February 2018 Newsletters

Up in Smoke?

Compliance With the Prepaid Account Rule – What, Like It’s Hard?

Reauthorization on Repeat

Don’t Move: USPS Cracking Down on Move Update Standard 

PHH Update: CFPB Structure is Constitutional


Up in Smoke?

By: Kimberly R. Graves, Associate General Counsel

Though it has barely even begun, 2018 has already made its mark on banks nationwide. From laborious HMDA amendment implementation to digesting Consumer Financial Protection Bureau (CFPB) policy metamorphosis, banking professionals occupy an uneasy space to say the least. Adding smoke to the fire, U.S. Attorney General Jeff Sessions announced in early January the rescission of the so-called “Cole Memo,” which had instructed federal prosecutors nationwide not to dedicate resources to marijuana activities increasingly deemed legal under state laws. The Cole Memo had provided some breathing room for financial institutions to engage in providing services to marijuana-related businesses (MRBs), leading to nearly 400 institutions nationwide providing such services by the end of 2017.   

The original memo and subsequent clarifications provided space for federal prosecutors to forego comprehensive enforcement of the Controlled Substance Act (CSA), which is a federal law prohibiting the production, processing, or sale of marijuana. This direction was issued based on the growing number of state laws initially permitting medicinal use of the substance, and eventually provisions permitting the recreational use of the drug. The memo was clear that federal resources should be dedicated to those marijuana crimes with the most severe implications, such as crimes involving minors, guns, or criminal enterprises.

The memo indicated the former administration’s perspective on enforcement of the CSA with regard to marijuana, and opened up dialogue between MRBs and potential service providers, including banking institutions. The Financial Crimes Enforcement Network (FinCEN) issued guidance for financial institutions in 2014 to provide a framework for dealing with MRB relationships and transactions. The industry appeared to be well on its way to achieving legitimacy status, though the dragon in the room that everyone increasingly ignored was the continued existence of a federal law prohibiting the very activities in which the MRBs were engaged. 

Enter U.S. Attorney General Jeff Sessions, long-time outspoken opponent of marijuana use. In April of 2017, Sessions wrote a letter to congressional leaders emphasizing the dangers of marijuana and requested they not approve an appropriations rider barring the use of federal funds to prevent certain states from implementing state laws permitting possession, cultivation, distribution, or use of medical marijuana. A federal district and appellate court have interpreted that rider to include a prohibition on prosecutions of both state officials and private individuals. Questions remain as to the applicability of the rider to recreational use, but the likely answer is that it does apply to both medical and recreational use. Despite Sessions’ efforts, the rider was approved and remains in effect until February 8, 2018, at which point all federal appropriations will require renewal.

Financial institutions are left in a precarious position regarding banking MRBs. Arguments abound on either side, with more conservative voices advocating that banks not engage with MRBs in any respect, and voices of those less risk-averse providing suggestions for banks in managing MRB relationships. The latter voices view recent events as merely one more stepping stone to full legalization. Regardless of which side your bank may take, there are strong arguments being made by key players that the federal government must provide a legitimate infrastructure in which to bank MRBs. Issues made worse by precluding MRBs from establishing a banking relationship include increased risk for money laundering and other criminal activity, security concerns around large cash amounts, lack of ability to track a large segment of the economy, and lack of accurate taxation. 

Efforts under way to alleviate the disconnect between state legalization, federal prohibition, industry need, and banking compliance include both federal and state level initiatives. The Attorney Generals of nineteen states signed a letter to congressional leaders urging them to pass legislation to permit a safe harbor for banks to provide services to MRBs. The U.S. Attorney from Colorado has indicated that their office will continue efforts as they were before Sessions issued the rescission, and California and Massachusetts have proposed laws in the last few weeks as a result of the rescission. California’s proposal focuses on permitting banks to provide services to MRBs, while Massachusetts takes a more direct aim at the rescission by proposing to prohibit local and state law enforcement from assisting federal prosecutorial efforts in marijuana-related cases.         

While an industry representing $6.7 billion in sales at the end of 2016 and projected to reach $20 billion by 2021 is nothing to sneeze at, banks must mind the consequences of engaging with MRBs. Should the federal government proceed with efforts to enforce the CSA, repercussions could include asset forfeiture, criminal aiding and abetting, and racketeering charges, not to mention violations of the Bank Secrecy Act and regulations pertaining to anti-money laundering.  Indeed, Sessions mentions these specific laws by name in his announcement, thus making it clear that the Department of Justice may scrutinize financial institutions choosing to bank MRBs. Investors could also be subject to prosecution or civil liability. 

Banks with a less conservative approach and those already tied up in the industry can mitigate risk through use of technology platforms to track and monitor accounts, comprehensive and real time cash transaction monitoring, use of multiple sources for data comparison, ensuring complete transparency and documentation, performing regular and thorough risk assessments of policies and procedures for banking MRBs, and working with customers and colleagues to remain proactive in employing best practices and ensuring communication. Finally, refer to the FinCEN guidance on banking MRBs and ensure the timely and accurate filing of reports in accordance with that guidance.   

Compliance With the Prepaid Account Rule – What, Like It’s Hard?

by Sarah Sauceda, Associate General Counsel

Good news, you compliance watchdogs! The Final Prepaid Account Rule (the “Final Rule”), which was supposed to take effect in April of this year, has now been delayed another year becoming effective in April of 2019. This is not the first time the effective date of the Final Rule has been delayed. On October 1, 2017, the Final was put off for six months due to concerns with compliance. Ultimately, because the Consumer Financial Protection Bureau (the “CFPB”) deemed the changes so substantial and onerous, the agency delayed the effective once more. The Amended Prepaid Account Rule, published on January 25, 2018 (the “Amended Rule”), made this change among other important changes to the Final Rule.

The Final Rule was published in November of 2016 and affects both the Electronic Fund Transfer Act (Reg. E) and the Truth In Lending Act (Reg. Z). It creates protections for prepaid accounts under Reg. E which change some more general provisions of the regulation to create more directed mandates that cover limited liability and error resolution, periodic statements, and disclosures. Additionally, it creates new requirements in relation to postings of account agreements. As for Reg. Z, the Final Rule expands overdraft credit features that are offered in relation to prepaid accounts in certain circumstances.

The amendments to the Final Rule address certain unanticipated changes that were brought to the attention of the CFPB, and the changes are intended to help financial institutions comply with the new rule.

One of the more controversial changes relates to the Reg. E error resolution and limited liability provisions. Under the original Final Rule, error resolution and limited liability protection for unverified accounts was required. The Amended cuts financial institutions a break. It amends this mandate and allows banks to forego the limited liability and error resolution requirements for unverified prepaid accounts. If the prepaid account is then later verified, financial institutions are not required to limit liability nor resolve errors that occurred before verification under the Amended Rule.

Another more substantial change concerns the Reg. Z definition of “business partner.” More specifically, the definition is narrowed from the Final Rule’s definition. Under Amended Rule, the definition excludes companies that offer prepaid accounts, including digital wallet providers, and specific arrangements between entities that offer credit card accounts which are subject to the more traditional Reg. Z credit card rules. This narrowing is intended to target complications in applying credit provisions of the Final Rule to credit card accounts linked to digital wallets. The Amended Rule also expands situations where prepaid account issuers are permitted to run negative balances on prepaid accounts.

Although the mandatory compliance date has been pushed back yet again, the Final Rule as modified by the 2018 amendments will come into effect sooner than you know it (Look at what happened with HMDA!). Preparation is the best medicine for compliance issues and your compliance officer’s stress levels.

You can find the 2018 Amendments here:  https://s3.amazonaws.com/files.consumerfinance.gov/f/documents/cfpb_prepaid_final-rule_2018-amendments.pdf

Reauthorization on Repeat

by Victoria E. Stephen, CRCM, Associate General Counsel

NFIP Reauthorization: A mouthful to say, and a plate full of hassle for banks trying to remain in compliance with flood requirements.
Before we get into how to deal with reauthorization, let’s recap why it happens in the first place. The National Flood Insurance Program depends on Congress continually authorizing its existence. So when the government shuts down, the NFIP shuts down with it, and when that happens, FEMA’s authority to issue new policies, increased coverage on existing policies, and renewal policies also expires.
We’ve seen this happen five times in the last six months. The NFIP originally expired on September 30, but Congress passed an extension at the eleventh hour, extending it until December 8, and then again until December 22. The next extension happened on January 19, 2018, and another on February 8. The most recent legislation extends the NFIP to March 23, so Congress has until 11:59 pm on that day to reauthorize it in order to once again avoid lapse.
So what should the bank do if Congress doesn’t get it done by the deadline? The #1 question we get is whether flood insurance is still required, and if so, where to get it. The answer is that flood insurance technically is not required if the NFIP has lapsed. The reason for this is that flood coverage is only required for a “designated loan,” which is generally defined as a loan secured by a building located in a SFHA in which flood insurance is available under the NFIP.
So no NFIP means no flood insurance…right? Not so fast. Safety and soundness is still a very real consideration, NFIP or not. While the regulation does not outright require private coverage in the event of a lapse, it’s highly advisable. Further, regulators will expect force placement where applicable when the NFIP is reauthorized.  Remember: the bank can always choose to require coverage up to the insurable value, even if the flood regulations would not mandate it.
So lenders effectively have four options for making new loans during a lapse:

  1. Have the borrower complete an application and pay the premium, and hold it for processing pending reauthorization.
  2. Postpone loan closing until reauthorization.
  3. Require that the borrower obtain private flood insurance coverage.
  4. As a last resort, make the loan without any flood insurance.

It’s also important to note that lenders must continue to make flood determinations, provide timely notices of special flood hazards to borrowers, and comply with other parts of the flood insurance regulations, even if actual coverage is not required.
“What happens to current policies?” is another question that often comes up. Most policyholders won’t be affected, and policies that are already in place will remain in force, and claims under those policies will continue to be paid.
While it’s not always instantly updated after a reauthorization, this FEMA page is a quick-access resource to determine whether the NFIP has been extended, and when it is next set to lapse. Although the existing guidance on NFIP lapses is from 2010, it makes clear that it “will continue to apply if there are future lapses in the NFIP.”
As affected communities continue to recover from the devastating effects of last year’s hurricanes, it’s critical that Congress issue a multi-year reauthorization to help protect against future flooding. Only time will tell whether this will happen, though. 

In addition to this week's article, we also have a number of C/A Minute videos on flood, including Flood Insurance Escrows and Condo Minimum Insurance Thresholds.

Don't Move: USPS Cracking Down on Move Update Standard

by Victoria E. Stephen, CRCM, Associate Deputy Counsel

If you’re still standing still, you’re probably wondering what this so-called “Move Update Standard” even is. In short, it’s a standard set forth by the United States Postal Service to limit the growing expenses related to changes of address and forwarded mail, which have amounted to millions of dollars annually.

The Move Update Standard requires that mailers who claim special “presorted” or “automation” prices for First-Class or USPS Marketing Mail demonstrate that they have updated their mailing list in the 95 days before mailing.

The USPS sets out a few different ways of complying with this requirement, but mailers must use one of the approved methods in order to qualify. First, there are three “preapproved” methods, which all require that the mailer send its customer database to a third party for verification:

  • Address Change Service (ACS)
  • National Change-of-Address Linkage System (NCOALink); and
  • Ancillary Service Endorsements except

This presents an issue for banks, of course, since Regulation P prohibits sharing nonpublic personal information, and the Red Flags Rule does not allow the bank to unilaterally update a customer’s address.

In response to this, there are also two “alternative” methods that require separate approval and are only offered for First-Class Mail:

  • 99 Percent Accurate Method
  • Legal Restraint Method

The first is just what it sounds like—it requires that the mailer prove that the addresses are at least 99% accurate. While this may sounds simple, in practice its only practical for very extensive mailing lists that are unlikely to change, which usually isn’t the case for our member banks.

The second method is the one that most of community banks will likely have to look to for compliance. The Legal Restraint Method requires that the mailer provide evidence that it is prohibited by law from using one of the other endorsed methods. So unless your bank can prove that its mailing list is 99% accurate, it will likely need to apply for the Legal Restraint method citing Privacy and Red Flags requirements (and any other legal requirements that may apply).

Especially in light of recent high-profile breaches like Equifax and Target, banks are decidedly right to be cautious in making this choice. If you receive a phone call from USPS, as some of our members have reported, be aware of all of your options. In addition, the USPS Guide on the Move Update specifically mentions financial institutions in the context of the Legal Restraint method:

 Q16: There are some specific industry types and practices that present significant barriers to compliance with Move Update. For instance, some financial institutions cannot use NCOALink or ACS because they cannot legally make address changes without customer authorization. The Move Update Alternative methods only apply to First-Class Mail mailing and do not apply to USPS Marketing Mail mailing (promotional and advertising mail). How will the Postal Service determine if these companies’ addresses are in Move Update compliance?

A16: The postage statement asks mailers to identify the Move Update method they use. Acceptance personnel know which mailers have received approval to comply with the Move Update requirement through an alternative method. Where any request for Move Update documentation is made to justify the mailer’s claim of postage discounts, the mailer must refer the inquiry to the PCSC (Pricing and Classification Service Center DMM 608.8.4) for resolution. A mailer who has allowance to use an alternative Move Update method for First-Class Mail can extend that allowance to USPS Marketing Mail when it involves the same address list covered by the allowance under First-Class Mail mailing.

Guide to Move Update, January 2017, USPS, Pg. 43: https://ribbs.usps.gov/move_update/documents/tech_guides/GuidetoMoveUpdate.pdf

At this point you may be asking, “Why do I have to meet this standard anyway?” Well, a bank’s failure to comply with the Move Update Standard could result in the loss of its presort or automated discount, which can make mailings prohibitively expensive.

If you have any other questions about Move Update Standard, the Guide asks that mailers email ncsc.moveupdate@usps.gov or call the NCSC at 800-238-3150. 

PHH Update: CFPB Structure is Constitutional

by Silvia Garcia Maggio, CRCM, Deputy General Counsel

In 2017, we discussed the DC Court’s landmark ruling in PHH v. CFPB. As a recap, PHH is a financial services corporation operating out of New Jersey*. The CFPB imposed a $109 million penalty for PHH’s practices related to their captive mortgage reinsurer** and Section 8 of RESPA. With the passing of Dodd-Frank, the ability to interpret whether mortgage reinsurance is a kickback issue transferred from HUD to the CFPB. The CFPB made an interpretation about the practice, applied it retroactively and filed an administrative adjudication claim against PHH in 2014. The case has been ongoing since that point, leading to a groundbreaking decision in October 2017 by the DC Court of Appeals case that made the following rulings:

  1. The structure of the CFPB, wherein there is a single director that can only be removed for cause, is unconstitutional since it violates Article II of the Constitution;
  2. Statutes of limitations apply to the CFPB’s enforcement actions;
  3. RESPA language allows for captive mortgage re-insurance arrangements if the mortgage reinsurers were paid no more than the reasonable value of the services they provided; and  
  4. The Court admonished the CFPB for attempting to apply interpretations retroactively.

When we left off last March, I mentioned that the CFPB had requested a rehearing by the full Appeals Court whose decision came down on January 31, 2018. So where did we land? First the Court overturned the ruling that the CFPB’s structure was unconstitutional. This specifically upholds the for-cause removal provision of the CFPB’s single director. This allows the director of the CFPB to have a five-year term subject to removal by the President, but only for inefficiency, neglecting his/her duty or malfeasance. The court concluded that there was legal precedence and that the independence of the CFPB was traditional among financial regulations. However, the Court also upheld that the CFPB’s retroactive application of RESPA rules was improper, as was the imposition of the $109 million penalty on PHH. The Court cited a lack of fair notice and disagreed with the CFPB’s interpretation of the statute of limitations to bring claims – noting that it should have been three years and not five.

The RESPA enforcement issue is still one to watch since it could impact the CFPB’s interpretation and enforcement of RESPA Section 8 Violations. Additionally, the long history of the PHH case has extended past the previous Director’s tenure so it’s not clear how this will shape the direction of the next permanent Director of the CFPB. That being said, what this decision does make clear is that any changes to the structure of the CFPB will most likely come from Congress and not from the judicial process.

*PHH provides mortgage services to financial service firms and operates under a number of names. These include  PHH Home Loans, Axiom Financial, Coldwell Banker Home Loans, First Capital and Sunbelt Lending Services, among others.

**Mortgage reinsurance is a variation of captive reinsurance where the subsidiary of a lender collects at least a portion of the mortgage insurance premiums and also, shares in payments of any losses for their own loans.