Vol. XXXIV, No. 28 Legal Bank Holidays: 2023 ScheduleThis issue serves as a reference to the Holiday Schedule for 2023 listed by legal definition and the dates upon which such holidays will fall. Official holidays for state-chartered banks are governed by state law; Neb.Rev.Stat. § 62-301. If any holiday date falls on a Sunday, the following Monday shall be a holiday. If the date designated by the State for the observance of any holiday, except Veterans Day, is different from the date of observance of any such holiday pursuant to a federal holiday schedule, the federal holiday schedule will be observed. A bank may, at its own option, be open or closed on an official holiday provided that reasonable notice is given to the public in accordance with state statute. A holiday observance becomes important in determining liability under the UCC midnight deadline rule and must be considered carefully when planning to close on a Friday or Monday in lieu of a regularly scheduled holiday which might fall on Saturday or Sunday. 12 U.S.C. § 95(b)(1) addresses the applicability of state banking holidays to national banks as follows:
National banks may, in their discretion, either close or remain open on such a state-designated holiday unless the Comptroller of the Currency by written order directs otherwise. (Source: 12 U.S.C. § 7.3000) A more detailed article, sample notices and pertinent statutory provisions may be found in the NBA Compliance Handbook: Volume I: Governance section titled "Bank Holidays." Official Federal Reserve System and State Holidays (2023) Legal Definition | Date Observed
* Although an official state holiday, the Federal Reserve Banks are open on Arbor Day and on the day after Thanksgiving. NOTE: The Federal Reserve standard holiday schedule provides that if a holiday falls on a Sunday, the following Monday is observed as a holiday. For holidays falling on a Saturday, the preceding Friday is not observed as a holiday. For future planning, an extended list of bank holiday schedules for 2024-2025 is found below:
The foregoing Compliance Update is for informational purposes only, and does not constitute legal advice. As a reminder, the NBA general counsel is the attorney for the Nebraska Bankers Association, not its member banks. The general counsel is available to assist members with finding resources to help answer their questions. However, for specific legal advice about specific situations, members must consult and retain their own attorney.
Vol. XXXIV, No. 27 FRB Cryptocurrency Guidance - Due DiligenceI. Introduction The Federal Reserve Bank (FRB) has issued a Supervisory Letter indicating that Fed-supervised banks seeking to engage in activities related to cryptocurrency and other digital assets must first assess whether such activities are legally permissible and determine whether any regulatory filings are required. The letter also states that banks should notify the Fed prior to engaging in crypto-asset-related activities. The Supervisory Letter is similar to guidance previously issued by the Office of the Comptroller Currency (OCC) and Federal Deposit of Insurance (FDIC); in all cases, the agencies require banks to notify regulators before engaging in any kind of digital asset activity, including custody activities. The term “crypto-asset-related activity” includes, at a minimum, crypto-asset safekeeping and traditional custody services, ancillary custody services, facilitation of customer purchases and sales of crypto-assets, loans collateralized by crypto-assets, and issuance and distribution of stablecoins. The new requirement is set forth in Supervision and Regulation (SR) Letter 22-6, which directs institutions to have “adequate systems, risk management, and controls to conduct crypto-assetrelated activities in a safe and sound manner and consistent with applicable laws, including applicable consumer protection statutes and regulations” prior to engaging in crypto activities. SR 22-6 notes the following risks associated with crypto-asset-related activities related to safety and soundness, consumer protection, and financial stability:
The letter provides that a Federal Reserve–supervised banking organization, engaging or seeking to engage in crypto-asset-related activities should notify its lead supervisory point of contact at the Federal Reserve. Prior to engaging in any crypto-asset-related activity, a supervised banking organization must ensure such activity is legally permissible and determine whether any filings are required under applicable or state laws. Prior to engaging in these activities, a supervised banking organization should have in place adequate systems, risk management, and controls to conduct such activities in a safe and sound manner and consistent with all applicable laws, including applicable consumer protection statutes and regulations. II. Legal Permissibility Prior to engaging in new activities of any kind, a supervised banking organization must ensure that such activities are legally permissible. A supervised banking organization seeking to engage in (or currently engaged in) crypto-asset-related activities must analyze the permissibility of such activities under relevant state and federal laws and determine whether any filings are required under federal banking laws, including the Bank Holding Company Act, Home Owners’ Loan Act, Federal Reserve Act, Federal Deposit Insurance Act, or the regulations promulgated pursuant thereto, as applicable. If any supervised banking organization has questions regarding the permissibility of any crypto-asset-related activities or about the applicability of any filing requirements, it should consult its lead supervisory point of contact at the Federal Reserve. III. Notification of Proposed Activities A supervised banking organization should notify its lead supervisory point of contact at the Federal Reserve prior to engaging in any crypto-asset-related activity. Any supervised banking organization that is already engaged in crypto-asset-related activities should notify its lead supervisory point of contact at the Federal Reserve promptly regarding the engagement in such activities, if it has not already done so. Federal Reserve supervisory staff will provide relevant supervisory feedback, as appropriate, in a timely manner. In all cases, a supervised banking organization should, prior to engaging in these activities, have in place adequate systems, risk management, and controls to conduct crypto-asset-related activities in a safe and sound manner and consistent with applicable laws, including applicable consumer protection statutes and regulations. This includes having adequate systems in place to identify, measure, monitor, and control the risks associated with such activities on an ongoing basis. These systems should cover operational risk (for example, the risks of new, evolving technologies; the risk of hacking, fraud, and theft; and the risk of third-party relationships), financial risk, legal risk, compliance risk (including, but not limited to, compliance with the Bank Secrecy Act, anti-money laundering requirements, and sanctions requirements), and any other risk necessary to ensure the activities are conducted in a manner that is consistent with safe and sound banking and in compliance with applicable laws, including applicable consumer protection statutes and regulations. State member banks are also encouraged to notify their state regulator prior to engaging in any crypto-asset-related activity. The foregoing Compliance Update is for informational purposes only and does not constitute legal advice. As a reminder, the NBA general counsel is the attorney for the Nebraska Bankers Association, not its member banks. The general counsel is available to assist members with finding resources to help answer their questions. However, for specific legal advice about specific situations, members must consult and retain their own attorney.
Vol. XXXIV, No. 26 CFPB Guidance - Avoiding Charging Illegal "Junk Fees" on Deposit AccountsI. Introduction The Consumer Financial Protection Bureau (CFPB) recently issued guidance about two “junk fee” practices that are likely unfair and unlawful under existing law. The first, surprise overdraft fees, includes overdraft fees charged when consumers had enough money in their account to cover a debit charge at the time the bank authorizes it. The second is the practice of indiscriminately charging depositor fees to every person who deposits a check that bounces. The CFPB Indicates that overdraft and depositor fees likely violate the Consumer Financial Protection Act (CFPA) prohibition on unfair practices when consumers cannot reasonably avoid them. The Consumer Financial Protection Circular 2022-06 (https://files.consumerfinance.gov/f/documents/cfpb_unanticipated-overdraft-fee-assessmentpractices_circular_2022-10.pdf) on surprise overdraft fees and the CFPB’s Bulletin 2022-06 (https://files.consumerfinance.gov/f/documents/cfpb_returned-deposited-item-fee-assessmentpractice_compliance-bulletin_2022-10.pdf) layout when a financial institution’s back-end penalties likely break the law. II. Surprise Depositor Fees - Unfair Returned Deposit Item Fee Assessment Practices A. Returned Deposit Items A Returned Deposit Item is a check that a consumer deposits into their checking account that is returned to the consumer because the check could not be processed against the check originator's account. Blanket policies of charging Returned Deposited Item fees to consumers for all returned transactions irrespective of the circumstances or patterns of behavior on the account are likely unfair under the CFPA. The CFPB has issued its bulletin to notify regulated entities how it intends to exercise its enforcement and supervisory authorities on this issue. There are many reasons deposited items can be returned unprocessed. For example, the check originator may not have sufficient funds available in their account to pay the amount stated on the check; the check originator may have directed the issuing depository institution to stop payment; the account referenced on the check may be closed or located in a foreign country; or there may be questionable, erroneous, or missing information on the check, including with respect to the signature, date, account number, or payee name. In many circumstances, the check depositor has no control over whether, and likely no reason to anticipate that, the deposited check would be returned. Nor as a general matter can the check depositor verify with the check originator’s depository institution prior to depositing a check whether there are sufficient funds in the issuer’s account for the check to clear. Yet, many depository institutions have blanket policies of charging fees to the check depositor for Returned Deposited Items for every Returned Deposited Item, irrespective of the circumstances of the particular transaction or patterns of behavior on the account. B. Violations of CFPA The Consumer Financial Protection Act (CFPA) prohibits covered persons from engaging in unfair acts or practices. Congress defined an unfair act or practice as one that (A) “causes or is likely to cause substantial injury to consumers which is not reasonably avoidable,” and (B) “such substantial injury is not outweighed by countervailing benefits to consumers or to competition.” Blanket policies of charging Returned Deposited Item fees to consumers for all returned transactions irrespective of the circumstances of the transaction or patterns of behavior on the account are likely unfair. Fees charged for Returned Deposited Items cause substantial injury to consumers. Under the blanket policies of many depository institutions, Returned Deposited Item fees cause monetary injury, in the range of $10-19 for each returned item. Depository institutions that charge Returned Deposited Item fees for returned checks impose concrete monetary harm on a large number of customers. In many of the instances in which Returned Deposited Item fees are charged, consumers would not be able to reasonably avoid the substantial monetary injury imposed by the fees. An injury is not reasonably avoidable unless consumers are fully informed of the risk and have practical means to avoid it. Under blanket policies of many depository institutions, Returned Deposited Item fees are charged whenever a check is returned because the check originator has insufficient available funds in their account, the check originator instructs the originating depository institution to stop payment, or the check is written against a closed account. But a consumer depositing a check would normally be unaware of and have little to no control over whether a check originator has funds in their account, will issue a stop payment instruction, or has closed the account. Nor would a consumer normally be able to verify whether a check will clear with the check originator’s depository institution before depositing the check or be able to pass along the cost of the fee to the check originator. Liability under the prohibition on unfair acts or practices depends on the particular facts and circumstances. The CFPB notes that it is unlikely that an institution will violate the prohibition if the method in which fees imposed are tailored to only charge consumers who could reasonably avoid the injury. For example, if a depository institution only charges consumers a fee if they repeatedly deposit bad checks from the same originator, or only charges consumers a fee when checks are unsigned, those fees would likely be reasonably avoidable. Regulation DD, which applies in relevant part to depository institutions except for credit unions, requires depository institutions to disclose fee information on depository accounts to consumers before an account is opened or a service is provided. The returned item fee is among the fees required to be disclosed in the fee schedule when the consumer first opens the account. In applying the CFPA’s unfairness prohibition, the CFPB cites a court decision and the Federal Trade Commission (FTC) “Credit Practice Rule” to support a finding of “unfairness,” even when creditor remedies are disclosed and agreed upon, the FTC determined, since the provisions were not reasonably avoidable because “(1) consumers are not, as a practical matter, able to shop and bargain over alternative remedial provisions; and (2) default is ordinarily the product of forces beyond a debtor’s control.” The CFPB notes that similar unfairness principles likely apply to account opening disclosures of blanket policies of imposing fees for Returned Deposited Items because, similarly, consumers have limited ability to bargain over specific fee terms in selecting deposit accounts, and consumers are charged these fees in circumstances beyond their control. The CFPB advises institutions that it may be difficult to show that the injury from blanket policies of charging Returned Deposited Item fees is outweighed by countervailing benefits to consumers or competition. Check processing is a service made broadly available to all depositors of checks, and there is no separate benefit to consumers from having a deposited check returned, as opposed to paid. Returned Deposited Item fees are also not well-tailored to recoup costs from the consumers actually responsible for the costs to depository institutions of expected losses for the limited circumstances in which the institution cannot recoup funds made available to the depositor on a check that is later returned. Instead, the fee is charged to depositors even where the depository institution incurs no such loss from the returned transaction, and institutions usually do not collect the fee in those limited circumstances where they actually incur a loss (entities only incur a loss because they cannot collect). Deterring consumers from depositing checks in instances where the checks will be returned may benefit consumers and the public interest if the institution's policy and practice are well-tailored to address the issue, do not harm consumers in some other way, minimize losses to the depository institution that would be passed through to consumers, bolster the integrity of the banking system through loss avoidance and, in the case of fraud, prevent conduct that offends public policy as embodied in statutes and common law. However, deterrence can only be accomplished through the collection of fees in circumstances where the consumer anticipates that a check will be returned but deposits it anyway, such as where a consumer knowingly deposits a counterfeit check. III. Surprise Overdraft Fees - Unanticipated Overdraft Fee Assessment Practices An overdraft fee can become a surprise fee when the consumer doesn't reasonably expect their actions to incur an overdraft fee. For instance, if a person closely monitors their account balances and carefully manages their spending to avoid overdraft fees, they can easily incur penalties when financial institutions employ processes that are unintelligible or manipulative. Circular 2022-06 explains that when financial institutions charge surprise overdraft fees, sometimes as much as $36, they may be breaking the law. The circular provides some examples of potentially unlawful surprise overdraft fees, including charging penalties on purchases made with a positive balance. These overdraft fees occur when a bank displays that a customer has sufficient available funds to complete a debit card purchase at the time of the transaction, but the consumer is later charged an overdraft fee. A. Authorize Positive, Settle Negative Transactions In its analysis of surprise overdraft fees, the CFPB posed the following: 1. Question Presented Can the assessment of overdraft fees constitute an unfair act or practice under the Consumer Financial Protection Act (CFPA), even if the entity complies with the Truth in Lending Act (TILA) and Regulation Z, and the Electronic Fund Transfer Act (EFTA) and Regulation E? 2. Response Yes. Overdraft fee practices must comply with TILA, EFTA, Regulation Z, Regulation E, and the prohibition against unfair, deceptive and abusive acts or practices in Section 1036 of the CFPA. In particular, overdraft fees assessed by financial institutions on transactions that a consumer would not reasonably anticipate are likely unfair. These unanticipated overdraft fees are likely to impose substantial injury on consumers that they cannot reasonably avoid and that is not outweighed by countervailing benefits to consumers or competition. As detailed in this Circular, unanticipated overdraft fees may arise in a variety of circumstances. For example, financial institutions risk charging overdraft fees that consumers would not reasonably anticipate when the transaction incurs a fee even though the account had a sufficient available balance at the time the financial institution authorized the payment (sometimes referred to as “authorize positive, settle negative”) (APSN). B. Violations of the Consumer Financial Protection Act The CFPA prohibits conduct that constitutes an unfair act or practice. An act or practice is unfair when: (1) It causes or is likely to cause substantial injury to consumers that is not reasonably avoidable by consumers; and (2) The injury is not outweighed by countervailing benefits to consumers or to competition. An unanticipated overdraft fee occurs when financial institutions assess overdraft fees on transactions that a consumer would not reasonably expect would give rise to such fees. Though financial institutions may provide disclosures related to their transaction processing and overdraft assessment policies, these processes are extraordinarily complex, and evidence strongly suggests that, despite such disclosures, consumers face significant uncertainty about when transactions will be posted to their account and whether or not they will incur overdraft fees. For example, even when the available balance on a consumer’s account—that is, the balance that, at the time the consumer initiates the transaction, would be displayed as available to the consumer—is sufficient to cover a debit card transaction at the time the consumer initiates it, the balance on the account may not be sufficient to cover it at the time the debit settles. Since consumers can easily access their available balance via mobile application, online, at an ATM, or by phone, they reasonably may not expect to incur an overdraft fee on a debit card transaction when their balance showed there were sufficient available funds in the account to pay the transaction at the time they initiated it. Such transactions, which the industry commonly calls “authorize positive, settle negative” or APSN transactions, thus can give rise to unanticipated overdraft fees. The Circular highlights potentially unlawful patterns of financial institution practices regarding unanticipated overdraft fees and provides some examples of practices that might trigger liability under the CFPA. A “substantial injury” typically takes the form of monetary harm, such as fees or costs paid by consumers because of the unfair act or practice. In addition, actual injury is not required; a significant risk of concrete harm is sufficient. An injury is not reasonably avoidable by consumers when consumers cannot make informed decisions or take action to avoid that injury. Injury that occurs without a consumer’s knowledge or consent, when consumers cannot reasonably anticipate the injury, or when there is no way to avoid the injury even if anticipated, is not reasonably avoidable. Finally, an act or practice is not unfair if the injury it causes or is likely to cause is outweighed by its consumer or competitive benefits. Charging an unanticipated overdraft fee may generally be an unfair act or practice. Depending on the circumstances of the fee, such as when intervening transactions settle against the account or how the financial institution orders the transactions at the end of the banking day, consumers could be assessed more than one such fee, further exacerbating the injury. These overdraft fees are particularly harmful for consumers, as consumers likely cannot reasonably anticipate them and thus plan for them. As a general matter, a consumer cannot reasonably avoid unanticipated overdraft fees, which by definition are assessed on transactions that a consumer would not reasonably anticipate would give rise to such fees. Mobile banking and the widespread use of debit card transactions could create a consumer expectation that account balances can be closely monitored. Consumers who make use of these tools may reasonably think that the balance shown in their mobile banking app, online, by telephone, or at an ATM, for example, accurately reflects the balance that they have available to conduct a transaction and, therefore, that conducting the transaction will not result in being assessed one or more overdraft fees. But unanticipated overdraft fees are caused by often convoluted settlement processes of financial institutions that occur after the consumer enters into the transaction, the intricacies of which are explained only in fine print, if at all. The injury from unanticipated overdraft fees likely is not outweighed by countervailing benefits to consumers or competition. Where a financial institution has authorized a debit card transaction, the institution is obligated to pay the transaction, irrespective of whether an overdraft fee is assessed. Access to overdraft programs, therefore, is not a countervailing benefit to the assessment of overdraft fees in such unanticipated circumstances. C. Examples of Potential Unfair Acts That Consumes Would Not Reasonably Anticipate The CFPB provides specific examples in Circular 2022-06, on pages 8-12, of potential unfair acts or practices involving overdraft fees that consumers would not reasonably anticipate. The foregoing Compliance Update is for informational purposes only and does not constitute legal advice. As a reminder, the NBA general counsel is the attorney for the Nebraska Bankers Association, not its member banks. The general counsel is available to assist members with finding resources to help answer their questions. However, for specific legal advice about specific situations, members must consult and retain their own attorney.
Vol. XXXIV, No. 25 FinCEN Beneficial Ownership Reporting RuleI. Introduction The U.S Treasury’s Financial Crimes Enforcement Network (FinCEN) has issued a final rule implementing the beneficial ownership information (BOI) reporting provisions established by the Corporate Transparency Act. The Act and its Implementing regulation are designed to inhibit the ability of illicit actors to use shell companies to launder their money or hide assets. The rule establishes: a) who must file a BOI report; b) what information must be reported; and c) when a report is due. The final rule also requires reporting companies to file reports with FinCEN that identify two categories of individuals: (1) the beneficial owners of the entity; (2) the company applicants of the entity. Two additional rules, covering access to the database and an update to the existing Consumer Due Diligence rule will be issued by FinCEN in the future. The additional rules will (1) establish rules for who may access BOI, for what purposes, and what safeguards will be required to ensure that the information is secured and protected; and (2) revise the FinCEN customer due diligence rule following the promulgation of the BOI reporting final rule. II. Reporting Companies The Federal rule creates two types of reporting companies: domestic and foreign.
III. Beneficial Owner A beneficial owner is defined as an individual who, directly or indirectly, either (1) exercises substantial control over a reporting company, or (2) owns or controls at least 25 percent of the ownership interests of a reporting company.
IV. Company Applicants The rule does not require reporting companies that exist or are registered at the time of the effective date of the rule to identify and report on their company applicants. A company applicant is defined as:
Reporting companies formed for registered after the effective date of the rule do not need to update the company applicant information. V. Beneficial Ownership Information The final rule requires a reporting company to identify itself and report four pieces of information about each of its beneficial owners:
Reporting companies will be required to report as follows:
FinCEN Identifier: If an individual provides their four pieces of information to FinCEN directly, the individual may obtain a "FinCEN identifier," which then can be provided to FinCEN on a BOI report in lieu of the required information about the individual. VI. Effective Date The effective date of the final rule is January 1, 2024. Companies created or registered before January 1, 2024, have one year (until January 1, 2025) to file their initial reports. Reporting companies created or registered after January 1, 2024, will have 30 days after receiving notice of their creation or registration to file their initial reports. In addition to their initial reports, reporting companies will have 30 days to report changes to the information in their previously filed reports and must correct inaccurate information in previously filed reports. The foregoing Compliance Update is for informational purposes only and does not constitute legal advice. As a reminder, the NBA general counsel is the attorney for the Nebraska Bankers Association, not its member banks. The general counsel is available to assist members with finding resources to help answer their questions. However, for specific legal advice about specific situations, members must consult and retain their own attorney.
Vol. XXXIV, No. 24 Regulation Z - Consumer Credit Transactions Threshold AmountThe Board of Governors of the Federal Reserve System and the Consumer Financial Protection Bureau have issued final rules pertaining to the implementation of the Consumer Protection Act (CPA). Effective January 1, 2023, the threshold for exempt consumer credit transactions increased from $61,000 to $66,400. The foregoing Compliance Update is for informational purposes only, and does not constitute legal advice. As a reminder, the NBA general counsel is the attorney for the Nebraska Bankers Association, not its member banks. The general counsel is available to assist members with finding resources to help answer their questions. However, for specific legal advice about specific situations, members must consult and retain their own attorney.
Vol. XXXIV, No. 23 Special Appraisal Requirements for Higher-Priced Mortgage LoansThe Board of Governors of the Federal Reserve System has announced the annual adjustment of the dollar amount used to determine whether a small loan is exempt from the special appraisal requirements that apply to higher-priced mortgage loans. The Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 amended the Truth in Lending Act to require creditors to obtain a written appraisal based on a physical visit of the home's interior before making a higher-priced mortgage loan. The rules implementing this requirement contain an exemption for loans of $25,000 or less and also provide that the exemption threshold will be adjusted annually based on the annual percentage change reflected in the Consumer Price Index. The exemption threshold will increase from $28,500 to $31,000, effective January 1, 2023, based on the annual percentage increase in the Consumer Price Index for Urban Wage Earners and Clerical Workers as of June 1, 2022. The foregoing Compliance Update is for informational purposes only, and does not constitute legal advice. As a reminder, the NBA general counsel is the attorney for the Nebraska Bankers Association, not its member banks. The general counsel is available to assist members with finding resources to help answer their questions. However, for specific legal advice about specific situations, members must consult and retain their own attorney.
Vol. XXXIV, No. 22 Regulation II - Prohibition on Network ExclusivityThe Federal Reserve Board of Governors (FRB) has adopted a final rule that amends Regulation II to specify that the requirement that each debit card transaction must be able to be processed on at least two unaffiliated payment card networks applies to card-not-present transactions, and to clarify the requirement that debit card issuers ensure that at least two unaffiliated networks have been enabled to process a debit card transaction. The final rule becomes effective on July 1, 2023. As required by the Dodd-Frank Act, a provision of Regulation II known as the "prohibition on network exclusivity" prohibits debit card issuers and payment card networks from restricting the number of networks on which a debit card transaction may be processed to fewer than two unaffiliated networks. This prohibition aims to promote competition among networks by ensuring that merchants have an opportunity to choose between at least two unaffiliated networks when routing debit card transactions, each of which does not, by rule or policy, restrict the operation of the network to a limited geographic area, specific merchant or particular type of merchant or transaction. When the Board issued Regulation II in 2011, the market had not yet developed solutions to broadly support multiple networks for card-not-present debit card transactions, such as online purchases. In the ensuing decade, most networks have introduced the technical capabilities to process card-not-present debit card transactions. In those cases where only one network is enabled for card-not-present transactions, merchants do not have an alternative network option that might offer lower fees or better fraud-prevention capabilities. The final rule underscores that issuers should provide routing choice for card-not-present debit card transactions. The final rule specifies that card-not-present transactions are a particular type of debit card transaction for which issuers must enable at least two unaffiliated networks. The final rule also adds language to emphasize that Regulation II does not require an issuer to ensure that two unaffiliated networks will actually be available to the merchant to process every transaction. Under the final rule, an issuer must configure each of its debit cards so that card-not-present transactions performed with those cards can be processed on at least two unaffiliated networks. As a practical matter, an issuer will first need to determine whether card-not-present transactions performed with its debit cards can already be processed on at least two unaffiliated networks. If the issuer is not already compliant with the final rule, then the issuer will need to adjust its debit card processing arrangements to meet the final rule's requirements. The final rule includes certain changes that make it easier for issuers to determine whether they are already compliant with the prohibition on network exclusivity. Specifically, the final rule retains the approach in current Regulation II that allows issuers to rely on network rules or policies in determining whether the networks enabled by an issuer may be used to satisfy the prohibition on network exclusivity. The foregoing Compliance Update is for informational purposes only, and does not constitute legal advice. As a reminder, the NBA general counsel is the attorney for the Nebraska Bankers Association, not its member banks. The general counsel is available to assist members with finding resources to help answer their questions. However, for specific legal advice about specific situations, members must consult and retain their own attorney.
Vol. XXXIV, No. 21 Cyber Incident ReportingI. Introduction The Financial Stability Board (FSB) has issued a set of recommendations for standardizing cyber incident reporting (CIR) among financial institutions (FI) and regulators. Cyber incidents are rapidly growing in frequency and sophistication. At the same time, the cyber threat landscape is expanding amid digital transformation, increased dependencies on third-party service providers and geopolitical tensions. Growing interconnectedness of the financial system increases the likelihood of a cyber incident at one financial institution or an incident at one of its third-party service providers having spill-over effects across borders and sectors. II. Recommendations The FSB report sets out the following recommendations to address impediments to achieving greater convergence in CIR. The recommendations aim to promote convergence among CIR frameworks, while recognizing that a one-size-fits-all approach is not feasible or preferable. Financial authorities and FIs can choose to adopt these recommendations as appropriate and relevant, consistent with their legal and regulatory framework.
The foregoing Compliance Update is for informational purposes only, and does not constitute legal advice. As a reminder, the NBA general counsel is the attorney for the Nebraska Bankers Association, not its member banks. The general counsel is available to assist members with finding resources to help answer their questions. However, for specific legal advice about specific situations, members must consult and retain their own attorney.
Vol. XXXIV, No. 20 Court Ruling Overturns HMDA Reporting Threshold for Small EntitiesA federal judge recently moved to vacate Consumer Finance Protection Bureau (CFPB) regulations that expanded the number of small-volume lenders deemed to be exempt from Home Mortgage Disclosure Act (HMDA) reporting requirements. The court ruling partially invalidated legal exemptions that allowed small mortgage lenders to avoid reporting closed-end loan data under HMDA. HMDA rules provide that mortgage lenders must report HMDA data when their loan volume meets specific thresholds in the two preceding calendar years. Regulation C provides two separate thresholds, one for reporting closed-end mortgage loans and the other for reporting open-end lines of credit. Lenders that do not meet either threshold in a given year are not required to collect and report any HMDA data. In 2015, the CFPB set the closed-end threshold at 25 closed-end mortgage loans in each of the two preceding calendar years, and the open-end threshold at 100 open-end lines of credit in each of the two preceding calendar years. In 2020, the CFPB increased the threshold of exempt institutions to 100 closed-end mortgage loans in each of the two preceding calendar years. The 2020 rule also set the permanent threshold for open-end lines of credit at 200 open-end lines in each of the two preceding calendar years, starting in calendar year 2022. The recent court decision invalidated the closed-end loan exemption expansions but did not impact the threshold of 200 open-end lines of credit originated in each of the prior two years. The court vacated and remanded the closed-end mortgage loan reporting threshold to the CFPB for further action. The CFPB is expected to issue instructions regarding how to comply with the HMDA requirements to institutions affected by the ruling in the near future. It is recommended that banks expecting to exceed the closed-end threshold of 25 closed-end mortgage loans in each of the two preceding calendar years (as established in 2015) begin to make HMDA reporting preparations, as it is likely that reporting obligations will resume for the 2023 calendar year. The foregoing Compliance Update is for informational purposes only, and does not constitute legal advice. As a reminder, the NBA general counsel is the attorney for the Nebraska Bankers Association, not its member banks. The general counsel is available to assist members with finding resources to help answer their questions. However, for specific legal advice about specific situations, members must consult and retain their own attorney.
Vol. XXXIV, No. 19 FDIC Guidance - Multiple NSF Fees Charged for Re-PresentmentThe Federal Deposit Insurance Corporation (FDIC) has released guidance on the practice of charging multiple non-sufficient fund fees for transactions presented multiple times against insufficient funds in a customer’s account. The guidance indicates that the FDIC will recognize and institution’s proactive efforts to self-identify and correct violations. I. Background Many financial institutions charge NSF fees when checks or Automated Clearinghouse (ACH) transactions are presented for payment but cannot be covered by the balance in a customer's transaction account. After being declined, merchants may subsequently resubmit the transaction for payment. Some financial institutions charge additional NSF fees for the same transaction when a merchant re-presents a check or ACH transaction on more than one occasion after the initial unpaid transaction was declined. In these situations, there is an elevated risk of violations of law and harm to consumers. The FDIC has identified violations of law when financial institutions charged multiple NSF fees for the re-presentment of unpaid transactions because disclosures did not fully or clearly describe the financial institution's re-presentment practice, including not explaining that the same unpaid transaction might result in multiple NSF fees if an item was presented more than once. Practices involving the charging of multiple NSF fees arising from the same unpaid transaction results in heightened risks of violations of Section 5 of the Federal Trade Commission (FTC) Act, which prohibits unfair or deceptive acts or practices (UDAP). Third parties, including core processors, often play significant roles in processing payments, identifying and tracking re-presented items, and providing systems that determine when NSF fees are assessed. Such third-party arrangements may also present risks if not properly managed. There may also be heightened litigation risk. Numerous financial institutions, including some FDIC-supervised institutions, have faced class action lawsuits alleging breach of contract and other claims because of the failure to adequately disclose re-presentment NSF fee practices in their account disclosures. Financial institutions are encouraged to review their practices and disclosures regarding the charging of NSF fees for re-presented transactions. The FDIC has observed some risk-mitigation practices financial institutions implemented to reduce the risk of consumer harm and potential violations. The FDIC will take appropriate action to address consumer harm and violations of law when exercising its supervisory and enforcement responsibilities regarding re-presentment NSF fee practices. II. Potential Risks Arising from Multiple Re-Presentment NSF Fees Consumer Compliance Risk: Practices involving the charging of multiple NSF fees arising from the same unpaid transaction results in heightened risks of violations of Section 5 of the Federal Trade Commission (FTC) Act, which prohibits unfair or deceptive acts or practices (UDAP). While specific facts and circumstances ultimately determine whether a practice violates a law or regulation, the failure to disclose material information to customers about re-presentment and fee practices has the potential to mislead reasonable customers, and there are situations that may also present risk of unfairness if the customer is unable to avoid fees related to re-presented transactions.
Third-Party Risk: Third parties, including core processors, often play significant roles in processing payments, identifying and tracking re-presented items, and providing systems that determine when NSF fees are assessed. Such third-party arrangements may present risks if not properly managed. Institutions are expected to maintain adequate oversight of third-party activities and appropriate quality control over products and services provided through third-party arrangements. In addition, institutions are responsible for identifying and controlling risks arising from third-party relationships to the same extent as if the third-party activity was handled within the institution. Institutions are encouraged to review and understand the risks presented from their core processing system settings related to multiple NSF fees, as well as understand the capabilities of their core processing system(s), such as identifying and tracking re-presented items and maintaining data on such transactions. Litigation Risk: Multiple NSF fee practices may result in heightened litigation risk. Numerous financial institutions, including some FDIC-supervised institutions, have faced class action lawsuits alleging breach of contract and other claims because of the failure to adequately disclose re-presentment NSF fee practices in their account disclosures. Some of these cases have resulted in substantial settlements, including customer restitution and legal fees. III. Risk Mitigation Practices Institutions are encouraged to review their practices and disclosures regarding the charging of NSF fees for re-presented transactions. The FDIC has observed various risk-mitigating activities that financial institutions have taken to reduce the potential risk of consumer harm and avoid potential violations of law regarding multiple re-presentment NSF fee practices. These include:
If institutions self-identify re-presentment NSF fee issues, the FDIC expects supervised financial institutions to:
IV. FDIC's Supervisory Approach When exercising supervisory and enforcement responsibilities regarding multiple re-presentment NSF fee practices, the FDIC will take appropriate action to address consumer harm and violations of law. The FDIC’s supervisory response will focus on identifying re-presentment related issues and ensuring correction of deficiencies and remediation to harmed customers. In reviewing compliance management systems, the FDIC recognizes an institution’s proactive efforts to self-identify and correct violations. Examiners will generally not cite UDAP violations that have been self-identified and fully corrected prior to the start of a consumer compliance examination. In addition, in determining the scope of restitution, the FDIC will consider an institution’s record keeping practices and any challenges an institution may have with retrieving, reviewing, and analyzing re-presentment data, on a case-by-case basis, when evaluating the time period institutions utilized for customer remediation. In recent examinations, the FDIC has identified instances where institutions have been unable to reasonably access accurate ACH data for re-presented transactions beyond two years. In these cases, the FDIC has accepted a two-year lookback period for restitution. The FDIC expects supervised institutions to promptly address this issue. Institutions with challenges readily accessing accurate ACH data that self-correct this issue and provide restitution to harmed customers, as appropriate, for transactions occurring two years before the date of this Financial Institution Letter will generally be considered as having made full corrective action. Failing to provide restitution for harmed customers when data on re-presentments is reasonably available will not be considered full corrective action. If examiners identify violations of law due to re-presentment NSF fee practices that have not been self-identified and fully corrected prior to a consumer compliance examination, the FDIC will evaluate appropriate supervisory or enforced actions, including civil money penalties and restitution, where appropriate. V. Conclusion Based on the foregoing guidance, banks should review existing disclosures with respect to its multiple re-presentment NSF fees practices to determine if clarifications to their disclosures are in order. In addition, the bank should determine if it should consider adopting some of the “risk mitigation practices” outlined above and to the extent possible, conduct a “look back” to identify any customers who may be entitled to restitution for transactions occurring two years before the date of the FDIC Supervisory Guidance. The foregoing Compliance Update is for informational purposes only, and does not constitute legal advice. As a reminder, the NBA general counsel is the attorney for the Nebraska Bankers Association, not its member banks. The general counsel is available to assist members with finding resources to help answer their questions. However, for specific legal advice about specific situations, members must consult and retain their own attorney.
|
STAY CONNECTED |
nEBRASKA bANKERS aSSOCIATION233 South 13th Street, Suite 700
PO Box 80008 Lincoln, NE 68501-0008 402-474-1555 Digital Millennium Copyright Act Policy |