| HENRY C. MEIER, ESQ.

Get Ready for Increased NCUA Consumer Compliance Focus

Credit unions should prepare for increased scrutiny of their compliance with consumer protection laws now that ...

NCUA held its monthly board meeting this week. Credit unions should prepare for increased scrutiny of their compliance with consumer protection laws now that Chairman Harper has a Democratic ally. The Board voted unanimously to approve its 2024 Performance Plan, which aims to increase fair lending examinations to at least 60 this year. What’s more important is new board member Tanya Otsuka’s indication that she strongly supports this increased focus. She explained that “fair lending exams help ensure credit unions are fairly and equitably reaching all their members. Unfortunately, we’ve seen that redlining and lending discrimination continue to be a problem today. This will be an area of focus for me. I support a strong consumer compliance program and I’d like to work with the Board to continue to strengthen our fair lending and consumer protection efforts.” 

It’s safe to assume that NCUA’s greater emphasis on scrutinizing credit unions’ consumer compliance will indirectly impact all credit unions. Hopefully, this new emphasis does not overburden small credit unions, many of which struggle to afford the cost of complying with these regulatory mandates. In addition, it’s still a head-scratcher to me why the NCUA feels this is such an important priority when the largest credit unions are already subject to the direct supervision of the CFPB, and NCUA has produced no evidence that credit unions are systematically failing to comply with consumer protection laws. 

Other goals in the performance plan include approving at least fifteen additional “underserved area” designations and increased coordination with CDFI credit unions.

NCUA Receives Briefing On its DEIA 2024-2026 Strategic Plan 

Section 342 of the Dodd Frank Act requires agencies to annually report on their efforts to increase diversity within their workforce, the entities they regulate, and an agency’s vendor pool. The Board received a briefing on its Diversity, Equity, Inclusion and Accessibility Strategic Plan for 2024-2026. In discussing the plan, Chairman Harper underscored the importance of credit unions participating in the voluntary Diversity Self-Assessment Survey. CEOs received notice of the survey in October and can respond until February 15th. Last year, approximately 10% of credit unions responded to the survey.

Lurking in the background of any discussion of diversity initiatives is the question of how great an impact the Supreme Court’s decision in Fair Admissions v. Harvard will have on precisely these types of programs. Depending on which party wins the election, it seems inevitable that initiatives, such as NCUA’s, which emphasize encouraging greater diversity, will be questioned.

NCUA Releases Quarterly Economic Snapshot

The NCUA released its quarterly economic snapshot this week. Things have pretty much continued the way they have for the last couple of years. On a macro level, the industry is continuing its generally solid performance, but there are indications that more members are struggling to make payments. Among NCUA’s highlights:

  • The delinquency rate at federally insured credit unions was 72 basis points in the third quarter of 2023, up 19 basis points from one year earlier. The net charge-off ratio was 56 basis points, up 25 basis points compared with the third quarter of 2022. 
  • Insured shares and deposits rose $23 billion, or 1.4 percent, over the year ending in the third quarter of 2023, to $1.72 trillion.
  • The loan-to-share ratio stood at 84.8 percent in the third quarter of 2023, up from 78.4 percent in the third quarter of 2022.


Get Ready for Increased NCUA Consumer Compliance Focus -

| HENRY C. MEIER, ESQ.

CFPB Overdraft Proposal Is About More Than the Fee Cap!

The expenses of offering overdraft protections would increase considerably, causing some banks and credit unions to...

As you are undoubtedly aware, this week, the CFPB proposed its long-awaited expansion of Regulation Z requirements to depository institutions, like banks and credit unions, with $10 billion or more in assets that have the audacity to profit from offering overdraft protection products. Specifically, "Very Large Institutions" imposing more than the “break-even costs” of overdraft products would be required to provide protections, such as periodic statements. The proposed regulations would, however, include a safe harbor amount yet to be determined. Credit unions charging no more than the break-even amounts, which could range anywhere from $3-$14 under the CFPB’s proposal, would not be subject to Regulation Z’s mandates. 

The CFPB estimates that the regulation could take effect as early as October 2025. While institutions with less than $10 billion can breathe a sigh of relief for now, in the preamble, the CFPB notes that it will be analyzing the impact of this regulation and could impose similar requirements on smaller banks and credit unions. 

While the fee cap has gotten most of the attention, complying with this proposal for those credit unions going to provide initial disclosures would require the development of several additional protocols which may make even the largest institutions decide that the benefits aren’t worth the costs. For example, if the credit union provides an overdraft line of credit, this line of credit will now have to be provided in a separate account. Similar requirements are imposed on debit and credit cards. 

As burdensome as this proposal is, it is doubtful that a legal challenge to the authority of the CFPB to promulgate this regulation would be successful. The CFPB notes in the preamble that as early as 1969, when Regulation Z was first promulgated, regulators considered extending Regulation Z’s protections to overdraft products, but decided not to do so as a matter of policy. Furthermore, a strong argument can be made that overdraft products are consumer loans, particularly when they include lines of credit. The CFPB will be accepting comments on this proposal until April 1, 2024. 

CFPB Overdraft Proposal Is About More Than the Fee Cap! -

|

What is the liability in likely cases of fraud against the elderly?

A high-profile case in which an estate is seeking millions of dollars from Navy Federal and Wells Fargo is headed for appeal...

A high-profile case in which an estate is seeking millions of dollars from Navy Federal and Wells Fargo is headed for appeal. In re Est. of Cook, No. 1:23-CV-00009, 2023 WL 3467209, at *1 (E.D. Va. May 15, 2023) involves an elderly gentleman who was conned into making a series of wire transfers totaling millions of dollars. Navy Federal Credit Union was so concerned about these transactions that it contacted Adult Protective Services (APS) and urged the member not to make them, but the gentleman refused to listen and the credit union and bank continued to execute the transfers despite the concerns.

The estate argued that Navy Federal and Wells Fargo had a duty to protect the victim in part by deciding to bring its concerns to the attention of protective services. The plaintiff also argued that the financial institutions were negligent in permitting the transactions to go forward. The court rejected both these arguments, noting that “no provision of Section [8.]4A imposes liability on a receiving bank that properly executes a duly authorized wire transfer by the sender.” Id at 2. In addition, nothing in the account language imposed this obligation on the financial institutions.

While I believe this ruling articulates settled law, this area may change gradually over time. Most notably, the federal district court in Washington, D.C. refused to dismiss a lawsuit brought against PNC Bank after it executed a series of transactions requested by an older customer who was conned into making the transfers. This court held that Article 4A, in conjunction with the account agreement, created an implied duty of ordinary care, which the bank may have breached. PNC settled this case. See Bloom v. PNC Bank, N.A., 659 F. Supp. 3d 27 (D.D.C. 2023).

What is the liability in likely cases of fraud against the elderly? -

|

Why your credit union needs to care about Chevron deference

Credit unions may not know of the term Chevron deference, but this critical precedent could be blown up in a current Supreme Court case. The ruling gives the NCUA and other regulators...

The CFPB’s decision to propose new conditions on “very large” financial institutions providing overdraft services wasn’t the only big news this week. 

The Supreme Court heard oral arguments in a case that could, depending on how it is decided, have profound implications for the ability of federal administrative agencies, including the NCUA and the CFPB, to promulgate regulations. 

Relentless, Inc. v. Dept. of Commerce is a case I have commented on frequently in the blogosphere. Ostensibly, it addresses whether federal law gives an obscure federal office the ability to make fishermen pay for the cost of monitors on their boats. But the case is really about whether the Supreme Court should jettison a 40-year-old case, Chevron U.S.A., Inc. v. NRDC, 467 U.S. 837 (1984). 

Why does Chevron matter?

Chevron established a framework for how courts determine whether an agency’s regulation interpreting a federal statute should be upheld. This may seem like a classically arcane and esoteric issue, of interest only to law school professors in staff rooms during their lunch breaks, but Chevron has become an integral component of the administrative state. 

Over the last 40 years Chevron has been cited in cases more than 18,000 times. For the credit union industry, it has been a key determining factor in some of its most important cases. It was why a federal court of appeals upheld the NCUA’s expansive definition of “ local community” when the banks challenged it in Am. Bankers Ass'n v. Nat'l Credit Union Admin., 306 F. Supp. 3d 44, 48 (D.D.C. 2018), rev'd and remanded, 934 F.3d 649 (D.C. Cir. 2019).

Conversely, in the seminal 1998 Supreme Court case striking down NCUA’s regulation expanding the authority of credit unions to comprise multiple select employee groups, the Court concluded that NCUA was seeking to exercise its powers beyond the flexibility provided by Chevron. Nat'l Credit Union Admin. v. First Nat. Bank & Tr. Co., 522 U.S. 479, 483, 118 S. Ct. 927, 930, 140 L. Ed. 2d 1 (1998). It has also impacted your HR practices and mortgage regulations promulgated by the CFPB. PHH Corp. v. Consumer Fin. Prot. Bureau, 881 F.3d 75, 112 (D.C. Cir. 2018), abrogated by Seila L. LLC v. Consumer Fin. Prot. Bureau, 140 S. Ct. 2183, 207 L. Ed. 2d 494 (2020).

The argument

This week’s oral argument underscored precisely what a big deal discarding the Chevron framework could be. For example, with each new change in administration, particularly when the new president comes from the opposing party, a flurry of new regulations undo some of the most important regulations passed by the previous administration. Justice Kavanaugh argues that these dramatic changes in interpretation don’t reflect a changing view of how the statute should be interpreted from a legal standpoint. “I think they're doing it because they have disagreement with the policy of the prior administration, and they're using what Chevron gives them and what they can't get through Congress to do it themselves, self-help, and to do it themselves unilaterally, which is completely inconsistent with bicameralism and presentment to get your policy objectives enacted into law.”

Chevron affects HR, too

Again, this isn’t some abstract legal argument but an issue that has practical implications for how your employees spend their days. Just last week, the US Department of Labor finalized regulations essentially reversing amendments made by the Department of Labor during the Trump Administration. The preamble contained numerous legal citations arguing that the latest amendments more closely adhered to the Fair Labor Standards Act’s treatment of independent contractors. In reality, the impetus for these changes was a policy debate over how to regulate so-called “gig economy” workers. To Chevron critics, this is precisely the debate that Congress should decide. 

Eliminating Chevron could affect previous decisions

Chevron’s legacy is, however, a complicated issue, and the answer is not clear-cut. For example, Justice Barrett expressed concern about the impact a ruling to discard Chevron could have on previous decisions upholding regulations based on Chevron deference. She asked whether a decision ending Chevron “would [be] inviting a flood of litigation, even if for the moment those holdings stay intact?” 

Other justices pointed out that Congress has passed laws for forty years with the knowledge that agencies with expertise in arcane areas of the law, such as the monitoring of fishing activity, will ultimately decide on how best to address ambiguities in Congress’s handiwork. 

Again, this is not an abstraction. When Congress passed the Durbin Act, it tasked the Federal Reserve with the responsibility of determining what costs should be included in calculating the debit card interchange fee cap imposed on large financial institutions and implementing the network “non-exclusivity” rule  The Federal Reserve’s regulations were challenged by retailers but the regulations were upheld on appeal because the Court ruled that Durbin’s mandates were ambiguous and that it should defer to the Boards reasonable interpretation of the amendment.  NACS v. Bd. of Governors of Fed. Rsrv. Sys., 958 F. Supp. 2d 85, 86 (D.D.C. 2013), rev'd, 746 F.3d 474 (D.C. Cir. 2014)

Is there a middle ground? Maybe, maybe not. Solicitor General Prelogar agreed with the conservative justices who argued that courts were too quick to declare that a statutory provision was ambiguous and defer to an agency interpretation. Perhaps the court could enact a higher standard for finding a statute ambiguous. But such a result is unlikely to mollify some of the court’s more conservative members. For instance, Justice Alito challenged Solicitor General Prelogar to provide a workable definition of ambiguity. He did not seem satisfied with her answer. 

We will have a decision in this case by the end of this term this fall. 

 

 

 

Why your credit union needs to care about Chevron deference -

| HENRY C. MEIER, ESQ.

What’s Happening? Regulatory Round Up from the NCUA to the OCC

The NCUA was given fuel for its third-party oversight fire when 60 credit unions were suffered digital blackouts over the last few weeks. At the same time, the agency reported credit unions' Q3 results, including increasing CDs as financial institutions scrap for deposits amid tight liquidity with interest rates not seen in years. That's good because credit unions are going to need more of an allowance for rising delinquencies and CECL expenses.

In other agency news that might touch on credit unions, the IRS is looking at expanding retirement account access to long-term, part-time employees; the CFPB is taking enforcement action against a bank over how customers opt-in to overdraft protection; and the OCC handed down guidance on Buy Now-Pay Later products.

Do You Know Who Your Vendor’s Vendors Are?

The biggest regulatory development of the week is the news that 60 small credit unions were virtually shut down for several days, as members can’t get account information as a result of a ransomware attack. According to the CU Times, while the scope of the ransomware attack or who conducted the attack isn’t fully known, it appears the attack was aimed at Ongoing Operations, a credit union information technology organization acquired by credit union Fintech Trellance in November 2022, and FedComp, a third-party vendor of Trellance. 

This is exactly the type of scenario that has concerned NCUA given its lack of oversight over third-party vendors. Expect the agency to put even more emphasis on third-party due diligence and baseline contractual provisions that seek to place requirements on third parties with whom vendors operate. 

Recently, federal banking regulators, with the exception of NCUA, finalized this guidance updating due diligence expectations for financial institutions. The guidance explains that “An evaluation of the volume and types of subcontracted activities and the degree to which the third party relies on subcontractors helps inform whether such subcontracting arrangements pose additional or heightened risk to a banking organization.”

This would not be a bad time to ask yourself if your existing due diligence and operational framework adequately protects the credit union against attacks on your vendor’s vendors. Among the questions that I would be asking are: with whom does your vendor work? Does your vendor utilize third parties to store cloud-based information? Are you sure that your data is backed up? And, does your contract provide recourse for the failure of your vendor to meet these baseline requirements?

NCUA's Third Quarter Industry Snapshot: Is the Glass Half-Empty or Half-Full for Credit Unions?

 The NCUA released its quarterly snapshot of the industry’s financial health. Not surprisingly, the industry is a reflection of trends we are seeing in the larger economy. In the aggregate, the industry remains strong but there are also warning signs for those who are inclined to worry. To me, the most intriguing findings include:

●      Members are in search of higher yields; share certificates grew $185.9 billion, or 72.0 percent, over the year to $444.2 billion.

●      Delinquencies are on the rise; The delinquency rate at federally insured credit unions was 72 basis points in the third quarter of 2023, up 19 basis points from one year earlier. The net charge-off ratio was 56 basis points, up 25 basis points compared with the third quarter of 2022.

●      CECL is having an impact; the credit union system’s provision for loan and lease losses or credit loss expense increased $5.5 billion, or 125.5 percent, to $9.9 billion at an annual rate in the first three quarters of 2023.

IRS Proposes Regulations Expanding Access to Retirement Plans for Long-Term, Part-Time Employees

With the caveat that yours truly makes absolutely no representation that he is a retirement benefits expert, I wanted to bring to your attention a regulation proposed by the IRS on November 27 to implement parts of the Retirement Enhancement Act of 2019 (SECURE Act), enacted on December 20, 2019, and the SECURE 2.0 Act of 2022. This is certainly a development of which your HR team should be aware. Taken together this legislation reduced from 1000 to 500 the number of hours an employee had to work per year to be eligible for participation in employer-sponsored retirement plans. This legislation also reduced from 3 to 2 years the number of years an employee has to be employed to be entitled to participate in these plans. These requirements start taking effect on January 1, 2024. These regulations provide answers to important questions such as exactly how part-time a long-term part-time employee is defined.

CFPB Brings Enforcement Action Against Bank Based on How New Members Opt-In to Overdraft Protection Programs

For the second time, the Bureau has brought an enforcement action against a bank for allowing customers to opt in to receiving overdraft protection without first being given written notice required under federal law. Make sure your institution isn’t making the same mistake.

To what mistake am I referring to? According to the NCUA, “under Respondent’s branch enrollment procedures, Respondent’s branch employees do not print the written overdraft notice for new customers until the end of the account-opening process. This form is entitled ‘What You Need to Know about Overdrafts,’ which is [the Bank’s] version of the Regulation E model consent form (the A-9 Form).” The bottom line: make sure you document that members are given the appropriate disclosures before they agree to overdraft protection, as opposed to simply providing them a packet of disclosures after they have signed up. 

Buy Now-Pay Later Guidance Issued By OCC

In my ever so humble opinion it is not a question of if but when your credit union will start getting involved in the buy-now-pay-later ecosystem. Generally speaking, a buy-now-pay-later loan is an installment loan made to a merchant payable in four or less payments that charges no interest and facilitates the purchase of a product. Lenders have relationships with merchants either directly or indirectly pursuant to which they purchase these loans in return for the payment of a fee by the merchant which is typically larger than an interchange fee There is a lot of evidence to suggest that credit card averse young people like this option.

Of course, these loans present unique challenges for credit unions because of field of membership restrictions, but in reality, there was little difference between the technology used to facilitate these loans and the type of platforms used to allow credit unions to purchase automobile loans. Furthermore, the recent eligible obligation amendments give credit unions the flexibility they need to take a serious look at this type of activity.

Consequently, you may want to take a look at this guidance issued by the OCC providing examples of the risks posed by BNPL products and the issues that should be taken into account for the unique features of these loans. Among the issues that should be considered are: Credit Reporting Agencies have not yet started monitoring the repayment history of BNPL borrowers, so it may be particularly challenging to develop appropriate underwriting standards; because these are short-term loans, new collection protocols-such as determining when to reach out to delinquent borrowers-need to be addressed and many of these programs involve partnering with third-party lenders for whom appropriate due diligence needs to take place.

What’s Happening? Regulatory Round Up from the NCUA to the OCC -

|

Get Your Call Reports in On Time or Suffer the Consequences

NCUA put credit unions on notice that it will once again start imposing penalties on credit unions that miss the deadline for submitting their quarterly call reports. Penalties have been suspended since December 2019 because of the pandemic. Just how serious is NCUA about this reimposed mandate? Well, in the press release announcing this change, NCUA said that the December 2023 call report will be in by 11:59:59 on January 30, 2024, or else.

Get Your Call Reports in On Time or Suffer the Consequences -

|

CFPB Has Kept Busy This Holiday Season

While most companies and government agencies are settling in for the typical holiday hibernation, the Consumer Financial Protection Bureau is keeping me and credit unions and banks on their toes! Here's what the CFPB has been up to...

CFPB to Propose Regulations Restricting Overdraft Fees

Like a boa constrictor in the Amazon rain forest, the CFPB continues to squeeze the life out of overdraft fees. According to press reports, the Bureau is shortly expected to propose Truth in Lending disclosure requirements for overdraft products. This would be a major shift in policy since regulators have previously exempted overdraft products, such as lines of credit from Reg Z’s disclosure requirements.

On the bright side, in testimony on Thursday, Bureau Director Chopra assured the assembled legislators that any proposal in this area would not impact financial institution liquidity. I’m not sure how he can be so confident, but we will have to wait and see. 

CFPB Fines BOA $12M for Failing to Record the Demographic Data of Mortgage Applicants

The CFPB announced that Bank of America had violated HMDA by willfully reporting false information about mortgage applicants. According to the CFPB, hundreds of Bank of America’s loan officers falsely reported that 100% of their mortgage applicants did not wish to report their demographic data. “In fact, loan officers were not asking applicants for demographic data but were falsely reporting that applicants were refusing to give the data.” 

While the numbers may certainly suggest that Bank of America is guilty, the fine does raise the question if there is a percentage of expected responses regarding applicant demographics below which mortgage lenders are presumptively violating HMDA. The bottom line is to make sure your loan originators are asking the appropriate questions. 

CFPB Cracks Down on Sloppy GAP Insurance Reimbursement Policies 

On November 20, the CFPB announced that it issued a $60M civil penalty against Toyota Motor Credit and ordered it to “stop its unlawful practices” related to add-on service purchases, including GAP and Credit Life and Accidental Health (CLAH) products. GAP is, of course, designed to allow a consumer to be relieved of paying the difference between the face value of a car that has been destroyed in an accident and the remaining balance outstanding on a car loan. CLAH is designed to pay the remaining balance due on a car loan if the debtor dies or becomes disabled. Both products have drawn scrutiny from regulators and class action attorneys who allege credit unions and banks make consumers overpay for these products and falsely report car loans as delinquent even though they have this coverage. For example, the Bureau said that Toyota Motor made it “unreasonably difficult for consumers to receive refunds for overpayments.”

CFPB Has Kept Busy This Holiday Season -

|

Where Is Your Members’ Data on the Cyber Supply Chain?

News that approximately 60 credit unions have been impacted by a cybersecurity attack on a technology provider has both immediate implications for the industry and should have larger consequences for the entire financial sector. Simply put, this incident is a smaller scale version of what could happen and probably will happen on a much larger scale, unless changes can be made to the dynamics facing the integration of technology into the financial services infrastructure.

Although precisely what happened is not yet known, what we do know based on press reports is that a ransomware attack affected a unit of Trellance, a cloud computing provider used by some credit union vendors. As a result, the impacted credit unions lost access to member account information.

As for its impact on the credit union industry, NCUA Chairman Todd Harper has been warning for months that ... Read the complete article on Credit Union Times.

Where Is Your Members’ Data on the Cyber Supply Chain? -

| HENRY C. MEIER, ESQ.

New York’s Department of financial services unveils updated Cyber Security regulations

On November 1, New York’s Department of Financial Services finalized several important amendments to its cyber security regulations (23 NYCRR 500). These changes have important implications not only for New York State chartered and licensed institutions, such as CUSO’s, but for any vendors doing business with those entities.

Since promulgating its “first in the Nation” cyber security regulations in 2017, the Department of financial services has aggressively used these regulations to impose baseline cyber security protocols on state licensed and chartered institutions. New York’s regulations do much more than simply mandate reporting of suspected cyber breaches. They require regulated entities to certify that they maintain programs designed to protect the confidentiality, integrity, and availability of the covered entity’s information systems. These programs must include periodic penetration testing and be approved at the highest levels of regulated businesses.

In the absence of comprehensive federal regulation, New York’s protocols have had a nationwide impact by providing a regulatory model for other jurisdictions to follow. The regulations also mandate that vendor contracts incorporate many of the Part 500 requirements even if vendors are headquartered outside of New York. Compliance with these regulations is a top priority for the Department of Financial Services as demonstrated by the penalties imposed on several companies for violations. In short, if you are a state-charted bank or credit union or otherwise licensed by DFS, preparing for these changes is a top priority. In addition, even if you are not subject to New York State law if you are responsible for protecting your company’s data security you should know about these important changes.

New York’s Department of financial services unveils updated Cyber Security regulations -

| HENRY C. MEIER, ESQ.

Why a Ruling Against the CFPB is Bad for CUs

Just like the NFL likes to kick off its season with its most dramatic rivalries, the Supreme Court likes to start terms with some of its most dramatic cases. So it is not surprising that Cmty. Fin. Servs. Ass’n of Am. v. Consumer Fin. Prot. Bureau  was argued on the first Tuesday in October. It’s a real doozy.

In case you have been out of the country and cut off from the internet for the last year, this is the case in which the Court of Appeals for the Fifth Circuit ruled that the CFPB acted consistent with its Unfair and Deceptive Acts and Practices (UDAAP) powers when it promulgated regulations curtailing payday loans but then ruled that the mechanism devised by Congress to fund the Bureau was unconstitutional, implicitly finding that all the actions ever taken by the CFPB were therefore invalid.

On occasion there is a natural desire to want to ”stick it to the Man,” especially when the Man is responsible for imposing ten years’ worth of consumer protection mandates on a credit union industry that didn’t feel it needed to be regulated into helping the consumer in the first place. But the reality is that the less the Court does to undermine the CFPB and its regulations, the better off the industry. In fact, a dramatic ruling will result in more legal and compliance risks for credit unions and a regulatory framework which provides little more flexibility than what the industry has today.

Don’t get me wrong. If I made my living as a law professor instead of providing legal and compliance advice to credit unions, I would be taking a different view of this case. Congress never should have delegated so much authority to one unelected regulator. Almost every consumer in the country and thousands of businesses are impacted not only by the regulations the CFPB promulgates but by the actions it takes pursuant to its overly broad authority to define and prosecute Unfair and Deceptive Acts and Practices. But by upholding an expansive view of the Bureau’s UDAAP authority only to invalidate the Bureau based on the way it is funded, the Fifth Circuit used a chainsaw when a scalpel was needed.

Anyone who offers mortgages to their members should brace themselves. Virtually every stage in the lifecycle of a mortgage loan, from the point at which a member is deemed to have requested a Loan Estimate to the steps that must be taken when a member is struggling to make her payments and facing foreclosure is addressed in regulations that have been promulgated by the CFPB. Now imagine if all these regulations cease to exist. Does this mean that a member is no longer entitled to a Closing Disclosure which was designed pursuant to CFPB regulations? Does it mean that there is no longer a federal definition of what constitutes a Qualified Mortgage? No one really knows the answer to any of these questions, which is why the Mortgage Bankers Association warned the Court in its brief that “[t]he litigation and widespread uncertainty that would likely result from a decision that suddenly called all the CFPB’s rules into question would prove devastating to the mortgage market.”

And as depository financial institutions, the ruling’s impact will go far beyond the mortgage lending industry. Any enforcement action or guidance issued by the Bureau would cease to have legal effect. Your credit union would have to decide when to modify its operational practices against the backdrop of an almost unprecedented legal miasma for which much legal advice would be of limited value. Think of the number of credit unions that have decided to forego overdraft and other fees not because they thought they were treating their members unfairly but because the CFPB decided that such fees were “unfair.”

It might be tempting to convince yourself that uncertainty is a price worth paying to do away with the Bureau. But the legal equivalent of closing your eyes and clicking your heels is not going to turn the CFPB into a bad dream. If the Bureau closed tomorrow every federal agency and many state legislatures and regulators would rush to fill the void. Politics, like nature, abhors a vacuum. Enhanced disclosure requirements might have different names, but credit unions would still have to comply with them, “qualified mortgages,” and the ever-present threat of class action litigation. But, without the CFPB, each one of these obligations will vary by state, regulator, and courtroom. The NCUA for example has already expressed concern about consumer compliance issues and would most likely impose tougher examination requirements on credit unions with $10 billion or more in assets no longer subject to examination by the CFPB.

Another scenario, supported by NAFCU and CUNA in their joint amicus brief, is for the Court to invalidate the Bureau’s funding mechanism but stay the ruling to give Congress time to craft a legislative fix. Unfortunately, the likelihood of Congress being able to enact major legislation in the months leading up to Congressional and Presidential elections is about as likely as Fox News endorsing President Biden’s reelection. Let’s say I’m being too pessimistic, and Congress can resurrect the Bureau. Even this best-case scenario would most likely mean a burst of new regulations further driving up compliance costs.

At the end of the day the Bureau or its legacy is going to continue to impact your credit union no matter what the Court rules. Consumers and financial institutions alike would be better off working with the regulations and laws they have been working with for more than a decade and have spent billions of dollars to comply with rather than scrambling to comply with a pandora’s box of new interpretations and legislation.

Henry Meier, Esq.

Henry Meier is the former General Counsel of the New York Credit Union Association, where he authored the popular New York State of Mind blog. He now provides legal advice to credit unions on a broad range of legal, regulatory and legislative issues. He can be reached at (518) 223-5126 or via email at henrymeieresq@outlook.com.

Originally published in CU Times By ALM Media

Why a Ruling Against the CFPB is Bad for CUs - Originally posted on CU Times on October 2, 2023

| HENRY C. MEIER, ESQ.

So, You Want to Expel Some Members?

At last week’s NCUA board meeting, the board acted very much like a parent giving their kid keys to the car for the first time.

On the one hand, everyone generally understands and supports the need to increase the ability of credit unions to expel violent, abusive and disruptive members. After all, similar powers already exist in many states and are used to ensure that staff is not mistreated or put in harm’s way.

On the other hand, the board is clearly concerned that some credit unions may use their increased powers to expel more members than they should. Consequently, as you move to implement the notice and bylaws provisions provided by the NCUA, you should be mindful of the dichotomy of the plain language of the statute and the NCUA’s interpretation of congressional intent.

President Biden signed the Credit Union Governance Modernization Act into law in March 2022. It gave the NCUA 18 months to develop regulations permitting credit unions to expel members with a simple two-thirds vote of the board of directors as opposed to requiring a special meeting of the entire membership. Congress specified four areas in which members could be expelled for cause: Causing a material loss; violations of membership agreements; causing substantial disruption of operations; and fraud, attempted fraud, other illegal behavior, or dangerous or abusive behavior, such as physical or verbal abuse of members or staff.

Crucially, the statute now permits credit unions to expel members for conduct that would have typically been dealt with through the credit union’s limitation of services policy. In last week’s meeting, the board stressed that expulsion should not be viewed as a replacement for existing limitation of services policies, but instead should be used in rare circumstances. Again, this is not something that you would necessarily infer from either the statute or a reading of the regulations without reference to the preamble.

The regulations finalized by the NCUA last week provide credit unions with a model bylaw amendment to implement the expulsion authority and a model notice for credit unions to put members on notice of these changes as required by the statute. The NCUA is allowing credit unions to incorporate the notice into their account agreements, but remember, as with any other account agreement amendment, existing members have to be made aware of these changes.

The statute does not include a baseline standard that must be satisfied in order for a member to be expelled. However, the preamble stresses:

Consistent with certain statements in the legislative history, use of the authority under the Governance Modernization Act should be rare and used only for egregious member behavior.

What type of issues does this raise for your credit union as it considers when and if to expel members, particularly when the member’s actions do not involve abusive behavior? Under the statute, credit unions can expel members for “a substantial or repeated violation.” In the final regulation, the NCUA requires credit unions to provide members a warning stating, “an initial notice is necessary to ensure members are aware that they may be expelled for repeated, non-substantial violations.” Furthermore, repeated violations must occur within a two-year period. Again, this reflects the concern of the board to ensure that credit unions maintain their cooperative member-owned ethos and provide access to members of modest means.

There is nothing unusual about individual policymakers trying to influence the way in which regulations are ultimately interpreted. At the end of the day, won’t the preamble fade into the background and the plain language of the regulation prevail? Probably not. At least in the short term, the NCUA will be actively involved in influencing how this new power is being exercised.

First, expulsion records will have to be maintained for six years, and you should assume they will be reviewed by examiners. Chairman Todd Harper also urged credit unions to periodically assess their practices to ensure they are not having a disparate impact on the membership. Most importantly, your members must be provided notice of their ability to contact the NCUA if they are being treated unfairly. Specifically, the model notice provided to members informs them that, “You may submit any complaints about your pending expulsion or expulsion to NCUA’s Consumer Assistance Center if the complaint cannot be resolved with the credit union.”

So what does all of this mean for your credit union? Utilizing this newfound authority involves much more than voting to amend your bylaws and providing notice of this policy change to your membership. Properly implemented, you should consider the circumstances under which you will use this policy and understand that, from the NCUA’s perspective, expulsion should be a last resort.

And just one more thing to keep in mind: In order to properly implement these regulations, your credit union should draft procedures to ensure that you provide adequate notice to members facing expulsion and properly conduct hearings when they are requested.

So, You Want to Expel Some Members? - Originally posted on CU Times on July 25, 2023

| HENRY C. MEIER, ESQ.

At Least We Have the CFPB

I usually find myself somewhat critical of the Dodd-Frank Act but I have to admit it really has shown its worth during the latest banking crisis.

For example, the “living wills” intended to create a game plan for the orderly bankruptcy of the nation’s largest banks really came in handy in preventing a frantic search for buyers of Silicon Valley Bank et al. Otherwise, we may have had to have regulators guaranteeing deposits and businesses rushing to put funds in even larger banks.

And it sure is a good thing we nationalized mortgage lending standards to ensure that reckless real estate lending could never again contribute to a banking crisis. Otherwise, First Republic Bank might have specialized in making long-term mortgage loans to the wealthy, contributing to a recklessly illiquid portfolio that exacerbated the crisis.

At least it increased collateral requirements, albeit ones that were watered down for community banks like the ones that failed. Then again, does anyone really believe that increased collateral requirements would have prevented banks from loading up their accounts with uninsured deposits? Barney Frank doesn’t. By the way, does anyone see the irony of a named sponsor of banking reform being on the board of one of the most significant bank failures since his legislation passed?

Well, at least Congress took a close look at the changes made under Gramm-Leach-Bliley, which tore down the remaining distinctions between commercial and investment banks. Otherwise, a relatively small community bank in Silicon Valley might think it’s a good business strategy to specialize in opening accounts for companies wanting to access computer-generated make-believe money, which is more unstable than most securities.

To be fair, at least the bankruptcy of Fannie and Freddie gave government the opportunity to reevaluate the need for two quasi-private entities that do essentially the same thing and which certainly played a role, albeit a somewhat understated one, in the 2008 financial crisis. If only that were true. They are both alive and well, and the FHFA under the Biden administration is aggressively using the GSEs to pursue its housing agenda.

Well, wait a second, if the Dodd-Frank Act didn’t curtail large banks from getting larger; the Main Street economy from blending ever more closely with Wall Street; and didn’t do anything to prevent bank runs, then what did it accomplish?

Unfortunately, any reader of this column knows the answer. It imposed a national framework of consumer protection oversight which has, to be fair, added protections for consumers and demystified the home-buying process but has done so by creating a huge industry of consumer protection litigation and increased compliance costs, which have contributed to driving more and more of the small guys out of business.

In fact, the more I think about it, I think that consumer advocates pulled off some of the greatest legislative trickery ever. They used a banking crisis, which had nothing to do with consumer protection, and successfully fought for the creation of a bureau that has an independent source of funding and wide latitude to interpret laws the way it feels it should be interpreted.

History won’t be a kind judge.

In 1907, JP Morgan single handedly acted as a Federal Reserve Bank to stop a bank run. What followed was a series of major banking reforms creating the Federal Reserve Banking System, imposing true firewalls between investment and commercial lending, introducing deposit insurance and creating credit unions. Fast forward 100 years, and starting in the mid-90s, we have now passed a series of laws doing away with all those reforms but placating the reform minded by creating the CFPB. The result was that Jaime Dimon played very much the same role as JP Morgan. But now, we have few meaningful institutions to prevent similar disruptions in the future. In fact, the safest thing for the American consumer to do is to put more and more of their money into the largest banks. At least they can afford to comply with the CFPB’s mandates.

At Least We Have the CFPB - First Published in Credit Union Times

| HENRY C. MEIER, ESQ.

Is Your Arbitration Clause Enforceable?

As I have said before, given the explosion of class-action lawsuits involving credit unions over the last 15 years, any growing credit union should consider whether to put an arbitration clause into its account agreements. Properly crafted and disclosed to their members, an arbitration clause can eliminate the risk and expense of being subjected to a potentially expensive class-action lawsuit while continuing to provide legitimately aggrieved members a mechanism for addressing their concerns with the credit union. The good news is that, as more and more credit unions join banks in adopting these clauses, the clearer the rules of the road – which brings me to the inspiration for this column.


On Thursday, a state appeals court in Colorado reversed a lower court ruling and upheld the imposition of an arbitration clause against a member who was seeking to bring a class-action lawsuit. The case I am talking about is Macasero vs. ENT Credit Union (Macasero v. ENT Credit Union :: 2023 :: Colorado Court of Appeals Decisions :: Colorado Case Law :: Colorado Law :: US Law :: Justia). In 2014, Cecilia Macasero became a member of the credit union to get a car loan. When she became a member, she agreed to accept electronic disclosures. In 2014, the account agreement she signed did not contain an arbitration clause but did include a provision explaining to members that the agreement’s terms “are subject to change at any time at the discretion of ENT.” The notice went on to explain that members would be notified of any change in terms “by utilizing your account and related services you agree to amendments of the terms of this agreement, which have been made available to you …” In 2019, the credit union updated its account agreement to include arbitration and a class action waiver. The credit union notified members by mail or email, depending on how they agreed to receive information, but both groups were put on notice in their bank statements. Our plaintiff conceded that she had received the email notification, but she said she didn’t know of the changes because she didn’t bother opening the email.

The court ruled that, regardless of whether the email was opened, the credit union had taken the necessary steps to put the member on notice that the amendments were being made and the language in the account agreement provided adequate notice that the credit union could unilaterally make changes. Furthermore, the court ruled that the email sent to members was displayed in a way that let members understand where they could get more information about these changes. As concisely summarized by the court, the plaintiff “was placed on constructive notice of the change in terms because she received the notice in the manner she had agreed upon and the notice was sufficiently clear and conspicuous, considering the party’s prior … dealings [and] that the notice was reasonably conspicuous, and the change of terms was easily accessible.” In other words, the credit union had checked all the boxes.

But don’t get too excited. The case articulates all the appropriate guide posts for you to consider in integrating arbitration clauses into your credit union’s account agreement but, yes there is always a but, how the courts will interpret a given credit union’s compliance with these criteria varies depending on where your credit union is located. One of the most important areas of disagreement between the courts is whether the original language of an account agreement is broad enough to put a member on notice that subsequent changes could include arbitration clauses. For instance, in Servier City Federal Credit Union vs. Branch Banking & Co. (Branch Banking & Trust Company v. Sevier County Schools Federal Credit Union – SCOTUSblog) the Court of Appeals for the Sixth Circuit ruled that a member who joined the credit union in 1989 wasn’t bound by a 2017 amendment to her account agreement. The court reasoned that the language in the 1989 agreement, while it reserved the right of the credit union to make changes, did not provide adequate notice that the changes could include arbitration clauses.

The court reached this conclusion even though it stipulated that “changes in the terms of this agreement may be made by the financial institution from time to time” and that such changes become automatically effective within 30 days. The court’s ruling means that, at least for those of you who live within the jurisdiction of the Sixth Circuit, affirmative consent as opposed to simply continued use is the safest way of assuring that an account agreement is binding. This decision was appealed to the Supreme Court, which unfortunately decided not to hear the case.

Another important takeaway from the Colorado case is to provide adequate notice to members by clearly articulating the changes that are being made, providing a readily accessible link with which they can get more information, and giving them the opportunity to opt out of arbitration clauses. The bottom line is that while the framework for arbitration clauses is well established, there is still considerable disagreement among courts as to how strictly to enforce notification requirements. I expect litigation in this area to continue and ultimately be settled by the Supreme Court. But in the meantime, document the notice you have given to your members, don’t hide the ball and be mindful of the requirements within your own jurisdiction.

Is Your Arbitration Clause Enforceable? - First Published in Credit Union Times

| HENRY C. MEIER, ESQ.

Supreme Court Takes Yet Another Case That Could Limit Agency Powers

If you think that regulatory agencies have too much power in interpreting laws, then you will be happy about what I am about to tell you. On Monday, the Supreme Court decided to hear a case next year that could dramatically limit an agency’s flexibility to interpret statutes. Between this and the Court’s decision to examine the constitutionality of the CFPB’s funding mechanism, next year is shaping up as one of the most important for credit unions to follow the Supreme Court in years.

In 1984, the Supreme Court decided Chevron USA Inc. v. Natural Resources Defense Council, Inc, in which it determined how much deference agencies should be given when interpreting and implementing ambiguous statutes. Under this framework, when a regulation is challenged, the Court must first determine whether the statute it’s interpreting is ambiguous. If so, the Court is “obligated to accept” the agency’s position so long as its interpretation is reasonable.

Credit unions have been both helped and hindered by this approach. For instance, in 1999, the Court struck down an NCUA regulation permitting common-bond credit unions to accept multiple common-bond groups. In this case, the Court rejected the NCUA’s interpretation that the Credit Union Act was ambiguous. Fast forward to 2019, however, when the Court of Appeals for the District of Columbia upheld the NCUA’s regulation adopting its expansive interpretation of what constitutes a “well-defined local community” for purposes of charter expansions (Am. Bankers Ass’n v. Nat’l Credit Union Admin, 2019; Nat’l Credit Union Admin. v. First Nat’l Bank & Trust Co, 1998). In making this ruling, the Court of Appeals decided that the term “local” was vague enough to defer to the agency’s interpretation.

These are just two examples of several to which I could point exemplifying how this seemingly arcane legal construct impacts your credit union operations. For example, if not all of your mortgage originators are classified as exempt employees, or if you ensure that your credit union extends Regulation B’s protections to potential loan applicants, you can blame Chevron deference.

So, what’s the big deal, you ask? If you’re a legal dinosaur like me – and an increasingly large number of federal judges – you are already uncomfortable with the powers exercised by agencies as opposed to Congress and the courts. Since Chevron’s adoption, critics, including Justices Gorsuch and Thomas, argue that courts have become too willing to conclude that a statute is ambiguous and defer to any agency interpretation.

This brings us to Loper Bright Enterprises v. Raimondo. In this case, the Court will consider whether the U.S. Court of Appeals for the District of Columbia properly deferred to an agency’s interpretation. Specifically, companies are challenging a regulation adopted by the National Marine Fishery Service requiring fishing companies to pay for observers who monitor compliance with fishery management plans. Loper Bright Enterprises took the aggressive step of asking the court to overrule the Chevron deference test, consigning it to the legal dustbin.

To me, this change cannot come soon enough. Every year, thousands of credit union advocates descend on Capitol Hill advocating for changes to the law. However, the way the system has evolved, they should be spending most of their time talking to unelected bureaucrats who, for better or worse, change interpretations of long-standing laws to reflect the latest administration’s preferences.

Not only does this make it more difficult for credit unions to figure out how best to comply with legal requirements; it also lets Congress off the hook. Our elected representatives can vote in favor of vaguely worded statutes proclaiming they are in favor of borrowers receiving “qualified mortgages” and outlawing “abusive and deceptive practices.” However, this leaves the heavy work of actually deciding what these terms mean to bureaucrats who are not accountable to the public in the same way as legislators. In addition, it should be a court’s job to interpret a law and an agency’s job to implement it. Instead, we have a system in which the CFPB gets to act as judge, jury and executioner.

In short, Chevron deference has outlived its usefulness. It’s time to give more responsibility back to Congress and the Courts so that regulated entities better know to whom they are accountable and under what circumstances.

Supreme Court Takes Yet Another Case That Could Limit Agency Powers - First Published in Credit Union Times

|

Is It Time to Get Your Head Out of the Clouds?

Henry David Thoreau famously urged us to build our castles in the sky, but always have our foundations on the ground. Personally, I think that’s a great dictum to remember as your credit union, regardless of its size, considers how best to manage the integration of technology into a cloud environment. On the one hand, cloud computing offers the promise of cost-effectively providing a host of technology for your employees and members, which can allow you to grow quicker. On the other hand, cloud computing presents unique risks and challenges of which your credit union must be aware of and, where possible, take steps to mitigate.

Because, as I like to say, I’m paid to be paranoid, I want to talk about some of the risks and how the growth of cloud computing places even more emphasis on understanding and delineating the respective legal responsibilities of your credit union and vendors.

First, let’s get our language straight. While there is no uniform definition of the cloud, here is a common contract definition that I found in the ever-helpful Law Insider Contract Database; “an Information System having the essential characteristics described in NIST SP 800-145, the NIST Definition of Cloud Computing. For the sake of this provision and clause, Cloud Computing includes Software as a Service, Platform as a Service and Infrastructure as a Service, and deployment in a Private Cloud, Community Cloud, Public Cloud or Hybrid Cloud.”

NIST refers to the National Institute of Standards and Technology, which describes the “essential characteristics of cloud computing services.” The definition also demonstrates that your institution’s interaction with the cloud can take many forms, including Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service (IaaS). The industry is dominated by a handful of technology heavyweights including Amazon, Microsoft and Google.

Surveys indicate that the vast majority of financial institutions are already using at least some SaaS. But remember, you are also being impacted by the indirect use of various cloud services by your vendor, or your vendor’s vendor. In other words, your credit union is more connected to the cloud than you may realize.

So, what does this mean? In February, the Treasury Department released a report detailing the challenges that both banks and credit unions face as they migrate to cloud computing services. The concerns highlighted by the Treasury include insufficient transparency to support due diligence and monitoring by financial institutions; gaps in human capital to deploy cloud services; exposure to potential operational incidents, including those originating at a cloud service provider, and “dynamics in contract negotiations given market concentration.”

I’m always nervous to suggest reading material, but this is one government report that I think is worth taking the time to read and understand.

All of these are issues that the industry is confronting. Personnel issues are front and center as they seem to be with every other issue these days. At Thursday’s NCUA board meeting, during his semi-annual cybersecurity briefing for the board, Ernie Chambers, Critical Infrastructure Division director in the NCUA’s Office of Examination and Insurance, noted how one of the most important steps credit unions of all sizes can take to avoid misconfiguration of their systems to the cloud is to understand service contracts and service-level agreements. Misconfiguration of a credit union’s computer systems with a cloud service provider can compromise networks. Unfortunately, at that same briefing, it was also noted that credit unions, particularly small ones, are confronting a shortage of IT professionals.

For years now, the importance of due diligence when onboarding third-party providers has been drummed into credit unions. And of course, this responsibility doesn’t end once the vendor is selected. This is why your most important contracts should include a provision allowing for the auditing of vendor activities. But as the Treasury report noted, given the size and concentration of the cloud industry, meaningful audits are not a realistic option; after all, as many credit unions have learned when dealing with their core service provider, large companies are reluctant to provide too much access to their inner services. This lack of access underscores the need to gain ongoing access to documentation such as reports detailing auditor findings.

There is also a perception that information placed in the cloud is somehow inherently safer. This may or may not be true. But given the information that is being stored on these servers, it’s essential to ensure that you have notice when a cloud service has been compromised. Again, the Treasury department report suggests that cloud service providers are reluctant to provide notice of data breaches. This will come as no surprise to anyone who has dealt with major vendors following service disruptions, but it does lead your credit union with a potential blind spot when it comes to Personally Identifiable Information (PII).

Given the size of the institutions we are dealing with and the centrality of cloud computing services to our economy, clearly there has to be more robust government oversight of the major Cloud Service Providers. They are as important today as the railroads were to the growth of our economy in the 19th century or the automobile industry was in the 20th. But in the absence of government action, one of the most basic and important steps your credit union can and should take, regardless of its size, is to understand precisely how dependent the services it provides are on the cloud. Simply talking to your vendors is a good first step.

The growth of cloud computing, coupled with a lack of adequate regulations, also underscores why it is so important to not only try to negotiate fair contract arrangements but to make sure that you understand and execute on your side of the bargain. This means not only reviewing the contract but also drafting service-level agreements which specify in detail who has what responsibilities and what the consequences are going to be for nonperformance.

Don’t get me wrong, I’m not suggesting that your credit union can or should be afraid of exploring cloud based services. All I’m suggesting is a thorough understanding of how this information framework is and will continue to impact your credit union should be a major focus of your credit union’s due diligence efforts irrespective of its size.

Is It Time to Get Your Head Out of the Clouds? -

| HENRY C. MEIER, ESQ.

Does the Equal Credit Opportunity Act Protect Potential Borrowers?

Late last week, the CFPB finalized a major regulation implementing Section 1071 of the Dodd-Frank Act. Under this provision, the Equal Credit Opportunity Act (ECOA), which is implemented through Regulation B, was amended to mandate that the CFPB develop a framework for financial institutions to collect data on loans to minority and women-owned businesses. Think of this as extending HMDA protections and oversight to business lending for institutions that make 100 or more small business loans a year.

But even as the regulation is being finalized, a legal challenge is brewing that could sharply limit the applicability of the ECOA. The issue once again comes down to how much deference courts should give to regulators in interpreting federal statutes.

The ECOA prohibits discrimination against applicants for credit, but does not, on its face, extend to activities that have the effect of discouraging people from making applications in the first place. Nevertheless, this language has always been included in Regulation B, which states:

A creditor shall not make any oral or written statement, in advertising or otherwise, to applicants or prospective applicants that would discourage on a prohibited basis a reasonable person from making or pursuing an application. U.S. Code of Federal Regulations, 12 C.F.R. § 1002.4. General rules.

This is one of the basic, and I would argue one of the most important, concepts compliance officers learn. Nevertheless, as the courts become more skeptical of regulatory license when it comes to interpreting statutes, the extent to which the ECOA actually protects potential applicants is being openly questioned.

Specifically, in February a federal district court in Illinois ruled that a mortgage lender could not be penalized by the CFPB for violating the ECOA because his actions occurred before lenders had applied for a loan. In this case, the defendant ran a mortgage company in the Chicago area in which he repeatedly used racially charged language in reference to sections of the city populated primarily by minorities. He was sued by the CFPB claiming that his behavior deterred minorities from applying for loans. See Bureau of Consumer Fin. Prot. v. Townstone Fin., Inc.No. 20-cv-41762023 BL 35566, at *5 (N.D. Ill. Feb. 3, 2023).

In making its ruling, the court concluded that the plain language of the ECOA clearly indicated that the statute just applied to applicants and, by implication, could not be extended through regulation to potential applicants. Crucially, this would mean that Regulation B, and its protections against actively discouraging potential applicants, cannot be enforced. In addition, this case cannot simply be dismissed as an outlier. As early as 2017, the Court of Appeals for the Fifth Circuit ruled that individuals could not sue banks for discouraging persons from applying for loans because this was a regulatory, not a statutory, prohibition. See Alexander v. AmeriPro Funding, Inc.848 F.3d 698, 707 (5th Cir. 2017).

Now, I want to be abundantly clear: I am not suggesting that anyone engage in the type of activity described in this case or feel free to actively discourage individuals who are applying for credit. However, the issue of when the ECOA applies is, of course, vital to any institution that must comply with its provisions, especially now that it has been expanded to small business loans.

A second issue that I believe will ultimately be decided by the courts is the extent to which financial institutions can be penalized by the CFPB for failing to collect the demographic characteristics of small business borrowers. Even though Section 1071 explicitly provides that a borrower can simply refuse to provide requested demographic information, the CFPB accompanied the release of the final regulation with an enforcement guidance stressing that it would be scrutinizing lender conduct to ensure they are not effectively discouraging borrowers from providing demographic information.

If you’re thinking this is the type of regulation that will spawn a cottage industry of consultants and make it even more expensive to provide small business loans, you are correct. I’ve simply highlighted two potential issues, which are ripe for legal disputes and regulatory actions. There are undoubtedly several more chestnuts tucked away in the more than 800 pages used to introduce this new lending framework. Have fun – the clock is ticking.

Does the Equal Credit Opportunity Act Protect Potential Borrowers? - First Published in Credit Union Times

| HENRY C. MEIER, ESQ.

Time for a National Notarization Standard!

We learned a few good things during the pandemic. For me, right after teaching us that it makes sense to let people work from home, at least part of the time, and that “Breaking Bad” is one of the best shows of all time to binge watch, is that modernizing the notarization process by permitting notaries to remotely certify that documents are properly signed and witnessed is a great idea whose time has come. In fact, during the pandemic, virtually every state in the nation allowed some form of remote notarization.

Nevertheless, luddites remain. Just the other day, the IRS got an earful of complaints about its proposal to allow spouses to alter retirement benefits remotely, even though the proposal put forward by the IRS is more stringent than the one that was permitted during the pandemic. In addition, there are still a handful of states that don’t even allow any form of remote notarization.

This lack of uniformity makes absolutely no sense. It is a classic example of opposing change for its own sake even if it means forgoing obvious benefits. It’s time for Congress to pass a law, similar to one already passed by the House earlier this year (H.R.1059 – 118th Congress (2023-2024): SECURE Notarization Act of 2023 | Congress.gov | Library of Congress) and establish a uniform national standard for electronic notarization. Here’s why this is important.

First, while all but a handful of states now have some form of remote notarization, they don’t all use the same approach. For instance, some states use a strict Remote Online Notarization (RON) standard in which the person in need of notarization logs into an online platform and the notaries’ stamp is replaced with a unique electronic identifier. This allows the notary to confirm the authenticity of the signature in real time. In contrast, some states allow notaries to simply confirm a person’s identification over a Zoom link, stamp the document in need of notarization, and send the notarized document to the necessary parties. This is called Remote Ink Notarization (RIN). Both methods typically require the transaction to be recorded and stored.

This lack of uniformity raises questions as to the validity of transactions that take place in different states with different standards. For instance, there are some title insurance companies that won’t recognize documents notarized using the RIN technique. This shouldn’t surprise anyone who has dealt with title insurers before, who, if they had it their way, would still have mortgage documents signed in blood, sealed in wax and delivered by carrier pigeons.

Not only are title insurers uneasy about remote notarization, but so are some advocates for the elderly. For instance, one of the arguments against the IRS’s proposal is that it would make it easier for spouses to be manipulated into giving up benefits to which they should be entitled. I heard similar concerns when New York was working on its legislation codifying remote notarization. However, to date I have not seen any evidence that electronic notarization is more susceptible to being misused by fraudsters than the traditional notarization system. On the contrary, a system that mandates videotaping of notarizations is most likely more protective of consumers than the traditional system.

In addition, remote notarization actually helps people of modest means, such as that member who has to take a bus to a branch and hope that a notary is on duty, or the disabled person for whom physically getting to the credit union or bank is a hassle. Now both of these members can simply turn on the computer at the scheduled time and get the needed documents notarized.

All this goes to explain why I believe that H.R 1059 is a deceptively important bill that Congress can pass this year. The bill, which has already passed the House, would establish a national standard for remote notarization and preempt competing state laws to the extent that they would prevent properly notarized documents from being recognized in legal transactions. The bill includes a remote, online RON standard under which the notary would simultaneously certify documents using a unique, electronic identifier. This is good news for businesses and consumers and should help assuage the concerns of those who feel that the use of electronics facilitates shenanigans.

Humor me, there is actually something to be learned from the baseball season. Many baseball traditionalists feared that the game would be ruined by requiring that pitchers throw the ball, and that hitters swing at a ball within a certain amount of time. Instead of ruining the game, it is now better than ever. I can now watch an entire game without grabbing another cup of coffee that keeps me up until two in the morning. Similarly, remote notarization shouldn’t be feared. It is nothing more or less than the next logical step in the integration of technology into a more efficient banking and legal system. It is a subtle change that will make a big difference.

Time for a National Notarization Standard! - First Published in Credit Union Times

| HENRY C. MEIER, ESQ.

5 Things We’ve Already Learned From the SVB Bank Run

Although we are still feeling the aftershocks caused by the sudden collapse of Silicon Valley Bank in California and Signature Bank in New York, there are already lessons to learn and questions to ask as we deal with another increasingly common financial surprise.

1. Borrowing Facility Extended to Credit Unions

On Sunday evening, the Federal Reserve and the FDIC announced the creation of a new program that will allow both banks and credit unions to borrow against the par value of their investments for a period of up to one year. While the NCUA has been noticeably quiet, it’s important to know that credit unions are also eligible to participate in this program, which is apparently designed to enable financial institutions to sell collateral at a discount to meet a sudden run on deposits. Hopefully, few if any credit unions will need this help.

2. Let’s Make the Central Liquidity Fund Changes Permanent

Chairman Harper has told anyone who will listen that Congress should pass legislation making permanent recently expired changes to the NCUA’s Central Liquidity Facility. These changes made it easier for credit unions to get loans in times of economic stress and increased the amount of money that was available to help the industry. The events of the last few days have underscored that there is no good reason to deny a mature industry the ability to react to the unexpected.

3. NCUA’s Caution on Crypto Vindicated

I’ve said it before and I’ll say it again, the NCUA was right to take such a cautious approach when it came to permitting credit unions to provide services to the crypto industry.

4. Put Electronic Brakes on Bank Runs?

Whenever I think of bank runs, I think of the scene in “It’s a Wonderful Life” when Jimmy Stewart spots a crowd running toward the Bailey Saving and Loan, just as poor Jimmy and his saintly wife Donna Reed are about to leave on their honeymoon. In contrast, the modern bank run is epitomized by crashing computer networks as businesses go online to pull their funds from their accounts. What SVB’s demise has demonstrated is that modern bank runs are even quicker and more dramatic than their counterparts of the last century. We may need to consider putting automatic brakes on deposit withdrawals, the same way Wall Street automatically blocks trading if certain thresh holds are reached.

5. Who Elected the Federal Reserve?

In 1913, the Federal Reserve System was created with the esoteric but important goal of maximizing long-term economic growth by ensuring that there is adequate liquidity in the economy in times of stress. In contrast, the Fed is increasingly using its extraordinary powers in response to any economic downturn, irrespective of its severity. When the dust settles is it time to update this model? Simply put, if the American financial system is so fragile that it has to respond with emergency measures caused by the conservatorship of a large regional bank, then we need to take a holistic view of what’s wrong with our banking system as a whole. It’s bad enough that the largest banks are too big to fail, now we know that even smaller banks are too big to fail as well. Why does this matter? Because if your average consumer gets foreclosed on if he doesn’t pay his mortgage on time while some of the wealthiest people in America have the government rush in to protect their savings, then there is a question of fairness, which will only make it more difficult for people to believe in our government and economic system.

5 Things We’ve Already Learned From the SVB Bank Run - First Published in Credit Union Times

| HENRY C. MEIER, ESQ.

Reefer Madness

It’s becoming part of the holiday season ritual. With another Congressional cycle coming to a close, a deeply divided Congress rushes to put a spending plan in place replete with a smattering of unfinished business. Maybe this is the year that Congress finally passes legislation to allow credit unions and banks to provide banking services to marijuana related businesses and their employees in States where marijuana is legal. Common sense says it should, but experience says it won’t.

If my cynicism proves correct, Congress’ continued dithering puts even more pressure and responsibility on credit unions. The reality is that with 37 states in which marijuana is legal in some form, the question is no longer if your credit union is involved in marijuana banking, but how extensive is the involvement. The practical effect of Congress’ inaction is to make the business more expensive for smaller businesses that need capital and credit; and a compliance minefield for all but the largest and most sophisticated institutions that have the resources necessary to implement the proper framework for getting involved in an industry that remains patently illegal as a matter of federal law.

For Exhibit A of how cannabis is being integrated into the banking system, we have to look no further than the news that so-called cashless ATM transactions are no longer available for marijuana dispensaries. According to Bloomberg, this point-of-sale system allowed cannabis buyers to use a bank card instead of cash. The technology made marijuana purchases look like ATM withdraws coming from a location other than a dispensary. Needless to say, VISA put network participants on notice that it wanted the practice to stop.

All this leaves financial institutions to pick up the slack the best they can. For example, let’s say your credit union has decided that it doesn’t have the member demand or expertise to open up its accounts to marijuana businesses. It should still be asking the right questions to ensure that its members’ deposits are coming from non-cannabis sources. For instance, when it opens business accounts, is the business asked if it works with marijuana related businesses? And let’s say you open a joint account for a couple; would you be willing to give that couple a mortgage if you found out that one of them is employed in the marijuana industry? Neither of these questions have right or wrong answers. They are both a classic example of the type of issues that should ultimately be discussed by your Board so you have policies in place that are consistent with your credit union’s risk profile. But if you don’t ask these questions, you won’t even know that these issues need to be addressed in the first place.

Incidentally, whenever I research this issue, I always come across posts- typically from vendors – minimizing the legal issues involved with marijuana banking and stressing that according to FinCEN’s own statistics, there are already 553 banks and over 200 credit unions that provide marijuana services in accordance with FinCEN’s famous 2014 marijuana guidance. It’s what I call the “what’s the big deal” argument.

It’s a big deal because no matter how you slice it, there are complications that go along with providing services to an industry that remains unequivocally illegal under federal law. In fact, while the NCUA has been generally supportive of credit union efforts in this space, it has taken a tough stand against credit unions it feels are going about things the wrong way. For example, it issued a cease and desist order against Live Life Federal Credit Union in part because the credit unions’ BSA system was not sophisticated enough to appropriately comply with its obligations to monitor BSA compliance. Further, when the Fourth Corner Credit Union in Colorado was denied access to the Federal Reserve Bank of Kansas, the NCUA also denied the credit union’s participation in the Share Insurance Fund.

Where does all this leave us? With an ongoing need to protect your credit union the best you can by asking the right questions, drawing up appropriate policies, and hiring adequate staff to ensure that you have an appropriate legal framework in one of the most gray areas of the law we have seen.

Reefer Madness - First Published in Credit Union Times