About

Comment Policy

Disclaimer

Share or Subscribe

Add me to your TypePad People list

Search BLB


  • Google

Stats

Blog powered by TypePad
Member since 03/2004

Compliance

May 22, 2013

Variations On The Theme of "Pet Parakeet"

Got_snarkEvery once in a while, I receive an email that threatens to expand the level of parody and sarcasm beyond the ability of the human mind to contain it without erupting in cornucopia of burst cranial blood vessels like a bag of Orville Redenbacher Kettle Korn in the microwave after 45 seconds on "high." A recent post in which I envisioned the CFPB "telling an auto loan lender that if a dealer from which it buys paper ever causes emotional pain to a buyer's pet parakeet, the lender is on the hook for the vet's bill," inspired one bank executive's inner snark blossom to fully bloom. He or she shall remain anonymous, primarily because this most excellent rant was communicated, without naming names, by a friend of this banker. This banker obviously has a full grasp of the new paradigm in consumer lending.

Enjoy!

"How clearly illustrative of the hell I live in every day:  “…if a dealer from which it [a bank] buys paper ever causes emotional pain to a buyer's pet parakeet, the lender is on the hook for the vet's bill…”.  Don’t forget that asking the borrower to honor the terms of the loan to which he or she agreed is in fact considered an unnecessary infliction of emotional distress.  The parakeet will pick up those vibes in the house and stop singing.  This will only further depress the borrower, who is still by the way driving the $80,000 car for which he or she is not paying, because the parakeet’s song is what keeps that buyer motivated to get up every day.  If the borrower doesn’t get up and go to work every day, the bank can’t get paid for its loan.  So the bank has a vested interest in keeping the parakeet happy and in this case a vet may not be enough.  This parakeet needs a behaviorist.  A parakeet whisperer, who understands the parakeet and can help restore the parakeet’s emotional well-being, only after which there can be a hope for the bank to be repaid for its loan. The borrower should retain the car, because after all the car will be necessary to transport the parakeet to its bird shrink, without which the loan on the car can’t be repaid.  Now you can clearly see why it’s in the bank’s best interest not only to not be paid on the loan, but to in fact pay all expenses for a parakeet psychiatrist to get that parakeet singing again.  And there is no way to make sure this happens unless a government bureaucrat has a nice office from which to read all the reports the bank will be required to produce justifying that the bank has done all it could and spent money on everything possible to get that parakeet happy, or to otherwise force the bank to do more to help the parakeet.  Doing so from a cube would be, well, inhumane – though I can’t resist pointing out that I see a few parallels between the parakeet and the bureaucrat (both are sitting miserable and silent in a small cage and pooping on everything that crosses their paths….)"

09:51 PM in CFPB, Compliance, Consumer Law-General, Lending, Life (In General) | | Comments (0) | TrackBack (0)

May 20, 2013

Save Me From Myself

Save_me_from_myselfMarvin Umholtz's latest CU Strategic Hot Topics email newsletter contains a lengthy discussion of a position paper issued late last month by the National Consumer Law Center (NCLC), which calls on the CFPB to restrict bank and credit union overdraft fees to the "reasonable and proportional" standard applied to credit card penalty fees by the terms of CARD Act, notwithstanding the fact that there is no express statutory requirement to apply such a limitation to overdraft fees. The NCLC argues that the CFPB has such authority by virtue of its ability to ban "unfair, deceptive, and abusive practices."

Of particular interest to Marvin, and to me, is the use of behavioral economic theory (previously discussed here) as support for the argument that overdraft fees are inherently "abusive" and "unfair."

This correspondent found of particular interest the NCLC white paper’s discussion about how the CFPB should leverage unfair, deceptive, or abusive practices authorities to price-control overdraft fees. It argued that overdraft fees were inherently unfair because they were not avoidable by a reasonable consumer. The NCLC said, “Accordingly, the analysis should take into [account] consumers’ likely knowledge gaps and their optimism bias, which has been shown by behavioral economics research. The information differential between banks and consumers is stark. As discussed in Sections II and III.B, supra, banks use sophisticated systems to keep track of consumers’ transactions and maximize overdrafts. In contrast, behavioral economics research shows that consumers are over-optimistic and tend to discount the likelihood of negative events. Nor do they have the capacity to quickly and accurately assess the risks associated with such contingencies. This gives banks the opportunity to attract consumers with, for example, a promise of ‘free checking,’ while at the same time charging high fees for overdrafts and engaging practices to maximize them that will far outstrip any savings from lack of a monthly maintenance fee. As a result, overdrafts and their associated fees may not be reasonably avoidable by consumers – especially the lower-income consumers who bear the brunt of these fees.” The NCLC’s anti-bank rhetoric is specious and mean-spirited.

Behavioral economics assumes that many consumers are uninformed and irrational and that consumers make systemic mistakes in their choice of credit products. Rather than let people make their own decisions behavioral economists believe that a central regulator should adopt policies designed to address that ignorance and irrationality. Behaviorists use these premises to justify big government intervention in the market to prevent consumers from harming themselves. The NCLC’s anti-overdraft narrative is reliant on this everyone-is-a-victim belief.

I couldn't have said it better myself. And now, I don't have to.

Marvin continues:

As the NCLC points out, the Dodd-Frank Act defines a practice as abusive if the CFPB finds that it (1) Materially interferes with a consumer’s ability to understand a term or condition of a consumer financial product or service; or (2) Takes unreasonable advantage of – (A) A consumer's lack of understanding of the material risks, costs, or conditions of the product or service; (B) A consumer’s inability to protect his or her own interests when selecting or using a product or service; or (C) The consumer’s reliance on a covered person [the financial services provider].  The NCLC white paper came to the simple conclusion that due to the inherent nature of overdrafts they were abusive.  NCLC wrote, “When choosing a bank or type of account, consumers cannot be expected to be able to know or compare how banks process transactions or what steps the bank will do to induce overdrafts.  The way in which transactions are processed by a bank is a complicated matter that consumers cannot reasonably understand.  Again, banks take advantage of the consumer’s reliance that the bank will not engage in activities to deliberately trip them into incurring overdrafts and being charged overdraft fees.”  Why does the empowering of the CFPB to make arbitrary and capricious “abusive” findings remind this correspondent of the in loco parentis “ability to repay” determination in other Dodd-Frank Act-mandated CFPB rules?  Apparently the ideologically questionable behavioral economists at the CFPB will know “abusive” when they see it.  Do the CFPB behavioral economists have any respect for individual rights – like the right to make one’s own decisions even if mistaken?

I think that the answer to that question is "No." Or, perhaps, "Hell, No!"

None of this should come as a surprise. Liz Warren's purpose in birthing the idea for the CFPB was to create a powerful independent federal agency, free from most oversight and any chance of "regulatory capture," to decide whether consumer financial products and services were "safe" for consumers. In other words, the basis for the CFPB is a belief in the use of the Nanny State to protect the proles from themselves because the state knows what's best for them even when they don't. Behavioral economic theory is the bedrock on which this house of cards is built. Moreover, the CFPB has been manipulating statistics in its war on overdraft fees for some time.

Get used to it, folks, because barring a "counter revolution," this is only the beginning.

09:52 PM in Banking Law-General, CFPB, Compliance, Consumer Law-General, Deposits, Federal Legislation | | TrackBack (0)

May 15, 2013

There Ain't No "There," There

Reality CheckLast week, an article by Andy Peters in the American Banker hit a nerve. It profiled a California bank that had tried to make small dollar loans work as an alternative to payday lending, but had decided to give up the effort.

One PacificCoast Bank in Oakland, Calif., is regrouping as it looks to battle payday lenders in the San Francisco Bay area.

The $282 million-asset thrift recently pulled the plug on its One Pac Pal loan, which it tailored to offer low-income clients short-term credit at reasonable rates and terms. The program, which began 18 months earlier, lost too much money, says Kat Taylor, One PacificCoast's chief executive.

"We have not yet found an economically sustainable product that's sufficient to save enough people" from payday lenders, she says.

I hate to say "I told you so," but...Oh, who am I kidding. I TOLD YOU SO!From August 1, 2007:

In June, when the FDIC issued its final Affordable Small-Dollar Loan Guidelines and FDIC Chairman Sheila Bair was pressing commercial banks to compete with payday lenders for the "Mini Me" loan biz, even banks in states like North Carolina, which kicked out the bottom feeders, were rolling their eyeballs in disdain at the prospect of rushing in to fill the breach. Among other problems, the Guidelines "encourage" banks to cap the APR at 36 percent.

[...]

The North Carolina banks banks profiled in the linked article didn't believe that there was enough bang for the buck to justify dipping their toes in the shallow water. Even the lone credit union that offered a payday loan-like product wasn't making any money on it because it was barred by state law from charging more than an 18% APR and it was actually requiring the loan to be paid back in 90 days. If it had only rolled the loan over (and over and over) and neglected to comply with the usury laws, it might, like Madonna, have been able to "get into the groove" and make some real payday lender-like money.

Lyndsey Medsker, spokesperson for the Community Financial Services Association of America, which, according to another article, represents about 60 percent of the payday loan industry, said the 36% annual percentage rate cap was a non-starter for commercial banks.

"There's an effort to cap loans at 36 percent annual rate, which the FDIC guidelines suggest. How that works into two- week loans is $1.38 per $100," she says. "I know payday lenders can't make money on that, so banks couldn't possibly either."

Mr. Peters' latest article also quotes a consultant as correctly noting that at the same time these loans pose a high risk of nonpayment, they bear a high regulatory compliance risk and, because credit scores must be thrown out the window (or reliance on them reduced), a high underwriting risk. Peters also notes that the FDIC ended its small dollar loan pilot program in 2009 because banks couldn't make a return sufficient to cover the risk.

One PacificCoast bank's experience is in line with the consistent experience of other FDIC-insured banks who've tried to beat payday lenders at their own game over the past six years. Basic business principles don't change. However, they've never ceased to be ignored in the service of an ideological agenda, one which holds that payday loans are evil because they have high fees that "trap" poor people in a never-ending spiral of debt, people who are too stupid and/or unsophisticated and/or desperate to think for themselves, and who must be protected from their inherent deficiencies by those who know better. Guys like Recess Richie and the Payday Slayers.

It's obvious that trying to use traditional banks as payday lending alternatives is not going to work. Unless, of course, you let them earn the same return that payday lenders earn.Which kind of thwarts the "higher purpose," doesn't it?

That's right Liz, reality bites.

09:43 PM in Banking Law-General, CFPB, Compliance, Consumer Law-General, FDIC, Lending, Life (In General), Risk Management | | Comments (0) | TrackBack (0)

May 06, 2013

A New Approach To Compliance

New PlanSteve Van Beek, NAFCU's Director of Regulatory Compliance, has a dynamite article in the latest issue of The Federal Credit Union, that community banks, as well as credit unions, would do well to heed. In addition to noting the obvious fact that Dodd-Frank's increase of regulations means increased compliance burdens for credit unions, he discusses a very important "paradigm shift" in the way credit unions (and community banks) need to view compliance. In the years "BFD" (Before Franken-Dodd), the compliance officer was often brought into the discussion of a product or service at a late date, and then gave it a thumbs up or thumbs down verdict. Steve rightly notes that the old school approach is a good way to be schooled by the CFPB.

Steve observes that the "CFPB's focus is principle-based as wellas requirement-based."

Not only will credit unions need to determine if their product or service is compliant with laws, regulations and guidance, but they will also need to expend resources to document that the product or service provides a benefit to members.

Why? Steve's glad you asked. Th answer is UDAAP: unfair, deceptive or abusive acts or practices. You have a new sheriff in town, the CFPB. It's focused on how consumers use products and services and how consumer service and product providers might "take advantage" of consumers. In other words, the CFPB seems to be running down the path of determining what products and services are "suitable" for consumers and which are not. It's a brave new world, one in which the old focus on checking off items on a compliance checklist is not going to get the job done. Instead, financial institutions will "need to build a UDAAP review into their product structure and development and monitor their products and services over time, as the UDAAP standard is not static."

There's a lot more meat on the bones, and I highly recommend that you read the whole article. It's a good warning shot across the bow of the critically dysfunctional and soon-to-be-beaten-down dinosaurs who squawk an outdated mantra: "Show me where it says I can't do that." Believe me, if you don't understand that it's a whole knew compliance ballgame and learn the new rules, pronto, the CFPB tire tracks will make a nice pair of bookends on the back of your bowling shirt as you lie face down and flattened in the middle of the consumer compliance highway.

09:52 PM in CFPB, Compliance, Consumer Law-General, Credit Unions, Risk Management | | Comments (0) | TrackBack (0)

April 22, 2013

FDIC's Take On FFIEC's Social Media Guidance

GuidanceI ran across an interview recently that the FDIC's Elizabeth Khalil gave to InfoSecurity's Tracy Kitten about the FFIEC's proposed guidance on social media. Among my take-aways are the following:

  • The push for the guidance came from smaller banks that wanted the regulators to give them some free advice. We all understand the fact that because small banks have less money available to pay for expensive lawyers, they look to leverage off of every free resource they can glom onto. Trade associations aren't free, but if you're paying your dues, you look to them to give you your money's worth. Since banks pay the federal bank regulators assessments, they want some bang for those bucks, as well. I get it.
  • While Ms. Khalil mentioned "reputational risk" as the second major risk of the three she discussed ("compliance issues" was number one and "third party risk" was the third), I think reputational risk layers through much of the regulators' concerns. For example, misuse of consumers' personal information may be a compliance risk issue, and a Facebook vulnerability to hackers is a third-party risk. However, they both can impact the bank's reputation. Bad things that happen in a bank's social media endeavors often pose a reputational risk as an additional risk, and that's a safety and soundness concern which, in turn, is a regulatory compliance concern.
  • None of what's in the guidance is new, and banks that are already engaged in social media activities should already be familiar with the elements of the guidance. If they're not, they better become familiar in a hurry and hope that no one notices.
  • Due diligence on third party service providers that you intend to use is critical. The due diligence needs to be ongoing. A third party's faux pas can bite the bank in the backside as well as the third party. Monitoring is essential.
  • As is the case with online banking security, the regulators encourage banks to educate consumers on social media risks. For example, the regulators will look favorably on a bank educating its social media users on the risk of fraudulent bank sites, how to recognize the real deal from the fraudster, and that they should never give up personal information over social media. 
  • Whether or not a bank is actively using social media to interface with current or potential customers, it needs to have a social media use policy. The bank's employees are using social media, and other people may be saying bad things about you in cyberspace. The bank should have a policy that deals with these issues.

The final guidance is expected to be out in the near future (the comment period closed March 25th), depending on the nature of the comments received.Interested bankers should keep their eyes peeled (although, don't hold your breath).

I'll be giving a breakout session on social media compliance on July 3, 2013 at CUNA’s America’s Credit Union Conference in New York City. If you're a reader and are attending that conference, say hello.

10:01 PM in CFPB, Compliance, Consumer Law-General, Credit Unions, FDIC, FFIEC, FRB, Marketing, OCC, Risk Management, Social Media, Web/Tech | | TrackBack (0)

April 15, 2013

Dancing With The Bear: The Softshoe Shuffle Continues

Dancing_bearMy posts concerning former bank CEO Patrick Adams and his long, hard, expensive fight to clear his name encouraged one reader to send me a copy of a decision from a couple of months ago that involved another bank officer (actually, the Chairman of a bank) who has been slugging it out with the OCC (and in this case, the Fed) four the last four years over an attempt by the regulators to oust him from his position with the bank. The D.C. Circuit Court of Appeals held in his favor and sent the case back to the banking agencies with some pretty caustic comments.

The entire opinion is an interesting read, but here's a synopsis, paraphrased from one prepared by my correspondent.

Louis DeNaples, was a director and controlling shareholder of a national bank and two bank holding companies.  In 2008, Pennsylvania state prosecutors charged him with perjury.  But the charges were later withdrawn pursuant to an agreement in which Mr. DeNaples agreed, among other things, to release claims against the state based on irregularities in the underlying grand jury proceeding.  Thereafter, the state court expunged the entire prosecution.  The Comptroller of the Currency and the Federal Reserve Board, however, concluded that Mr. DeNaples had violated Section 19 of the Federal Deposit Insurance Act, which prohibits a person from participating in a regulated financial institution after entering into a “pretrial diversion or similar program” with respect to certain criminal offenses, including perjury.  The agencies thus issued cease-and-desist orders directing Mr. DeNaples to resign from his positions, and to divest his shares, in the regulated institutions.

Mr. DeNaples appealed, arguing, among other things, that (1) his agreement for withdrawal of the perjury charges was not a “pretrial diversion or similar program,” and in any event (2) Section 19 does not apply to expunged convictions.  A three-judge panel of the D.C. Circuit unanimously agreed on both counts.

First, the Court held that the banking agencies’ interpretations of Section 19 are not entitled to Chevron deference.  The panel adopted DeNaples' argument that no deference is warranted for any part of the Federal Deposit Insurance Act because multiple agencies enforce it, creating the potential for inconsistent agency interpretations, as occurred in this case.

Next, the Court held that the agencies had applied inconsistent and overbroad definitions of the term “pretrial diversion or similar program,” essentially capturing any situation where a person supplies a “quid pro quo for the prosecutor’s withdrawal of charges.”  The panel explained that pretrial diversion generally refers to a discrete program that seeks some offender- or community-oriented outcome such as treatment, rehabilitation, or restitution.  The Court, moreover, adopted the argument of DeNaples' lawyers that the agencies on remand must consider the meaning of “pretrial diversion” under state law, which they adamantly refused to do in the earlier cease-and-desist proceedings.

Finally, the Court agreed with DeNaples that the OCC’s and the Board’s positions on the impact of expungement were both internally inconsistent and at odds with a published FDIC policy statement.  In a stunning rebuke of the agencies, the panel criticized their positions as “bizarre,” “untenable,” “unpredictable,” and a “scattergun approach,” and said that reconciling their views “is like trying to draw a two-dimensional shape on the surface of a grapefruit.”

Trying to draw a two-dimensional shape on the surface of a grapefruit. For four years. A worthy endeavor, no?

Incidentally, the lead counsel for DeNaples (at leas, the lawyer named in the opinion) is Howard Cayne, a well-known D.C. banking law litigator who, like your trusty bloviator, has "danced with the bear" on previous occasions. The man must have a high tolerance for pain. As must Mr. DeNaples.

 

09:52 PM in Banking Law-General, Compliance, Crime, FRB, Governance, Life (In General), Litigation, OCC, Officers & Directors | | TrackBack (0)

April 14, 2013

Tighten Up! No, Loosen Up!

Forked-tongueThe Obama administration’s recent call for mortgage lenders to loosen underwriting standards on residential mortgage loans to less-than-“Qualified Mortgagors” as long as the FHA (i.e., the American taxpayer) is taking most of the risk of default, generated some pretty strong reaction from the usual suspects.

"If that were to come to pass, that would open the flood-gates to highly excessive risk and would send us right back on the same path we were just trying to recover from," said Ed Pinto, a resident fellow at the American Enterprise Institute and former top executive at mortgage giant Fannie Mae.

[…]

"There's always a tension that you have to take seriously between providing clarity and rules of the road and not giving any opportunity to restart the kind of irresponsible lending that we saw in the mid-2000s," said a senior administration official who was not authorized to speak on the record.

Ya’ think?

The administration is also purportedly urging the Justice Department to ease up on lenders who make loans in accordance with the administration-encouraged looser and goosier FHA underwriting critera. The FHA also claims that it hopes to encourage "by example" Fannie Mae and Freddie Mac to follow along. It's as if the subprime meltdown never occurred and Dodd-Frank was never passed, except for the fact that the federal banking regulators, including the CFPB, are taking a directly contrary approach to mortgage underwriting. Moreover, loan originators live in mortal fear of Freddie and Fannie repurchase requests, which have been massive, since those two publicly-controlled giants are the conventional residential mortgage market.

This whip-saw of inconsistency evidences a major example of cognitive dissonance.

Private reaction from bankers and bank lawyers with whom I attended the recent Texas Bankers Association Annual Legal Conference in Austin, Texas, was even more derisive.  Much time during that conference was spent parsing the nuances of “Qualified Mortgages” and “Qualified Residential Mortgages,” which will make qualifying for a residential mortgage loan much more difficult for many potential homeowners. In addition, the plethora of new regulations being spewed out by the CFPB makes consumer lending, including making single family mortgage loans, riskier and more expensive. The bottom line for a number of community bankers is that they will be making few, if any, residential mortgage loans, at least not directly. In addition, bankers who decide to make residential mortgage loans are definitely not crazy about making anything other than loans that will fall under the QM safe harbor.

I would say that it’s amazing that the administration could talk so glibly out of both sides of its mouth, except that it’s not at all amazing. It’s what these cynical, pandering clowns do as naturally as breathing in oxygen and exhaling carbon dioxide.

10:00 PM in Banking Law-General, CFPB, Compliance, Consumer Law-General, Fannie Mae, FDIC, Federal Legislation, FHA, FRB, Freddie Mac, Lending, Mortgage Banking, OCC, Risk Management | | TrackBack (0)

April 08, 2013

Three Hurdles To Jump Pose No Obstacle To An Elephant

Elephant_stampedeBanking compliance consultant Nancy Griffin thinks that bankers fear the "effects test" (i.e., "disparate impact"), which, I think, is correct. She also thinks that they should not be as afraid of disparate impact as they seem to be, because it's a three-part test and the "effect" is only one part.

The effects test is a three-part analysis:

1. The analysis starts with whether a policy or practice that appears neutral on its face has a discriminatory effect on a prohibited basis--disparate impact.

2. Next the test looks at whether the policy or practice that seems to discriminate on a prohibited basis actually has a business necessity supporting its use.

3. The final step is to determine whether there is a way to meet the same business necessity without such a discriminatory impact.

Obviously, step 1 has received all the press, and causes the most heartburn. The problem for bankers is that they rarely know what the "unintended" effects on a protected class of a facially bias-neutral practice might be. However, Nancy thinks that Step 2 is where the "real analysis" should begin.

The more accurate and effective the factors considered in evaluating credit are, the more accurately they will distinguish between good and bad credit risks. And, the accuracy of the factors becomes a powerful defense against any challenge of discrimination in effect.

Common sense should tell you that this works.

I have no problem with those statements.

As to step 3, Nancy claims that every banker should already be familiar with making this determination.

This type of analysis has been at the core of what is inaccurately referred to as "CRA lending."  The question in this phase is to figure out whether there is any other way to achieve the business purpose of distinguishing between good and bad credit risks than to use the factor that is challenged as discriminatory.

In looking for ways to make loans to low-income credit applicants, the industry has reevaluated almost all of the underwriting principles. Often, community groups asked banks to apply different debt ratios to low-income applicants or look instead to cash flow and proven ability to manage a high housing cost relative to income. In many situations, these loans could be supported by the alternative analysis. In these cases, there was an alternative way to make the loan that reduced any disparate impact of using ratios.

While she mentions the fact that many of these "alternative ways to make loans" went too far and resulted in some serious pain (in other words, the subprime mortgage meltdown), she claims this result has a "silver lining."

Some of the alternatives to basic underwriting principles have been tested and proven dangerous. This experience helps with the third step of the effects test. It makes clear that flexible underwriting is something to be done only with great care. Underwriting should not be changed simply to change the demographic effect. Before changes there should be careful research and testing.

I suppose that is true to some extent. However, I'm not as sanguine as Nancy that step 3 will be that easy to support in every case where the stricter underwriting standards that are used to achieve "QM" or "QRM" status are always employed. I can see the day, especially when the economy improves, when the fact that a bank is simply trying to meet the Dodd-Frank "safe harbor" underwriting standards is far from being a lock on satisfying steps 2 and 3. I especially think that an ideologically motivated Justice Department (and HUD) of the type we have in place currently, will remain unimpressed by any logical arguments that support a bank on steps 2 and 3 if they "find" that there's been a "disparate impact" on a protected class under step 1.

We need to remember that "disparate impact" itself is a questionable legal theory, so questionable that the US Justice Department fears its consideration by the US Supreme Court. Banks aren't scared of "disparate impact" claims only because they're so difficult to anticipate in the ordinary course of business, but because the federal government seems intent on using such claims to browbeat large settlements out of bankers on a cost-benefits basis (pay the government to end the pain), regardless of whether or not the highest court in the land would ultimately overturn the government. If the government is willing to use a questionable legal theory to serve ideological notions of "fairness" in credit redistribution (as it does in its quest for income redistribution), why would steps 2 and 3 deter it? If step 1 is bogus, why would objectively valid opinions that steps 2 and 3 favor the bank be impediments to simply alleging that they do not, and beating the bank over the head with litigation defense costs until it yields?

Yes, bankers fear the effects test. The fact that the test involves a three step process should provide only cold comfort to them.

09:37 PM in Banking Law-General, Compliance, Consumer Law-General, CRA, Lending, Risk Management | | TrackBack (0)

April 01, 2013

Eductaing Customers About Online Fraud: A Case Study

Educate MeTwo years ago, we discussed the fact that, pursuant to supplemental guidance issued by the FFIEC, financial institutions were going to have take seriously the need to educate their online banking customers about ways to prevent online banking fraud. BankInfoSecurity's Tracy Kitten recently interviewed the heads of social media and information security for Bank of the West about their efforts in this area. In addition to posting educational videos for customers on the bank's web site, the bank is uploading to the bank's Youtube channel in an attempt to make those videos "go viral." In other words, the bank is blending its internal information security technology and social media expertise to do what the bank regulators want them to do: help combat online banking fraud by educating their customers.

While the entire, relatively short, interview is worth a listen, I took away the following points:

  • If you want social media content to "go viral" (for the social media challenged: "circulate widely via social media"), you have to make the content "relevant and compelling." You also must update it frequently. Easier said than done. It's why I believe that banks need to blend their internal talents, the way that Bank of the West is doing. Social media is not the sole province of either marketing or "technologists." It takes folks with a variety of skills to make it rock.
  • To banks like this one, that have been in the social media game for a while, the recently proposed FFIEC social media guidelines are no big deal. They should be well positioned to meet those guidelines with little, if any, modification to their existing procedures. As one of the gentlemen interviewed observed, they've been expecting these guidelines for years.
  • Social media (videos) is only one arrow in the educational quiver. The bank is also using seminars targeted to specific groups of customers (small businesses, primarily, since that's the customer group that is most at risk for online banking fraud losses).
  • Of most concern to information security officers is the movement of organized criminal organizations into this arena. They bring with them the money and skill set (not to mention the ruthlessness) to pull off the most successful heists, targeting not the banks but their customers.
  • Quality is more important than quantity in online education efforts. Throwing everything against the wall and seeing what sticks will likely not be a successful approach.
  • You need cooperation from different areas of the bank to do this successfully. Therefore, you need "buyoff" internally before you launch, not after.
  • Most of these efforts are too new to be able to measure their effectiveness, but using the tools that are available to do so on an ongoing basis is important. If your efforts aren't paying off, then you need to consider tweaking them.

09:34 PM in Banking Law-General, Compliance, Crime, FFIEC, Marketing, Risk Management, Social Media, Web/Tech | | TrackBack (0)

March 20, 2013

Beating The CFPB To The Punch

Oh-The-HorrorCommunity banks have been concerned that, although they might be exempt from direct supervision and enforcement by the CFPB, they would be recipients of a "trickle down" effect that would result when their primary federal bank regulator would attempt to demonstrate that it could stay abreast, or even ahead, of the CFPB when it comes to cracking down on unfair, deceptive, and "abusive" practices. Fraud, small banks understand, but they tend to fear zealots who may not be able to define an "abusive" practice with precision, but sure as shooting know it when they see it.

An article in the most recent issue of Bank Safety & Soundness Advisor (paid subscription required) indicates that community bankers' fears are not without some foundation.

In a recent Webcast, officials from the Fed along with the Federal Reserve Bank of San Francisco showcased a broadbased enforcement approach to UDAP rules and regulations, and some high expectations for how banks should be identifying and resolving complaints involving abusive or deceptive practices.

While some of the examples cited, including inflating borrower income on loan applications and charging "bogus points and origination fees" are clearly fraudulent, the net appears to be cast widely by the Fed.

Officials indicated they view as a kind of red flag banks pushing new or modified products and services to generate new revenue, especially if done in conjunction with third-party vendors where fees are shared.

“While searching for revenue is part of what a bank needs to do, there is also a need to make sure
there is compliance with UDAP and consideration of UDAP risk,” said Maureen Yap, the Federal
Reserve’s special counsel for fair lending.

And the officials underscored the idea that an act or practice does not have to violate another law to be unfair or deceptive. A potentially tell-tale sign of that: cases where revenue growth depends on consumers making what regulators and examiners feel are poor financial choices.

There you go: what an examiner "feels is a poor financial choice" by a consumer is the acid test. That gives a whole boatload of precision and certainty to the determination of what is and is not "abusive." Every bank will have to have a Potter Stewart on staff to make the call, I guess.

The potential burden is not going to be light.

For individual institutions, the potential coverage is huge, including not only all products and services, but every phase of the life cycle, including development, marketing, and loss mitigation activities.

One bank's "bogus points" scam, perpetrated by rogue loan originators, led to a determination that it had a "disparate impact" on minorities, and earned that bank a referral to the Justice Department. So, there's that potential liability to look forward to, as well.

What's a small community bank to do? Fed officials tried to be helpful.

Officials declined to address specific fact situations bankers posed during the March 5 webcast. They suggested that banks use the same sort of analysis that regulators do in assessing potential misconduct.

Yap said the Fed tells examiners to focus on the “INN” in determining whether conduct is unfair under the law. There must be “injury” to the consumer or group of consumers, the injury is “not reasonably avoidable,” and there are “no countervailing benefits.”

She said Fed examiners focus on the “MRM” to judge whether behavior is deceptive. Does the representation or omission “mislead” the consumer? Is the consumer response “reasonable”
given the representation or omission? Is the misrepresentation or omission “material”?

“The act or practice does not have to violate another law to be unfair or deceptive,” she said.
“If the prongs of the analysis are satisfi ed a UDAAP violation can be cited.” She said CA Letter 07-08 — a joint Federal Reserve/FDIC statement on consumer compliance exam procedures for UDAP — was “very instructive” in the types of questions bank should expect.

There's your heading on a course through the fog-bound waters of "abuse": think like an examiner.

And after you take that journey down a rabbit "warren" (pun intended), you can resurface and start walking like an Egyptian.

You've got your marching orders, folks. You can get with the program or you can get out of the business. Welcome to this brave new world.

09:46 PM in Banking Law-General, CFPB, Compliance, Consumer Law-General, Deposits, FDIC, Federal Legislation, FRB, Governance, Lending, Life (In General), OCC, Risk Management | | TrackBack (0)

Next »

Recent Posts

Archives

More...

Categories