to the fact that similar to other SCRA cases, especially involving repossessed collateral, significant actions are brought against a bank because of its actions with a single borrower. Just one person starts a snowball that turns into an avalanche. Some readers will be of the opinion that their bank has many military customers, and they know how to handle them as to SCRA compliance. Others may believe they have no military customers and do not need to know SCRA requirements, as they have yet to be an issue. The reality is, you should not be complacent, but be compliant. Evaluate risk, evaluate training, test your procedures, and verify all of it with controls and audits.

At any time, a civilian borrower could enlist in the service and suddenly you find you have an SCRA request. You could also have a reservist called up to active duty who would then be protected. The bank needs to have personnel trained on how to handle these accounts and evaluate the requests. It needs to look not just at loan records, but at overdrafts and safe deposit boxes because after all, a safe deposit box is a lease and the SCRA has a section just for leases. Just as the bank should train everybody in the bank in some basics, where is the Public File for CRA, how do I file a claim for an unauthorized withdrawal from my deposit account, what should they do in event of a robbery, they should recognize “I’m now in the military” as a key phrase that deserves immediate attention of the bank.

You may be surprised if an examiner, or a DOJ lawyer, asks you how many borrowers you have under SCRA protections, especially taking advantage of the 6 percent rate. Regardless of your answer, none, one, or one thousand, the next question may be asking how many were denied SCRA protections? Natural follow-ups to that will be how do you know, how do you track it, who makes the decision, and what factors are involved in that decision. Then, what controls are in place for quality assurance. When there is one complaint, they will look for other cases where the person accepted your answer but did not complain to a regulatory agency or the DOJ.

I do not know of any bankers who want DOJ lawyers in their banks asking questions about loan files. Lawyers are neither lenders nor bankers, and you could find yourself explaining every form and the reasons for every action taken on every loan made in the last five years. You do not want to spend your days doing that and catching up on your regular work at night and on the weekends.

In 2023, I found only four civil money penalties under the SCRA. Two were against towing companies and two were for lease termination problems involving homes. The penalties totaled only $53,000. Not that you would want to justify to your board any civil money penalty as being fair. Fortunately, these were not banks. But that does not mean all banks are getting it all right. The two arbitration cases mentioned earlier are examples even though one is still pending. There are costs incurred already; should we expect a different outcome from the same court for the same complaint?

Let’s revisit a few basic requirements of the Military Lending Act (MLA) and the SCRA, which I have indicated as “M” and “S” below. You can find each of these at www.BankersOnline.com/regulations, near the bottom of the page under the “Other” section. As a general rule the MLA applies to new loans made to service members and the SCRA applies to loans made to people who later became service members. (Please take note that the service member can include dependents, and some SCRA protections are not dependent on this pre-service test.)

M1 – Under the MLA your rate is capped at 36 percent. This applies to a covered borrower with a covered loan.

M2 – The 36 percent is calculated using the Military Annual Percentage Rate, which is like an all-in Reg Z APR. That is, it includes many more finance charge components such as any credit insurance premium or fee, any charge for single premium credit insurance, any fee for a debt cancellation contract, or any fee for a debt suspension and credit-related ancillary products sold in connection with the credit transaction for closed-end credit or an account for open-end credit; (exception bona fide fees). This can make 36 percent easily reachable.

M3 – You are not required by law to verify the applicant’s military status, but if you do not and violate the MLA, the first issue on the borrower’s list of cures is that the loan contract becomes void.

M4 – To obtain a safe harbor, the bank needs to verify the military status before the loan is consummated, by either checking with the MLA database at the DMDC or by obtaining that verification on the credit report. The source for the credit report is the DMDC so that is the sole resource for verification.

[Prior to a change in the MLA rules banks would obtain a signed statement from the applicant as to their military status. Very recently I mentioned in live training that this method is no longer acceptable and banks should have ceased using the form years ago. I almost did not mention it as I also said I think all banks have done away with it. Then during the next break, a banker verified with me that the form they were getting signed was of no use. All it does is create a document the bank creates, has signed, verifies it is signed, and then it is filed away until that file is involved in an audit or quality control check when more time is spent checking it. It provides no safe harbor and only costs the bank time and money and demonstrates that it does not understand the current MLA requirements. Check that your bank’s policy and procedures is updated if you have any doubts. And if your policy does require an MLA verification, it should be completed for that reason with an approved source.]

S1 – Generally, the maximum rate of interest for an SCRA-covered borrower on a covered SCRA loan is 6 percent. This rate can be requested up to 180 days after the service member is released from the service and it is retroactive to the date they were covered, not the date of the request.

S2 – Late fees are considered “interest” for the SCRA. If the bank reduces the interest rate to 6 percent, the maximum rate allowed, turn off late fee accruals or you could be usurious.

S3 – The rate caps apply when a person is on active duty, or a reservist receives their orders. What about National Guard? Title 32 outlines the role of the United States National Guard; normally Title 32 members are not covered under SCRA. To be considered for SCRA coverage a Title 32 member must be called “…to active service authorized by the President or the Secretary of Defense for a period of more than 30 consecutive days under section 502(f) of title 32, United States Code, for purposes of responding to a national emergency declared by the President and supported by Federal funds.” Also, this protection is afforded to joint loans with both the service member and their spouse.

S4 – The CFPB published a report in December 2022 that service members have paid millions of dollars in interest needlessly and that regardless of the law’s requirement that they request protections and provide documentation such as orders, banks should be proactive. This includes not waiting for a service member to make a claim for the interest rate reduction and proactively looking for signs that they may qualify. One way to accomplish this is verification through the DMDC database mentioned above. It has been fine-tuned more and more for accuracy and to reduce update latency. Banks can verify individual service members as well as batch process requests. Many banks adopted the batch processing method and would check the banks CIF records against the database on a monthly or other basis. New hits could be shown on the bank’s records as on active duty immediately and individual verifications could be initiated with the customer if desired.

Another case example

Now let’s turn to a very recent and newly filed class action case involving the SCRA. The case is Nowlin et al v Wells Fargo Bank, N.A., and it was filed in the U.S. District Court for the Eastern District of North Carolina on March 20, 2024. What the suit alleges that the bank “…illegally and negligently charged thousands of American service members and military families excessive interest rates and fees and compound interest on principal balances that were improperly inflated due to the bank’s misconduct.” We only have the plaintiff’s 29-page lawsuit because the filing is so recent and Wells Fargo has not yet replied to it.

The lawsuit notes that Wells Fargo heavily markets itself as being dedicated to the military. Yet even after claiming this, the bank has charged covered borrowers, with covered loans, in excess of the 6 percent interest rate limit, and that it must forgive that interest difference because it cannot be deferred or added to the loan, and that the bank is not waiving all fees as required. As identified above late fees would be considered interest but we do not have a specific description in the reports available as to what those fees are.

By way of background, the service members discovered the problem in 2022. Actually, Wells Fargo appears to have discovered the problem before that. The bank attempted to correct the issue at least with some of the service members by sending them a check and a letter explaining why the check was issued. However, rather than just being grateful for the unexpected checks, some service members questioned the “misleading correspondence” that explained it. These customers began investigating the issues on their own and determined there were “wholesale violations” and that the bank, in fact. has improperly damaged thousands of military families in this process.

The suit accuses Wells Fargo of failing to reduce the interest rates on service members’ accounts, waive fees, comply with the SCRA’s requirement that interest rate deductions are effective on the date military orders are received, and forgive incurred interest. It also criticizes Wells Fargo’s internal systems and then indicates that there is a miscalculation of principal, interest, and payoff amounts. Anyone who has ever manually calculated loan disclosures or done a series of calculations where one is dependent on the next understands that if one of those calculations is incorrect, all those that follow and rely on the first will be incorrect. They have to be. Again, these are all from the plaintiffs’ filing.

In addition to the miscalculations, they accuse Wells Fargo of imposing more interest, fees and other charges than is allowed. And that makes sense if the bank was not providing the reductions of interest in a timely manner or subsequently waiving fees and other charges. There seems to be a bit of piling on in this filing, but I suppose they need to paint a picture of an incompetent bank that already has a soiled reputation.

It is particularly stated that the bank’s internal audit (or compliance) program discovered the errors, and the bank was aware it both violated the SCRA and the bank’s own military benefits program. In the correspondence the bank has not admitted to any violations. Wells Fargo issued reimbursement checks but failed to adequately describe the methodology used to calculate those refunds.

Since the suit mentions the separate Wells Fargo Military Benefits program, there should be discussion as to whether or not such a program is actually a contract with the service members who relied on it. Since a contract is not a federal issue, the contract side of the discussion would be based on state law, but then again, could this be elevated to an unfair, deceptive, or abusive act or practice which may be punishable under federal UDAAP regulations? The suit alleges that without this special program, many of those service members would have banked elsewhere. A comment such as this, compounded with allegedly not reducing interest and not waiving fees demonstrates financial harm. That should immediately raise UDAAP red flags.

Lastly, the suit, in my opinion, piles on to the claims of illegal activity as it states Wells Fargo is, “still in possession of certain funds belonging to” impacted service members. The suit seeks to define the class of plaintiffs as those service members banking at Wells Fargo as far back as January 1, 2006. That means the bank is potentially responsible for more than 19 years of records reviews, calculations and statements, etc.

As you read this, reflect on any comparable situation your bank has been involved with. As a preventive measure, consider your bank’s position if a similar claim was made. Has training been adequate? Could the bank have been more transparent without admitting guilt in the letters explaining what transpired? Should the method of calculating the reimbursements been better defined to those with a need to know? Would that transparency and clear math alone have prevented what could be a lengthy and costly litigation? And will the examiners immediately demand to know what happened and why, because this could elevate the risk to the bank in the case even more? Remember, according to Andy Z, a service member is as good as a protected class.

Legislation to watch

In closing, I will point out that on April 17, 2024, Florida’s Senator Rick Scott and Georgia’s Senator Jon Ossoff introduced a bipartisan bill to lower costs for service members and their families through their bipartisan SCRA Benefit Utilization Act to expand access to financial protections and benefits. According to a post by Senator Scott, “The bipartisan bill would expand existing financial literacy programs to include information about these protections; require the Department of Defense’s annual survey to include information about these programs; include benefit information on all activation orders; and require creditors to apply a 6 percent cap to all eligible accounts under their jurisdiction once a service member invokes their SCRA rights.” Companion legislation was introduced in the U.S. House of Representatives by Pennsylvania’s Congressman Matt Cartwright.

Expect more claims.

 

April 2024 OBA Legal Briefs

  • Update on the new CRA regulations
  • FDIC rule affects ATMs, websites, apps and more
  • Personal liability

Update on the new CRA regulations

By John S. Burnett

You know that the Federal Reserve Board, Office of the Comptroller of the Currency, and Federal Deposit Insurance Corporation announced final revisions to their Community Reinvestment Act regulations in October 2023, and those rules were finally published on February 1, 2024, at 89 FR 6574 [https://www.federalregister.gov/d/2023-25797] in the Federal Register. You also probably heard that, although the new regulations will be effective April 1, 2024, most of the changes in the regulations are not applicable until January 1, 2026, and one provision on reporting data under the new rules won’t be applicable until January 1, 2027. There are also some amendments in the rule that will not have an effective date unless and until the CFPB’s “1071” Small Business Lending Reporting rule is given a “green light” by the courts.

Three provisions delayed at the 11th hour

If your bank has been racing to add its CRA Public File to its website, you can relax a bit. The agencies have issued, just a few days before April 1, a supplemental interim final rule that postpones the applicability of revised section ___.43 until January 1, 2026. That postponement includes the requirements in revised section __.43 requiring that the written comments from the public, the list of bank branches, and those opened or closed be updated quarterly, as well as the quarterly progress update required in new section __.43(b)(5) for banks with less than “Satisfactory” CRA evaluation ratings.

Also postponed to January 1, 2026, is the applicability date of the facility-based assessment area provision in section __.16.

The third change clears up confusion on which CRA Notice version banks need to post. It will allow banks to continue to use the CRA Notice in the agencies’ “legacy” regulations — the notice they posted before April 1, 2024 — until January 1, 2026.

These three changes were made because they all include requirements based in part on other sections of the updated CRA regulations that will not be applicable until January 1, 2026.

Where your Public File must be available

Because the applicability date for the changes to the Public File requirement has been postponed to January 1, 2026, banks should continue to have their full Public File available at their main office and, if they have offices in more than one state, at one office in each state. The reduced-content Public File can continue to be maintained at other offices.

Banks with public websites can also post their Public Files on their public websites before January 1, 2026, but they will have to continue to make the information in their Public File available to the public, upon request and at no cost from either the website or a physical file, from now until January 1, 2026, and from their public websites on and after that date.

Other developments relating to the new CRA rules

You may also have heard that a number of banking and business trade groups filed a civil suit in the U.S. District Court for the Northern District of Texas challenging the final CRA rules and will request a preliminary injunction to enjoin the agencies from implementing and enforcing the final rules while the suit is pending. In the meantime, the agencies have shown no sign of relenting in their support for the rules, and there has been no news (as of this writing) that an injunction has been issued.

The court issued a preliminary injunction just before the April 1, 2024, effective date, enjoining the Fed, OCC, and FDIC from enforcing the revised CRA regulations, and pushing back the April 1 effective day and each applicability date (such as the January 1, 2026, and January 1, 2027, dates mentioned above) one day for each day the injunction remains in place.

FDIC rule affects ATMs, websites, apps and more

By John S. Burnett

There is another regulatory change with an effective day of April 1, 2024, with compliance required by January 1, 2025, that all FDIC banks should be working on. The FDIC re-wrote subpart A of its regulation on “Advertisement of Membership, False Advertising, Misrepresentation of Insured Status, and Misuse of the FDIC’s Name or Logo (12 C.F.R. Part 328), and it affects every FDIC-insured bank in the nation.

While all of subpart A was re-issued, not everything is changing. Parts of the current rule were simply reorganized and shifted around to group similar topics. For example, current section 328.3 (“Official advertising statement requirements”) has been reissued as section 328.6 and otherwise largely untouched.

Paragraph 328.6(b)(1) in the new version adds “FDIC-insured” as a new optional short title that can be used in place of the official advertising statement “Member of the Federal Deposit Insurance Corporation,” joining the old standbys “Member FDIC” and “Member of FDIC” that have been approved for decades.

The current section 328.3(d) list of ten types of advertisements that do not require use of the official advertising statement or its alternate short form statements has not been changed in new section 328.6(d), except for the dollar amount in item 10 that was mistakenly not changed from $100,000 to $250,000 when the standard maximum deposit insurance amount (SMDIA) was officially changed in 2010. The new version of that paragraph, in section 328.6(d)(10) reads:

“(10) Advertisements which contain a statement to the effect that the depository institution is a member of the Federal Deposit Insurance Corporation, or that the depository institution is insured by the Federal Deposit Insurance Corporation, or that its deposits or depositors are insured by the Federal Deposit Insurance Corporation to at least the standard maximum deposit insurance amount (as defined in § 330.1(o)) for each depositor.”

Comment: One of the “frequent flyer questions” we get from bankers is a variation on “Do we have to include ‘Member FDIC’ on a [banner/business card/deposit receipt/signature card …]. The FDIC has not updated this list of “non-advertisements” in decades, and did not do so this time, either.

And, just to wrap up this discussion of new section 328.6, paragraph (f) reads the same as the version in current section 328.3—You can use a non-English equivalent of the official advertising statement in any advertisement, provided that the translations has been given prior written approval by the FDIC. To my knowledge, there is no list of accepted translations that can be accessed by banks. Instead, if your bank wants to use a translation, submit it in writing to the FDIC to obtain approval.

What is changing?

So, what in the rule IS changing? Here’s the short list. Explanations will follow:

  1. Banks have new flexibility in placement of the FDIC official sign
  2. New rules on signage in areas of bank offices in which non-deposit products are offered have been added
  3. There are new areas where the official sign must be placed, such as on ATMs and similar machines
  4. There are new requirements when deposit products are offered or accessible by consumers affecting a bank’s website, online banking portal, and mobile banking apps
  5. New requirements for written policies and procedures

Flexibility in placement of the FDIC official sign. If insured deposits are usually and normally received at teller windows or statements, the insured depository institution (IDI) must display at each such teller window or station in its standard 7” by 3” size or larger, with black lettering on a gold background. Other color combinations are acceptable as long as the logo and text are in the same color and the background in a contrasting color. No change from the prescribed wording is allowed. So far, no change.

Here’s the first flexible requirement: If the IDI does not offer non-deposit products on the premises, one or more official signs can be placed at one or more locations visible from the teller windows or stations in a manner that ensures a copy of the official sign is large enough to be legible from anywhere in that area, in lieu of placing a sign at each station or window. Stretching this to the ridiculous, I suppose you could replace all the FDIC signs at your teller windows/stations with a single much larger version hung or painted high on the wall behind the tellers.

Another placement option is available for non-traditional deposit reception. If insured deposits are usually and normally received in areas of the premises other than teller windows or stations (customer service desks or other arrangements, such as café style banking like what you may have seen on some Capital One TV ads), the official FDIC sign must be displayed in one or more locations such that a copy of the official sign is large enough to be legible from anywhere in those areas.

An IDI may also display the official sign in other areas, except where non-deposit products are offered.

Non-deposit products offered on an IDI’s premises

In general, non-deposit products must be offered only in areas physically segregated from areas where deposit products are usually and normally accepted. The IDI must identify areas where activities related to the sale of non-deposit products occur and clearly delineate and distinguish those areas from the areas where insured deposit-taking activities occur.

At each non-deposit offering area, the IDI must continuously, clearly, and conspicuously display signage indicating that the non-deposit products:

  • Are not insured by the FDIC
  • Are not deposits
  • May lose value

Such signs may not be in close proximity to the FDIC’s official sign. The FDIC did not specify design or size requirements for the non-deposit sign (other than it be clear and conspicuous).

In limited situations where physical considerations present challenges to offering non-deposit products in a distinct area, an IDI must take prudent and reasonable steps to minimize customer confusion.

Signage on ATMs and similar machines

In the current rule, the phrase “automated teller machine” appears only once, as an example of a “Remote Service Facility,” on which an IDI may, but is not required to, place the official FDIC sign, with certain restrictions. The abbreviation “ATM” does not appear at all. These rules have been around for a long time, after all.

The new rule includes a new section 328.4 that “governs signage for insured depository institutions’ automated teller machines or other remote electronic facilities that receive deposits.” There are separate requirements (1) for these facilities that are placed in service before January 1, 2025, and receive insured deposits but do not offer access to non-deposit products; (2) for ATMs and similar facilities that receive insured deposits and offer access to non-deposit products; and (3) for ATMs placed in service on or after January 1, 2025.

Deposit products only, in service before 1/1/2025: An IDI may comply with the official sign requirement by doing either of the following:

  1. Placing a physical official sign (the version placed at teller windows/stations) on the machine. Such signs are placed on the face of the machine or its enclosure, conspicuously visible to a user, and must be replaced if removed, degraded, or defaced to remain displayed “clearly, continuously, and conspicuously.” This option continues to be available for these machines after 1/1/2025 as long as they do not offer access to non-deposit products.
  2. Displaying the “FDIC official digital sign” [see below] on appropriate screens of the ATM or similar facility as described below for machines placed in service after 1/1/2025.

Deposit products, with access to non-deposit products: By 1/1/2025, an IDI’s ATM or similar machine must clearly, continuously, and conspicuously display disclosures indicating that non-deposit products are not insured by the FDIC, are not deposits, and may lose value, on each transaction page or screen relating to non-deposit products. This disclosure may not be displayed in close proximity to the FDIC digital sign.

ATMs and similar devices placed in service after 1/1/2025: An IDI’s ATM or similar device that receives deposits for an IDI and does not offer access to non-deposit products and is placed into service after January 1, 2025, must display the official digital sign on its home page or screen and on each transaction page or screen relating to deposits.

The FDIC official digital sign

New section 328.5 (Signs for digital deposit-taking channels) introduces a new official sign to be used only in digital deposit-taking channels such as ATMs and similar devices [see above] and IDIs’ websites and web-based or mobile applications that offer the ability to make deposits electronically and provide access to deposits at IDIs. It looks like this:

When on a contrasting light background, the letters FDIC are in navy blue and the text to the right is black.  If displayed on a dark background, the FDIC and text will both be in white. There are font and size parameters in paragraph (b) of section 328.5.

Requirements for use of the official digital sign on ATM screens were listed earlier. For other IDI deposit-taking channels as listed in the previous paragraph, the official digital sign must, after 1/1/2025, appear on

  1. Initial or homepage of the website or application
  2. Landing or login pages
  3. Pages where the customer may transact with deposits

The official digital sign must be clearly legible across all IDI deposit-taking channels. [NOTE: This will be difficult on mobile banking apps displayed on most cell phones. It may require displaying the official digital sign with text wrapped on two (or more?) lines. I wrote to the FDIC about this problem over a month ago and have not yet had the courtesy of a response. In the prefatory text that accompanied the final rule at publication, the FDIC said it is reviewing options to provide IDIs with technical assistance or guidance to assist in implementing the FDIC official digital sign requirements.]

When placed on a web or app page, the official digital sign should be continuously displayed near the top of the relevant page or screen and in close proximity to the IDI’s name.

Displaying non-deposit signage on digital deposit channels

If a digital deposit-taking channel offers both access to deposits at an IDI and non-deposit products, the IDI must clearly and conspicuously display signage indicating that the non-deposit products: are not insured by the FDIC; are not deposits; and may lose value. This signage must be displayed continuously on each page relating to non-deposit products but may not be displayed in close proximity to the official digital sign.

One-time notice for customers related to third-party non-deposit products

If a digital deposit-taking channel offers access to non-deposit products from a non-bank third party’s online platform, and a logged-in bank customer attempts to access such non-deposit products, the insured depository institution must provide a one-time per web session notification (sometimes referred to as a “speed bump”) on the insured depository institution’s deposit-taking channel before the customer leaves the insured depository institution’s digital deposit-taking channel. The notification must be dismissed by an action of the bank customer before initially accessing the third party’s online platform and it must clearly, conspicuously indicate that the third party’s non-deposit products: are not insured by the FDIC; are not deposits; and may lose value. Nothing in this paragraph shall be read to limit an insured depository institution’s ability to include additional disclosures in the notification that may help prevent consumer confusion, including, for example, that the bank customer is leaving the insured depository institution’s website.

Written policies and procedures

Of course, your bank has a policy requiring compliance with regulations and procedures to implement the policy.

For the first time, the FDIC is now requiring that IDIs establish by January 1, 2025, and maintain written policies and procedures for compliance with this regulation. Such policies and procedures must be commensurate with the nature, size, complexity, scope, and potential risk of the deposit-taking activities of the IDI and must include, as appropriate, provisions related to monitoring and evaluating activities of third parties that provide deposit-related services to the IDI or offer the IDI’s deposit-related products or services to other parties.

Personal liability

By Andy Zavoina

Many years ago, I learned a valuable compliance lesson while making a presentation to my bank’s board. I always liked to tell them I was the conduit between the board and the examiners. Compliance information I provided management and the board flowed regularly and this allowed me to provide two-way communication with the examiners and the bank as a whole, and to insulate the board from ever getting a notice from our examiners asking them to attend a special meeting after an exam, and to bring with them their personal checkbooks as the monetary penalty that was owed had to come from them and not the bank.

In this particular meeting I was discussing Money Market Deposit Accounts. Like many banks before the Reg D amendments in early 2020, we had customers writing more than the allowed number of checks during a statement cycle. Remember the customer could make no more than six transfers or withdrawals, three of which could be by check, draft, debit card or similar order. We used to apply the “couch potato” rule that if they had to get off the couch to make the transfer and it was not convenient to do so, it likely did not count as one of the restricted transfers. If it was convenient, like writing a check, it counted. And those were days when lots and lots of payments were made by check.

Very often the New Accounts folks wanted an exception to the number of transfers rule because this was a good customer with large deposits. But Reg D defined this rule in the definition of a savings account and the money market deposits were savings accounts. There were no exceptions built in and while guidance was that they could have three inadvertent errors in a rolling twelve-month period, that wasn’t set in stone and a habitual violator had little room for exception. I regularly audited the accounts with excessive transfers and Operations had controls to always review them. We also had customers that business development and lenders had persuaded to move to our bank and these deposit accounts and the large balances were factored into the profitability of the relationship. According to most of those exception requests, the customers’ old banks never enforced that rule, so why should we? For the historical record, the requirement was that the following was allowed:

Up to 6 transfers and withdrawals per calendar month or statement period of at least four weeks:

  1. to another account of the depositor at the same financial institution, or to a third party
  2. by automatic or preauthorized transfer
  3. by telephonic agreement (including FAX and data transmission) order or instruction

No more than 3 of these 6 can be by the following and payable to third parties

  1. check
  2. draft
  3. debit card (Point of Sale)
  4. similar orders

Most ACH debits are included in the 6/month limit.

Now you can understand what the requirement was and that these were “good” customers because “good” meant more digits in the average balance. The directors of the bank liked to consider themselves “good customers,” as well, and because of the close relationship and their position, they were better than the average “good customer.” Well, I had one director, as he explained it, several times, whose wife just picked up the wrong checkbook when she went shopping and I will tell you that any time that was the case, six was a very lonely number.

Back to my presentation. I had this problem with some accounts and officers wanting to grant exceptions in addition to the directors’ accounts. I’d recently read an article that I shared with the board. It was about a bank that chose to openly ignore the transfer limitation rule and it was going to accept the risk. The examiners in this article, at this point, were discussing the potential penalties. One of the examiners followed the train of thought that the board sets the direction of the bank. In this case the examiners considered going back to when the problems started and calculate the interest paid on all the money market accounts. The entire category was up to being reclassified as demand deposits. That means interest should not have been paid on those balances for that entire period [this predated the Dodd-Frank Act, which has since made interest on demand deposits legal] and the directors personally could be held responsible to repay the bank the interest that was paid on these accounts. That possibility raised every eyebrow in our board room, and I was assured of complete support and cooperation as I managed the money market accounts audits and my compliance program. My problem director also found a way to color code the checkbooks and there were no problems from his account after that.

The key issue that resonated with the board was individual liability. So often we bankers do not realize that we can often be held accountable for our own actions. That can include monetary penalties and some violations can warrant incarceration – jail time. That is a big step away from the status quo, cushy and prestigious positions some aspire to because they see less responsibility than there actually is. So, I like to provide reminders from time to time to directors, management, officers, and even lower-level employees that they must be aware that if their actions are poorly chosen, regardless of the reason, they are responsible for what they do. This helps with buy-in for the compliance program overall and in getting the resources necessary to do your job. It is not intended to be a scare tactic, but instead a reason to listen, to learn and to perform.

It never helps the bank or the employees, officers or directors to ignore the rules. Good compliance is good for the customers, the bank, and those who carry out those compliance rules with every disclosure they provide, and every Reg E claim they process and every account they service. People need to understand that they may think they are helping the bank by denying a valid Reg E claim, as an example, but they are not, and if they are truly violating the Electronic Fund Transfer Act, they may be putting themselves at risk.

Succinctly, violations, especially “willful” ones, are first the responsibility of the bank as it is the provider of services and the other party in the agreement with the depositor. But if an employee is acting outside the scope of their duties, they may have individual liability. You must ask, what training and education on the topic did the employee have? What was their motivation to do what they are accused of doing? This may be one reason Wells Fargo employees other than management were not held personally responsible for much of the “8 is great” new accounts production requirements and falsely opening new accounts under customers’ names without permission.

Examiners have focused more in the last few years on direct responsibility. When an entity like a bank keeps getting penalized, it has less personal meaning and the entity never went to jail and the people working there never pay out of pocket. So, let’s start a discussion based on a hot item, the Bank Secrecy Act. The law says, “willful violations of the statute or its implementing regulations by an institution and any of its partners, directors, officers, or employees are punishable by a civil penalty of $25,000 (or the amount of the transaction at issue, up to $100,000) per day for each day the violation continues and at each office or location where it occurs or continues.” The BSA is not new and has been a requirement since 1970. But it has been just the last few years that regulators have begun using the personal liability portion of the regulation. While this personal responsibility mindset is happening in other countries as well, in 2015 “the Yates Memo” from Deputy Attorney General Sally Yates announced a call to action for the Department of Justice (DOJ) to increase its efforts to hold executives personally accountable for corporate misdeeds. The Yates Memo stated it was “seeking accountability from the individuals who perpetrated the wrongdoing” as “it deters future illegal activity, it incentivizes changes in corporate behavior, it ensures that the proper parties are held responsible for their actions, and it promotes the public’s confidence in our justice system.” Has this been the case? Just a few months ago, on January 31, FinCEN assessed a $100,000 penalty against Gyanendra Kumar Asre. According to the press release, “Asre allowed millions of dollars in high-risk transactions to be processed without required anti-money laundering controls or reporting to FinCEN,” said FinCEN Director Andrea Gacki. “Today’s action serves as a reminder that FinCEN will not hesitate to take action against individuals when their conduct jeopardizes the integrity of our financial system.” In addition to the fine, Asre has a five-year ban on working at any institution subject to the BSA rules. There is more to this than just a bad BSA officer.  As the BSA Officer at a credit union, Asre was responsible for detecting and preventing money laundering activities. But it gets more personal, and the credit union should have increased oversight because of this relationship. Asre had his own money services business and failed to register it with FinCEN. That violation was compounded by inadequate AML program management that allowed millions of dollars in high-risk transactions to be conducted through the system.

And I did mention incarceration as a penalty available to the DOJ and regulators. Two of the earlier actions go back to 2015 when a then former BSA officer was sentenced to two years in prison and forfeited almost $1 million and another was fined $1 million and threatened with a permanent ban from working in our industry. FinCEN assessed a civil money penalty against Thomas E. Haider. It was alleged that over a five-year period at MoneyGram, he failed to implement and maintain an effective AML program and neglected to comply with BSA requirements to report suspicious activity despite complaints about scams being operated through the MoneyGram system. In the second case, again it was not a banker, but Charlie Shrem, who was both Founder and BSA Officer for BitInstant. This was a Bitcoin exchange and Shrem did correctly register his company as a MSB, but he was allegedly helping another unregistered company in its operations. While Shrem had implemented an AML compliance program, he allegedly failed to file SARs on the illegal activity being conducted by the company he was aiding and abetting. And not related to these, but to personal liability, at the end of March 2024 Sam Bankman-Fried, the former CEO of cryptocurrency exchange FTX, was sentenced to 25 years in prison for crimes of fraud and conspiracy.

Now let’s look at nine separate actions involving personal liability actions against employees of the Bank of England – in England, Arkansas, just for clarity. These were FDIC actions in January 2024. The nine employees actually worked for the Bank of England loan production office in a Detroit suburb. They were accused of using bait and switch tactics among other methods to deceive mortgage applicants. The violations were charged for actions going back to 2018 until 2020. Examples of the deceptive techniques used included misrepresenting actually available loan pricing for mortgage loans, misrepresenting to consumers that they could skip two months of their mortgage payments, and further misrepresenting the loan production office’s affiliation with the Department of Veterans Affairs. These were considered unsafe and unsound practices and were done in part for personal gain. One might assume this was based on loan production but that was not specified in the orders.

The (now former) branch manager was penalized for failing to ensure those working for him were not violating Section 5 of the FTC Act and were not committing the misrepresentations expressed above. He was fined $100,000 and banned from banking. The former sales manager was also banned for the same misrepresentations and fined $12,000. Five other employees were fined a total of $163,500 in amounts ranging from $1,000 to $110,000. The actions they were accused of included luring consumers to apply for mortgage loans with low, unavailable loan prices that would not be honored and subsequently increasing the price before closing the loan, and misrepresenting to consumers that they could skip two months of mortgage payments and by misrepresenting to consumers the bank’s affiliation with the Department of Veteran’s Affairs. Two others were not fined but were recognized for their roles and required remedial training. The fines totaling $275,500 cannot be paid or reimbursed by the bank. These are personal fines.

While employees have personal liability for their own actions, the bank has the responsibility, the obligation, to ensure they understand the requirements of what they do and why. “This is the way we’ve always done it” is not good enough. If you are interested in reading more on these last enforcement actions, links may be found in the BankersOnline Top Stories pages, on February 26, 2024, under the heading of the FDIC January enforcement actions.

 

March 2024 OBA Legal Briefs

  • OBA Feedback
  • FCRA and HR
  • Employees, Social Media, and Ownership
  • Federal Preemption in Question

OBA Feedback

By Andy Zavoina

The OBA has had numerous requests about what can be done when a credit report is accessed on a consumer and that consumer becomes inundated with calls from other lenders competing for the loan or to offer ancillary services. The consumers tend to blame the bank and it is not your fault, but what can be done?

The calls are not new or innovative – just more prevalent in today’s market. This practice known as “event-based trigger marketing,” is legal under the Fair Credit Reporting Act (FCRA) even though it is often an annoyance to the borrower and then to the bank when you have to field complaints. The relationship between the bank and its customer can be harmed because the customer associates the unwanted solicitations with the bank. Bank customers across the country have reported a sharp increase in recent years in various unwanted calls, text messages, emails and other solicitations originating this way.

Based on my personal recent experience after a credit inquiry, many competitors immediately contacted me, the applicant, in hopes they could offer better terms than I already had pending, and the offers continued even after consummation. Further, vendors offering complimentary products began contacting me with references specifically to that recent mortgage loan. In my case it was a mortgage, and the offers (even a year later) are for a home warranty and specifically reference the XYZ Bank’s mortgage. In other cases, the offer may be for an extended car warranty for a recent car loan or a refi with emphasis on skipping a payment or lowering the monthly payment. The solicitations attempt to co-brand off the lender’s good name by referencing the lender and in some cases using the lender’s logo or font style. Unless the reader looks at the fine print, they don’t see the “not affiliated with…” disclaimer to avoid Unfair or Deceptive Acts or Practices (UDAP) or other issues.

We recommend advising your customers it is through no fault of the bank that this is happening and the best way to avoid the contacts is to opt-out at the credit bureau. Banks may even want to be proactive as the advice does little once the horse has left the barn.

There is a website consumers can visit, www.optoutprescreen.com or they can call 1-888-5-OPT-OUT (1-888-567-8688) that allows individuals to opt out from receiving these calls. The major credit bureaus operate the phone number and website and the standard opt-out is for five years. Using the same contact methods, they can opt out permanently but to do so must sign and return the Permanent Opt-Out Election form (which they get online). Your consumer may be advised to consider that as an option. Calling the opt-out line or visiting the site will only stop prescreened offers that are based on lists supplied by the major credit bureaus. Consumers could continue to receive offers for things like credit and insurance based on lists from other sources. Opting out also won’t end mail from local merchants, religious groups, charities, professional and alumni associations, and companies that the consumer already does business with. To stop mail from groups they must contact each sender directly.

On a related note, in August 2023, the White House announced a crackdown to protect consumers from third party data brokers. CFPB Director Chopra announced plans for new rules that would strictly limit the types of consumer data that may be sold by businesses and ensure that data brokers comply with the FCRA. Note that the recent complaints our bankers have been receiving will not directly benefit from this as the activity is not out of compliance with the FCRA, but it is a start.

There were actually two proposals being discussed. The first of the new rules would make a data broker that sells certain types of consumer data as a “consumer reporting agency.” The CFPB is considering a proposal that would generally treat a data broker’s sale of data regarding, for example, a consumer’s payment history, income, and criminal records as a consumer report, because that type of data is typically used for credit, employment, and certain other determinations. This would trigger requirements under the FCRA for ensuring accuracy and handling disputes of inaccurate information. It would also prohibit misuse of the information.

The second proposal addresses confusion about what is referred to as “credit header data” on a consumer report. The use of personally identifiable information is a necessity to data brokers and this credit header data is on reports sold by the big three bureaus, Equifax, Experian, and TransUnion. This header information includes key identifiers of the consumer, such as their name, date of birth, and Social Security number. The CFPB wants to clarify the extent to which credit header data constitutes a consumer report, reducing the ability of credit bureaus to impermissibly disclose this sensitive contact information that can be used to identify people who don’t want to be contacted. This is viewed as especially important to survivors of abuse.

And going full circle back to the original issue of event-based trigger marketing, in February 2024 the ABA Banking Journal reported that the ABA urged Congress to pass legislation to ban the sale of the consumer contact information to lenders who then inundate the consumers with unwanted solicitations. The ABA expressed support for S. 3502 (which was introduced and referred to the Senate Banking Committee) and H.R. 7297 (which has only been introduced so far), both of which would eliminate abusive event-based trigger marketing and limit prescreened credit offers to consumers who actually consent or who have a preexisting relationship with a bank.

So, what can you do today as we await proposals and bills to become effective? In addition to the www.optoutprescreen.com or call 1-888-5-OPT-OUT (1-888-567-8688) referral which the Federal Trade Commission recommends, the bank can take a proactive posture. If the customer is not looking for new credit or insurance from other than your bank, they may want to opt out for the five-year period or permanently. Again, these apply to prescreening solicitations only.

Additional resources the consumer may consider include the Do Not Call (DNC) list and the Direct Marketing Association (DMA). The National Do Not Call Registry was created to stop unwanted sales calls. It’s free. Consumers can register their home or cell phone number. They need to go to DoNotCall.gov or call 1-888-382-1222 from the phone they want to register.

Consumers may also register at the DMA website, DMAchoice.org to reduce promotional mail from marketers. It won’t stop all promotional mail, however, and they will have to pay a $4 processing fee, but the registration will last for 10 years.

DMAchoice.org also has an Email Preference Service that lets people get fewer marketing emails. Registration is free and will last for six years. Bear in mind none of these actually stop scammers and marketers who ignore the laws and the opt-outs, DNC list or DMA exclusions.

Banks with these complaints may want to produce a brochure, or web page they make available and can refer customers to, explaining what is happening. If I were creating such a consumer resource, I would hit these thoughts as I have highlighted them here. Certainly, you would want to elaborate on the points below based in whole or in part on the information above to meet your taste.

  1. Why am I getting these calls after applying for a mortgage?
    When a consumer applies for a mortgage, the lender accesses the credit report for the applicants. Because the lender has to have a valid reason to get that credit report, the credit bureau now knows this consumer is looking for a new loan. Credit bureaus have to make money. One way to do this is to sell your contact information to other lenders who make loans similar to what you are applying for. Those lenders approach the credit bureaus and agree to buy a list of prospects on a very regular basis. This allows those other lenders to strike while the iron is hot. This may also facilitate the consumer getting the best deal available if they want to compare terms and pricing. Unfortunately, the lenders buying the lists often do not have a better deal, but go into a hard sale posture. To make matters worse, there may be multiple lenders with the same agreement, which reduces the ability to comparison shop and frustrates you with all the calls, emails and text messages followed by snail mail offers.
  2. I like the terms I’m getting. How do I stop these multiple offers from pestering me?
    Unfortunately the credit bureaus want to make money and legally selling personal data is one way they accomplish that. By getting on the Do Not Call list, the Opt-Out Prescreen list and the Direct Marketing Association opt-out list, you can reduce future contacts. But what is done now, is done. Using voicemail and other filters on the media you use may help reduce the bother, but it will not eliminate it. In some cases, several types of solicitations may be forthcoming for a year or more, so actually getting on the opt-outs now can still help.

FCRA and HR      

By Andy Zavoina

It isn’t common that we in compliance get involved with Human Resources (HR) to check on the controls they use for compliance, but it is time to ensure the checks and balances are all in place. Both of these departments are highly regulated, and, in this case, Compliance should have a stronger grasp of the Fair Credit Reporting Act (FCRA), which is a key crossover regulation between Compliance and HR. I will provide the basic requirements here in the event Compliance has not yet but needs to incorporate HR into its risk assessment and audit calendar. I will say that a part of my FCRA annual audit included a review of the credit bureau bill. It was separated by terminal, so I knew which departments accessed the files. Then it was a case of finding the approved, denied, or withdrawn loan or employment file. One year, I discovered that HR was routinely accessing credit reports for employees being considered for promotion, and this was done without any notice to the employee before or after the decision was made. I considered it adverse if an employee was taken out of the promotable list due to information from the credit report or worse, if action was taken to demote or terminate employment. That had not happened, but the procedure adopted was simply wrong.

The FCRA imposes several restrictions and disclosure requirements on HR, just as it does loan staff, as to accessing, use and the impact of decisions made based on credit report data. Before HR obtains a credit report, it must give notice to an applicant or employee that it plans to pull a consumer report on them, and that it might use the consumer report information in its employment decisions. HR must also get the applicant or employee’s written approval to obtain the consumer report. The notice and authorization can be on the same page and must be in stand-alone format and not part of an employment application or other document, and it may not include any other authorizations or waivers.

If the bank uses information from the consumer report in its decision to take adverse action against an applicant or employee such as deciding not to hire, or to terminate or demote them, the bank must provide the applicant or employee with a disclosure before the adverse action occurs. This disclosure must contain:

  1. A) A notice that the bank is contemplating adverse action;
  2. B) A copy of the consumer report; and
  3. C) A copy of the publication, “A Summary of your Rights Under the Fair Credit Reporting Act.”

    In addition, the bank must give the applicant or employee a reasonable period of time to respond to the notice of contemplated adverse action. Typically, five business days is the minimum period that is recommended. During this time, the bank should not fill the open job position or take other action that would constitute an adverse employment action against the applicant or employee. If the applicant or employee provides additional information, the bank must consider it, but is not required to reverse the decision. Much like a Reg B Adverse Action is intended to inform an applicant of the reasons for denial so they can correct the deficiencies over time and reapply, this is intended to provide time to correct a deficiency and secure that position which obviously cannot be held open indefinitely. It provides a short window for the applicant to explain or correct obvious errors.

After HR takes adverse action based on a Consumer Report, it must give the applicant or employee notice of the actual adverse employment action. This notice should be in writing and must include:

1) The name, address, and telephone number of the Consumer Reporting Agency that provided the Consumer Report;

2) A statement that the Consumer Reporting Agency did not make the adverse employment decision and cannot give specific reasons for it; and

3) Notice of the applicant or employee’s right to dispute the accuracy or completeness of the information the Consumer Reporting Agency provided, and the applicant or employee’s right to get a free copy of the report from the Consumer Reporting Agency if the applicant or employee asks for it within 60 days.

HR may contend that the necessary forms and disclosures above are all provided by a vendor or the Credit Reporting Agency itself. But these forms could still contain errors or be outdated and therefore should be reviewed for compliance just as loan forms are all reviewed for compliance and accuracy. The bank is still the one liable for deficiencies.

In this particular case the form in question, “A Summary of Your Rights Under the Fair Credit Reporting Act,” which is often referred to as a “Summary of Your Rights” disclosure is in Reg V, 12 CFR Part 1022 from the CFPB under Appendix K. The bank must provide the employee or applicant with a Summary of Your Rights in the form prescribed by the CFPB. We all know forms change from time to time.

In March 2023, the CFPB published an updated “A Summary of Your Rights Under the Fair Credit Reporting Act” form and the required usage begins March 20, 2024. The updated form added verbiage designed to alert the applicant or employee to his or her rights to place a “security freeze” on their credit report from a consumer reporting agency and the contact addresses for certain agencies such as the OCC were updated. This security freeze will prohibit the consumer reporting agency from releasing information in the job applicant’s or employee’s frozen credit report without their express authorization, and the OCC address was changed to include P.O. Box 53570, Houston, TX 77052 instead of the street address at 1301 McKinney. That is one way to know you have the current form; just look for the section using the term “Security Freeze.”

In researching the form for this article, I found many instances of the old form first. Because the new form (linked below) was optional for the last year but is soon to be mandatory (again as of March 20, 2024) it is a last opportunity to ensure your HR department is using the correct version.

New Summary Form linked from the BOL Regulations pages: https://www.bankersonline.com/regulations/12-1022-appk

Employees, Social Media, and Ownership

By Andy Zavoina

Does your bank outsource its social media work or have one or two enthusiastic employees who just “get it” and love posting on social media on behalf of the bank? If so, this brief article is for you because the bank needs to worry about work product and copyright and ownership of these accounts. If there isn’t a clear path on who owns these social media accounts, there needs to be.

JLM Couture is a company dealing in bridal gowns, bridesmaid dresses and the like. Like a bank or any other business, JLM sees value in a social media following. In this case JLM had a contract employee who managed, among other things, social media for the company. In JLM Couture, Inc. v. Gutman, the company and the designer had an employment contract. This contract was detailed and addressed most of their relationship, but not social media accounts. As you will imagine, there was a parting of the ways and a lawsuit that has gone on for over two years.

The case has gone from federal district court to the 2nd Circuit and back again. One issue was for work product and who owned the social media the employee was doing for JLM.

When the relationship ended, JLM claimed ownership of the designer’s Instagram, TikTok and Pinterest accounts. They argued that she created them in her capacity as an employee and it was a work product. Gutman argued that she created them in her personal capacity, they were registered in her name, and she did not pass ownership to JLM by agreeing to use her accounts to market JLM’s products. Part of JLM’s argument was that ownership passed because a provision in their contract with Gutman which provided that all “designs, drawings, notes, patterns, sketches, prototypes, samples, improvements to existing works, and any other works conceived of or developed by [the designer] in connection with her employment with the Company involving bridal clothing, bridal accessories and related bridal or wedding items,” are works for hire and the exclusive property of JLM.

Originally, the federal district court gave JLM control and created a six-factor test that it developed specifically for social media ownership disputes. On appeal, the 2nd Circuit disagreed with this methodology and ruled that traditional property law principles would apply. The 2nd Circuit noted that if Gutman created the accounts using her personal information and for her personal use, then she is the owner of the accounts. Gutman could have transferred ownership to JLM by contract but noted that transferring rights to content posted on the account is different from transferring ownership.

Some lawyers would potentially read this differently, as the 2nd Circuit did when it said the social media did not qualify as “other works” because under the general principle of contract interpretation “the ordinary meaning of general terms at the end of a list must be interpreted to embrace only objects similar in nature to those objects enumerated by the preceding specific words.” In this case, the items listed are closely related to fashion design and are things that might be sold to the public, but social media accounts are far separate from those.

My read on the case is that one party felt it could broadly interpret the agreement it had with an employee and say the company owned these accounts. But legally that was not as clearly stated as JLM believed. More than two years of lawyer costs and court fees have been billed and the case goes on. Social media accounts your bank feels it owns have value and should be in the bank’s name and tied to bank-owned email accounts and paid for (as necessary) by the bank. They should not be in an employee’s name just because that employee opened the account. Postings should not be mixed between personal and business purposes unless they are the same.

In my area, a successful high school athletic director and head football coach enjoyed many years of success with his team. Early on in these successful seasons he convinced the school board that they needed a new identity, and they became known as the “Bulldawgs” or the “Dawgs” for short, they play at Bulldawg Stadium, and he tweaked the logo that is virtually everywhere. But winning seasons don’t last forever, and the coach and school have parted ways. As he collected his severance, he reminded them that he would be generous and allow them to use the name and logo he copyrighted but only for a brief time. After that they could change it or license the rights from him. We will have to see how that goes, but years of litigation are not really an option and should not be for your bank either.

Federal Preemption in Question

By Andy Zavoina

The dual banking system we enjoy provides that banks can, in general, choose to be chartered as a national or a state bank. This choice leads to determining who a bank’s primary regulator will be and what laws and regulations will apply to it. National banks still have to follow some state laws and state banks still have to follow some federal laws, so it is never “all or nothing” but there are advantages to and disadvantages to each.

National banks are still subject to many applicable state laws such as those affecting contracts, property rights, and debt collection, when those state laws do not conflict with the purpose of a federal law. Nonetheless, federal law preempts state laws that interfere with the powers of national banks. The doctrine of federal preemption is grounded in the Supremacy Clause of Article VI of the Constitution and the Supreme Court has held that, “under the Supremacy Clause . . . any state law, however clearly within a State’s acknowledged power, which interferes with or is contrary to federal law, must yield.” The Supreme Court held that the National Bank Act of 1864 (NBA) preempts state laws that “significantly interfere” with a “national bank’s exercise of its powers.” In some cases, a federal law explicitly says it will preempt others and in some cases this is implied. The Office of the Comptroller of the Currency (OCC) is the primary regulatory agency to oversee national banks and it has taken a broad view of the preemptive effects of the NBA.

One question that is currently being posed is to what degree does a state’s law have to “significantly interfere” to  be overridden by a federal law?

In a case with the decision still pending, Bank of America N.A v. Riffard is one of two we will discuss arguing preemption. In this case, Bank of America believed the Wisconsin Consumer Act (WCA) did not apply to it. Jean-Pierre Riffard had two separate credit cards from Bank of America and defaulted on the monthly payments on each account. Bank of America sued Riffard for breach of contract due to his nonpayment. Riffard argued the case should be dismissed because Bank of America never provided him with notice of his right to cure before accelerating his debt and suing him, as required by the WCA. Bank of America argued the NBA preempts the WCA.

The WCA is a state law that regulates consumer credit transactions and debt collection. Under section 425 of the WCA, a creditor must give a consumer notice of any default on a credit account and an opportunity to cure the default.

The Wisconsin circuit court hearing the case agreed with Bank of America but noted there are differing results from the court on this matter. The Eastern District of Wisconsin held the WCA provision is not preempted in Boerner v. LVNV Funding LLC (2019). Contrary to this the Western District of Wisconsin held the WCA is preempted in Lako v. Portfolio Recovery Associates (2021). In Lako, the district court concluded “the WCA goes beyond debt collection and sets conditions on the lending relationship between the creditor and the borrower.” The court also noted in Lako the WCA not only prohibits the debt collection, but also acceleration of the debt until state required notices are made.

Last November the case was heard by the Wisconsin Court of Appeals. Riffard characterized the WCA’s notice-to-cure provisions as debt collection rules that are not preempted while briefs in support of Bank of America argued that applying cure notice requirements to national banks would subject them to each state’s regulatory requirements and defeat the NBA’s purpose of having a uniform regulation for national banks.

On February 27, 2024, the Supreme Court of the United States (SCOTUS) heard oral argument in Cantero v. Bank of America, N.A. In this case the question is whether the NBA preempts a New York statute requiring banks to pay interest on mortgage escrow accounts. The 2nd Circuit ruled that the application of the New York statute to national banks is preempted by the NBA, and this reversed a lower district court ruling.

The OCC has provided preemption regulations for the benefit of national banks so that each can rely on these rules and choose not to comply with many of a state’s consumer protection regulations. As SCOTUS contemplates this Cantero case, if it does not believe the NBA preemption applies to the New York law, it will directly call into question the validity of the OCC’s preemption regulations. This would mean that all national banks should then reconsider any preemption laws it is taking advantage of which could also be questioned and determine whether the bank must now comply with those state consumer protection laws and regulations. If SCOTUS provides an adverse ruling to Bank of America, it could be adverse to all national banks and trigger a wave of actions by state Attorneys General as well as private litigation against national banks based on violations of state consumer protection laws and regulations, as in the Riffard case. Would these actions be limited to a SCOTUS decision date forward, or be retroactive and open to many class action cases? There is no crystal ball that could force the probable causes and effects of such an action, but in researching this article I did come upon an October 12, 2000, article in The Oklahoman addressing one charter switch by the then new Peoples Bank of Oklahoma. The article stated, “Within 30 days, the bank… had virtually doubled its monthly income. Its lending limit had climbed from 15 percent to 30 percent of its capital. In addition, the bank’s annual regulatory fees had dropped significantly.

“We’ll save six or seven thousand dollars a year just on the fees we pay,” board member Randy Wright said. “That’s almost a month’s income. With a small bank like ours, every dime counts.” The article went on to point out, “For Peoples Bank, the decision to convert was purely financial.”

For other banks, like Arvest – which converted four banks this summer – the change had less to do with economics. “We eliminated two regulators. We did it to simplify things,” said Neil Schemmer, chief executive officer of the recently converted Arvest Bank in Norman. “Until this summer, all but five of the 16 banks in Arvest’s holding company were state-chartered banks,” Schemmer said. “Now, all but one are.” There may be many reasons for banks to make charter choices. If there are fewer NBA protections, that may affect banks’ consideration of a national bank charter choice.

February 2024 OBA Legal Briefs

  • CFPB Proposes New NSF Fee Rule
  • Overdrafts — Comments Requested

Editor’s Note: We do not usually write about proposed rules in Legal Briefs because so much can change between publication of a proposal and issuance of a final rule. However, we believe that Oklahoma’s bankers need to know about both of the recent CFPB proposals discussed in this edition.

CFPB Proposes New NSF Fee Rule

By John Burnett

On January 24, 2024, The Consumer Financial Protection Bureau announced a proposal for a new regulation on non-sufficient funds (NSF) fees. That should not have been a surprise, because the CFPB mentioned the possibility of a rule on NSF fees at least as long ago as 2022, when its Fall Regulatory Agenda indicated the Bureau was considering whether to issue new rules regarding them.

Now, the “other shoe” has dropped. Perhaps we should call it “a mismatched shoe,” because the new regulation proposal does not reference current financial institution practices regarding NSF fees. Instead, it anticipates that a bank or credit union might just be looking for a new fee income source, and the Bureau proposes to “nip it in the bud” before the idea can become a reality.

In short, the Bureau wants to ban something that almost no one (that the Bureau knows of) practices, but someone might try in the future. Here is what the proposal is all about.

It happens all the time — Someone taps their debit card on a POS terminal at Walmart to pay for a cartload of groceries, and the terminal displays “denied” or provides some gentler negative response because the cardholder’s bank account isn’t up to the task, the well is dry, or, in banker-speak, the account balance is “non-sufficient,” and the bank will not approve a transaction that would overdraw the account. The same result can be seen at an ATM, and in some peer-to-peer transfer networks.

The Bureau thinks that there might be a bank, credit union, or P2P network out there looking for ways to replace some of the fee income it has given up (perhaps in the current campaign against “junk fees”), and counting the number of NSF responses it sends back on ATM, POS and transfer authorization requests to see if they might be leaving some fee income on the table.

So, in a remarkably short (only 68 pages in all, with just over one page devoted to the words of the regulation) Federal Register document, the Bureau has proposed as new regulation (Part 1042) to say, in essence, “Don’t you even THINK about doing that!” by borrowing the definitions of “account” and “covered financial institution” from Regulation E and defining a “covered transaction” as “an attempt by a consumer to withdraw, debit, pay, or transfer funds from their account that is declined instantaneously or near-instantaneously [sic] by a covered financial institution due to insufficient funds.”

That’s followed by a definition of “nonsufficient funds fee” as “a charge that is assessed by a covered financial institution for declining an attempt by a consumer to withdraw, debit, pay, or transfer funds from their account due to insufficient funds” regardless of how the financial institution labels the fee. Then the proposed rule declares the charging of such a fee to be an abusive practice and prohibits it. A short little regulation with three little sections, about 270 words (including headings), and no official interpretations (as proposed).

I will not ask whether your bank has been thinking about imposing these “real-time” NSF fees, or whether, after reading the proposed rule, your bank changed its mind.

Comments are due by March 25, 2024. If you have a comment to offer, check out the guidance for commenters at the end of Andy’s article below.

Overdrafts – Comments Requested

By Andy Zavoina

In late 2023 there were a reported 4,645 commercial banks, 574 savings and loan associations and 4,994 credit unions in the United States. That is 10,213 financial institutions if you do not want to do the math. This gives you an idea of the “universe” which can be impacted by a new rule or interpretation. But some rules and interpretations do not actually affect all financial institutions.

When a new proposal or rule is published, the first things I would do is determine the impact of the proposal on my bank based on a general description, and if it will apply to me, when is it going to be effective? Well, on January 17, 2024, the CFPB released its proposal to “close the overdraft loophole that costs Americans billions each year in junk fees.” How will it accomplish this? With a tweak of a few words in a few regulations in certain conditions overdraft fees will be considered finance charges under Reg Z and Truth in Lending. Now my head begins to spin as I fear making APR disclosures, usury limits, periodic statements and those things associated with loan closings and lines of credit. But am I getting ahead of myself? To be clear, this rule will impact only the largest banks, those at or over $10 billion in assets.

If your bank is not in that category, please DO NOT STOP reading now and move on to more meaningful issues affecting your bank. While the CFPB estimates only 175 financial institutions will be impacted, and the math tells us that this amounts to a mere 1.71 percent of all financial institutions, there are some people who believe this rule could trickle down to smaller, community banks. According to the FDIC, Oklahoma has 178 banks with main offices in Oklahoma. Only a small percentage of these will be in the larger bank category and subject to the new rule, when and if approved.

Think about the process involved in a Notice of Proposed Rulemaking (NPRM). A proposal is made, and comments are requested. In a proposal that will relieve the American public of paying “billions of dollars” each year in non-sufficient funds – junk fees – charged by “banks” (meaning the financial institutions referenced above) where will the comment letters in support of, and against, all or some of the proposed rule come from? Will more come from the consumer protection organizations and the American public, or from those 175 banks? And will the final rule indicate overwhelming support for the proposal based on the comment letters, or that thoughtful comments indicated that overdraft fees are not always bad, these serve a purpose, and help in controlling fees in general charged by banks, they act as a deterrent for writing bad checks and should not be mischaracterized as “junk fees.” Would you be surprised to read that “based on overwhelming support of the proposal” it is approved? And do not forget the political aspects of this in an election year. The president and his staff have dwelled on junk fees and the large dollars collected by banks from consumers.

I want to explore the concept of “consumer protections” and the intent of these rules and contrast this to rules applicable to larger banks as compared to smaller banks. Using the Home Mortgage Disclosure Act (HMDA) as an example, when reporting is limited to larger institutions, the amount of data gathered is proportional to the size of those lending institutions. By limiting the application of the rule to the larger volume lenders the public gets the vast majority of the lending data gathered. Having such a rule excluding the smaller lenders makes review and analysis of trends much easier and it is cost effective, especially for those smaller lenders who have the same data gathering burden but far few resources and less technology to meet the requirements. Having the smaller lenders exempt from reporting takes away little data. In years past the CFPB did increase the reporting threshold for HMDA applicable loans. This increased the number of exempt lenders and therefore took away a small amount of data. It worked just as planned. The public and regulatory agencies received useful data and the smaller lenders were able to still make loans supporting the housing efforts of their communities yet deploy funds and assets elsewhere to facilitate an overall more effective community bank.

But no good deed goes unpunished. There was a court case which argued that data was necessary to properly evaluate the housing efforts of even the smaller lenders and the action was successful. The argument that less data still accomplished the goals of HMDA was not enough and the CFPB did not appeal the decision. The threshold dropped to its prior limit. Now a larger segment of smaller volume lenders is once again recording and reporting HMDA information. My point is, the objectives were met even with the higher limit, but the argument that a more microscopic application better meets the needs for more finite reviews prevailed. At the end of the day, consumer protections against discrimination were deemed better met by applying the rules uniformly down to smaller lenders and eliminating only the smallest of low-volume lenders.

Contrast this HMDA example to a true consumer protection regulation. The former is based on a bulk of transactions and analysis using a broad brush, and the latter is based on individual transactions. The overview of the proposed overdraft fee rule includes three important points.

  1. The proposal would require very large banks to treat commonly used overdraft protection as credit, making it subject to Reg Z disclosure requirements and other protections that apply to credit cards and loans.
  2. The proposed rule provides those banks subject to the rule two options on how to approach handling overdrafts. The bank could offer overdraft loans, officially offering lines of credit and triggering a multitude of disclosures and statements (e., processing) meaning potentially systems improvements and all that comes with such an undertaking. Alternatively, the bank could offer overdrafts as a courtesy service where fees do not exceed costs and losses, using a “breakeven standard” calculation or, optionally, a “benchmark fee.” Currently these benchmark fees being proposed are $3, $6, $7, or $14. The CFPB estimates the average fee is currently $35.
  3. The new rules would apply to banks and credit unions with $10 billion or more in assets and, if finalized as proposed, would go into effect in October 2025. That provides nearly two years to prepare from the publication of the NPRM.

Under a data gathering rule, there is the broad brush used to effect protections and these take extended periods to provide substantive information to act on. In this proposal it is individual transactions which will be impacted. Which is truly the most effective form of consumer protection? There is no denying that individuals who are protected at each transaction receive the most benefit and more quickly than is derived from data which takes years to accumulate and analyze. How can any regulatory agency that is responsible for consumer protection actions justify applying such a rule based on the asset size of the lender when all banks are subject to Reg Z already? A depositor with an overdraft at a smaller community bank would not be entitled to the same protections afforded a similar consumer at a larger bank even when both banks are subject to the same regulation that provides the protections.

If you are keeping a tally of the impact this rule poses and are comforted by the fact that your bank is under the $10 billion threshold, do not take that sigh of relief too soon. The CFPB has hinted at potentially applying this rule to smaller banks, stating that the CFPB intends to “monitor the market’s response” before deciding whether to expand the scope to smaller banks in the future. In the future it would be quite easy to justify expanding this proposal to all banks.

I ask you, what is the “market’s response” to this proposal if fewer than 175 banks comment? Certainly, banking organizations will respond but I would add that thoughtful comments from the smaller and as of yet unaffected banks need to be made to better protect those who do not want the options described above in their future. I would add that once the larger banks have adapted to the new rule and vendors have worked through the technological hurdles, it will be deemed a much easier process for smaller banks to adopt the same rules.

As a brief background, Congress gave us the TILA in 1969 and the Federal Reserve then gave us Reg Z to implement it. As to the use of currency, checks were frequently used by consumers to send money and pay bills. Zelle and similar programs were not invented. Check volume was huge and growing annually. It was recognized at that time that check processing was labor intensive. The processing technologies banks have used for decades did not exist then. Checks were manually encoded, and the items were compared to account balances. They were typically manually reviewed, account analysis was completed, and someone made a decision to pay or return an item. The bank had policies that would have included considering how long the bank has had the account, the average deposit balance, when deposits were made (direct deposit was not required  or even highly encouraged until the 1970s) and how often the account had checks presented that exceeded the available balance. It was a costly and manually intensive process. The Fed exempted overdraft=related costs from Reg Z requirements if the bank honored a check when its depositor “inadvertently” overdrew their account. Over recent years banks have been careful not to confuse inadvertent overdrafts with lines of credit because the costs of disclosing the latter can be high and smaller banks may not even have the technology to meet the Reg Z disclosure requirements. Overdrafts were not nearly as frequent in 1969 as today, and banks imposed fees to cover these processing costs as well to incentivize the depositor to not overdraw their account.

Banking technology has come a long way, and these costs are now greatly reduced and may be deemed truly minimal, other than the costs of the technology used and the cost of funds. Reg Z has retained this exemption, but this is what is now being considered for removal. This intentional exemption is the loophole in question.

The loophole is in the definition of “finance charge” at 1026.4(c)(3). Paraphrasing from the NPRM, page 64, “These proposed changes require compliance with not only Reg Z when providing higher than breakeven overdraft credit services described below, but would allow those banks to continue to comply with Regs DD and E when providing non-covered overdraft credit services at or below breakeven pricing. This means the banks that have invested in compliance with Regs DD and E could maintain their current processes for providing consumers with non-covered overdraft credit so long as it priced such credit at or below breakeven pricing.” Reg E will require some tweaking as well to allow complete compliance with this proposal and as credit products, banks may start reporting these overdraft lines to credit bureaus.

Reg Z would have new key terms and definitions that would become commonplace in discussions as operations and lending bridge these overdraft gaps, terms like, overdraft credit, above breakeven overdraft credit, covered asset credit account, covered overdraft credit, covered overdraft credit account, and hybrid debit-credit card.

I also find it interesting that it is never mentioned that in most cases writing a check against non-sufficient funds is typically a misdemeanor, a crime. Neither banks nor regulatory agencies should encourage such an act. Providing both payment options, the approval of an inadvertent item and a line of credit cause the items to be paid rather than returned, avoiding misdemeanors and fees from those on the receiving ends of the checks. This protection ends when banks begin returning the items because they cannot pay the items due to cost inefficiencies. These inefficiencies will be based on the lower income derived from overdrafts, potentially increased costs due to losses and the cost of technology to support lines of credit if that is what banks opt to offer.

While banks can continue to provide courtesy overdraft credit as is often done now, the fees which will be regulated would be assessed against a breakeven calculation or a benchmark amount. If the fees are equal to or less than these metrics, the overdraft credit provided would not be subject to Reg Z. Using this low-cost approach will exempt the bank.

  1. To use a breakeven standard the CFPB would require the bank to determine its total direct costs and charge-off losses for providing overdraft credit to all accounts open at any point during the previous 12 months. This amount would then be divided by the total number of overdraft transactions attributable to those accounts occurring in the previous 12 months. The proposal includes guidance on the types of costs and charge-off losses that a bank may consider when making this calculation.
  2. The CFPB proposes to set this alternative fee, a breakeven fee at $3, $6, $7 or $14, and the Bureau believes this would create a “simple bright-line method” for the very large banks to use when assessing whether the overdraft credit they provide is below or above the breakeven threshold. The CFPB reached each of the benchmark fees by applying different calculations to relevant data collected from eight of the large banks.

The alternative to use of the breakeven or benchmark fees is overdraft lines of credit. Overdraft credit can be provided at a cost higher than the breakeven standard or the benchmark fees described above, but the cost to the bank is that these would be subject to Reg Z.

This compliance would require treating transfer fees (line of credit to overdrawn account) as finance charges, or the bank can eliminate those fees altogether. This line of credit then offers consumers a means of repaying their overdrafts other than by preauthorized EFTs. This line of credit facility also means compliance with the regulatory provisions in Reg Z that apply to credit cards that would newly apply to certain types of covered overdraft credit. This requires systems and new skillsets for your staff.

Banks would then be required to make mandatory disclosures to consumers disclosing the cost of credit and more. Hybrid debit-credit cards used by consumers to access overdraft credit would be subject under the proposal to the Credit Card Accountability Responsibility and Disclosure (CARD) Act-related sections of Reg Z. These would include, but are not limited to, ability-to-pay underwriting requirements and limitations on penalty fees.

The proposal also requires that overdraft credit be structured as a separate credit account, not a negative balance on a checking or other type of transaction account. The underlying checking or transaction account would be considered the asset account and tied to the separate credit account created for the overdraft credit. This separate credit facility would have its own due date at the same time for each period. That means that if a $100 item is paid on the first against a deposit balance of $40, the $60 goes to the credit facility. If a deposit of $100 to the deposit account is received on the second, there is no setoff available. The $60 owed is under the credit line and is not owed until the billing is due, possibly at the month end, as an example. The billing dates will have to be on the same day of each billing cycle.

The banks subject to the proposed new rule would also be prohibited from compelling consumers to use automatic payments to repay overdraft credit, which would effectively require them to provide consumers with at least one alternative repayment option.

One point I have not seen addressed yet includes those consumers subject to the Military Lending Act (MLA). The bank would need to know who these consumers are in order to meet the disclosure requirements of the MLA. Currently the MLA is moot. In the FAQs published in the Federal Register, Vol. 81, No. 166, Friday, August 26, 2016, under Section II, question 1, it asks, “What types of overdraft products are within the scope of 32 CFR 232.3(f) defining ‘‘consumer credit’’?” The answer includes, “The MLA regulation generally directs creditors to look to provisions of TILA and its implementing regulation, Regulation Z, in determining whether a product or service is considered “consumer credit” for purposes of the MLA. Also, the supplementary information to the July 2015 Final Rule discusses coverage of overdraft products.

The MLA regulation defines “consumer credit” as credit offered or extended to a covered borrower primarily for personal, family or household purposes that is either subject to a finance charge or payable by a written agreement in more than four installments, with some exceptions. The exceptions include “residential mortgage transactions; purchase-money credit for a vehicle or personal property that is secured by the purchased vehicle or personal property; certain transactions exempt from Regulation Z (not including transactions exempt under 12 CFR 1026.29); and credit extended to non-covered borrowers consistent with 32 CFR 232.5(b).”

If overdrafts are paid from a line of credit and are subject to Reg Z, in addition to the CARD Act and ATR, there will be MLA requirements. The bank will have to know if it is dealing with a covered borrower at the time the credit is offered. This includes dependents. There are written and oral disclosures required as well as a Military Annual Percentage Rate.

Most banks are aware of the “all in fee” nature that the MAPR has resulting in a higher rate than Reg Z APR. But the open-end MAPR is different still. From the CFPB exam manual — “…the MAPR for open-end credit should be calculated following the rules for calculating the effective APR for a billing cycle as set forth in 12 CFR 1026.14(c) and (d) of Regulation Z (as if a creditor must comply with that section) based on the charges listed above. Even if a fee is otherwise eligible to be excluded under 12 CFR 1026.14(c) and (d), the amount of charges related to opening, renewing, or continuing an account must be included in the calculation of the MAPR to the extent those charges are among those in the above Types of Fees to Include in MAPR Calculation.” While the MAPR will still be capped at 36 percent and presumably all the fees will be compliant and reasonable, the minimum fees will have to be weighed against the amount of the credit and the date of the payment due from the consumer. How close to 36 percent could possible scenarios get? When and how often will banks be required to verify with the DMDC database that their overdrawing consumers are covered or not?

There are many questions, and I believe that every banker who reads the 211-page proposal will ask themselves similar questions, but also a few unique ones. Comment letters that all banks are encouraged to submit should pose these questions so that guidance can be included in a final rule and not offered in the distant future when the questions are real and not hypothetical.

While this article is not intended to serve as a how-to on writing a comment letter, I am asking all banks with an interest in the overdraft topic now or in the future to seriously consider sending one. Therefore, I will include points common to comment letters though few comment letters would ever be considered wrongly sent.

  1. Read the entire proposal to best understand the requirements and ask meaningful questions supported by realistic and factual scenarios to support them.
  2. Where any questions are asked in the NPRM of those submitting comments, answer them. This increases the usefulness of the process especially in those which ask, “what is the impact of…” on a bank or consumer.
  3. Use facts and refrain from personal comments such as “the proposal is unfair because…” or in this case, “the consumer wrote the check, and we disclosed the fee and that’s all that matters.” That would take the process nowhere and is often just subjective. Cite facts and conditions which support the bank’s position that this is a cost-effective option when considered overall. If more checks are being returned the consumer will suffer more costs, especially from merchants not obligated to keep fees low for returned payments, and for consumers who later find it harder to bank anywhere due to poor management of checking accounts in the past.
  4. Specifically quote the proposal where appropriate so the reader knows exactly what your comment pertains to.
  5. Some banking organizations may prepare comment letter templates. These are useful as to providing guidance on topics and formats. But the regurgitation verbatim of someone else’s comment letter is nothing better than a tick mark for, or against something as the comments have already been stated and read. It will add to support your position, but in a less meaningful way.
  6. Offer suggestions on issues that are realistic and meet the goals of both your bank and the consumer’s needs for protection. After reading the proposal, you will read about issues such as, “For example, CFPB research found that in 2012 the median overdraft fee was $34, the median size of a debit card transaction incurring an overdraft fee was $24, and that the majority of non-covered overdraft credit transactions were repaid within three days. Putting these figures in lending terms, the annual percentage rate (APR) for such a non-covered overdraft credit transaction would be 17,000 percent (if transaction fees were included in the APR calculation).” This is where the cost to actually process a transaction comes into play, as well as losses and collection expenses. I see the APR as less of an issue when the fees are reasonable. It is not enough to say an APR is not reasonable when the actual fee is only a matter of a few dollars. Expressing that minimal fee as an annual rate provides an unbalanced calculation.
  7. Balance your comment letter based on the bank’s experience as a whole. That is, consider the side of the loan department as well as operations for the big picture.
  8. The pounds test is not a goal to be met here. Do not add comments that go on and on so that if printed, you will have the longer document. Succinct and meaningful comments that convey valid points will be held in higher regard as being productive for all. You don’t need to address every issue raised in the proposal. Focus on the elements most important to you and your bank.
  9. If you read other comment letters or reports in the press, you will understand those who disagree with your position. With this understanding you can better offer intelligent counterpoints.
  10. The comment period for this proposal ends April 1, 2024. You should have your letter in by that date. Sending it electronically is the fastest and easiest way to make a submission. Prior to sending yours, you can read others that have been submitted and remember your comment letter will also be publicly available. For this reason, bank management and/or counsel may want to be involved in the process. The NPRM itself contains instructions for all this.

 

January 2024 OBA Legal Briefs

  • ’Tis Still the Season — Security and Fraud Losses
  • MLOs Hirable Now — Changes in Section 19
  • AI in Banking

’Tis Still the Season

By Andy Zavoina

Security and Fraud Losses

The holiday season has ended and now it is all about the returns. Side note – it is a great time not to be working at Amazon. What does all this have to do with banking? Money. Your depositors have it and there are thieves out there who want it even more than the retailers. When a retailer is paid by your customer, it is because your customer spent their money at that store. It is an honest buyer and seller relationship. But there are thieves out there waiting to scam and steal from your customer. In many cases, when the thieves steal your customer’s money, they are really stealing from the bank by using the weakest link, the customer, to get access to it. Some of these customers may be negligent and others fall for a good story filled with deception and technology tricks. The type of customer and type of loss will influence whether the customer or the bank will be taking this loss.

We have all seen check fraud increase even as the overall use of checks has declined by 7 percent according to the Federal Reserve. One report indicated that 70 percent of banks have experienced an increase in fraud over 2021. Fraud losses are increasing by about 65 percent from $2.3 million in 2022 to $3.8 million in 2023.
One barometer to see what is happening on this front is the growth in the numbers of Suspicious Activity Reports (SARs) for check fraud cases filed by banks. According to Financial Crimes Enforcement Network (FinCEN) data, it is up 201.2 percent between 2018 and 2022. With 447,525 SAR check fraud reports in 2023 through October, the year was on track to beat the 2022. Check fraud SARs have increased more for personal and business checks than for any other financial instrument. Check fraud accounts for one-third of all the fraud banks are experiencing, excluding mortgage fraud.

The Federal Trade Commission (FTC) estimates Americans lost $330 million to text scams in 2022. That is up from $86 million in 2020. Text messages are fast, cheap, and easy to send from anywhere. The median loss in cases like these is $1,000.

Your consumer customers are often the main target of these thieves, especially during peak sales seasons such as the holidays we are now recovering from. You may not have heard of all the fraud committed yet, as many customers will not be aware until they have their latest statements – that is, if they actually review them.
Scams accounted for 12 percent of the fraud transactions, with two key scams standing out. The first is a thief impersonating a bank security or support person and the other is an IRS scam. The former instills a fear of immediate loss with the hopes of an immediate recovery if they act fast, and the latter one of red tape and a never-ending issue of audit, collections and threats of arrest.

Let’s look at business customers. Say your business customer “A” regularly pays business “B” for services rendered. One day an employee in accounting receives an email from a person at “B” they frequently correspond with. The message says they have changed banks and provides new payment routing information. What is the proper procedure here? Should “A” verify these changes with a trusted source at “B” or make the changes and move on? Business email compromise (BEC) happens, and if that email is not questioned and verified, future payments will go to a thief and the payor will not be aware until “B” contacts them about the past due status. As soon as funds reach the thief’s account, they are almost immediately wired out and unrecoverable. If either the payor or payee is aware of the payment within a day, there is a chance for a recovery. In instances like this the payor still has to make a payment, and “B” may be having cash flow problems while this is figured out. The payor’s procedures will be questioned, and the bank may be held to blame if its customer is the payor in this scenario. Why the bank? Because it has deep pockets. and customers who demand privacy also believe the bank knows this payment is uncharacteristic for one or more reasons.

BECs often take the form of fake invoices from real vendors or business partners, fake requests from upper management to transfer funds to a bank account that actually belongs to the attacker, and fake notifications from real vendors and business partners of changes in banking account information. These bank customers are not protected by Reg E and the Electronic Fund Transfer Act, but they may be under the Uniform Commercial Code (UCC). That is their hope, and the bank may be their best chance for recovery. The fact that the bank followed the payment order it was given is a moot point. But there is hope for the bank. Review UCC 4A-207 in situations like this. This section provides that if a payment order (including wire transfers) received by the payee’s bank includes the payee’s name and a different account number than the payee’s real account number, the bank is not liable for the misdirected wire unless the bank had “actual knowledge” that the payee’s name and account number referred to different persons or entities. The bank does not need to affirmatively determine whether the name and number refer to the same person. UCC 4A-207(b)(1). But if someone in your wire room is keying in information on incoming transfers and your system displays the account owner name before the input date is checked and “enter” is clicked, it will be hard to claim the bank was not aware of a mismatched name and account number.

Much of the loss prevention effort employed by banks today is older technology dating back to the 1990s. Those banks experiencing sizable amounts of check fraud losses should invest in newer technology and these banks should see a significant return on the investment as losses are curtailed. Artificial Intelligence (AI) can be employed and will make it easier, for example, to detect unusual transactions in a customer’s account and immediately confirm those transactions with the consumer. This technology can play a dual role to both reduce fraud and indicate Bank Secrecy Act red flags on transactions and account relationships.

The customers can take another preventative measure themselves as banks tout the security of using electronic payments over paper. Businesses have many cost-effective options such as automated cash management services. At the end of the day, their loss exposure is lessened with each check they do not write.

Banks must do a more effective job of educating customers about security. A recent survey by PYMNTS.com indicated customers prefer multifactor authentication (MFA) each time they access their accounts and send or receive funds. According to the poll, eighty-three percent of respondents said they want MFA for riskier transactions, such as accessing a bank account from an unknown device, changing personal information in a bank account, and spending or sending larger sums of money electronically. Sixty-two percent wanted MFA for routine transactions such as accessing a bank account from any device or transferring money to family and friends. More than half said they prefer MFA for low-risk transactions such as paying bills, rent or loans. Smartphones are making this easier than ever with biometrics such as fingerprint and facial recognition to act as their MFA.

When I was in the military there was always the same lesson plan to be followed when teaching, which is what the bank should be doing here. Tell them what you’ll tell them, tell them, and tell them what you told them. It is difficult to get the attention of customers and to convince them that security of their access information is everyone’s job. So, you must constantly remind them and mix your messages about security protocols. Marketing needs to work with compliance, security and those who investigate fraud and other losses to deliver the message.

1. Does your bank encourage customers to review their statements or at least regularly review their balances and transactions online? Perhaps customers can be incented to do either or Marketing can make doing so fun in one way or another. But customers need to be reminded of this important responsibility.

2. When sending One Time Passwords (OTP), think of those six-digit codes to verify the device and access authorization to the account as the same, and ensure that each one clearly says, we will never ask you for this code. That is a very common technique for that thief to get access after sending thousands of text messages like “XYZ bank – we need to verify your $5,026 transaction at Big Box, reply “Y” to accept the charge and “N” to deny it. If you have a question, call the bank at 623-387-6862.” All the customer wants is to refuse the charge. The thief will get a verification that this a fish is ready to take the bait when they reply “N,” or the customer will call, and the hook will be set. The thief discusses how this happened and what needs to be done to save the customer their money and part of that is verifying they have the right customer. To do that the bank (thief) will send a six-digit code and the customer needs to give them that number back. That is when the customer must have had positive reinforcement TO NEVER GIVE THAT OTP CODE OUT. Even when the security officer says it is OK this time. The security officer/thief will immediately change that password to the account and clear out the balance. The bank is then carefully reviewing Reg E to see who is liable for the losses — the bank or the consumer. And by the way, the “bank’s phone number” above translates on the phone touch pad to “MAD EUP NMBR” and if your customer is calling the bank, they should look for a known number. That “direct” line is not to the bank in any way.

3. Check washing is very popular again. Blue or black gel pens are preferred for checks as that ink is much harder to remove. Like yard signs that tout protection services, they may be real or not, but it is easier to move to the next house than find out. Skipping the gel inked check for the next one is a logical move as even for thieves, time is money.” And remind customers to avoid dropping outbound mail in those blue boxes or leaving it in their mailbox with the flag up. Have it picked up by postal personnel or drop in a lobby slot at the Post Office.

4. Use the internet banking bill pay services when checks are needed for recurring payments.

5. If the customer transfers money using Zelle, PayPal and the like, have they verified who they are sending that money to? Sending $1 and getting verification that it was received with a call or verified text and then sending the rest can save money when there is a thief or just a wrong number.

6. When it comes to passwords, four-digit numerical PINs are terrible security even though there are 10,000 possible combinations. Hackers who steal phones are not sitting at the table trying 0 – 0 – 0 – 0, then 0 – 0 – 0 – 1, and so on until it works. A four-digit PIN can be cracked by a computer in less than a second. Six-digits are better but ‘real” passwords are better yet, and biometrics are best. If the desired security is “something they have” and biometrics is not acceptable to customers or is one part of a verification process, another option is a security key. These cost about $50, and a device will not unlock or a site requiring logon credentials will not work without the physical key. The less expensive way to accomplish this is with a OTP generator so the customer has to know where to go and to sign in to get the OTP.

Good security is a pain in wallet area, but also a great preventer of another pain in the wallet when a customer finds out their accounts have been drained, that lines of credit were accessed automatically to cure overdrafts, and that they still have to replace the phone they lost.

7. Teach customers not to click on links or respond to text messages from an unknown source. When a text comes in asking, “This is Tina. Are we still on for lunch tomorrow at 1?” They are setting that hook and looking for a sucker. If they find that elderly, lonely customer with a savings account, suddenly the thief is a caring and good person who is willing to talk and spend time with them. Have no doubt money is the motive and that thief has no remorse as to the effects of what they do. When such a text comes in, either block the number and delete the message, or reply, “wrong number” and then block and delete. If interested, the FTC asks that suspicious texts be reported to ReportFraud.ftc.gov or forwarded to 7726 (SPAM).

8. Remind commercial depositors about BEC and account takeover thefts and encourage them to protect themselves.

Customers, all customers, should be reminded with paper statements, e-statements, when they log on to internet banking and when they receive an email or text message from the bank. In some cases, just email or text the reminder solo, without any other message. Just like for scammers, email and text messages are easy to send in bulk and inexpensive.

Another common scam is the undeliverable package. Here is one from my spam box as I write this article.

“ZAVOINA, you have (1) package pending in our warehouse.

Unfortunately, we could not deliver your postal parcel on time because your address is not correct.

Please reply to us with the correct delivery address. ___ here ____

Best regards,

Track & Trace Rewards”

There were various emojis in this HTML email and the thieves wanted the receiver to click the HTML link. They will attempt to get more information, especially banking info, or infect the computer. When was the last time you received a computer-generated message like that from Fed Ex, UPS or another professional company? My old home, in the city limits and to which packages are regularly delivered, is not difficult to find. Yet the only reason the scam is being run is because it works. In a recent cybersecurity presentation I attended, one session discussed when law enforcement recovered the original mailing list from a thief. The police contacted those on the list and found that 18 percent of the recipients had responded favorably to the thief. Your Marketing department would be ecstatic to have a near 20 percent response to a mass mailing.

I recently taught on my own experience where my Apple password, then 10 characters long, had been cracked. MFA prevented the thieves from getting into my accounts. I simply added a character to what I had and went on with my business. Not 12 hours later they were at it again. I had not outsmarted anyone. Long story short I made painful changes, and that logon password is now 23 characters long and I have more security protocols in place. Are they problematic when I need quick access to something? Yes, but it is all less problematic than losing everything and having some or all financial liability on top of it.

If you really want your customer’s attention, ask them if they are using cloud services from a provider tied to their phone. In the case of the Apple ecosystem things just work seamlessly and life is good. But if a thief shoulder-surfs and sees that easy to remember four-digit code and then grabs the phone and runs, they can change that person’s security code and even their main password to their Apple accounts. The thief does not need the current password to change it and the real owner can be locked out forever in minutes. That includes email, photos and Apple TV. Emphasize “photos” to your customer. If they do not have a separate backup of those photos, there may be years and years of photos and videos documenting births, deaths, weddings, holidays, and general memories only in the cloud. When your customer is locked out of their own account because of the thief, Apple will tell them there is nothing they can do as it does not have the codes or master codes to access the photos. They’re gone. Money comes and goes, but those photos are gone forever. Now the customer has a genuine interest. As a side note, Apple is working on a fix for this security change issue in an upcoming update to the operating system.

MLOs Hirable Now

We generally do not get too involved in Human Resources issues but this one has some compliance crossover implications, so it is worth mentioning, especially since we are just through the annual renewal period. Section 19 of the Federal Deposit Insurance Act contains restrictions on hiring employees with criminal backgrounds. That is, Section 19 prohibits hiring individuals convicted of crimes of dishonesty, breach of trust, or money laundering, including theft, misappropriation, embezzlement, false identification, and writing of a bad check, among others, from working in a bank without written consent from the FDIC.

But in December 2022, President Biden signed the National Defense Authorization Act for Fiscal Year 2023. Section 5705 of that Act is the “Fair Hiring in Banking” section, which instructs banks to disregard certain criminal convictions. While this eases the restrictions on the hiring of individuals with criminal records, the changes open questions regarding the de minimis standard, and whether the changes to Section 19 effectively amended Reg Z, as it applies to mortgage loan originators because of Reg Z’s references to Section 19. Specifically, § 1026.36(f)(3)(ii) addresses the qualifications individual loan originator employees and requires the bank to review the person’s background as to meeting certain standards and states that if they do not meet these standards, “before the individual acts as a loan originator in a consumer credit transaction secured by a dwelling, that the individual loan originator:

(A)( 1 ) Has not been convicted of, or pleaded guilty or nolo contendere to, a felony in a domestic or military court during the preceding seven-year period or, in the case of a felony involving an act of fraud, dishonesty, a breach of trust, or money laundering, at any time;
( 2 ) For purposes of this paragraph (f)(3)(ii)(A):

( i ) A crime is a felony only if at the time of conviction, it was classified as a felony under the law of the jurisdiction under which the individual was convicted;

( ii ) Expunged convictions and pardoned convictions do not render an individual unqualified; and

( iii ) A conviction or plea of guilty or nolo contendere does not render an individual unqualified under this § 1026.36(f) if the loan originator organization has obtained consent to employ the individual from the Federal Deposit Insurance Corporation (or the Board of Governors of the Federal Reserve System, as applicable) pursuant to section 19 of the Federal Deposit Insurance Act (FDIA), 12 U.S.C. 1829, the National Credit Union Administration pursuant to section 205 of the Federal Credit Union Act (FCUA), 12 U.S.C. 1785(d), or the Farm Credit Administration pursuant to section 5.65(d) of the Farm Credit Act of 1971 (FCA), 12 U.S.C. 227a-14(d), notwithstanding the bars posed with respect to that conviction or plea by the FDIA, FCUA, and FCA, as applicable; and

(B) Has demonstrated financial responsibility, character, and general fitness such as to warrant a determination that the individual loan originator will operate honestly, fairly, and efficiently…”

So, there are the rules and some exceptions now. Section 5705 provides that an individual no longer needs the consent of the FDIC (or NCUA if you are keeping score. Add NCUA in most places when you read FDIC here) to become employed with an insured bank or credit union for “Certain Older Offenses.” These exceptions apply where:

1. It has been seven years or more since the individual committed the offense; or
2. The individual was incarcerated with respect to the offense, and it has been five years or more since the individual was released from incarceration; or
3. The individual committed the offense when they were 21 years of age or younger, if more than 30 months have passed since the sentencing for the offense occurred.

These are lower thresholds than recognized under prior law and FDIC rules. In addition, other de minimis offenses may be exempt, subject to the FDIC rulemaking capabilities and meeting the following criteria:

1. Punishable by a term of three years or less confined in a correctional facility;”
2. Offenses for writing insufficient funds checks must require that the aggregate total face value of all insufficient funds checks (regardless of the number of convictions or program entries at issue) be $2,000 or less; and
3. Other lesser offenses, like the use of a fake ID, shoplifting, trespass, fare evasion, and driving with an expired license or tag, if at least one year has passed since the conviction or program entry for such offense.

There is greater opportunity for exempting de minimis offenses. Banks are now able to move through the hiring process more easily for individuals with lesser, minor convictions than in the past. I will draw attention to the fact that the rules do not say “may consider” or “may waive,” as in “this is optional.” It says banks should disregard prior requirements where these conditions exist. Theoretically if a young employee embezzled from the bank and has been released and meets these conditions, the bank could not stand on Section 19 of the FDI Act and refuse employment.

Under the current Section 19 rules, offenses are considered de minimis and a waiver is automatically granted if the maximum punishment for the crime was:

1. imprisonment of one year or less, and the individual served three days or less of jail time, and
2. a fine of $2,500 or less.
3. Offenses for writing “bad checks” are considered de minimis so long as the aggregate value of the “bad checks” written is less than $1,000 and the payees were not an insured depository institution (IDI) or a credit union.

For a direct comparison, the Fair Hiring in Banking changes this auto-exception to:

1. if the maximum punishment for the crime were three years, calculated based on the time an individual spent incarcerated and not including pretrial detention, probation, or parole.
2. The fine is not referenced.
3. The aggregate amount of the bad checks was increased to $2,000.

Now the Reg Z issues. Reg Z prohibits banks from employing individuals in loan originator positions if that individual was:

1. convicted of a felony in the preceding seven years, or
2. “at any time” for felonies “involving an act of fraud, dishonesty, a breach of trust, or money laundering,”
3. unless they have received consent from the FDIC pursuant to Section 19.

But now the Fair Hiring in Banking provisions removed the requirement that an individual must obtain consent under Section 19 for offenses where:

1. it has been seven years or more since the offense occurred, or
2. the individual was incarcerated for the offense, and it has been five years or more since the individual was released from incarceration; and (ii) the individual was 21 years or younger when he or she committed the offense and 30 months or more have passed since the individual was sentenced.

The result is a set of convictions that would require FDIC consent under Reg Z that are no longer covered convictions under Section 19. Fast forward to October 23, 2023, and the FDIC’s Notice of Proposed Rulemaking Concerning Section 19. The NPRM states:

The proposed rule would incorporate statutory changes to Section 19, including the following:

• Certain older offenses. The Act excludes certain offenses from the scope of Section 19 based on the amount of time that has passed since the offense occurred or since the individual was released from incarceration.

• Designated lesser offenses. Under the Act, Section 19 does not apply to the following offenses, if one year or more has passed since the applicable conviction or program entry: using fake identification; shoplifting; trespassing; fare evasion; and driving with an expired license or tag.

• Criminal offenses involving dishonesty. The Act excludes certain offenses from the definition of “criminal offenses involving dishonesty,” including “an offense involving the possession of controlled substances.” Historically, the FDIC has required an application as to drug-related offenses—aside from simple-possession offenses. In light of the Act, however, the FDIC believes that Congress intended to exclude, at least, the offenses of simple possession and possession with intent to distribute from the “involving dishonesty” category because of the statute’s use of the phrase “involving the possession of controlled substances.” Additionally, the FDIC believes it should shift from the presumption that other drug-related offenses are subject to Section 19 as crimes involving dishonesty, breach of trust, or money laundering. This revised approach would treat drug offenses the same as all other types of crimes, which do not automatically trigger the need for an application, but which may require an application depending on the elements of the underlying criminal offense.

• Expunged, sealed, and dismissed criminal records. The Act excludes certain convictions from the scope of Section 19 that have been expunged, sealed, or dismissed. The existing FDIC regulations already exclude most of those offenses. The proposed rule would modestly broaden the statutory language concerning such offenses to harmonize the FDIC’s current regulations concerning expunged and sealed records with the statutory language.

• Standards for FDIC review of Section 19 applications. The Act prescribes standards for the FDIC’s review of applications submitted under Section 19.

The proposed rule also provides interpretive language that addresses, among other topics, when an offense “occurs” under the Act, whether otherwise-covered offenses that occurred in foreign jurisdictions are covered by Section 19, and offenses that involve controlled substances.

Comments are due by January 16, 2024, as this appeared in the Federal Register on November 14. https://www.federalregister.gov/documents/2023/11/14/2023-23853/fair-hiring-in-banking-act. Compliance may want to coordinate with Human Resources on a comment letter if there are questions your bank has, clarifications you want, or changes to recommend.

AI in Banking

Is your bank an early adopter of technology? I do not see many community banks jumping on to the cutting edge of technology but soon it will become a more commonly offered service from vendors. Now is the time to become familiar with what is happening in this arena. Not banking but looking for shortcuts could be dangerous. If a “techie auditor” wants to use a ChatGPT or similar program to dress up an audit report, who fact checks it? In December the CEO of The Arena Group, which publishes Sports Illustrated, was fired weeks after the magazine was accused of publishing articles generated using artificial intelligence (AI).

The CFPB in June reported on consumer dissatisfaction with chatbots, another common use of AI. The report noted that about 37 percent of the U.S. population has interacted with chatbots. In banking, the use of chatbots raised several risks including: (i) noncompliance with federal consumer financial protection laws; (ii) diminished customer service and trust; and (iii) harm to customers. There have been complaints received by the CFPB. We have also seen AI result in fair lending cases based on poorly targeted marketing. You can find the CPPB’s report here: https://www.consumerfinance.gov/data-research/research-reports/chatbots-in-consumer-finance/chatbots-in-consumer-finance/

December 2023 OBA Legal Briefs

  • Year End, Year Start

Year-End, Year Start

By Andy Zavoina

This is a time of celebrations, family, and looking forward to a new beginning as the calendar turns to 2024. But, has every “i” been dotted and “t” crossed for 2023? Do you get to exhale in a sigh of relief as you enjoy the holiday season, chill for a moment, and start anew on January 1? The answers are, “You need to know they are,” and “Absolutely not.” As 2023 ends, 2024 begins as a new year but what’s not done from the year-end still has to be. So, let’s do a quick review of those annual tasks and ensure you are really ready to close the books on 2023 and open the new one for 2024.

What must you always consider as you begin planning your year? The major events you anticipate, especially changes.

HMDA

Are you a HMDA reporter, or now will be, based on your bank’s size and transactions and what ramifications does that bring? (See 1-5 immediately below for the requirements applicable to 2023 data. Each test must be met.) If applicable, are you ready for the March 1 filing deadline this year? Do you have only the final quarter’s Loan Application Register (LAR) entries to scrub, and if not, how long will that take? Are the first three quarters of 2023 ready to go?

1. Asset-Size Threshold Test. On December 31, 2022, your bank had assets in excess of $54 million. This was for data collection threshold for 2023. We expect the 2024 threshold to be released in late December.
2. Location Test. On the preceding December 31, your bank had a home or branch office located in a metropolitan statistical area (MSA).
3. Loan Activity Test. During the preceding calendar year, your bank originated at least one home purchase loan or refinancing of a home purchase loan secured by a first lien on a one-to four-unit dwelling.
4. Federally Related Test. Your bank is federally insured, regulated, or originated at least one home purchase loan or refinancing of a home purchase loan that was secured by a first lien on a one- to-four-unit dwelling and, well there is more to this test at 12 CFR 1003.2(g)(1)(iv) but I think we had you at “insured.”
5. Loan-Volume Threshold. Your bank meets or exceeds either the closed-end mortgage loan or the open-end line of credit loan volume threshold in each of the two preceding calendar years. A bank that originated at least 25 closed-end mortgage loans in each of the two preceding calendar years or originated at least 200 open-end lines of credit in each of the two preceding calendar years meets or exceeds the loan-volume threshold. (If the loan or line of credit is not a closed-end mortgage loan or an open-end line of credit, it does not need to be reported.

If you barely missed any of these five criteria, you’ll want to pay attention to any revisions to them next year, such as the asset threshold or loan volume.

Small Business Lending Data Rule

Small Business Lending Data Rule. The Reg B small business data gathering rule referred to as “1071” was released and there were legal challenges affecting the rule. It is important to note that the 1071 rule was not challenged, but the CFPB was. On July 31, 2023, the U.S. District Court for the Southern District of Texas ordered the CFPB not to implement or enforce the 1071 rule. The order stays all deadlines for compliance and in subsequent cases and rulings the stay applies to all banks. The Supreme Court has to rule on the case and that is expected about mid-2024. At that point, if the CFPB is successful, it may simply redesignate the deadlines and if it is not, the 1071 rule will be implemented in some form as it is based on Section 1071 of the Dodd-Frank Act, which is not in question. Ask yourself, if the CFPB is successful and that seems likely to many but remains an unknown, how fast will you be able to react on implementation and change management?

In the BOL Lending Compliance Triage Conference in November, Kimberly Boatwright recommended five critical steps compliance officers need to take now.

1. Determine your bank’s status/tier as a covered institution.

2. Conduct a Gap Analysis to understand your products, delivery channels and lending life cycle.

3. Commercial Lending Challenges that need focus, training, and action.

4. Based on your bank’s needs, allocate a budget.

5. Raise the Board’s and senior management’s awareness of issues related to implementation of Section 1071.

When is your next compliance exam?

That is a compliance officers’ direct responsibility. What has been done to prepare for it and depending on when that is expected, more importantly, what has not been done? Start making that list if your exam is imminent. What other exams do you contribute to – Bank Secrecy Act, Safety and Soundness which may include Reg O, any fair lending or mortgage origination and servicing requirements?

The New CRA Rule

One more biggie that cannot be ignored is the new Community Reinvestment Act rule that was recently published. Most of us are beginning to digest it now as the final rule takes effect on April 1, 2024, but with staggered compliance dates of January 1, 2026, and January 1, 2027. So, it is not an immediate need to completely revamp your policy and procedures, but the changes are enormous and you must start planning now. The November Legal Briefs edition has more on the new CRA, but here are a few key elements.

• Asset thresholds for small, intermediate and large banks will increase.
• Most of the rule’s requirements will go into effect on January 1, 2026, to give you time to prepare for implementation.
• Data reporting requirements, which only apply to large banks, will become applicable starting January 1, 2027.
• The rule allows small banks to be evaluated under the existing framework or opt in to be evaluated under the new framework.
• The final rule does not include a start date for examinations pursuant to the performance tests in the amended regulation. We will have to watch as the agencies prepare for and announce this.

Don’t forget the little things

Now let’s look at the future and eliminate some of the small things for peace of mind. These are minimal tasks that need to be sorted and ensure there are no issues with compliance. It’s the little things that sometimes catch you unprepared.

Let’s talk about signage requirements. In our main branch we had a “Fed wall,” which was one area which had the federally required (and state, as applicable) notice requirements. It should be in an area that is highly visible to the public to meet the intent of the posted notice requirements. It does no good to put these on the wall behind a door that stays open or the plastic trees in the lobby which prevent viewing them. You will not get credit during an exam for posting them where they cannot be seen. If there was a remodel done and the signage was taken down for maintenance, ensure it went back up, and in the right location.

As to being unsightly, beauty is in the eye of the beholder. If you put courier font printed pages in a $2 frame and nailed it to the wall, that is what it will look like. I recommend you lay out all the applicable disclosures and buy one large frame, have a matte cut for all these in one space and then everything is accounted for in one space. As a new branch is opened, just order another of the same design. This ensures everything is easily accounted for and posted easily on the wall rather than trying to lay out several frames, especially if those frames were each different giving a hodgepodge appearance. It is also a simple task to pull the frame down, remove the backing and switch out disclosures when necessary. As a tip, there is a transparent tape and removable tape that uses the same adhesive as sticky notes. It will hold your documents to the matte securely yet provide the flexibility to switch them out without destroying the matte or other documents.

Here are suggestions and justifications for your fed wall and other required signage.

1. Community Reinvestment Act Notice: This is to be posted in each lobby with one version in your main office and another in each branch, other than off premise electronic deposit facilities, the Public Notice described in 12 CFR 345.44 (FDIC), 228.44 (FRB), 25.44 (OCC).

2. Equal Housing Lending Poster: Post in lobby of main office, all branches, and in any other areas where loans are made. Note, this is an 11”x14” poster and unlike most other requirements for signage, the size requirements are specifically stated. 12 CFR 338.4 (FDIC), 24 CFR 110.15 and 110.25 (HUD and OCC) the FRB requirements fall under the Fair Housing Act. .

In August 2022 the FDIC made changes to its version of the sign. Refer to Federal Register Vol. 87, No. 151, Page 48079 as the Fair Housing and Consumer Protection Sale of Insurance Rule are both impacted. To improve efficiency and effectiveness the FDIC consolidated the Consumer Response Center and the Deposit Insurance Section under one organization, entitled the National Center for Consumer and Depositor Assistance. Fair Housing signage and the Sales of Insurance disclosure should refer to, “…National Center for Consumer and Deposit Assistance.” The effective date of the change was August 8, 2022. The OCC has also had changes to its poster. Refer to Bulletin 2021-35, August 5, 2021.

3. Home Mortgage Disclosure Act (HMDA). General notice of availability must be posted in each home office and physical branch offices located in an MSA. 12 CFR 1003.5(e). Non-HMDA banks do not post this notice.

4. Fair Credit Reporting Act (FCRA) requires that a consumer be allowed to notify the bank of an error in their consumer report. If a notice is posted informing consumers where to direct their notice, they may not be delivered to just any employee and must be properly directed. 623(a)(1)(C) (Note, this is a recommendation, not a requirement. Not having such a notice does set the bank up for failure as virtually all staff would need awareness training on how to handle such a notice from a customer.)

Additional signage requirements while you are auditing those above.

A. Customer Information Program procedures require providing adequate notice the bank is requesting information to verify customer identities prior to opening account. May be given or posted, 31 CFR 1020.220(a)(5)

B. FDIC Deposit Insurance Notices are to be displayed at each station or window (including drop boxes, teller windows, new accounts, drive-ups) where insured deposits are normally received, excluding automated service facilities such as ATMs, night depositories and POS. These signs must be 3″X7″ in size. 12 CFR 328.2 & FDIC 93-42, 94-17.

C. Funds Availability Policy is for banks routinely delaying availability of any deposited item. Disclosure is required of several items in a conspicuous place in each location where deposits are accepted. This includes the abbreviated text on ATMs but excludes drive-ups. These disclosures are contained in our Facts About Funds Availability brochure that doubles as the posted notice. 12 CFR 229.18

D. ATM Surcharge Notice requirements apply if your bank, as an ATM owner/operator, imposes a fee to complete a transaction or inquiry. The bank must disclose on the ATM that a fee may be imposed. 12 CFR 1005.16(c).

And for employees there are several other requirements.

E. 5-in-1 Employment Poster is required to be visible to job applicants and employees, 42 USC 2000e-10(a). This poster should include five parts, and if not in a combined poster, individual signs must be posted in the manager’s office or lobby. The five laws are: Equal Employment Opportunity Act, Fair Labor Standards Act, Employee Polygraph Protection Act, Family Medical Leave Act, and OSHA’s Plain Language “It’s The Law.” Refer to 29 USC 201, 29 USC 2003, 29 CFR 825.300, and 29 CFR 1903.2(a)(3)

F. Rate Board requirements under TISA/Reg DD are that indoor signs are exempt from many advertising requirements. But if a rate is stated it will use the term “annual percentage yield” or “APY” and contain a statement advising consumers to contact an employee for further information on terms and fees. 12 CFR 1030.8(e)(2)

G. Notice of Employee Rights has two requirements; 1) Executive Order 13496 is a Notice of Employee Rights under the National Labor Relations Act, the primary law governing relations between unions and employers in the private sector. See 29 CFR Part 471. Banks need to follow this for various reasons including due to FDIC insurance, savings bond transactions, TTL accounts and government contracts. Post the notice conspicuously in offices where employees covered by the NLRA perform contract-related activity, including all places where notices to employees are customarily posted both physically and electronically. 2) Employee Rights under the NLRA See section 7 of the NLRA, 29 U.S.C. 157

Now that signage requirements are addressed, let’s ensure “annual” tasks have been completed.

Annual compliance tasks

Reg BB (CRA), Content and availability of Public File § 228.43 – Your Public Files must be updated and current as of April 1 of each year. Many banks update this continuously, but it’s good to check. You want to ensure you have all written comments from the public from the current year plus each of the two prior calendar years. These are comments relating to the bank’s efforts in meeting community credit needs (your SBA loans may play a key role here) as well as any responses to comments. You also want a copy of the last public section of the CRA Performance Evaluation. That actually is to be placed here within 30 days of receipt. Ensure you are keeping up with branch locations and especially ATMs as those may fluctuate. The regulation has more on the content of this file. It may be best to review it with an audit workpaper to use as a checklist to avoid missing any required items.

CRA Notice and Recordkeeping § 228.42, 228.44, 1003.5 – CRA data, which can include small business and small farm as well as home mortgages, are gathered based on specific reporting requirements for the Loan Application Registers (LAR). CRA and HMDA information, if applicable, must be submitted by March 1, for the prior calendar year. If you are a reporter of either LAR you should start verifying the data integrity now to avoid stressing the process at the end of February. HMDA mortgage data should be compiled quarterly so this should not be a huge issue, but a thorough scrubbing as the new year starts and submission preparation approaches is always warranted.

Pertaining to this, national banks should ensure they have reviewed and updated as needed the CRA, FHA and ECOA notices in accordance with the Aug. 5, 2021, OCC Bulletin 2021-35. This bulletin provided updated content for the appropriate names and addresses for notices required by the Community Reinvestment Act and Equal Credit Opportunity Act, and for posters under the Fair Housing Act. National banks were required to make the appropriate changes to their notices and posters within 90 days of the issuance which then had a mandatory compliance date of Nov. 3, 2021.

Reg C – HMDA Notice and Recordkeeping § 1003.4, 1003.5 – HMDA data are gathered as home mortgage loans are applied for and are compiled quarterly if your bank is a HMDA reporter. There are specific and detailed reporting requirements for the Loan Application Register (LAR) itself. The LAR must be submitted by March 1, for the prior calendar year. If you are a reporter, you should start verifying the data integrity now and this is of vital importance if you have a large volume of records to report.

Reg E § 1005.8– If your consumer customer has an account to or from which an electronic fund transfer can be made, an error resolution disclosure is required. There is a short version that you may have included with each periodic statement. If you’ve used this, you are done with this one. But if you send the longer version that is sent annually, it is time to review it for accuracy and ensure it has been sent or is scheduled to be. Electronic disclosures under E-SIGN are allowed here.

This is also a good time to review §1005.7(c) (additional electronic fund transfer services) and determine if any new services have been added and if they were disclosed as required. Think Person-to-Person transfers like Zelle, Venmo or Square.

Reg G – Annual MLO Registration § 1007.102, 1007.103 – Mortgage Loan Originators must go to the online Registry and renew their registration. This is done between November 1 and December 31. If this hasn’t been completed, don’t push it to the back burner and lose track during the holidays and then have to join a year-end rush to complete this task. This is also a good time to plan with management and Human Resources any MLO bonus plans. Reg Z Section 1026.36(d)(1)(iv)(B)(1) allows a 10 percent aggregate compensation limitation on total compensation which includes year-end bonuses. Additionally, paragraph (b) of 1007.103 requires updates that may require coordination with HR – were there name changes of an MLO or a move to another location?

Regulation O, Annual Resolution §§ 215.4, 215.8 – In order to comply with the lending restrictions and requirements of § 215.4, you must be able to identify the “insiders.” Insider means an executive officer, director, or principal shareholder, and includes any related interest of such a person. Your insiders are defined in Reg O by title unless the Board has passed a resolution excluding certain persons. You are encouraged to check your list of who is an insider, verify that against your existing loans, and ensure there is a notification method to keep this list updated throughout the year.

Reg P § 1016.5 –There are exceptions allowing banks which meet certain conditions to forgo sending annual privacy notices to customers. The exception is generally based on two questions; does your bank share nonpublic personal information in any way that requires an opt-in under Reg P, and have you changed your policies and practices for sharing nonpublic personal information from the policies and procedures you routinely provide to new customers? Not every bank will qualify for the exception, however. John Burnett wrote about the privacy notice conundrum in the July 2017 Legal Briefs. That article has more details on this.

When your customer’s account was initially opened, you had to accurately describe your privacy policies and practices in a clear and conspicuous manner. If you don’t qualify for the exception described above, you must repeat that disclosure annually as well. Ensure that your practices have not changed and that the form you are sending accurately describes your practices.

For Reg P and the Privacy rules, annually means at least once in any period of 12 consecutive months during which that relationship exists. You may define the 12-consecutive-month period, but you must apply it to the customer on a consistent basis, so this is not necessarily a December or January issue, but it could be. And each customer does not have their own “annual date.” If a consumer opens a new account with you in February, you provide the initial privacy notice then. That is year one. You can provide the annual privacy notice for year two at any time, up until December 31 of the second year.

It is important to note that unlike most other regulatory requirements, Reg P doesn’t require E-SIGN compliance for your web-based disclosures. You can use e-disclosures on your bank web site when the customer uses the web site to access financial products and services electronically and agrees to receive notices at the web site, and you post your current privacy notice continuously in a clear and conspicuous manner on the web site. So, the demonstrable consent requirements and others in E-SIGN’s 15 USC Sect. 7001(c) do not apply, but there must still be acceptance to receive them on the web. Alternatively, if the customer has requested that you refrain from sending any information regarding the customer relationship and your current privacy notice remains available to the customer upon request this method is acceptable.

Fair Credit Reporting Act – FACTA Red Flags Report – Section VI (b) (12 CFR 334.90) of the Guidelines (contained in Appendix J) require a report at least annually on your Red Flags Program. This can be reported to either the Board, an appropriate committee of the Board, or a designated employee at the senior management level.

This report should contain information related to your bank’s program, including the effectiveness of the policies and procedures you have addressing the risk of identity theft in connection with the opening of covered accounts and with respect to existing covered accounts, as well as service provider arrangements, specifics surrounding and significant incidents involving identity theft plus management’s response to these and any recommendations for material changes to the bank’s program. Times change, customers’ habits change, and importantly criminals change and each may require tweaks to the bank’s program.

Reg V, Fair Credit Reporting Act – Affiliate Marketing Opt-Out § 1022.27(c) – Affiliate marketing rules in Reg V place disclosure restrictions and opt out requirements on you. Each opt-out renewal must be effective for a period of at least five years. If this procedure is one your bank is using, you must know if there are there any expiration dates for the opt-outs and whether those consumers have been given an opportunity to renew their opt-out.

RESPA Reg X, Annual Escrow Statements § 1024.17 – For each escrow account you have, you must provide the borrower(s) an annual escrow account statement. This statement must be done within 30 days of the completion of the escrow account computation year. This need not be based on a calendar year. You must also provide them with the previous year’s projection or the initial escrow account statement, so they can review any differences. If your analysis indicates there is a surplus, then within 30 days from the date of the analysis you must refund it to the borrower if the amount is greater than or equal to $50. If the surplus is less than that amount, the refund can be paid to the borrower, or credited against next year’s escrow payments.

Reg Z Thresholds and Updates § 1026.3(b)– These changes are effective January 1, 2024. You should ensure they are available to staff or correctly hard coded in your systems. The exemption for Reg Z disclosures will increase from $66,400 to $69,500, meaning consumer loans over that amount (except for loans secured by real or personal property expected to be used as the consumer’s principal dwelling or a private education loan) will be exempt.

BSA Annual Certifications – Your bank is permitted to rely on another financial institution to perform some or all the elements of your CIP under certain conditions. The other financial institution must certify annually to your bank that it has implemented its AML program. Also, banks must report all blockings to OFAC within ten days of the event and annually by September 30, concerning those assets blocked.

Information Security Program part of GLBA – Your bank must report to the board or an appropriate committee at least annually. The report should describe the overall status of the information security program and the bank’s compliance with regulatory guidelines. The reports should discuss material matters related to the program, addressing issues such as: risk assessment; risk management and control decisions; service provider arrangements; results of testing; security breaches or violations and management’s responses; and recommendations for changes in the information security program.

Security, Annual Report to the Board of Directors § 208.61 – The Bank Protection Act requires that your bank’s Security Officer report at least annually to the board of directors on the effectiveness of the security program. The substance of the report must be reflected in the minutes of the meeting. The regulations don’t specify if the report must be in writing, who must deliver it, or what information should be in the report. It is recommended that your report span three years and include last year’s historical data, this year’s current data and projections for the next year.

Similar to the Compliance Officer reporting to the board, this may include a personal presentation, or it may not. I recommend that it is because this is an opportunity to express what is being done to control security events from the recent past as well as foreseeable events and why these are important issues. These facts can assist Security in getting the budget and assets necessary for the coming year. There is no prescribed period during which the report must be made other than “annually” and this may be based off the timing of the prior report, give or take a month. Annual presentations such as this are better done when the directors can focus more on the message, so try to avoid quarter ends, and especially the fourth quarter. This is not a “how-to” on the annual security report, but you can find more on the topic, free, on the BankersOnline Tools by searching on “annual security program.”

Training – An actual requirement for training to be conducted annually is rare, but annual training has become the industry standard and may even be stated in your policies. There are six areas that require training (this doesn’t mean you don’t need other training, just that these regulations have stated requirements).

– BSA (31 CFR §1020.210(b)(4), and 12 CFR §208.63(c)(4) Provide training for appropriate personnel.
– Bank Protection Act (12 CFR §21.3(a)(3) and §208.61(c)(1)(iii)) Provide initial and periodic training
– Reg CC (12 CFR §229.19(f)) – Provide each employee who performs duties subject to the requirements of this subpart with a statement of the procedures applicable to that employee.
– Customer Information Security found at III(C)(2) (Pursuant to the Interagency Guidelines for Safeguarding Customer Information), training is required. Many banks allow for turnover and train as needed, imposing their own requirements on frequency.)
– FCRA Red Flag (12 CFR 222.90(e)(3)) Train staff, as necessary, to effectively implement the Program;)
– Overdraft protection programs your bank offers. Employees must be able to explain the programs’ features, costs, and terms, and to explain other available overdraft products offered by your institution and how to qualify for them. This is one of the “best practices” listed in the Joint Guidance on Overdraft Protection Programs issued by the OCC, Fed, FDIC and NCUA in February 2005 (70 FR 9127, 2/24/2005), and reinforced by the FDIC in its FIL 81-2010 in November 2010.

MISCELLANY – Some miscellaneous items you may address internally in policies and procedures include preparation for IRS year-end reporting, vendor due diligence requirements including insurance issues and renewals, documenting ORE appraisals and sales attempts, risk management reviews, following records retention requirements and destruction of expired records, and a designation by the bank’s board of the next year’s holidays.

And finally, has there been a review of those staffers who have not yet taken five consecutive vacation or “away time” days per Oklahoma Administrative Code 85:10-5-3 “Minimum control elements for bank internal control program”?

November 2023 OBA Legal Briefs

  • Loans, ECOA, and Noncitizen Discrimination
  • New CRA Final Rule Released

Loans, ECOA, and Noncitizen Discrimination

By Andy Zavoina

To me, this is one of those statements that says it is a warning shot and you need to know where the bullet may drop. This is your opportunity to evaluate the situation and step to the side to avoid injury, if necessary. On October 18, 2023, the Consumer Financial Protection Bureau (CFPB) and the Department of Justice (DOJ) published a joint statement in the Federal Register (https://www.federalregister.gov/d/2023-22968), “to assist creditors and borrowers in understanding the potential civil rights implications of a creditor’s consideration of an individual’s immigration status under the Equal Credit Opportunity Act (ECOA)”. The DOJ enforces civil rights violations as well as fair lending, so its involvement identifies the purpose of the statement.

First, let’s review what the joint statement says. It clearly states that lenders need to understand, “the potential civil rights implications of a creditor’s consideration of an individual’s immigration status under ECOA. ECOA does not expressly prohibit consideration of immigration status…,” and then it gets to the intent of the statement, “creditors should be aware that unnecessary or overbroad reliance on immigration status in the credit decisioning process, including when that reliance is based on bias, may run afoul of ECOA’s antidiscrimination provisions and could also violate other laws.”

I have taught Reg B, which implements ECOA, for many years. In subsection 1002.5(e) it states, “A creditor may inquire about the permanent residency and immigration status of an applicant or any other person in connection with a credit transaction.” That is under the section titled, “Rules concerning requests for information.” When I teach, I mention this section as being a nondiscriminatory way to ascertain residency status as it pertains to future collection of a debt. This should have nothing to do with color, race, religion or any other protected basis that cannot be used in making a loan decision. The intent of the question is, would this person be subject to, or scheduled to move out of the country during the term of the loan, and where might your collateral be at that time? When a person has few ties to where they live, it is easier for them to move and harder for you to contact them when necessary. I can tell you from experience that repossessing collateral internationally is much harder, and you are at the mercy of others when it comes to the bill and a sale.

As an example, person A arrived in your area a few months ago from South America. She is an executive at a large company that is a particularly good customer of the bank. She wants to buy a new car and finance it for sixty months. If your applicant has a B-1 visa and applies for this loan, be aware that the typical stay is usually six months for work, with a possible extension for another six months. What will happen to this new car in just a few months? What if the extension being requested is not approved? These are valid concerns.

On the other hand, if the lender reviews an application from the same person but for a short term loan that will be repaid prior to the visa’s expiration, and interviews the person, but still does not like the fact that English is a second language, communication is difficult at best, and the applicant is not a U.S. citizen, and denies the request for those reasons, that could be the Reg B issue this joint statement is concerned with. This is an obviously made-up scenario, but the point is, you may consider the immigration status but be cautious if it is a key reason for the denial. Lenders are still concerned with credit risk based on capacity, character, capital, collateral and conditions. Quoting from the joint statement, “Creditors should therefore be aware that if their consideration of immigration status is not ‘necessary to ascertain the creditor’s rights and remedies regarding repayment,’ and it results in discrimination on a prohibited basis, it violates ECOA and Regulation B.” At the end of the day, does the lender predict the loan would perform and pay as agreed or not? Is it a collateral rights or access issue? These are questions for the bank. A lender’s bias should not influence the credit decision of the bank as it is the bank making the loan. That is the heart of the joint statement as I read it.

Reg B tells us “…a creditor may consider any information obtained, so long as the information is not used to discriminate against an applicant on a prohibited basis.” If immigration status is a proxy for race, religion, national origin, color, or any prohibited basis, that would be a violation. As the joint statement explains it, “Regulation B notably provides that a ‘creditor may consider [an] applicant’s immigration status or status as a permanent resident of the United States, and any additional information that may be necessary to ascertain the creditor’s rights and remedies regarding repayment.’ 12 C.F.R. § 1002.6(b)(7). Regulation B does not, however, provide a safe harbor for all consideration of immigration status.” And this is where I would like to remind readers that, as noted above, it is the bank taking action here through a lender, and it is the bank’s responsibility to ensure compliance.
Considering the above, we may also introduce Bank Secrecy Act prohibitions here. Like the issues above, this may be a training issue that lenders should be reminded of. In section II of the joint statement we find, “As a general matter, creditors should evaluate whether their reliance on immigration status, citizenship status, or “alienage” (i.e., an individual’s status as a non-citizen) is necessary or unnecessary to ascertain their rights or remedies regarding repayment. To the extent that a creditor is relying on immigration status for a reason other than determining its rights or remedies for repayment, and the creditor cannot show that such reliance is necessary to meet other binding legal obligations, such as restrictions on dealings with citizens of particular countries, 12 C.F.R. pt. 1002, Supp I. ¶ 2(z)-2, the creditor may risk engaging in unlawful discrimination, including on the basis of race or national origin, in violation of ECOA and Regulation B.” What does comment 2(z)-2 address? It addresses National Origin. “A creditor may not refuse to grant credit because an applicant comes from a particular country but may take the applicant’s immigration status into account. A creditor may also take into account any applicable law, regulation, or executive order restricting dealings with citizens (or the government) of a particular country or imposing limitations regarding credit extended for their use.”

Going forward, banks should consider training in-person or at the least by memorandum or computer-based training reminding lenders of these issues. No bank or lender should look to automatically decline loan applications from certain groups of noncitizens regardless of the credit qualifications because of the citizenship unless there is a legal prohibition preventing working with them. To carry this to the next level of fair banking, the same rules should apply to deposit and service relationships. Denying a loan, deposit or service to someone solely because they do not have a Social Security account number is too broad a reach based on that one criterion. The absence of an SSAN should not be a proxy for non-citizenship which ignores other credit qualifications and causes an automatic denial. Treating this group of applicants differently would also be a Reg B violation. For example, that could include requiring all non-SSAN applicants to apply in person. When such a requirement is applied to a group and is predicated on a prohibited basis, it would be a discriminatory act.

It was recently noted that rules are changing to allow more people to be paired testers who enter a bank and apply for loans. The paired testers involve one applicant who has characteristics of a prohibited basis and another who does not, but the underlying credit qualifications for both are similar. An example would be a white couple applying for a joint loan and a Black couple asking for the same product and terms. The object is to detect if they are treated differently. I recall one evaluation from paired testers which criticized the lender because the majority testers were offered soft drinks, and the minority testers were not. The evaluations drill way down of what is considered being “treated similarly.” In addition to this training, the bank should ensure there are no conflicts in any policies and procedures. It should be an accepted fact that examiners will be scrutinizing this issue in your next compliance or fair lending exam. All banks would be wise to review the issues in advance of that.

I must be clear that I am not a lawyer, and this is not legal guidance. The joint statement gets its points across, but it offers advice that you can consider immigration status but cannot consider it completely or in a broad, overreaching manner. There is subjectivity in the terms used, but with what I read between the lines, the objective is as I stated above, make loans to those qualified, do not exclude a qualified borrower because they are a non-citizen, and lend in a safe and sound manner to comply with ECOA and civil rights.

Other Fair Lending Concerns

If your bank considers implementing a review and training on this fair lending and civil rights issue, you might as well get the most bang for your training buck and consider adding some “lessons learned” from mid-year CFPB release of its “2022 Fair Lending Annual Report to Congress” found here, https://www.consumerfinance.gov/about-us/blog/the-cfpbs-2022-fair-lending-annual-report-to-congress/ .
It shows how the CFPB set its sights on redlining and appraisal discrimination in the prior year, and we can rest assured it did not end there. Since that report was filed, an Oklahoma bank settled a redlining case for $1.15 million for failing to provide mortgages in all areas for a four-year period from 2017 through 2021. That case originated as a referral from the FDIC to the DOJ, which has the authority to handle fair lending cases. The bank allegedly engaged in a pattern or practice of lending discrimination by redlining historically Black neighborhoods in the Tulsa MSA. In part, the proposed consent order calls for the bank to:

1) Invest at least $950,000 in a loan subsidy fund to increase credit for home mortgage loans and lines of credit for consumers applying in majority-Black and Hispanic census tracts in the Tulsa MSA;
2) Spend at least $100,000 in advertising, community outreach, and consumer financial education programs and credit counseling in the Tulsa MSA;
3) Spend at least $100,000 in developing partnerships with one or more community-based or governmental organizations that provide the residents of majority-Black and Hispanic census tracts in the Tulsa MSA with services related to credit, financial education, homeownership, and foreclosure prevention;
4) Establish a community-oriented loan production office in a majority-Black and Hispanic census tract in the Tulsa MSA;
5) Assign at least two full-time loan officers to solicit mortgage applications primarily in majority-Black and Hispanic census tracts in the Tulsa MSA;
6) Employ a full-time director of community lending to oversee the continued development of lending.

Another recent redlining case occurring after the 2022 report involves a $9 million settlement agreement with a Rhode Island bank that allegedly failed to provide mortgage lending services in majority-Black and Hispanic neighborhoods in Rhode Island between 2016 and 2022. This case had its settlement agreement released at the end of September 2023. In this case the DOJ announced the bank would, among other things:

1) Invest at least $7 million in a loan subsidy fund for majority-Black and Hispanic neighborhoods in Rhode Island to increase access to credit for home mortgage, improvement, and refinance loans, and home equity loans and lines of credit;
2) Invest $1 million towards outreach, advertising, consumer financial education, and credit counseling initiatives;
3) Invest $1 million in developing community partnerships to expand access to residential mortgage credit for Black and Hispanic consumers;
4) Establish two new branches, ensure at least two mortgage loan officers, and employ a “Director of Community Lending” in majority-Black and Hispanic neighborhoods in Rhode Island;
5) Conduct a community credit needs assessment; and
6) Produce a fair lending status report and compliance plan and conduct fair lending training.

Back to the 2022 Fair Lending Annual Report— For those interested in getting up to date on enforcement actions, it recaps 2022’s enforcement actions related to fair lending, including an action against Trident Mortgage Company for alleged unlawful discrimination on the basis of race, color or national origin.
The CFPB also referred five fair lending cases to the DOJ which included four related to redlining and one related to discriminatory underwriting.
I have written previously here on appraisal discrimination and reconsideration of value complaints so I will not go over that again. While there are still hearings being held, the most recent on November 1, 2023, you can find more in our June and July 2023 Legal Briefs.

New CRA Final Rule Released

By Andy Zavoina

The modernized Community Reinvestment Act (CRA) final rule was released on October 24, 2023. It is a joint release by the FDIC, OCC and FRB. You’ll find it here if you haven’t already downloaded a copy to work from: https://www.federalreserve.gov/aboutthefed/boardmeetings/files/frn-cra-20231024.pdf . It is nearly 1,500 pages, so plan to break it into chunks. This is marked as a draft, but it’s the final form we have to start with.

Here are some quick facts for an overview:

Under the final rule, banks are classified as either a:
1) large bank – those with assets of at least $2 billion as of December 31 in both of the prior two calendar years
2) intermediate bank – those with assets of at least $600 million as of December 31 in both of the prior two calendar years and less than $2 billion as of December 31 in either of the prior two calendar years
3) small bank – those with assets of less than $600 million as of December 31 in either of the prior two calendar years
4) limited purpose bank – a bank that is not in the business of extending certain loans, except on an incidental and accommodation basis, and for which a designation as a limited purpose bank is in effect.

These asset-size thresholds will be adjusted annually for inflation.

In general, the rule is effective April 1, 2024. But to understand the complexity of what is effective when, you must dissect a copy of the rule as certain amendments are effective based on conditions such as the legal cases surrounding the Small Business Loan Reporting requirements. The agencies will publish an announcement of an effective date for those delayed amendments. One group of selected sections of the common rule text adopted by the agencies will be applicable on January 1, 2026; while another group of sections implementing reporting requirements will be applicable January 1, 2027, with data reporting each April 1, beginning in 2027.

The CRA was implemented originally to help low- and moderate-income borrowers receive loans. The old saying that banks would only loan money to those who didn’t need it was not completely inaccurate. The spirit and intent of the law was to ensure that banks were making loans to customers in their market area from which deposits were being received. So, the bank would loan to its community that was supporting it with deposits to lend.

The 1977 law was not meant to work in today’s economy, as much has changed and the CRA needed to be updated. This was a huge project that needed coordination and adoption by each of the regulatory agencies. Banks needed a unified CRA so that they are similarly graded, and the same rules apply across the board. That is the attempt with the modernization of the CRA. While there is unification, each agency will still publish its own set of rules as each has its own section of the laws. Banks regulated by the:

– Office of the Comptroller of the Currency will follow 12 CFR 25 (national banks) and 12 CFR 195 (federal savings associations)
– Board of Governors of the Federal Reserve System will follow 12 CFR 228
– Federal Deposit Insurance Corporation will follow 12 CFR 345.

The massive re-write to modernize the CRA will require extensive preparation on the part of each bank. You will need to prepare for these finalized requirements as they will go into effect in stages beginning on April 1, 2024, and continuing on January 1, 2026, and January 1, 2027. One or more persons in the bank will have to digest the CRA and “chunk it out” as different deliverables will have to be decided on for each bank and the complexity of those deliverables will depend on your bank’s market, niche, strategic goals going forward, and capabilities, all compounded by the court’s actions on the 1071 rule. It is important to note that the legal cases may involve 1071 and payday lending, but they challenge more the constitutionality of the CFPB, and its method of funding designed by Congress. The Senate has had bills submitted as to 1071 revisions but there may be no consensus in the House to facilitate change. At the center legal actions are going against the cause, the CFPB, not necessarily the rules themselves. The 1071 rule for small business data gathering was brought about by the Dodd-Frank Act, another law. The CFPB was slow to enact these requirements and was taken to court in California because of it. That law is not really in question at this time so there is little reason to believe that if the CFPB were to be criticized, that the work it has done would be reversed. It is quite possible that, like the challenges which were decided by the Supreme Court on the ability to appoint a new director at the CFPB as decided on by the current President, the court agreed and said just that would be changed, now go back to work. SCOTUS could rule that funding needs to be done by Congress annually, and now go back to work. In that case the CFPB could say everything stands as planned. Some extensions might be allowed based on the delay due to the wheels of justice moving slowly, but banks may not even get an extension equal to that gap. I encourage banks to prepare now for 1071 and not to expect the rule to change. That creates a domino effect with the Reg B 1071 rule and the new CRA rule. Start looking at the CRA as though the 1071 rule will be implemented as planned, however those rules affect your bank.

Here are five key issues in the new CRA.

1) Asset thresholds for small, intermediate and large banks will change and increase.
2) Most of the rule’s requirements will go into effect on January 1, 2026, to give you time for implementation and change management procedures.
3) Data reporting requirements will begin as of January 1, 2027, and will only apply to large banks.
4) The rule allows small banks to be evaluated under the existing criteria or opt in to be evaluated under the new criteria.
5) The final rule does not include a start date for examinations pursuant to the new performance tests so that is a wait-and-see issue.

I’ve mentioned the new thresholds above in the initial recap, but here they are with some additional explanation. These go into effect January 1, 2026.

Small banks will be those with total assets of less than $600 million. This is an increase from $376 million under the current CRA. The regulatory agencies estimate that this increase will shift approximately 778 banks from intermediate to small status.

Intermediate banks will be those with total assets of at least $600 million, but less than $2 billion. This is an increase from a range of $376 million to $1.503 billion under the current CRA. It is estimated that this increase will shift approximately 216 banks from large to intermediate status.

Large banks will be those with total assets of $2 billion or more. This is an increase from $1.503 billion under the current rule. There will be additional requirements for large banks with total assets of $10 billion or more. Those items are not carved out into a separate “very large” bank category, however.

Like the current CRA, the minimum asset threshold for an intermediate or large bank must be met for two consecutive calendar year-ends to reach the intermediate or large status. The threshold amounts will be adjusted annually for inflation. The new CRA includes a definition for limited purpose banks that includes those banks that are considered a limited purpose or wholesale bank under the current regulation, but it does not use those terms.

There is a definition of “military bank” which now means a bank whose business predominantly consists of serving the needs of military personnel who serve or have served in the U.S. armed forces or their dependents. There is an exception for assessment areas carved out for these military banks. Because the customer base is literally all over the world these banks may delineate its entire deposit customer base as its assessment area.

Excluding the military banking exception, the new CRA includes two types of assessment areas — facility-based assessment areas and retail lending assessment areas.

Facility-based assessment areas will be similar to current assessment areas except for the requirement that they include entire counties. An exception to the entire-county requirement exists for small and intermediate banks so long as the assessment area consists of contiguous whole census tracts. This section of the regulation is effective April 1, 2024, but the new definition of small and intermediate banks does not become effective until January 1, 2026. This may cause confusion, but a conservative compliance approach would be for banks that meet the current definition of a small or intermediate bank to have a facility-based assessment area that does not consist of entire counties. Otherwise keep them whole for now and assess if there is good reason to divide them.

Retail lending assessment areas will be applicable to large banks, and these are not effective until January 1, 2026. Retail lending assessment areas must be established when less than 80% of retail lending occurs within facility-based assessment areas. Retail lending assessment areas will then need to be designated in any nonmetropolitan area of a state or MSA where at least 150 closed-end home mortgage loans or 400 small business loans were originated or purchased during each of the prior two calendar years.

Small banks will have the easiest road to implementation. Small banks can opt-in to the new Retail Lending Test or continue to be evaluated under the current Small Bank Lending Test.

As to evaluations, the Retail Lending Test will be optional for small banks. Intermediate and large banks may be evaluated with this test when it becomes effective January 1, 2026. The agencies have not yet indicated when evaluations under the new CRA will begin. I’m sure it has not been a priority given the time gap and that they, too, need to grasp all the nuances of the new rule.

Under the current rule, which products will be evaluated may depend on borrower profiles and geographic distribution of loans. Now there will be Retail Lending Volume Screens and Major Product Line Standards which will provide the metrics. The loan types, such as home mortgages, multifamily, small business, small farm, and automobile loans, which will be evaluated can vary by assessment area and by Outside Retail Lending Areas. These are areas nationwide where the bank originated or purchased loans in a product line that is being evaluated outside any of its facility-based or retail lending assessment areas. Modernization, remember. This is not foreign to military banks as their effective lending areas exceeded local geographies. The bank’s lending performance will be evaluated in outside retail lending areas for large banks and in certain circumstances for intermediate and small banks.

Intermediate and small banks will be evaluated when more than 50% of certain loans have been originated or purchased outside of their assessment areas during the prior two calendar years or, if desired at your bank’s option.

As is the case under the current CRA, intermediate banks will be subject to two tests, and each contributes one-half to the total rating. The Retail Lending Test replaces the current lending test. Banks will have the option to be evaluated under the current Community Development test for intermediate banks for community development loans and services, along with qualified investments or a new Community Development Financing Test.

This new test evaluates your bank’s dollar volumes for community development loans and investments. This is compared to your deposit base and uses a new Impact and Responsiveness Review.

Community development activities have long been an area of subjectivity and there are changes effective January 1, 2026, to these.

You will now have eleven qualification criteria to determine if a loan, investment or service is a valid community development activity. You may also be eligible to receive full or partial credit. You will consider affordable housing, revitalization, and stabilization as well as economic development. There will also be considerations for community support services and new possibilities such as essential community facilities and infrastructure, disaster preparedness and weather resiliency as examples.

The Impact and Responsiveness of community development activities will be evaluated using a list of about twelve factors including:

– the benefit to counties with persistent poverty or census tracts with a poverty rate of 40 percent or more;
– support for minority depository institutions, women’s depository institutions, low-income credit unions or certified community development financial institutions;
– support of businesses or farms with gross annual revenues of $250,000 or less;
– whether it benefits or serves residents of Native Land Areas or benefits projects financed with low-income housing tax credit or new markets tax credit.

You will now be able to receive credit for community development activities anywhere in the country.

Large banks will now be evaluated under four tests. The Retail Lending Test and the Community Development Financing Test will each contribute 40%. The Retail Services and Products Test and the Community Development Services Test will each contribute 10%.

The Retail Services and Products Test will evaluate the bank’s credit and deposit products and programs along with the responsiveness of these programs to the needs of LMI communities. It will also assess your delivery methods, including digital, as well as the availability of branch and remote service facilities.

Deposit products will be evaluated based on availability and usage and only receive positive consideration for those larger banks with more than $10 billion in total assets or at the bank’s option for those with assets of $10 billion or less.

September 2023 OBA Legal Briefs

OK Legislation 2023

By Pauli D. Loeffler

Oklahoma Uniform Consumer Credit Code Title 14A

Sec. 1-106 of the Oklahoma Uniform Consumer Credit Code  in Title 14A (the “U3C”) is the section that determines when and how much dollar limits under Title 14A are subject to change. These changes are based on increases in the Consumer Price Index for Urban Wage Earners and Clerical Workers compiled by the Bureau of Labor Statistics, U.S. Department of Labor.

Legislation enacted in the last session modified Subsection (4)(a) of § 1-106 removing the 3% increase cap on increased amounts. The amendment became effective April 23, 2023, and is part of the notification by the Oklahoma Department of Consumer Credit of changes in dollar amounts effective July 1, 2023. I covered these changes in the June 2023 OBA Legal Briefs. The OK DOCC notice can be accessed here.   It is also accessible on the OBA’s Legal Links page under Resources. In order to gain access to the Legal Briefs online archive and the Legal Links, you will need to create an account through the My OBA Member Portal if you have not done so already.

  • 3-508A Loans

This section of the “U3C” sets the maximum annual percentage rate for certain loans. It provides three tiers with different rates based on unpaid principal balances that may be “blended.” It also has an alternative maximum rate that may be used rather than blending the rates. Effective for loans consummated on or after November 1, 2023, § 3-508A is amended to read:

(2) The loan finance charge, calculated according to the actuarial method, may not exceed the equivalent of the greater of either of the following:

(a) the total of:

(i) thirty-two percent (32%) plus the federal funds rate per year on that part of the unpaid balances of the principal which is Seven Thousand Dollars ($7,000.00) or less;

(ii) twenty-three percent (23%) plus the federal funds rate per year on that part of the unpaid balances of the principal which is more than Seven Thousand Dollars ($7,000.00) but does not exceed Eleven Thousand Dollars ($11,000.00); and

(iii) twenty percent (20%) plus the federal funds rate per year on that part of the unpaid balances of the principal which is more than Eleven Thousand Dollars ($11,000.00); or

(b) twenty-five percent (25%) plus the federal funds rate per year on the unpaid balances of the principal…

(7) As used in this section, the “federal funds rate” means the rate published by the Board of Governors of the Federal Reserve System in its statistical release H.15 Selected Interest Rates [Click HERE] and in effect as of the first day of each month immediately preceding the month during which the loan is consummated.

Title 60 O.S. § 121 – Alien ownership of Oklahoma real estate

I covered loans to non-U.S. citizens in the January 2016 OBA Legal Briefs. Effective November 1, 2023, § 121 is amended as follows:

  1. No alien or any person who is not a citizen of the United States shall acquire title to or own land in this state either directly or indirectly through a business entity or trust, except as hereinafter provided, but he or she shall have and enjoy in this state such rights as to personal property as are, or shall be accorded a citizen of the United States under the laws of the nation to which such alien belongs, or by the treaties of such nation with the United States, except as the same may be affected by the provisions of Section 121et seq. of this title or the Constitution of this state. Provided, however, the requirements of this subsection shall not apply to a business entity that is engaged in regulated interstate commerce in accordance with federal law.
  2. On or after the effective date of this act, any deed recorded with a county clerk shall include as an exhibit to the deed an affidavit executed by the person or entity coming into title attesting that the person, business entity, or trust is obtaining the land in compliance with the requirements of this section and that no funding source is being used in the sale or transfer in violation of this section or any other state or federal law. A county clerk shall not accept and record any deed without an affidavit as required by this section. The Attorney General shall promulgate a separate affidavit form for individuals and for business entities or trusts to comply with the requirements of this section, with the exception of those deeds which the Attorney General deems necessary when promulgating the affidavit form.

The affidavit is only required for deeds transferring ownership of real estate on or after the November 1, 2023, effective date. It does not apply to deeds filed of record prior to that date nor does it apply to leases or personal property. If the bank is making a purchase money loan for real estate on or after the effective date, it will require that the affidavit be executed by the purchaser and recorded with deed. (Updated November 1, 2023)

I reached out to the Oklahoma Attorney General’s office regarding the affidavit. Drafts of the affidavit are currently being circulated. They anticipate the affidavit form will be finalized shortly and will be available to view next month. Expect an update with the link to the affidavit in a future article.

Title 12 – Garnishment Forms

Effective November 1, 2023, the Oklahoma garnishment forms, i.e., affidavits, pre- and post- judgment garnishment summonses, garnishee’s answer, etc., will be under the purview of the Oklahoma Bar Association rather than the Administrative Office of the Courts. Inasmuch as the garnishment statutes themselves did not have any substantive changes, there should be no changes in the forms themselves.

I worked with the Administrative Office of the Courts in amending the forms in 2011 when the Garnishment of Accounts Containing Federal Benefits rule became effective. I was also involved in changes to the garnishment summonses with regard to the amount and time of payment of the garnishment fee when a federally regulated financial institution is the garnishee as provided under § 1190 of Title 12 in regard to legislation effective November 1, 2016, and November 1, 2022. I have reached out to the Oklahoma Bar Association to find out who specifically is in charge of the forms.

Title 43A O.S. § Section 10-111.1 – Vulnerable Adult Abuse, Neglect and Exploitation Report

Elder financial exploitation has been the topic of three OBA Legal Briefs articles: July 2006, June 2007, and July 2008. These are available to read online on the OBA website.

  • 10-111.1 was added to the Oklahoma statutes in 2018. The statute as amended requires the Office of the Attorney General to maintain the Vulnerable Adult Abuse, Neglect and Exploitation Report accessible to the public on the Internet in an electronic format that is easily and readily searchable to include persons found guilty by a court of law or who have entered a plea of guilty or nolo contendere (Latin for “no contest”) to a charge of abuse, neglect, or exploitation of a vulnerable adult. The Report will provide the full name of the offender, information necessary to identify the individual, information regarding the case regarding convictions and confessions made in a court of law, and the date the offender was convicted or pled guilty or no contest. The Report is required to be updated quarterly.

The Oklahoma Uniform Power of Attorney Act that became effective November 1, 2021, which is covered in the September and October 2021 OBA Legal Briefs, requires banks to accept an acknowledged Power of Attorney (signed by the principal in the presence of a notary). There are six exceptions, one of which stated in § 3020 of the Act:

The person makes, or has actual knowledge that another person has made, a report to the Adult Protective Services office stating a good-faith belief that the principal may be subject to physical or financial abuse, neglect, exploitation or abandonment by the agent or a person acting for or with the agent.”

Title 58 O.S. § 1252 – Transfer-on-death (“TOD”) deeds

Oklahoma has allowed Transfer-on-Death-deeds since November 1, 2008, (see August 2008 OBA Legal Briefs), but the statute has had a few amendments over the years. Additional changes were made this last legislative session. The amendments are effective November 1, 2023.

TOD Deeds convey any estate or interest in, over or under land, including surface, minerals, structures and fixtures. The signature, consent, or notice to a beneficiary or beneficiaries is not required prior to the owner’s death.

Subsection C. is amended and provides:

A designated grantee beneficiary may accept real estate pursuant to a transfer-on-death deed only on behalf of himself, herself, or a legal entity over which he or she has proper authority. A beneficiary shall not accept such real estate on behalf of another designated beneficiary.

Subsection D. is amended to require:

Each designated grantee beneficiary wishing to accept real estate pursuant to a transfer-on-death deed shall execute an affidavit affirming:

  1. Verification of the record owner’s death;
  2. Whether the record owner and the designated beneficiary were married at the time of the record owner’s death; and
  3. A legal description of the real estate.

Former Subsection D. is now E.:

  1. The grantee shall attach a copy of the record owner’s death certificate to the beneficiary affidavit. For a record owner’s death occurring on or after November 1, 2011, the beneficiary shall record the affidavit and related documents with the office of the county clerk where the real estate is located within nine (9) months of the grantor’s death, otherwise the interest in the property reverts to the deceased grantor’s estate; provided, however, for a record owner’s death occurring before November 1, 2011, such recording of the affidavit and related documents by the beneficiary shall not be subject to the nine-month time limitation. Notwithstanding the provisions of Section 26 of Title 16 of the Oklahoma Statutes, an affidavit properly sworn to before a notary shall be received for record and recorded by the county clerk without having been acknowledged and, when recorded, shall be effective as if it had been acknowledged.

Subsection F. is new:

  1. A beneficiary affidavit recorded pursuant to this section before November 1, 2023, in which one or more, but not all, named beneficiaries of a transfer-on-death deed explicitly accept the interests being conveyed by the deed on behalf of all or some of the beneficiaries named shall be effective to accept such interests if executed by at least one of the named beneficiaries accepting such interests.

The real estate interest conveyed by a TOD Deed taken by the beneficiary/beneficiaries is subject to the bank’s existing mortgage.

Title 42 O.S. § 91 – Personal property liens

I last covered changes to this statute in the December 2014 OBA Legal Briefs, much of which remains unchanged.

This section applies to every vehicle, all-terrain vehicle, utility vehicle, manufactured home, motorcycle, boat, outboard motor, or trailer that has a certificate of title issued by the Oklahoma Tax Commission/Service Oklahoma or by a federally recognized Indian tribe in the State of Oklahoma.

The special possessory lien provided under this section will have priority over any perfected liens (e.g., lien entries and other lien claimants), ONLY if the lien claimant strictly complies with ALL applicable provisions of § 91 with regard to submission of claim and documentation, notice and mailing requirements to owner and other lien holders with regard to the lien, as well as notice of sale. If the lien is denied, the claimant may resubmit its claim once within 15 business days of denial. One change to the existing statute is when the possessory lien claimant has been in possession of the property for at least 21 days before the Notice of Sale is to be mailed. The second change is that proceedings for foreclosure in 20 days after the lien accrued, except as provided elsewhere by Oklahoma law.

RESPA – Section 8

By Andy Zavoina

In December 1974 Public Law 93-533 was passed. That may not mean much to you initially, but Section 8 of that law is very meaningful. In short, I’m referring to Section 8 of the Real Estate Settlement Procedures Act (RESPA). I’m not sure why we commonly reference the section of the actual law instead where there is a violation instead of Reg. X where we study it and read about the restrictions, but at times it is good to go to the roots of the law and see what it says. The law and the Reg follow each other closely in this section, which is implemented in § 1024.14 of Reg. X. Briefly, it prohibits a person from giving or accepting anything of value for referrals of settlement service business related to a federally related mortgage loan. It also prohibits a person from giving or accepting any part of a charge for services that are not performed. These are also known as kickbacks, fee-splitting and unearned fees.

Penalty Overview: Violations of Section 8 are subject to criminal and civil penalties. A person who violates Section 8 may be fined up to $10,000 and imprisoned for up to one year. In a private lawsuit a person who violates Section 8 may be liable to the person charged for the settlement service an amount equal to three times the amount of the charge paid for the service.

Background: When you search on “Section 8” or “kickbacks” you will find many resources including those from real estate brokers and Realtors. I am not a Realtor but those I know have all been trained on Section 8. “Thou shall not give, nor receive” and the emphasis is on any gift that could be construed as an incentive for a mortgage referral. The law aims to punish both sides of that violation because it is intended to protect the third party in this, the consumer – the borrower in these transactions.

If Lender A pays Realtor B to send business its way, Lender A gets more business but now has more costs. Lender A has to recover these costs and that would be compensated for by higher fees charged to Borrower C. This makes the loans less affordable. That is why we have this section of law and regulation. The common issues that promote discussions on Section 8 are inadvertent violations. That is, things not truly intended to violate the rules but at face value, may.

Lender A is at lunch and sees his friend, Realtor B. They chat about the Friday night football game the whole town is excited about and about business. If Realtor B mentions, “hey, I have a prospect you may be interested in. They just moved to this area, and I found them a great house. Qualifying for a new mortgage is hard, though, because of his new job.” Lender A is always looking for mortgage production and a new depositor prospect is icing on the cake. Lender A picks up the lunch tab. Is that a kickback, a Section 8 violation?

At other times, the violations appear concrete and completely justified. Let’s examine the August 17, 2023, Consent Order between the Consumer Financial Protection Bureau (CFPB) and Freedom Mortgage Corporation, (Freedom), File No. 2023-CFPB-0008. This is a case of both giving and receiving so we will include an examination of a separate Consent Order (File No. 2023-CFPB-0009) against Realty Connect USA Long Island, Inc. (Realty Connect) issued on the same day.

Section 8 violations do not appear to be common as this was the first for the CFPB since 2017, but it was egregious, as you will see. The CFPB is not the only agency looking at RESPA rules and compliance with them, however. The Federal Deposit Insurance Corporation (FDIC) published its Consumer Compliance Supervisory Highlights, in March 2023. It stated, “In 2022, the FDIC identified RESPA Section 8(a) violations where a bank contracted with third parties that took steps to identify and contact consumers in order to directly steer and affirmatively influence the consumer’s selection of the bank as the settlement service provider. In some cases, this process involved the third party calling identified consumers and directly connecting and introducing them to a specific mortgage representative on the phone. This process is often referred to as a “warm transfer.” In other cases, the process involved operation of a digital platform that purported to rank lender options based on neutral criteria but where the participating lenders merely rotated in the top spot. Although each case is fact specific, indicators of risk in these arrangements include a third party that does one or more of the following activities:

  • Initiates calls directly to consumers to steer them to a particular lender;
  • Offers consumers only one lender o will only transfer the consumer to one lender;
  • Describes the lender in non-neutral terms such as preferred, skilled, or possessing specialized expertise;
  • Receives payment from the lender only if a “warm transfer” occurs; or
  • On a consumer-facing digital platform that purports to rank settlement service providers based on objective factors, includes providers that pay to take turns appearing in the top spot in a round-robin format.

Payment for activities that go beyond the simple provision of a “lead” may be improper payment for referrals when the activity affirmatively influences the consumer towards the selection of a particular lender. The warm transfers were of particular interest in the report.

Consent Orders: Let’s review the specific compliance issues in the two consent orders, but first an attention getter – the Consent Orders provide for civil money penalties of $1.75 million against Freedom and $200,000 against Realty Connect, along with other compliance obligations. While each party has its own obligations to adhere to RESPA and Reg. X, one is not doing the other any favors with enticements that lead to long term and expensive problems such as these enforcement actions.

The period during which these actions took place began in January 2017 and essentially extends to August 2022. The focus was on Freedom’s “Traditional Retail Unit,” which was part of Freedom until about August 2021, and then these activities were conducted through a former subsidiary, RoundPoint Mortgage Servicing, Inc. The traditional retail unit was one in which loan officers went directly to real estate brokers and agents to obtain new loans.

Issue One: Freedom paid for subscription services and gave real estate agents and brokers (collectively “brokers”) free access. These were professional publications which offered useful information to the brokers concerning property reports, comparable sales, and foreclosure data in their markets. For RESPA this was a “thing of value,” as the retail cost would be $300 per month for this service. While the Realty Connect Consent Order states more than 100 of its brokers accepted this service, (Freedom’s cost based on a retail subscription would be $30,000 per month) the Freedom Consent Order indicates over 2,000 brokers accepted subscriptions. (Perhaps that was different brokers over a period of time and perhaps Freedom had a multi-user license at a lower cost. Still, a “thing of value” is based on the retail value.)

Issue Two: Freedom sometimes required brokers to be paired up specifically with an individual in the Traditional Retail Unit and this also influenced that broker’s access to the valuable subscription service. These brokers made more than 1,000 mortgage referrals and it was a quid pro quo arrangement, according to the Freedom Consent Order. Realty Connect’s Consent Order indicated more than 400 referrals were made during the period reviewed which affirms there were issues with other brokers as well.

Issue Three: From at least July 2017 through 2022, Freedom hosted and subsidized events for certain real estate brokers and agents. This included food, beverages, alcohol and entertainment. Freedom also gave away free tickets to sporting events, charity galas and other events that would each have had a cost had the brokers paid their own way. Some of these events cost Freedom thousands of dollars and more. One event paid for by Freedom and held at a restaurant and bar cost them more than $6,300 as it included rented sports simulators. There were fifty brokers there because they referred the most mortgage loans to Freedom and new brokers were also in attendance in a recruitment effort by Freedom to develop more referral brokers.

Freedom denied requests for event sponsorship from brokers who did not refer mortgage business to its loan officers.

These activities were viewed as part of a pattern, practice, or course of conduct of giving things of value to create, maintain, and strengthen mortgage referral relationships. It clearly went beyond mere business development.

Issue Four: in October 2020, the CFPB produced a guidance document to clarify its position on Marketing Service Agreements (MSAs) and Section 8 practices. An MSA involves two or more parties whereby one agrees to market or promote the services of another and receives compensation for the work provided. A lawful MSA is an agreement for the performance of marketing services where the payments under the MSA are reasonably related to the value of services actually performed.

Freedom had marketing agreements with over forty real estate brokerages. Payments varied but ranged from a few hundred to several thousand dollars per month. The total amount Freedom paid under its MSAs during the period reviewed here was approximately $90,000 per month.

One agreement included promotion rights by Freedom to the brokers at Realty Connect. Freedom was allowed to have its loan officers promote themselves at Realty Connect internal meetings and to allow those lenders to email the brokers directly as “referral partners.”  It was also agreed that Freedom would host at least one training event for Realty Connect’s brokers at least quarterly to maintain and increase the referrals from those brokers.

The MSA with brokerages, of which Realty Connect was one, required brokerages to provide marketing services. Realty Connect received $6,000 per month from Freedom under the MSA from January 2017 to December 2022. This equates to $432,000 for marketing services.

Realty Connect failed to execute many of the marketing tasks required by its MSA with Freedom. Realty Connect was to send 15,000 marketing emails each month, allocating 50% of the content to Freedom. Realty Connect sent no marketing emails at all. The MSA required Realty Connect to maintain three “physical locations showing video loop or kiosk advertising” for Freedom. Realty Connect had no video loops or kiosks. And the MSA required Realty Connect to create an average of 75 property websites per month showing Freedom’s content, but it never created any property websites.

As further demonstration that the MSAs were a sham to pay for referrals and not generally advertise for Freedom, the Realty Connect Consent order provides an example between a loan officer and broker in which a lender was to help promote a Realty Connect open house. The lender said, “I want to continue to help you with this, do you think on your listing you can try to get me some referrals to work with?” The agent replied, “I have recommended you many times—Gave them your info on the last two sales.”

Additionally, Freedom had its own professional design team to create the marketing copy it advertised with, including co-branded mailers and open house flyers. Freedom also owned and operated its own print shop that created the hard copies it used as advertisements. Freedom essentially created and produced its own advertisements and was not using the services the MSAs called for. Realty Connect’s actual role in the marketing activities was limited to offering minor design suggestions and it paid the postage for the co-branded mailers. The monthly $6,000 fee was excessive compensation for the services actually performed.

Freedom also encouraged those brokerages with MSAs to use a third-party smartphone app, which Freedom’s loan officers would share with the brokers. The brokers would then share the app with their clients. The app then featured the Freedom loan officer’s headshot and Freedom’s logo at the top, and included buttons where the client could directly contact the loan officer for assistance. It is inferred that this proprietary app is considered akin to a direct referral by the CFPB, although I have seen no specific guidance on this.

Some brokers who worked with Freedom and its MSAs received direct payments. This also emphasized to the CFPB that the MSA was a method to pay compensation for referrals and not for advertising.

Closing: Additional requirements in the Consent Orders require that there be no further Section 8 violations. I used to think it made no sense for an enforcement order to say “for the next 3 years you cannot violate Section 8…” as an example. There was never any inference that anyone could. But if there is a subsequent violation, it is not only a repeat violation but violates the enforcement action they specifically agreed to, allowing even more charges to be added to a new action. Additionally, the Consent order emphasizes that the Board of Freedom has the ultimate responsibility for compliance and the board must review all the plans and reports required in the Consent Order. It is putting them on notice. There are accounting and reporting requirements and additional prohibitions placed on things related to Section 8. One year from the Consent Order a detailed report has to be filed with the CFPB describing its progress. It also states that in the event the company is sold, the purchaser must agree to the terms of this Consent Order, effectively removing the possibility of a reorganization by the same or similar ownership attempting to dodge these restrictions and requirements.

Section 8(c) of RESPA does describe allowable payments as it states, “Nothing in this section shall be construed as prohibiting (1) the payment of a fee (A) to attorneys at law for services actually rendered or (B) by a title company to its duly appointed agent for services actually performed in the issuance of a policy of title insurance or (C) by a lender to its duly appointed agent for services actually performed in the making of a loan, or (2) the payment to any person of a bona fide salary or compensation or other payment for goods or facilities actually furnished or for services actually performed.”

The FDIC in its Consumer Compliance Supervisory Highlights referenced earlier also noted five things that banks can do to mitigate risks associated with Section 8 violations.

  1. Train applicable staff on what is permitted to generate leads, and what is prohibited and would be an illegal referral.
  2. The lenders and management need to review any referral program the bank is participating in to clearly understand the functions of the program and any cost structure and cost justification.
  3. Management must develop policies and procedures which strictly comply with the regulatory requirements in Reg. X and RESPA as to programs designed to generate leads.
  4. Require loan officers to report annually the established relationships that are used for mortgage loan generations and new ones which develop, so that they may be reviewed and approved by management.
  5. The bank must impose controls to monitor lead generation activities for compliance with the bank’s policy and procedures as well as RESPA and Reg. X.

August 2023 OBA Legal Briefs

  • HMDA Analysis
  • Personal Responsibility
  • Forms Update

HMDA Analysis

By Andy Zavoina

If your bank is a reporter under the Home Mortgage Disclosure Act (HMDA), you may well have some work to do if you have not already done some or all of this. On June 29, 2023, the Federal Financial Institutions Examination Council (FFIEC) announced the availability of data on 2022 mortgage lending transactions reported under HMDA. This HMDA data is the largest source of publicly available data on mortgage lending in the United States. If your bank is reporting, your data is here. Other banks in your geographic areas who report also have data here. Banks outside your area which may be similar to yours, yes, that data is here too. It is all available and can more easily than ever before be analyzed. This article is a discussion on why — and a little bit of how — to analyze your data and that of your peer banks.

Years ago, the system was far less automated than we have today. When the HMDA data came out it was sent to central repositories. In my case it was held as reference material in the local public library which happened to be a few blocks from the main branch I was working out of. It was set up by Metropolitan Statistical Area (MSA) and was a treasure trove if you knew what you wanted to do with it.

When teaching compliance management, I often say compliance is not a cost center as it is often described, but a resource because it touches so many areas in the bank. In this case you are touching on loan production, and you can compare your bank’s production against that of your peers. Management likes to know how the competition is doing and you can compare apples to apples, at least as far as HMDA reportable loans are concerned.

Your Marketing area can use this data to see what type of applicants for HMDA loans it is attracting and where these applicants may be from as well as where they want to move to. Consider the ways you can use this data. You can easily build a picture of who your applicants are and where they live. That means you also know the areas they are not living in, and this is what can help Marketing redirect advertising campaigns if those are areas you need or want to market to. This information is data gold for Marketing and management as well, and you have it all available right now.

You can plot where the mortgage loans (so long as they are HMDA reportable, so not everything, but a lot) are not just for your bank, but for all those peer lenders in your area as well. And you can reach farther if desired. One of my banks was a military bank. We had borrowers literally all over the world and, while it was less common than say a car loan, we did some mortgage financing all over the country. Other military banks may be doing the same. It is often difficult to get a lot of data about your peer banks when they happen to be across the country from you, but as a military bank, they were our peers, and it was important to understand how my numbers compared to theirs. We recognized that there were different markets and quite different conditions, yet when it came to the Community Reinvestment Act (CRA) this was a comparison you wanted to be aware of. Were our numbers close to our peers or far different – and in either case why? When you compare your loan volumes to your peers, and when you understand the different lending strategies of these other lenders, it helps set benchmarks and goals as well as to understand your own loan patterns.

Again, when you know to whom you are lending, you also know those to whom you are not lending. Are your numbers good or bad when you look, for example, at racial demographics? When you ask in the loan committee meeting why (as a hypothetical) there were so few loans to Blacks and the response is there are few Black applicants applying, it sets off questions such as:

  • Are we marketing to areas of a majority minority?
  • Are we trying to reach this demographic in targeted ads? Why or why not?
  • What percent of our applicants were Black?
  • What percent of our Black applicants were approved, denied, withdrawn, or closed for other reasons?
  • And if there is a level of complacency with those figures, next compare yourself to those peer banks’ lending in the same area, to the same would-be home buyers.

When it comes to fair lending justifications of your bank’s actions, read fair lending enforcement actions, and learn how regulators and the Department of Justice (DOJ) attorneys compare the results of your bank to peer banks. As one example, consider when the Consumer Financial Protection Bureau (CFPB) and the DOJ took action against Trident Mortgage Company LP (Trident) under the Fair Housing Act (FHA), the Equal Credit Opportunity Act (ECOA),  and Regulation B, as well as the Consumer Financial Protection Act of 2010 (CFPA) (also referred to as Unfair, Deceptive, or Abusive Acts or Practices (UDAAP)) to remedy discrimination in Trident’s mortgage lending. There were many problems with Trident, and we covered many of the problems in last April’s edition of the Legal Briefs. Here is a snippet from that edition to emphasize the points of this HMDA analysis.

Trident received 80 percent of its mortgage applications for properties located in that MSA its defined as its market area. But the actual loan distribution pattern showed a disproportionate number in the majority-white areas. As a foundation there was the selection of office locations and limited outreach and marketing which led to these lending patterns which are confirmed by HMDA data. One must ask, “was this a choice?” When comparing HMDA data, Trident significantly underperformed its peer lenders in generating home mortgage applications from majority-minority neighborhoods and the disparity between the rate of applications generated by Trident and by its peer lenders from majority-minority neighborhoods and high-minority neighborhoods was both statistically significant.

Of the nearly 31,000 applications on the HMDA reports from 2015 through 2019, 12 percent came from majority-minority areas. Peer lenders generated 21.5 percent of their 135,000 applications. The disparity was seen year after year. In in high-minority neighborhoods, Trident showed 4.1 percent of its applications as coming from high-minority areas, compared to 10.8 percent of its peer lenders.

Trident significantly underperformed its peer lenders in making home loans in majority-minority neighborhoods as well. The complaint notes that, “…of the 22,960 HMDA-reportable loans Trident made for single family dwellings from 2015 through 2019 in the Philadelphia MSA, 11.7% came from residents of majority-minority areas. By contrast, Trident’s peers made 16.2% of their 50,060 loans from these same majority-minority neighborhoods.” And only 3.7 percent of Trident’s loans were made in high-minority areas, while peer lenders made 6.9 percent of their loans in these same areas.

Enforcement actions are a good “go by” for the type of analysis done when lending is questionable. CRA Public Evaluations are another resource not only for key analytics, but also for comments as to what was good, bad and ugly. Remember that HMDA analysis is a basis for fair lending examinations which are a foundation for your next CRA exam. When you can identify weaknesses in your numbers, you can proactively impose corrective actions, and this demonstrates to examiners reviewing your bank’s lending activity and your compliance program that you are aware of and managing the processes.

The data available will help show whether your lenders and therefore your bank are serving the housing needs of the communities you serve as your market area. It includes information that helps management make recommendations to the board on decisions and policies and draws attention to your lending patterns that could be discriminatory. Your bank, as a HMDA filer, recorded up to 110 different data points for each HMDA applicable mortgage application received on a Loan Application Register (LAR). What you have in your bank is your complete LAR. In March, the FFIEC provided your bank with a modified, or sanitized, LAR. The modified LAR data provides information from the most current HMDA submission that was required to be submitted essentially a month earlier, by March 1, of each year. This modified LAR is available to the public, and to your bank and your peer banks who are also evaluating your bank’s performance. Section 1003.5(c) of Regulation C requires that you post, “a written notice that clearly conveys that the institution’s loan/application register, as modified by the Bureau to protect applicant and borrower privacy, may be obtained on the Bureau’s Web site at www.consumerfinance.gov/hmda.” The publicly released data excludes or modifies several data points reported by all the institutions submitting LAR data, such as the universal loan identifier, the date the application was received or the date shown on the application form, the address of the property, the credit score or scores relied on in making the credit decision, and any applicant or borrower ethnicity free-form text field. In theory this makes it difficult to review entries and identify a particular applicant and therefore data about that applicant which is protected by privacy laws. Others have pointed out faults in this system as deeds are public documents and with a little work a knowledgeable person can connect many dots. Connecting those dots is not the point of this article, but rather what you can do with the LAR data to analyze the mortgage lending picture your lenders are painting and how you compare to peer banks.

So, where would you find HMDA data now that the old central repositories are automated? HMDA data is available at https://ffiec.cfpb.gov/. You can also find a HMDA Data Browser at https://ffiec.cfpb.gov/data-browser/ which will help you filter any and all of the LARs that were submitted. In June 2022 the CFPB published, “A Beginner’s Guide to Accessing and Using Home Mortgage Disclosure Act Data” which you can find online here, https://files.consumerfinance.gov/f/documents/cfpb_beginners-guide-accessing-using-hmda-data_guide_2022-06.pdf. In addition to background HMDA information, this is a step-by-step guide on how to filter the data to extract just what you want to know. In computer coding there is an old adage, garbage in – garbage out,” meaning you can get out what you put in. Your LAR has that “up to 110 data points” mentioned already. Data for your peers is modified information but as said earlier, it is still especially useful to management, Marketing, those working on your bank’s strategic plan, everyone analyzing fair lending and certainly Compliance. A sound recap and analysis of the data available will be a compliance value-added exercise to the bank for the information you need to know anyway.

Review the Beginner’s Guide mentioned just above as it takes a user through the steps to apply the filters and it has additional instructions with graphics to help you use Excel and Pivot Tables to get the most out of your analysis. In total this is a 29-page PDF that will help ignite your analytical curiosity and provide needed information to your bank. Compare your results, especially those government monitoring demographics, to the breakdown for your market areas. That is, if your area is X percent white, Y percent Black and Z percent Asian, how do your applications correlate to those numbers, and your approved loans, and do not forget the denials and withdrawn applications. Based on the HMDA data tables available annually from the CFPB and ideas of key data points gleaned from enforcement actions and CRA Performance Evaluations, choose the data you want to focus on.

While you can do peer comparisons only annually, you can track your bank’s progress using quarterly updates to further refine corrective actions. Then determine how your numbers compare to peers. Does this analysis indicate strengths, weaknesses, and areas upon which you can improve? The lending data you arrive at should influence or confirm what you are doing with marketing activities, lending policies, and exceptions being made, and may shed light on complaints.

Here are some high-level observations about the 2022 HMDA data that are of interest.

  • The 2022 LAR data includes information on 14.3 million home loan applications.
  • 5 million applications (82 percent) were for closed-end credit, while 2.5 million (18 percent) were for open-end products.
  • As to the aggregate demographics of the borrowers’ race and ethnicity, the portion of closed-end home purchase loans made to Black borrowers rose from 7.9 percent in 2021 to 8.1 percent in 2022. The portion made to Hispanic borrowers decreased slightly from 9.2 percent to 9.1 percent, and those made to Asian borrowers increased from 7.1 percent to 7.6 percent.
  • In 2022, Black and Hispanic applicants experienced denial rates for home purchase loans of 16.4 percent and 11.1 percent respectively, while the denial rates for Asian and non-Hispanic White applicants were 9.2 percent and 5.8 percent, respectively.

After management has had an opportunity to study the data, your board of directors should receive a high-level summary of where you are and where the data will be taking you. This is an opportunity to influence the confidence they have in your abilities and the resources available for your compliance management program.

Personal Responsibility

By Andy Zavoina

If you have taught regulatory requirements before, you likely mentioned the potential penalties for noncompliance. As an example, Reg B has penalties for noncompliance in § 1002.16(b) that include Actual damages in individual or class actions – without a limit, and Punitive damages in individual or class actions, where liability for punitive damages is limited to $10,000 in individual actions and the lesser of $500,000 or 1 percent of the lender’s net worth in class actions.

By the time an instructor gets to this part of the presentation the listener’s eyes are glazing over and they hear Charlie Brown’s teacher saying, “never has happened, don’t worry, the bank gets penalized not the employee or officer.” But that is not always the case, and it is often wise to remind everyone of that, from the newest teller to that longest-standing director on the board. Everyone in the bank is responsible for ethical behavior and compliance. And while everyone has a boss they report to, I remind officers of a bank that they work for the bank, and not necessarily for their boss. This is especially important for those in the role of auditor and those responsible for compliant and ethical performance evaluations. Just as in the military, we follow instructions, but we also trust that no “illegal” orders will be given.

It may have seemed harmless initially, but let’s look back at Wells Fargo for a moment. A few years ago, Wells Fargo’s troubles really came to the forefront when the bank was accused of, among other things, opening accounts for consumers without those consumers’ requests or consents. At the center was a push to meet lofty sales goals. In September 2016, the bank agreed to pay a $185 million fine and return $5 million in fees wrongly charged to customers. The problem originated with bank employees allegedly opening more than two million deposit and credit card accounts without customers’ permission. Wells Fargo’s ex-CEO John Stumpf apologized during a congressional hearing in which he accepted the blame saying, “I accept full responsibility for all unethical sales practices.”  In the long term, however, 5,300 Wells Fargo employees lost their jobs because of the practices employed.

A personal observation of mine was that because the employees created the accounts without authorization and moved deposits to and from the accounts to activate them, I could have seen a case for identity theft and fraud against those employees. Thankfully, I never heard of that happening and the root of the problem was not the employees’ actions, but the push to meet goals and the potential that “illegal orders” were given or at least insinuated. Here are three examples of how unethical sales practices sprang from minor unethical compromises.

  1. A new accounts representative is under pressure to meet sales goals and pushes a customer to add a credit card, even though the rep knows it’s not in the customer’s best interest and was not requested.
  2. As the month progresses, the rep is short of the goal and asks friends and family to open new accounts. These accounts served one purpose – to inflate account production numbers. In reality, the bank staff spent time programming these new accounts which were closed shortly thereafter, and the cost was greater than the income that was never produced.
  3. With the account production goal still out of reach, the rep opens accounts without asking customers and transfers a small amount of money. These accounts are also closed shortly after opening and the money is transferred back. Customers may question what happened but when they see the funds transferred back, why frustrate themselves by calling the bank to complain and inquire as to what happened?

But to be clear, Wells Fargo was not alone, they were just the first big bank to gain national coverage for unethical and illegal practices surrounding creating deposit and credit accounts that were not requested by the consumer’s whose names they carried. Fifth Third was accused of this and In March 2020 the CFPB initiated a suit against that bank. The complaint alleged that Fifth Third’s cross-selling practices, which included sales goals and an incentive-compensation program, caused Fifth Third’s employees to open new consumer accounts for existing customers without their knowledge or consent. The CFPB alleged that such conduct in certain respects was unfair and abusive (yes, a UDA(A)P issue) and that issuing unauthorized credit cards and opening deposit accounts without required disclosures violated Reg Z and Reg DD.

Fast forward to July 2023, when the OCC and CFPB ordered Bank of America to pay $100M in consumer redress and $150M in fines for and an out-of-control incentive program that resulted in unauthorized account openings, credit reports, etc., which is a basic rehash of the problems at Wells Fargo and Fifth Third. These were not the only issues, as the Bank of America action also cites junk fees relating to multiple presentments of NSF items and for mismanagement of credit card systems. As it typically happens, many regulatory and ethical violations are part of a snowball that grows as the investigation continues and additional violations are uncovered or found to have evolved, such as the failure to make disclosures on an account that was fraudulently opened anyway.

Let’s look closer at one case of a former executive involved in the Wells Fargo case. Carrie Tolstedt was an executive, or THE executive, accused of overseeing programs that resulted in the millions of fraudulent customer accounts at Wells. In March 2023, she agreed to plead guilty to criminal charges which could impose actual prison time. In her agreement with the court, she will serve a 16-month prison sentence for obstructing regulators’ investigations into abusive sales practices that culminated in the bank paying what has turned into billions of dollars in fines. Tolstedt also agreed to pay a $17 million fine in a separate settlement with the OCC that also bans her from working again in the banking industry. BankersOnline covered this in its Top Story at https://www.bankersonline.com/topstory/173048.

Tolstedt was not alone in the list of executives who fell as a result of the new account production goals that were virtually unattainable. These goals were emphasized with a slogan of “eight is great.” That was, each customer should have eight separate accounts at the bank. Why eight? It was said that was selected because it rhymed with “great.”

Take a moment to look at your product offerings and try to determine what sales techniques you could use to accomplish this. Now reconsider it as if your job is on the line as it was for the 5,300 former employees who talked of supervisors screaming at them to meet the goals. They were told if they could not meet their goal, they would be working at McDonald’s. Those missing goals would have what was essentially an after-school detention and were often tasked with “call sessions” on Saturdays. Presumably, these sessions were to make calls and hone sales skills. Employees in many cases either reverted to unethical and illegal techniques or were embarrassed in front of their peers, demoted, or fired. In the three-step process to meet goals, consider that some new accounts reps were able to meet goals. Now the pressure was up because others had to employ the same tactics. And that culture fed on itself and has caused huge fines to be imposed as well as direct personal responsibility. Goals should be realistic, and rules should be well known and to police the rules, controls must be in place.

Forms Update

By Andy Zavoina

We are in the heat of summer as this edition of Legal Briefs goes to the presses, but it is a perfect time to get a pesky change out of the way. Often this might be something to do at year end, but as some banks prepare for 1071 changes, and the normal year-end tasks followed by HMDA submissions will all be coming about at the same time, why wait? These changes impact Reg B’s Adverse Action Notices, some Fair Credit Reporting Act disclosures, and a bit of Reg E. There were several others, but we will cover in detail what impacts our banks.

If you use preprinted forms that will change, you will want to use up any supply and not reorder any bulk that may not be used by the mandatory compliance date. You will want to get the new addresses on your next order. And if you need to have a forms vendor program the changes, well, they will be busy at year-end and beginning of 2024 too, so just get this out of the way so you can enjoy summer.

Change management is what I’m speaking of and notices – disclosure changes. On March 20, 2023, the CFPB published a Final Rule in the Federal Register. Look for Vol. 88, No. 53, Monday, March 20, 2023, and page 16531 if you want all the details. The “Regulations” pages on BankersOnline.com also reflect these changes. These were considered non-substantive corrections and updates. The “Cliff Notes” version of the changes simply tells you that some regulatory agencies have had address changes for notices you provide to your customers and those disclosures and notices need to be corrected. The effective date for optional compliance has passed. It was April 19, 2023, so you may comply now, but compliance with these changes is not mandatory until March 20, 2024. Again, why wait and risk this falling through the cracks?

Reg B and Adverse Action Notices
The most significant change for banks is under Reg B. Appendix A, which lists contact information for the CFPB, OCC, FDIC, National Credit Union Administration (NCUA), Federal Trade Commission (FTC), and other agencies. (The Federal Reserve is listed but did not change.) This contact information listed must be included in Reg B adverse action notices. This is separate from the FCRA disclosure many banks have combined onto the Reg B, adverse action notices. The two are called the same thing but have different disclosure rules and content. The FCRA notice on Reg B’s forms has not changed, although there is an FCRA change noted below.

The OCC regulated institutions should be showing the following:

Office of the Comptroller of the Currency
Customer Assistance Group
P.O. Box 53570
Houston, TX 77052

The FDIC regulated institutions should be showing the following:

Division of Depositor and Consumer Protection
National Center for Consumer and Depositor Assistance
Federal Deposit Insurance Corporation
1100 Walnut Street, Box #11
Kansas City, MO 64106.

The CFPB regulated institutions should be showing the following:

 Bureau of Consumer Financial Protection
1700 G Street NW
Washington DC 20552

And without change but for the record and accountability in case you want to check, the FRB regulated institutions should be showing the following:

Federal Reserve Consumer Help Center
P.O. Box 1200
Minneapolis, MN 55480

Interpretations
The CFPB also corrected its contact information in Reg B’s Appendix D, for the process for requesting official CFPB interpretations of Reg B. The same address below is applicable for Reg E interpretations. The difference between the old and new addresses was a change in the ZIP code.

A request for an official interpretation should be in writing and addressed to:

Assistant Director, Office of Regulations,
Division of Research, Monitoring, and Regulations,
Bureau of Consumer Financial Protection,
1700 G Street, NW
Washington, DC 20552

Fair Credit Reporting Act
In Reg. V and the Fair Credit Reporting Act (FCRA), the CFPB amended the model form in Appendix K for the “Summary of Consumer Rights” to correct the contact information for various agencies, including the OCC, FDIC, and NCUA. Those addresses are on the form itself. A Word version is in a link on the BankersOnline, Regulations page. Consumer reporting agencies must provide the Summary form when making written disclosure of information from a consumer’s file or providing a credit score to a consumer. Most importantly, this Summary must also be provided by Human Resources at your bank, before obtaining  an investigative consumer report (under 1681d(a)(1)), and with pre-adverse action notices for employment purposes (under 1681b(b)(3)). As Compliance and/or Internal Audit complete a periodic FCRA audit this is one of those potential “gotchas” you want to look at to ensure the procedures are correct for providing these notices if someone is denied employment or a promotion, as examples, based on a credit report.

Real Estate Settlement Protections Act
In Reg. X, the Real Estate Settlement Protections Act (RESPA), the CFPB has corrected its contact information in the definition of “Public Guidance Documents” in section 1024.2(b) and in the introductory section of Supplement I, which provides the procedure for requesting copies of public guidance documents from the CFPB and the procedure for requesting official CFPB interpretations of Regulation X.

Truth in Savings Act
In Reg. DD, and the Truth in Savings Act (TISA), the CFPB has corrected its contact information in Appendix C, which provides the procedure for requesting a determination from the CFPB regarding whether a state law is inconsistent with TISA and Regulation DD.

Truth in Lending Act
In Reg. Z, the Truth in Lending Act (TILA), the Bureau has corrected its contact information in Appendices A, B, and C which provide the procedures for requesting a determination from the CFPB regarding whether a state law is inconsistent with or substantially the same as TILA and Reg Z, the process for a state to apply to the CFPB to exempt a class of transactions from TILA and Reg Z, and the process for requesting official CFPB interpretations of Reg Z.  In Appendix J, the CFPB has corrected its postal address for requests to the CFPB for APR calculation tables and to add a URL on its website at which the tables can be accessed.

July 2023 OBA Legal Briefs

  • Appraisal bias – Part II
  • Reconsideration of value
  • 1071 – Small Business Lending Rule, Basics

 

Appraisal bias – Part II

By Andy Zavoina

In March 2021 HUD approved a settlement between JPMorgan Chase and an African American woman over appraisal bias. There was no admission of fault on Chase’s side, but the bank agreed to pay the woman $50,000, and to improve and increase training of its staff, particularly on Reconsideration of Value (“ROV”) processes related to appraisals. The training includes specifics on how to manage complaints of discrimination in the appraisal process and the process for customers to submit an ROV request. The CFPB has said a lender’s reconsideration of value process must ensure that all borrowers have an opportunity to explain why they believe that a valuation is inaccurate and the benefit of a reconsideration to determine whether an adjustment is appropriate.

An ROV is a request to the appraiser to reconsider the analysis and conclusions the appraisal was based on and potentially information not presented in the appraisal report. Only the lender may request an ROV from an appraiser on the borrower’s behalf and most would be due to the appraised value being less than what the seller or borrower desires. ROVs became common vernacular when appraisal bias was in the news and in the courts and many regulators believe it should be routinely discussed with borrowers now.

Back to that Chase settlement, one provision of the agreement is that when a borrower gets a copy of the appraisal as required by Reg B, they’ll also get a cover letter and part of it will say:

Chase is committed to maintaining appraiser independence and preventing attempts to influence appraisers in the preparation of appraisal reports, as well as avoiding any discrimination or bias in the appraisal process. If you believe that any person has attempted to influence the appraiser in the preparation of the appraisal of your property or have any concerns with the reliability or credibility of the appraisal, please contact Chase mortgage support by calling 1-855-242-7346 Option “0”, as soon as possible to report any concerns of discrimination or bias or to discuss your options to contest the reliability of the appraisal.

Appraisals will be changing. On May 5, 2023, the Appraisal Standards Board voted to adopt the Fifth Exposure Draft of proposed changes to the Uniform Standards of Professional Appraisal Practice. Exposure drafts are developed by the Appraisal Standards Board and released for public comment. The new edition will be available this fall and will become effective on January 1, 2024. Press releases did not highlight the changes and I have not seen the draft yet, but bankers doing appraisal reviews should review it, and look for educational opportunities on them when finalized. ROVs and appraisal bias will be of special interest, although I did not find these in a keyword search of the latest draft. The Fifth Exposure Draft is available here, https://appraisalfoundation.sharefile.com/share/view/s1c715f1ed49541e6a5170f7bda14329f and the Appraisal Foundation says on its website that even if the comment period is over, and this draft closed in April, they still welcome comments on the rules.

Reconsideration of value

By Andy Zavoina

Well, no sooner than we went to press with last month’s Legal Briefs discussing appraisal bias and the regulatory agencies, the Office of the Comptroller of the Currency (OCC), Federal Reserve Board (FRB), Federal Deposit Insurance Corporation (FDIC), Consumer Financial Protection Bureau (CFPB) and even the National Credit Union Administration (NCUA) (collectively referred to as the regulators) issued proposed guidance on Reconsiderations of Value (ROV) of Residential Real Estate Valuations. This is just an interagency proposal, but because your bank has compliance obligations today under anti-discriminatory laws and regulations, if you do not already have a compliance and risk management plan to deal with this issue, this proposal will certainly help you with interim steps to comply. By interim steps, I recommend you take your existing policy and procedures and consider incorporating key compliance techniques here, or if you are starting from nothing, use these recommendations as a starter document to help you comply with the existing requirements today. Starting from scratch is not a bad thing, because the agencies do not currently have any uniform ROV guidance.

This proposal will be a new concept to many lenders and contains and alters no existing law or regulation; it simply helps your bank to direct compliance actions to requirements that you already have, and where you may not have recognized there was a specific need. You may ask, “is there really a need?” The answer is a resounding Yes. Just refer to last month’s Legal Briefs. Mortgage applicants may ask about it, appraisal rules are being altered to comply, and since each of the federal regulators is a part of this guidance proposal, you can expect your examiners to ask what your bank is doing, are you proactive on these compliance needs, and how often you may have heard from an applicant who disagreed with an appraisal, so it is known that your bank actively seeks out compliant appraisals.

I will refer to the applicant as an interested party, but the guidance is focused on consumers. These terms should be used interchangeably and recognize that this could be a buyer or seller and a claim of a discriminatory process carries weight regardless of who it is from. And to be clear, in this context an appraisal includes any valuation your bank is using. I believe the “proactive” issue here may be the most important for many banks. You cannot afford to wait until there is a problem or until your examiners recommend you take action.

The proposal can be found here, https://www.consumerfinance.gov/about-us/newsroom/agencies-propose-interagency-guidance-on-reconsiderations-value-residential-real-estate-valuations/ As of this writing it has not been published in the Federal Register, but it will be, and banks will have 60 days to comment. The proposal contains all the information to include objectives and where to send your comments to each agency. With this pre-release you may start gathering thoughts now as to if and what you would comment on. We will point out some of the objectives below, but there are nuggets of compliance ideas in this proposal regardless. So, improve your existing procedures with these nuggets today, and finalize them in approved policies and procedures after the guidance is finalized.

Your bank is now aware that there have been obvious appraisal issues affecting the mortgage loan process and discriminatory practices whether they were overt, covert, or just the way the numbers came out, as some appraisers have put it. This is not a solution in search of a problem. Examinations and complaints indicate this is a nationwide problem. Two questions to ask are, have you experienced this discriminatory practice, and would you have recognized it if you had seen it? Appraisal reviews may need enhanced procedures. Applicants may need to be aware of their rights. And absolutely all mortgage lenders and those involved in the appraisal process must be cognizant of their responsibilities both to the applicant and the appraiser.

This proposed guidance describes how financial institutions may create or improve ROV processes that comply with existing laws and regulations yet preserve appraiser independence, which is an equally key element required in the mortgage lending process. You do not want to jump from the frying pan into the fire as you conduct ROV processes.

Comments requested on specific issues in the proposal aside, let’s look at some of those nuggets that you may use to improve compliance procedures surrounding appraisals immediately.

Justification – Issues to Mitigate

In October 2022, the CFPB blogged an opinion piece, “Mortgage Borrowers Can Challenge Inaccurate Appraisals Through the Reconsideration of Value Process, clearly stating that applicants have rights to contest a valuation. (Also refer to June 2023’s Legal Briefs.) In June 2023, the FDIC also published its “FDIC Consumer News,” in which it states when appraisals are required, and the applicant will pay some or all the costs. It goes on to explain, “Once the appraisal has been completed, a lender is required to provide you with a copy of the appraisal as soon as reasonably possible, but no later than three days prior to closing. Therefore, if you receive an appraisal that you suspect has inaccuracies that affect the resulting value, some initial work on your part may help to expedite a secondary review of the valuation and assist in closing on time.

“One thing you can do to prepare is to ask your lender early in the loan process whether they have a process for re-analyzing an appraisal, particularly if a consumer provides information that may affect the valuation. This process of re-analyzing an appraisal is also known as a reconsideration of value. If your lender has such a process, ask what information they will need and what their procedures are to request a reconsideration of value. Also, to set expectations, find out how the lender will keep you informed about the status of the review of the information you provide and of any action the lender may take to address your concerns.”  It later states, “If you believe your property appraisal was not accurate, suspect any possible discrimination in the lending process, or have an appraisal-specific complaint, you should contact your lender to request reconsideration of value, if they have a process to do so, or to file a complaint regarding the appraisal with the lender if they do not.

“If you believe that the lender has not addressed your concerns, you can contact the lender’s primary federal regulator.”

Consumers are being made aware of the ability to dispute an appraised value and essentially encouraged to do so. This challenge may be made when they feel the valuation was completed with a bias or simply errors. Improperly completed appraisals may devalue the collateral. These could be caused by errors, omissions, poor comparable properties, or discrimination, all of which may affect the final valuation as being either incorrectly stated high or low. Undervaluing a property value can have long reaching negative effects and overvaluing it could be a safety and soundness issue for the lender. (Also refer to the Interagency Appraisal and Evaluation Guidelines, 75 FR 77450 (Dec. 10, 2010)). If an appraisal is questioned, corrective actions may include ordering a second appraisal or attempting to resolve the issue with the appraiser directly. Let’s assume the bank has discussed any noted shortcomings with the appraiser that both the bank and applicant brought to light and they have not adjusted it to your satisfaction.

It makes sense that the proposed guidance says that an ROV is a request from the financial institution to the appraiser to reassess the report based on potential deficiencies or other information that may have affected the value. It does not say any other party may make that request and because the financial institution made the request and understands the importance of appraiser independence, we will hope this also makes the final guidance.

The goal is to design an ROV procedure which is consistent with safety and soundness requirements, complies with pertinent laws and regulations, respects the appraiser independence requirements, and responds in a suitable manner to the applicants. The proposed guidance will assist you, as it has four intentions.

  1.  It describes the risks when collateral valuations are incorrect.
  2.  It outlines applicable statutes, regulations, and existing guidance that govern ROVs and collateral valuations.
  3.  It explains how ROV processes and controls can be incorporated into existing risk management functions, such as your appraisal review and complaint management programs.
  4.  It provides examples of ROV policies, procedures, and controls.

As you begin to outline your policy and procedures, consider these elements:

Why. Accurate valuations of all collateral, especially for mortgage loans, are essential to the loan process.

What. Deficiencies identified in appraisals, whether through appraisal review processes or from the applicant-provided information, may be a basis for financial institutions to question the credibility of the appraisal or valuation report.

How. Anyone reviewing the appraisal, whether for the bank or the applicant, may believe the valuation is biased based on some form of:

  • discrimination,
  • errors or omissions,
  • valuation methods,
  • assumptions,
  • data sources, or
  • conclusions that are otherwise unreasonable, unsupported, unrealistic, or inappropriate.

Laws, Regulations and Guidance

Resources for your policy and procedures should include meeting the compliance requirements of the following:

  • Equal Credit Opportunity Act (ECOA) and Reg B. These prohibit discrimination in any aspect of a credit transaction, and the valuation is a part of the transaction.
  • Fair Housing Act, as it prohibits discrimination in all aspects of residential real estate-related transactions.
  • Unfair, Deceptive, or Abusive Acts or Practices UDA(A)P – Section 5 of the Federal Trade Commission Act (UDAP) which prohibits unfair or deceptive acts or practices and the “Abusive” addition from the Consumer Financial Protection Act which prohibits any covered person or service provider of a covered person from engaging in any unfair, deceptive, or abusive act or practice. Undervaluing property deprives the borrower and potentially a seller of funds which translates into many issues such as wealth, funds for education, business, home improvements, etc.
  • Truth in Lending Act (TILA) and Reg Z, which prohibit compensation, coercion, extortion, bribery, or other efforts that may impede the appraiser’s independent valuation in connection with any covered transaction.However, Reg Z explicitly clarifies that it is permissible for covered persons (which includes creditors, mortgage brokers, appraisers, appraisal management companies, real estate agents, and other persons that provide “settlement services” per RESPA and Reg X) to request the preparer of the valuation to consider additional, appropriate property information, including to, among other things, request the preparer of the valuation to consider additional, appropriate property information, including information on comparable properties or to correct errors in the appraisal.
  • The appraisal regulations issued by the regulatory agencies require these valuations to conform to the Uniform Standards of Professional Appraisal Practice (USPAP) (the latter is currently being revised and may be finalized for use in January 2024). USPAP requires compliance with ECOA and the FH Act.

The proposal reminds bankers that they are to conduct an independent review prior to providing the consumer with a copy of the appraisal. Additional review may be warranted if the consumer provides information that could affect the value conclusion or if deficiencies are identified in the original appraisal. This in itself justifies an ROV based on the applicant’s request, but the bank must continue respecting the appraiser’s independence.

If during the review process or based on information from the applicant, you determine that the appraisal does not meet the minimum standards outlined in the appraisal regulations and if the deficiencies remain uncorrected, that appraisal cannot be used as part of the loan decision.

When this issue arises, there are three actions the bank may employ as corrective action.

  • Resolve the deficiencies directly with the appraiser.
  • Use an independent party who is qualified (perhaps a state certified or licensed appraiser) to review the valuation and the suspected deficiencies.
  • Obtain a second appraisal.

Authority vs. Responsibility

As with all vendor/third party relationships, the bank may delegate its authority to act for the bank, but the responsibility for compliance with all laws and regulations remains with the bank. That is the reason any appraisal potentially tainted with a discriminatory bias must be resolved.

ROV Policy & Procedures

Any of three issues may trigger an ROV process. There may be discrepancies found during the bank’s review activities, after a complaint or other information is received from the applicant, or any request to the loan officer or other lender representative.

The ROV must be requested by the bank. When there are potential issues either from the bank’s review or the applicant’s complaint, the bank must understand the issues and react accordingly. The Interagency Appraisal and Evaluation Guidelines from December 2010 state, “An institution should establish policies and procedures for resolving any inaccuracies or weaknesses in an appraisal or evaluation identified through the review process, including procedures for:

  • Communicating the noted deficiencies to and requesting correction of such deficiencies by the appraiser or person who prepared the evaluation.
  • An institution should implement adequate internal controls to ensure that such communications do not result in any coercion or undue influence on the appraiser or person who performed the evaluation.
  • Addressing significant deficiencies in the appraisal that could not be resolved with the original appraiser by obtaining a second appraisal or relying on a review that complies with Standards Rule 3 of USPAP and is performed by an appropriately qualified and competent state certified or licensed appraiser prior to the final credit decision.
  • Replacing evaluations prior to the credit decision that do not provide credible results or lack sufficient information to support the final credit decision.”

The applicant will typically receive their copy of the appraisal after the bank has completed its review. Chronologically then, the bank will have had its opportunity to review the appraisal and have any discrepancies it found corrected. That last version is what goes to the applicant.

The applicant may then place a complaint or inquiry preferably denoting specific, verifiable information which was not in the final appraisal either because it was omitted or was not available at the time the appraisal was being completed. This may include such things as‚ including comparable properties which were not identified in the appraisal, specific characteristics of property being evaluated, or other information about the property that may have been incorrectly reported or was not considered but may affect the valuation.

If your bank has a Complaint and Inquiry Procedure to compliment UDA(A)P, your ROV procedures may refer to that, or that Complaint Procedure may refer to the ROV procedure in these specific instances, but one should refer to the other for reasons of accountability. I do not recommend being redundant as one of the two may be revised at some point and then the procedures would be out of sync and potentially lead to confusion and noncompliance. That is not desired, but what is important is that the bank has an effective policy and procedure for UDA(A)P and discrimination/ROV issues. The Complaint and Inquiry procedures should be already established and should record desired information broadly about all products and services as well as who complained, why, where, how, and the resolution with both start and end dates to ensure the bank’s actions were timely. The reason a separate procedure may be desired for ROVs is because of the sensitivity of the complaint, the necessary skillset to respect the appraiser’s independence and the prescribed steps required while also considering the pending loan request.

The Appraisal Bias Part I from June 2023, and the Appraisal Bias Part II in this month’s issue each support the reasons why this deserves immediate attention and without waiting for final guidance from the regulators. Basing the bank’s corrective actions on the three resolution methods above should be described in your procedures so there is a roadmap for staff to follow.

The proposal also makes suggestions you can use while developing your risk-based ROV policies, procedures, control systems, and complaint processes that identify, address, and mitigate the risk of problematic appraisals that may involve prohibited discrimination. Here are the eight topics with six additional subtopics:

  • Consider ROVs as a possible resolution for consumer complaints related to residential property valuations.
  • Consider whether any information or other process requirements related to a consumer’s request for a financial institution to initiate an ROV create unreasonable barriers or discourage consumers from requesting an ROV.
  • Establish a process that provides for the identification, management, analysis, escalation, and resolution of valuation related complaints across all relevant lines of business, from various channels and sources (such as letters, phone calls, in person, regulators, third-party service providers, emails, and social media).
  • Establish a process to inform consumers how to raise concerns about the valuation sufficiently early enough in the underwriting process for any errors or issues to be resolved before a final credit decision is made. This may include suggesting to consumers the type of information they may provide when communicating with the financial institution about potential valuation deficiencies.
  • Identify stakeholders and clearly outline each business unit’s roles and responsibilities for processing an ROV request (e.g., loan origination, processing, underwriting, collateral valuation, compliance, customer experience or complaints).
  • Establish risk-based ROV systems that route the request to the appropriate business unit (e.g., ROV requests that allege discrimination could be routed to the appropriate compliance, legal, and appraisal review staff that have the requisite skills and authority to research and resolve the request).
  • Establish standardized processes to increase the consistency of consideration of requests for ROVs:
    • Use clear, plain language in notices to consumers of how they may request the ROV;
    • Use clear, plain language in ROV policies that provide a consistent process for the consumer, appraiser, and internal stakeholders;
    • Establish guidelines for the information the financial institution may need to initiate the ROV process;
    • Establish timelines in the complaint or ROV process for when milestones need to be achieved;
    • Establish guidelines for when a second appraisal could be ordered and who assumes the cost; and
    • Establish protocols for communicating the status of the complaint or ROV and results to consumers.
  • Ensure relevant lending- and valuation-related staff, inclusive of third parties (e.g., appraisal management companies, fee-appraisers, mortgage brokers, and mortgage servicers) are trained to identify deficiencies (inclusive of prohibited discriminatory practices) through the valuation review process.

Automated Valuation Models

The problem of appraisal bias in residential real estate appraisals has been a hot topic for regulators and promises to continue as it is fueled by court cases, complaints, and settlements with regulatory agencies like the Federal Housing Administration, and as they are reported by the news media and social media. This proposed ROV guidance follows by a week a proposed rule with a request for comments to implement quality control standards for automated valuation models (AVMs). Third-party relationships and tools used for mortgage loans are under scrutiny. That AVM proposal – request is at https://files.consumerfinance.gov/f/documents/cfpb_automated-valuation-models_proposed-rule-request-for-comment_2023-06.pdf. This AVM proposal would require mortgage originators and secondary market insurers that use AVMs to adhere to quality control standards designed to:

1) ensure a high level of confidence in the estimates,

2) protect against the manipulation of data,

3) seek to avoid conflicts of interest,

4) require random sample testing and reviews, and

5) comply with applicable nondiscrimination laws.

1071 – Small Business Lending Rule, Basics

By Andy Zavoina

Is 1071 approaching and do you need to worry about it yet? The answer is, “it depends” because there are many variables. There are optional compliance dates and mandatory dates. We will focus on the mandatory for now. The final rule, which is Subpart B of Regulation B, https://www.bankersonline.com/regulations/12-1002-subpart-B was issued in March of this year. Banks can begin collecting data as early as October 2023, but for the higher tier banks mandatory collection begins in October 2024. The smallest tier is required to begin collection in January 2026. 2026 you say! Yes, if you are in the smallest tier, you have a lot of work to do, but 1071 is not an immediate front-burner task on your to-do list. The immediate task is to know where you fall in the tier breakout so you know when you will be required to begin reporting. To define your tier, you have to know how many qualified loans your bank has made in the immediate past, and therefore you have to know what a covered loan is.

Covered Loans

Sometimes compliance definitions are basic, like Reg Z and its definition of closed end credit, “Closed-end credit means consumer credit other than ‘open-end credit’.“ That’s a very basic definition and fortunately we do get a little more in Regulation B describing a covered loan under Subpart B, but just a little more. The term “covered credit transaction” includes all business credit (including loans, lines of credit, credit cards, and merchant cash advances) unless otherwise excluded under § 1002.104(b). So, all business loans unless excluded. So, what is excluded?

  • Trade credit, (The financing arrangement between businesses for goods or services from without immediate payment in full. This will not likely hit your radar. The CFPB has opined this trade credit as being a business loan and will add the relationship between franchisees and franchisors to its purview with the lending entity considered a financial institution);
  • HMDA-reportable transactions (Yes – if you are not a HMDA bank, you need to learn what these are);
  • Insurance premium financing, (generally financing when a business agrees to repay a bank the proceeds advanced to an insurer for payment of the premium on the business’s insurance contract and the business assigns to the bank certain rights, obligations, and/or considerations in its insurance contract to secure repayment of the advanced proceeds);
  • Public utilities credit (see 1002.3(a)(1));
  • Securities credit (see 1002.3(b)(1)); and
  • Incidental credit (see 1002.3(c)(1), but without regard to whether the credit is consumer credit, is extended by a creditor, or is extended to a consumer).

A covered origination is a covered credit transaction that the financial institution (your bank) originated to a small business. Refinancings can be covered originations. (A refi is a loan created when an existing loan is satisfied and replaced by a new one by the same borrower.)  Note, extensions, renewals, and other amendments of existing transactions are not considered covered originations even if they increase the credit line or credit amount of the existing transaction.

Tier 1
If your bank originated at least 2,500 covered loans in both 2022 and 2023, you must begin collecting data and otherwise complying with the final rule on October 1, 2024.

Tier 2
If your bank originated 500 to 2,499 covered loans in both 2022 and 2023 and at least 100 in 2024, you must begin collecting data and otherwise complying with the final rule on April 1, 2025.

Tier 3
If your bank originated at least 100 covered loans in both 2024 and 2025, you must begin collecting data and otherwise complying with the final rule on January 1, 2026.

Guidance Documents – Tools

Above we note that “trade credit” is likely something your bank will not be involved in. It isn’t impossible, but it is not likely in my experience. The CFPB offered this guidance as its interpretation rather than formally update the Reg B interpretations/commentary. You can find the rule, FAQs, a data points chart, a key dates chart  and more on the CFPB’s resource page  here https://www.consumerfinance.gov/compliance/compliance-resources/small-business-lending-resources/small-business-lending-collection-and-reporting-requirements/ to help guide you through creating your 1071 Small Business Lending Rule implementation process.

 

June 2023 OBA Legal Briefs

  • Appraisal Bias, ECOA, FHA and USPAP
  • Changes in UCCC amounts effective 7/1/23

Appraisal Bias, ECOA, FHA and USPAP

By Andy Zavoina

Appraisal bias is a new big thing. Well, not brand new. It has been a problem for a few years and the current thrust is to promote an understanding of the rules and the results when an appraisal is done with fairness and accuracy in mind.

I recently attended a BOL Learning Connect webinar entitled, “Building a Safe & Sound Real Estate Program” by noted speaker and appraiser Eric Collinsworth. He started a segment on appraisal bias by referring to an interagency task force and PAVE, which stands for Property Appraisal and Valuation Equity. One of the task force’s major goals is to address “the persistent mis-valuation and undervaluation of properties experienced by families and communities of color.”

This task force also relates to actions from the Biden Administration, which said early on its goals include equal opportunity. In a 42-page National Strategy on Gender Equity and Equality it was stated that, “Women face barriers in access to consumer loans and other credit products, and women business owners have less access to capital. These inequalities compound over the course of a woman’s lifetime, jeopardizing her financial security later in life and affecting the generations that follow.”

It was also noted in Feb 2022 by AmericanProgress.org that, “To increase equitable access to loans, mortgages, and other lending for home-buying and renting, HUD began the process to restore the discriminatory effects rule to protect against housing policies, such as zoning requirements, lending and property insurance policies, criminal records policies, and others that have a disparate impact by race. Also, HUD issued a letter encouraging lenders to devise special purpose credit programs to remedy racial inequities in homeownership.” This philosophy of reducing barriers to allow consumers and their families and heirs to access equity and to pass it on to future generations to build wealth is also a part of the impetus behind eliminating appraisal bias.

AmericanProgress.org also noted, “Racial discrimination and injustice have entrenched stark racial disparities in homeownership rates and home values. Homeownership rates for Black Americans amount to 44 percent, well below the rates for white Americans at 74 percent and behind the national average of 65 percent. Hispanic and Asian, Native Hawaiian, and Pacific Islander (AAPI) people also own homes at rates lower than the national average, at 48 percent and 60 percent, respectively.”

Generally speaking, a home is often the largest single purchase the average American makes. We’ve all heard that home values only go up. While this is not a rule, it is generally true over time. And this increased value and decreasing debt against a home do combine to build wealth and provide wealth to the next generation often inheriting a home. The equity in a home can be used for many things that further build wealth and provide for a higher quality of life. This is one reason so many in the industry see appraisal bias as a major factor.

Carla Duffy’s appraisals

In 2021 National Public Radio ran a segment on appraisal bias. In Indianapolis, Indiana, Carla Duffy has a three-bedroom home in a historic Black neighborhood. The home had been completely renovated and was across from an attractive and well-maintained park. She purchased the home four years prior for $100,000. Duffy felt based on the renovation, appreciation, and low interest rates it was a good time to use her equity from a refinance to help her daughter renovate and improve her home. Duffy had an appraisal done and it indicated her home was worth $125,000. This is a thorough way to ascertain a value, but Duffy was not convinced the appraisal was accurate. She decided to get a market analysis as a way to verify the value and it indicated her home was worth $187,000. The latter is not an appraisal, but a 50 percent higher value was more of what she felt the home was worth. So, believing the first appraisal was low for some reason, and wanting the credibility an appraisal brings, she had a second appraisal done just a few months later. This one came in $15,000 lower than the first.

Duffy was persistent and had a theory. She applied with a different lender for a refinance and this time she omitted her gender and racial information from the government monitoring information section of her application. And before this third appraisal was done, she “cleaned” the home of racial indicators like family photos, and had a white friend of the family, a male, at her home to meet the appraiser when he came to view the property.

The third appraisal shocked Duffy – but this time in a good way. This appraisal came back with a value of $259,000. That is 107 percent higher than the first appraisal and 135 percent higher than the second. When a borrower wants to consolidate debt, purchase a car, or start a business as three common examples of equity funds use, those are significant differences. Just for the purposes of asset valuation, such disparities are very significant and obviously contribute to the wealth gap reported between whites and minorities.

Several housing studies have shown this, and cumulatively the Brookings Institute estimates Black people have lost an estimated $156 billion dollars. The effect of a discriminatory practice impacts more than the current owner; everyone is touched by how the equity is used in the homes. In this case, Duffy said, “the thing devaluing her home, was her” and she knew this was not right. She filed a complaint with HUD against two of the lenders.

The appraiser providing Duffy’s lowest appraised value commented on the story. He said his values are data driven and he couldn’t change the value if he wanted to because he cannot change the data. He explained that he prepares every appraisal with the knowledge that he may have to defend his results to peers and others, and this was no exception.

Gwen and Lorenzo Mitchell

One may read the Duffy story and believe this is surely an isolated incident – an anomaly. But let’s move to Denver, Colorado. The Philadelphia Inquirer ran a story on January 27, 2021, about Gwen and Lorenzo Mitchell. Their three-bedroom house sits in a racially diverse area where homes typically sell for $450,000 to $550,000. The couple estimated their home would appraise for about $500,000. Values had been going up and they saw this as an opportunity to refinance because they were in a strong housing market. Lorenzo was home with their three kids when the appraiser was there. Lorenzo is Black, and the home appraisal came back at $405,000. That seemed low. The comps were all taken from north of Martin Luther King Boulevard — a dividing line, if you will, between a predominantly Black neighborhood where the comps were, even though the Mitchells’ home is south of the boulevard in a more diverse area. That was a red flag to the Mitchells. So, they ordered a second appraisal. This time, only Gwen was home during the appraisal visit, and Gwen is white. This appraisal came back with a value of $550,000. That is a $145,000 increase in value, almost 36 percent. That’s quite a discrepancy, and there were no changes to the home between appraisals; the Mitchells said they didn’t even mow the yard between appraisals, it was in the exact same condition.

And in Connecticut  …

And in a story similar to Duffy’s, let’s finally consider a Black homeowner in Connecticut who had his home appraised at $340,000. He thought that was low and decided a second appraisal was advisable, so he took down family photos and other family racial indicators and had his white neighbor stand in during the on-site appraisal. In his case there was an 18 percent increase in the value of his home to $400,000, a $60,000 increase.  If you are financing or refinancing a home, these differences are significant and may be impacted by external circumstances, but race appears to be a common denominator.

A regulator’s view

Michael Hsu, the Acting Comptroller of the Currency, delivered remarks to raise awareness about the need to reduce bias in real estate appraisals at a CFPB event in June 2021 on bias in appraisals. His comments highlighted the significant impact bias in appraisals has on minority families. A few notable nuggets from Hsu’s remarks were that “We are here at an opportune time in history where the energy to tear down barriers to fair and equal participation in our economy may finally exceed the resistance protecting the status quo.” The Biden administration sees this as a chance to facilitate change and it is my opinion that those in charge of the regulatory agencies are in agreement with the administration and share these goals. Hsu went on to cite a few reasons appraisals with a bias are problematic. “Biased appraisals can keep a family from getting approved for a loan or raise the price of a loan. They can trap “undervalued” neighborhoods by depressing property taxes, resulting in lower income to support education and infrastructure. Biased appraisals mean good loans to creditworthy customers go unmade.” He went on to say, “discrimination and bias in appraisals contribute to inequity in housing values and adversely affect a critical source of wealth accumulation for minority families. The impact is large and cannot be ignored. Studies have found that homes in Black neighborhoods are valued at roughly half the price [of] homes in neighborhoods with few or no Black residents.” The undervaluing of property snowballs, as it can impact tax revenue and then everything which develops from that, schools, emergency services, public facilities, etc.

Hsu did point out that appraisal processes are not seen as a part of the banking industry, but that there are intersections, and the OCC expects banks to ensure their vendors treat customers fairly and do not discriminate. We are seeing banks held accountable for discrimination in appraisals they use. He also noted that holding banks accountable is necessary, but the problem as a whole is bigger than just banks. That is why PAVE is forcing USPAP’s processes to improve the appraisal process.

Reg B requires a disclosure of the consumer’s ability to receive a copy of any appraisal(s) and valuation(s) prepared in connection with first-lien loans secured by a dwelling to be provided to applicants within three business days of receiving the application. This is not new — it’s been in effect since January 18, 2014.  Appraisal bias is why this disclosure is a big deal and its importance in the disclosure and compliance process was accelerated more than a year ago. As an example, regulators are working to provide more oversight over the activities of the Appraisal Foundation, which has power over the appraisal industry. The CFPB has had public meetings to discuss appraisal bias.

Lenders, take note

More recently, the CFPB and the DOJ filed a joint Statement of Interest in the case of Nathan Connolly and Shani Mott, v. Shane Lanham, 20/20 Valuations, LLC, and loanDepot.com, LLC, in the United States District Court, District of Maryland case Civil Action No. 1:22-cv-02048-SAG. These two agencies say that mortgage lenders can be liable if they rely on a discriminatory appraisal even from a third-party appraiser. This case was brought by a Black family that had an appraisal done, replaced the photos with those of a white family, had a second appraisal done, and had an immediate increase in value. The defendants maintain they should not be the ones liable for the third-party appraisal. Appraisers must have independence. But this is when the CFPB and DOJ jumped in and said both the FHA and ECOA (Reg B) require lenders NOT to rely on appraisals that are inaccurate or violate the law. It was added that TILA’s (Reg Z) rules on appraisal independence agree that there is no requirement to follow a biased appraisal.

Regulatory agencies are expected to develop and implement changes to examinations procedures for mortgage lenders. Future examinations may look for evidence that a lender’s compliance management programs are considering appraisal bias as a risk, and the examiner may collect additional information on appraisal attributes and tailor exam aides to evaluate irregularities in appraisals which are evident in the loan file.

If you are making notes of to-do items, the importance of your appraisal reviews has just gone to a higher level, based on the opinion of these two agencies and expectations of future exams. There are new classes being offered specifically to combat appraisal bias. These are being offered to appraisers according to Collinsworth, but I suspect appraiser reviewers in bank could enroll or find similar training. He also stated, “Regulatory agencies will, as needed, devise and implement changes to how examinations of mortgage lenders under their purview are conducted. For example, examinations can look for evidence that a lender’s compliance management programs are considering appraisal bias as a risk, collect additional information on appraisal attributes and tailor exam aides to evaluate irregularities in appraisals documented in the loan file.”

Reg Z prohibits banks, lenders, and any other covered party from coercing, instructing, or inducing an appraiser to cause the appraised value to be based on any factor other than the appraiser’s independent judgment. Lenders and others also cannot alter an appraised value. Banks have gone to great lengths to separate the lender on a loan from having any control over the selection or instructions to an appraiser. Although the bank can ask the appraiser to consider additional information, provide further details or an explanation for this, or correct errors in the appraisal, there is a line the bank may not cross here as to influencing that appraisal’s outcome. The Statement filed with the court by the CFPB and DOJ does indicate the bank would be protected if it asks an appraiser to reconsider a value under certain circumstances. No specific examples were provided as to what would be acceptable to do this and remain protected. For appraisers, the Conduct section of the Ethics Rule states an appraiser “must not use or rely on unsupported conclusions relating to characteristics such as race, color, religion, national origin, gender, marital status, familial status, age, receipt of public assistance income, handicap, or an unsupported conclusion that homogeneity of such characteristics is necessary to maximize value.” A violation of these may be a circumstance allowing reconsideration especially if a bank believes discrimination may be involved. That then raises another concern—would the bank have to consider reporting an appraiser for such conduct?

When an appraisal is completed, there may be situations when the bank and the borrower believe the value is lower than expected or the reasoning for the values are flawed. This would be especially so if an inappropriate bias was believed to exist. Such a belief should be supported by facts. A reviewer would require adequate training and experience to support such a conclusion, and this would be based in part on their competence to perform the review and the complexity of the transaction and type of property in question. The bank should also have a policy and procedures to both protect the parties involved and maintain appraisal independence. From the Collinsworth webinar, here are four examples regarding periods when the institution may exchange information or contact with the appraiser include:

  1. A request to provide additional supporting information about the basis for the valuation
  2. Requesting consideration of additional sales or information provided by the lender or borrower
  3. Correct factual errors in an appraisal
  4. Requesting consideration of additional information about the subject property or comparable properties.

A duty to report?

What if the bank does reject an appraisal? Collinsworth said, “If an appraisal is “rejected” for failing to comply with USPAP or applicable state laws, or if the institution suspects the appraiser performed in other unethical or unprofessional conduct, a complaint should be filed with the appropriate state appraiser regulatory officials.  Furthermore, as of April 1, 2011, an institution MUST file a complaint with the appropriate state licensing agency if it believes the appraiser has materially failed to comply with USPAP or applicable state or federal laws according to Supplement I of Part [1026] of Regulation Z – Truth in Lending.  For purposes of this deficiency, material failure to comply is one that is likely to affect the value assigned to the consumer’s principal dwelling.  An institution MUST also file a suspicious activity report (SAR) with the Financial Crimes Enforcement Network of the Department of the Treasury (FinCEN) when suspecting fraud or identifying other transactions that meet the SAR filing criteria.

It should also be noted that if an examiner finds evidence of unethical or unprofessional conduct by an appraiser, they should instruct the institution to file a complaint with the necessary state appraiser regulatory officials and to file a SAR with FinCEN when required.  If the examiner determines there is a concern with the institution’s ability or willingness to file a complaint or make a referral, the examiner should forward his or her findings and recommendations to their supervisory office for disposition and referral to the state regulatory officials and FinCEN as necessary.  In addition, penalties could be assessed to the institution and the reviewer if deficiencies are found by the examiner and not reported as mentioned above.”

What if the bank or borrower wants a second appraisal? The regulators do expect the bank to follow a policy of selecting the most credible appraisal and not specifically the one with the highest value. Documentation should be maintained in the loan file to support the decision for using the valuation selected as most appropriate.

Editor’s note: Part II of Andy’s article on Appraisal Bias will appear in our July 2023 Legal Briefs.

Changes in UCCC amounts effective 7/1/23

By Pauli D. Loeffler

Sec. 1-106 of the Oklahoma Uniform Consumer Credit Code  in Title 14A (the “U3C”) makes certain dollar limits subject to change when there are changes in the Consumer Price Index for Urban Wage Earners and Clerical Workers, compiled by the Bureau of Labor Statistics, U.S. Department of Labor.  You can download and print the notification from the Oklahoma Department of Consumer Credit by clicking here.   It is also accessible on the OBA’s Legal Links page under Resources once you create an account through the My OBA Member Portal. You can access the Oklahoma Consumer Credit Code with regard to changes in dollar amounts for prior years on that page as well.

Increased Late Fee

The maximum late fee that may be assessed on a consumer loan is the greater of (a) five percent of the unpaid amount of the installment or (b) the dollar amount provided by rule of the Administrator for this section pursuant to § 1-106. As of July 1, 2023, the amount provided under (b) will increase by $2.00 to $31.00.

Late fees for consumer loans must be disclosed under both the UC3 and Reg Z, and the consumer must agree to the fee in writing. Any time a loan is originated, deferred, or renewed, the bank has the opportunity to obtain the borrower’s written consent to the increased late fee as set by the Administrator of the Oklahoma Department of Consumer Credit.  However, if a loan is already outstanding and is not being modified or renewed, a bank has no way to unilaterally increase the late fee amount if it states a specific amount in the loan agreement.

On the other hand, the bank may take advantage of an increase in the dollar amount for late fees if the late-fee disclosure is properly worded, such as:

“If any installment is not paid in full within ten (10) days after its scheduled due date, a late fee in an amount which is the greater of five percent (5%) of the unpaid amount of the payment or the maximum dollar amount established by rule of the Consumer Credit Administrator from time to time may be imposed.”

§ 3-508A. This section of the “U3C” sets the maximum annual percentage rate for certain loans. It provides three tiers with different rates based on unpaid principal balances that may be “blended.” It also has an alternative maximum rate that may be used rather than blending the rates. The amounts under each tier are NOT subject to annual adjustment by the Administrator of the Oklahoma Department of Consumer Credit under §1-106. However, a new subsection (4) was added allowing the lender to charge a closing fee which IS subject to adjustment under § 1-106. The closing fee, which was $167.33, has increased as follows:

(4)  In addition to the loan finance charge permitted in this section and other charges permitted in this act, a supervised lender may assess a lender closing fee not to exceed One Hundred Seventy-Eight Dollars and Eighty-Seven Cents ($178.87) upon consummation of the loan.

Note that the closing fee is NOT a finance charge under the OK U3C, and therefore not considered for purposes of usury. However, the fee IS a finance charge under Reg Z. Most banks use Reg Z disclosures. This means that it is possible that the fee under Reg Z disclosures will cause the APR to exceed the usury rate under § 3-508A. If that happens, document the file to show that the fee is excluded under the U3C in order to show the loan does not in fact violate Oklahoma’s usury provisions. Please note that the bank is NOT required to charge a closing fee at all, and banks may choose to not charge the fee at all, or charge less than the amount permitted under the statute.

You can access the § 3-508A Table https://www.oba.com/wp-content/uploads/2022/11/3-508A-ABS-Chart.pdf

§ 3-508B Loans

Some banks make small consumer loans based on a special finance-charge method that combines an initial “acquisition charge” with monthly “installment account handling charges,” rather than using the provisions of § 3-508A with regard to maximum annual percentage rate.

The permitted principal amounts for § 3-508B are adjusting from $1,740.00 to $3,450.00 for loans consummated on and after July 1, 2023.

Sec. 3-508B provides an alternative method of imposing a finance charge to that provided for Sec. 3-508A loans. Late or deferral fees and convenience fees as well as convenience fees for electronic payments under § 3-508C are permitted, but other fees cannot be imposed. No insurance charges, application fees, documentation fees, processing fees, returned check fees, credit bureau fees, nor any other kind of fee is allowed. No credit insurance, even if it is voluntary, can be sold in connection with § 3-508B loans. If a lender wants or needs to sell credit insurance or to impose other normal loan charges in connection with a loan, it will have to use § 3-508A instead.  Existing loans made under § 3-508B cannot be refinanced as or consolidated with or into § 3-508A loans, nor vice versa.

As indicated above, § 3-508B can be utilized only for loans not exceeding $3,450.00. Further, substantially equal monthly payments are required. The first scheduled payment cannot be due less than one (1) calendar month after the loan is made, and subsequent installments due at not less than 30-day intervals thereafter. The minimum term for loans is 60 days. The maximum term of any loan made under this section shall be one (1) month for each Ten Dollars ($10.00) of principal up to a maximum term of eighteen (18) months.  This would be loans not exceeding $621.00.  Loans under subparagraphs e through i of paragraph 1 of this section ($621.01 up to $2,300.00) the maximum terms shall be one (1) month for each Twenty Dollars ($20.00) of principal up to a maximum term of eighteen (18) months, and under subparagraphs j and k of paragraph 1 of this section ($2,300.01 – $3,450), the maximum terms shall be one (1) month for each Twenty Dollars ($20.00) of principal to a maximum term of twenty-four (24) months.

Lenders making § 3-508B loans should be careful and promptly change to the new dollar amount brackets, as well as the new permissible fees within each bracket for loans originated on and after July 1st. Because of peculiarities in how the bracket amounts are adjusted, using a chart with the old rates after June 30 may result in excess charges for certain small loans and violations of the U3C provisions.

Since §3-508B is “math intensive,” and the statute whether online or in a print version does NOT show updated acquisition fees and handling fees. I have inserted the current amounts effective on July 1, 2023 into the statute which you will find toward the bottom of the OBA Legal Links page under Sec. 3-508B – Effective July 1, 2023. Again, you will need to register an account with the OBA in order to access it.

The acquisition charge authorized under this statute is deemed to be earned at the time a loan is made and shall not be subject to refund. However, if the loan is prepaid in full, refinanced or consolidated within the first sixty (60) days, the acquisition charge will NOT be deemed fully earned and must be refunded pro rata at the rate of one-sixtieth (1/60) of the acquisition charge for each day from the date of the prepayment, refinancing or consolidation to the sixtieth day of the loan. The Department of Consumer Credit has published a Daily Acquisition Fee Refund Chart for prior years with links here: https://www.ok.gov/okdocc/Licenses_We_Regulate/Supervised_Lender/index.html  The Oklahoma Department had not published the Chart for 2023 at the time this article was written. Note if a loan is prepaid, the installment account handling charge shall also be subject to refund. A Monthly Refund Chart for handling charges for prior years can be accessed on the page indicated above, as well as § 3-508B Loan Rate (APR) Table.  I expect the charts and table for 2023 to be added shortly.

§3-511 Loans

I frequently get calls when lenders receive a warning from their loan origination systems that a loan may exceed the maximum interest rate. Nearly always, the banker says the interest rate does not exceed the alternative non-blended 25% rate allowed under § 3-508A according to their calculations. Usually, the cause for the red flag on the system is § 3-511. This is another section for which loan amounts may adjust annually. Here is the section with the amounts as effective for loans made on and after July 1, 2023, in bold type.

Supervised loans, not made pursuant to a revolving loan account, in which the principal loan amount is $6,200.00 or less and the rate of the loan finance charge calculated according to the actuarial method exceeds eighteen percent (18%) on the unpaid balances of the principal, shall be scheduled to be payable in substantially equal installments at equal periodic intervals except to the extent that the schedule of payments is adjusted to the seasonal or irregular income of the debtor; and

(a) over a period of not more than forty-nine (49) months if the principal is more than $1,860.00, or

(b) over a period of not more than thirty-seven (37) months if the principal is $1,860.00 or less.

The reason the warning has popped up is due to the italicized language: The small dollar loan’s APR exceeds 18%, and it is either single pay or interest-only with a balloon.

Dealer Paper “No Deficiency” Amount

If dealer paper is consumer-purpose and is secured by goods having an original cash price less than a certain dollar amount, and those goods are later repossessed or surrendered, the creditor cannot obtain a deficiency judgment if the collateral sells for less than the balance outstanding. This is covered in Section 5-103(2) of the U3C. This dollar amount was previously $5,800.00 and increases to $6,200.00 on July 1.