February 2018 Newsletters

Up in Smoke?

Compliance With the Prepaid Account Rule – What, Like It’s Hard?

Don’t Move: USPS Cracking Down on Move Update Standard 


Up in Smoke?

By: Kimberly R. Graves, Associate General Counsel

Though it has barely even begun, 2018 has already made its mark on banks nationwide. From laborious HMDA amendment implementation to digesting Consumer Financial Protection Bureau (CFPB) policy metamorphosis, banking professionals occupy an uneasy space to say the least. Adding smoke to the fire, U.S. Attorney General Jeff Sessions announced in early January the rescission of the so-called “Cole Memo,” which had instructed federal prosecutors nationwide not to dedicate resources to marijuana activities increasingly deemed legal under state laws. The Cole Memo had provided some breathing room for financial institutions to engage in providing services to marijuana-related businesses (MRBs), leading to nearly 400 institutions nationwide providing such services by the end of 2017.   

The original memo and subsequent clarifications provided space for federal prosecutors to forego comprehensive enforcement of the Controlled Substance Act (CSA), which is a federal law prohibiting the production, processing, or sale of marijuana. This direction was issued based on the growing number of state laws initially permitting medicinal use of the substance, and eventually provisions permitting the recreational use of the drug. The memo was clear that federal resources should be dedicated to those marijuana crimes with the most severe implications, such as crimes involving minors, guns, or criminal enterprises.

The memo indicated the former administration’s perspective on enforcement of the CSA with regard to marijuana, and opened up dialogue between MRBs and potential service providers, including banking institutions. The Financial Crimes Enforcement Network (FinCEN) issued guidance for financial institutions in 2014 to provide a framework for dealing with MRB relationships and transactions. The industry appeared to be well on its way to achieving legitimacy status, though the dragon in the room that everyone increasingly ignored was the continued existence of a federal law prohibiting the very activities in which the MRBs were engaged. 

Enter U.S. Attorney General Jeff Sessions, long-time outspoken opponent of marijuana use. In April of 2017, Sessions wrote a letter to congressional leaders emphasizing the dangers of marijuana and requested they not approve an appropriations rider barring the use of federal funds to prevent certain states from implementing state laws permitting possession, cultivation, distribution, or use of medical marijuana. A federal district and appellate court have interpreted that rider to include a prohibition on prosecutions of both state officials and private individuals. Questions remain as to the applicability of the rider to recreational use, but the likely answer is that it does apply to both medical and recreational use. Despite Sessions’ efforts, the rider was approved and remains in effect until February 8, 2018, at which point all federal appropriations will require renewal.

Financial institutions are left in a precarious position regarding banking MRBs. Arguments abound on either side, with more conservative voices advocating that banks not engage with MRBs in any respect, and voices of those less risk-averse providing suggestions for banks in managing MRB relationships. The latter voices view recent events as merely one more stepping stone to full legalization. Regardless of which side your bank may take, there are strong arguments being made by key players that the federal government must provide a legitimate infrastructure in which to bank MRBs. Issues made worse by precluding MRBs from establishing a banking relationship include increased risk for money laundering and other criminal activity, security concerns around large cash amounts, lack of ability to track a large segment of the economy, and lack of accurate taxation. 

Efforts under way to alleviate the disconnect between state legalization, federal prohibition, industry need, and banking compliance include both federal and state level initiatives. The Attorney Generals of nineteen states signed a letter to congressional leaders urging them to pass legislation to permit a safe harbor for banks to provide services to MRBs. The U.S. Attorney from Colorado has indicated that their office will continue efforts as they were before Sessions issued the rescission, and California and Massachusetts have proposed laws in the last few weeks as a result of the rescission. California’s proposal focuses on permitting banks to provide services to MRBs, while Massachusetts takes a more direct aim at the rescission by proposing to prohibit local and state law enforcement from assisting federal prosecutorial efforts in marijuana-related cases.         

While an industry representing $6.7 billion in sales at the end of 2016 and projected to reach $20 billion by 2021 is nothing to sneeze at, banks must mind the consequences of engaging with MRBs. Should the federal government proceed with efforts to enforce the CSA, repercussions could include asset forfeiture, criminal aiding and abetting, and racketeering charges, not to mention violations of the Bank Secrecy Act and regulations pertaining to anti-money laundering.  Indeed, Sessions mentions these specific laws by name in his announcement, thus making it clear that the Department of Justice may scrutinize financial institutions choosing to bank MRBs. Investors could also be subject to prosecution or civil liability. 

Banks with a less conservative approach and those already tied up in the industry can mitigate risk through use of technology platforms to track and monitor accounts, comprehensive and real time cash transaction monitoring, use of multiple sources for data comparison, ensuring complete transparency and documentation, performing regular and thorough risk assessments of policies and procedures for banking MRBs, and working with customers and colleagues to remain proactive in employing best practices and ensuring communication. Finally, refer to the FinCEN guidance on banking MRBs and ensure the timely and accurate filing of reports in accordance with that guidance.   

Compliance With the Prepaid Account Rule – What, Like It’s Hard?

by Sarah Sauceda, Associate General Counsel

Good news, you compliance watchdogs! The Final Prepaid Account Rule (the “Final Rule”), which was supposed to take effect in April of this year, has now been delayed another year becoming effective in April of 2019. This is not the first time the effective date of the Final Rule has been delayed. On October 1, 2017, the Final was put off for six months due to concerns with compliance. Ultimately, because the Consumer Financial Protection Bureau (the “CFPB”) deemed the changes so substantial and onerous, the agency delayed the effective once more. The Amended Prepaid Account Rule, published on January 25, 2018 (the “Amended Rule”), made this change among other important changes to the Final Rule.

The Final Rule was published in November of 2016 and affects both the Electronic Fund Transfer Act (Reg. E) and the Truth In Lending Act (Reg. Z). It creates protections for prepaid accounts under Reg. E which change some more general provisions of the regulation to create more directed mandates that cover limited liability and error resolution, periodic statements, and disclosures. Additionally, it creates new requirements in relation to postings of account agreements. As for Reg. Z, the Final Rule expands overdraft credit features that are offered in relation to prepaid accounts in certain circumstances.

The amendments to the Final Rule address certain unanticipated changes that were brought to the attention of the CFPB, and the changes are intended to help financial institutions comply with the new rule.

One of the more controversial changes relates to the Reg. E error resolution and limited liability provisions. Under the original Final Rule, error resolution and limited liability protection for unverified accounts was required. The Amended cuts financial institutions a break. It amends this mandate and allows banks to forego the limited liability and error resolution requirements for unverified prepaid accounts. If the prepaid account is then later verified, financial institutions are not required to limit liability nor resolve errors that occurred before verification under the Amended Rule.

Another more substantial change concerns the Reg. Z definition of “business partner.” More specifically, the definition is narrowed from the Final Rule’s definition. Under Amended Rule, the definition excludes companies that offer prepaid accounts, including digital wallet providers, and specific arrangements between entities that offer credit card accounts which are subject to the more traditional Reg. Z credit card rules. This narrowing is intended to target complications in applying credit provisions of the Final Rule to credit card accounts linked to digital wallets. The Amended Rule also expands situations where prepaid account issuers are permitted to run negative balances on prepaid accounts.

Although the mandatory compliance date has been pushed back yet again, the Final Rule as modified by the 2018 amendments will come into effect sooner than you know it (Look at what happened with HMDA!). Preparation is the best medicine for compliance issues and your compliance officer’s stress levels.

You can find the 2018 Amendments here:  https://s3.amazonaws.com/files.consumerfinance.gov/f/documents/cfpb_prepaid_final-rule_2018-amendments.pdf

Don't Move: USPS Cracking Down on Move Update Standard

by Victoria E. Stephen, CRCM, Associate Deputy Counsel

If you’re still standing still, you’re probably wondering what this so-called “Move Update Standard” even is. In short, it’s a standard set forth by the United States Postal Service to limit the growing expenses related to changes of address and forwarded mail, which have amounted to millions of dollars annually.

The Move Update Standard requires that mailers who claim special “presorted” or “automation” prices for First-Class or USPS Marketing Mail demonstrate that they have updated their mailing list in the 95 days before mailing.

The USPS sets out a few different ways of complying with this requirement, but mailers must use one of the approved methods in order to qualify. First, there are three “preapproved” methods, which all require that the mailer send its customer database to a third party for verification:

  • Address Change Service (ACS)
  • National Change-of-Address Linkage System (NCOALink); and
  • Ancillary Service Endorsements except

This presents an issue for banks, of course, since Regulation P prohibits sharing nonpublic personal information, and the Red Flags Rule does not allow the bank to unilaterally update a customer’s address.

In response to this, there are also two “alternative” methods that require separate approval and are only offered for First-Class Mail:

  • 99 Percent Accurate Method
  • Legal Restraint Method

The first is just what it sounds like—it requires that the mailer prove that the addresses are at least 99% accurate. While this may sounds simple, in practice its only practical for very extensive mailing lists that are unlikely to change, which usually isn’t the case for our member banks.

The second method is the one that most of community banks will likely have to look to for compliance. The Legal Restraint Method requires that the mailer provide evidence that it is prohibited by law from using one of the other endorsed methods. So unless your bank can prove that its mailing list is 99% accurate, it will likely need to apply for the Legal Restraint method citing Privacy and Red Flags requirements (and any other legal requirements that may apply).

Especially in light of recent high-profile breaches like Equifax and Target, banks are decidedly right to be cautious in making this choice. If you receive a phone call from USPS, as some of our members have reported, be aware of all of your options. In addition, the USPS Guide on the Move Update specifically mentions financial institutions in the context of the Legal Restraint method:

 Q16: There are some specific industry types and practices that present significant barriers to compliance with Move Update. For instance, some financial institutions cannot use NCOALink or ACS because they cannot legally make address changes without customer authorization. The Move Update Alternative methods only apply to First-Class Mail mailing and do not apply to USPS Marketing Mail mailing (promotional and advertising mail). How will the Postal Service determine if these companies’ addresses are in Move Update compliance?

A16: The postage statement asks mailers to identify the Move Update method they use. Acceptance personnel know which mailers have received approval to comply with the Move Update requirement through an alternative method. Where any request for Move Update documentation is made to justify the mailer’s claim of postage discounts, the mailer must refer the inquiry to the PCSC (Pricing and Classification Service Center DMM 608.8.4) for resolution. A mailer who has allowance to use an alternative Move Update method for First-Class Mail can extend that allowance to USPS Marketing Mail when it involves the same address list covered by the allowance under First-Class Mail mailing.

Guide to Move Update, January 2017, USPS, Pg. 43: https://ribbs.usps.gov/move_update/documents/tech_guides/GuidetoMoveUpdate.pdf

At this point you may be asking, “Why do I have to meet this standard anyway?” Well, a bank’s failure to comply with the Move Update Standard could result in the loss of its presort or automated discount, which can make mailings prohibitively expensive.

If you have any other questions about Move Update Standard, the Guide asks that mailers email ncsc.moveupdate@usps.gov or call the NCSC at 800-238-3150.