When the federal banking regulators adopted the data breach notification guidelines last March, the bank trade papers were awash with speculation that this might be a SARs redux: the regulators would be overwhelmed with breach notifications. Among the quotes from prominent (and oft-quoted) experts were the following:
"Regulators may be flooded with notifications despite their efforts to make the reporting rules flexible."
"You have the potential here for another SARs-like problem."
"Filings could dwarf the escalation of reports on money laundering and other financial crime."
On the flip side, we had one expert predicting that "the guidelines might stop a flood of 18 state legislatures that would require customer notification."
Well, so far none of the foregoing has come to pass. The regulators have not been deluged with data security breach notifications and the state legislative efforts march on and on.
"We need clarification and detail about the regulators are asking for."
"What does all this mean?"
"The end of 2006 is too soon to meet the implementation of dual authentication technology."
"Thirteen months is a very aggressive time frame."
I'm certain that some of the people complaining that 13 months is way too short a time frame are the same folks who ring up their attorney after working on a business transaction for a year, and give their counsel 24 hours to turn around merger and acquisition documents. For lawyers, who measure their lives in tenths of a billable hour, 13 months equals two years of tuition, room, board and books at Cornell for their kid. Heck, for most insects and some mammals, 13 months is a lifetime or two.
My advice would be to stop complaining and, to paraphrase (and slightly twist) P. J. O'Rourke's Memo to Gen X: "Pull up your pants, turn your hat around, and get to work."
Valerie McNiven, former e-security specialist for the World Bank and currently a computer crime adviser to the US Treasury Department, dropped a few bombs at a conference in Riyadh on information security in the banking sector. Ms. McNiven was quoted in an article today in Australian IT.
"Last year was the first year that proceeds from cybercrime were greater than proceeds from the sale of illegal drugs, and that was, I believe, over $US105 billion," Ms McNiven said.
"Cybercrime is moving at such a high speed that law enforcement cannot catch up with it."
According to Ms. McNiven, more important than the connection between cybercrime (which includes crimes committed by use of computers, from "phishing" to child pornography to stock manipulation) and terrorism is "our refusal or failure to create secure systems, we can do it but it's an issue of costs."
That's an ominous pronouncement for financial institutions. I can envision class action plaintiffs' attorneys all over this great land we call "America," perking up their ears like dogs who've just heard their master's car hit the driveway at the end of the work day. Banks "lure" consumers to engage in online banking transactions even though the banks know it's not safe. It's not safe not because no reasonable bank could make it safe, but because the banks don't want to cut into the bottom line by spending the money to make it safe.
By what torts do I sue thee? Let me count the ways.
"Yeah, that's the ticket!"
As we've said before on Bank Lawyer's Blog, you can never be too slim, or have too much money or cybersecurity. If we didn't actually say that, we should have.
For those bank customers really concerned about the privacy of their personal information, whether handled by banks or other businesses, check out Chris Hoofnagle's "Top 10 List" of low cost things you can do to protect your privacy. It's the same list Chris, the Director of the Electronic Privacy Information Center's West Coast Office, submitted to the California Office of Privacy protection earlier this month.
OK, it may not be as exciting as this 10:
But, it's still a good read.
While you're there, check out the comments to Chris's post, as well, for additional excellent privacy tips.
Should investors be buying shares of publicly traded banks?
According to The New York Times: Yes...no...maybe.
SHARES of banks and other financial companies have enjoyed stellar returns this fall, but one investment adviser is unimpressed. Richard Bernstein, chief United States equity strategist at Merrill Lynch, warns that the sector may be heading for a bout of weakness.
[...]
Mr. Bernstein is worried that the current strength of financials has come as the yield curve is flattening. When the yield gap between 10-year and 2-year Treasury instruments narrows, it limits the ability of banks to profit by borrowing at low short-term rates and lending at high long-term rates, through mortgages, say.
That same defiance of gravity occurred in 1997 and proved short-lived, and Mr. Bernstein has been negative on the sector since the anomaly recurred earlier this year. In fact the yield curve has been falling far more drastically than it did eight years ago.
"The time to aggressively buy financials, in our opinion, is when the Fed is easing and the yield curve is steepening," Mr. Bernstein wrote. "Right now it still looks as though the Fed is on a tightening path and the yield curve is still flattening."
Alright! There's the "straight skinny." Time to bail on bank stocks.
Uh...not so fast.
John Buckingham, president of Al Frank Asset Management, is far more optimistic. He is not inclined to pay too much for a stock, and in his opinion much of the industry remains attractively priced.
[...]
Mr. Buckingham said that big banks were not the slaves to the yield curve that they used to be, thanks to derivative instruments that allow them to hedge their exposure. They also have diversified into businesses like asset management, insurance and investment banking.
"There's this perception that financials are so interest rate sensitive that they're going to collapse with the yield curve," he said. "But we haven't seen the volatility in earnings" that used to occur.
"I think it's wrong to believe these companies are interest rate sensitive," Mr. Buckingham said.
My head hurts. What's an investor to do? Think for himself?
How about investing long-term in a business, based on solid fundamentals, the Warren Buffet way, rather than jumping in and out of a sector, trying to time the market? Wouldn't that make more sense? Wouldn't you rather do something sensible like that?
Some interesting information was released yesterday by the Office of Thrift Supervision with respect to third quarter results for the thrift industry. While profitability remains high (1.15% return on assets, unchanged from a year earlier, and 12.43% return on equity, down 15 basis points from a year earlier), net interest margins continue to be squeezed (2.76%, the lowest level in two years). Moreover, net interest income was down from the second quarter, with profitability being sustained only by gains in fee income and lower expenses and taxes.
As I've previously discussed, banks and thrifts are being squeezed by the flattening yield curve, and are turning to fee income. Inasmuch as thrifts are traditionally mortgage lenders, those that "stick to their knitting" are counting on loan origination and, for those that retain loans in portfolio, servicing fees to offset the decline in interest spreads. Expenses can only be cut to a certain extent before productivity is negatively impacted, so for most thrifts, cost-cutting is not an avenue that will yield much more benefit over the long haul.
Last Thursday, OTS Director John Reich, in a speech to the Community bankers Association of New York State, warned lenders who have been "rolling out" new "non-traditional" mortgage loan products, such as "interest-only" and "pay option" adjustable rate mortgages, to do so cautiously. Those lenders who are new to such products (and Reich seemed to imply that most of the industry fell into this category) should limit their concentration to a "prudent" percentage of capital until their experience with such riskier products gives them the more sophisticated management information systems and risk management expertise that such loans demand.
Reading between the lines, the OTS doesn't want to see the thrifts it regulates respond to the decreasing demand for traditional fixed rate mortgages and ARMs by jumping head-first into riskier mortgages in order to sustain mortgage loan volumes. It should be expected that the OTS will criticize undue concentration in such mortgages except in the case of institutions who have carved out a special expertise and, even then, underwriting and other risk management practices and procedures will receive special attention.
I also think that the OTS will increasingly be looking at underwriting and risk management in the loan origination process. Even if a lender sells most of the loans it originates, and, theoretically, passes the risk of default on to the buyer of the loan, there remains an elephant lurking in the room: the risk posed to mortgage bankers from the representations and warranties made by them when they sell loans in the secondary market. Whether the loan is conventional or "non-traditional," when a mortgage originator sells the loan, it makes extensive representations and warranties to the buyer with respect to the borrower, the property securing the loan, the mortgage instruments, the underwriting, and numerous other "qualitative" issues. In good times, when the percentage of defaults is relatively manageable, the purchasers of such loans (who customarily bundle and securitize them) tend not to look closely at these representations and warranties; however, in bad times, the holders of the loans have been known to require a second "scrubbing" of the loan files, looking for breaches of representations and warranties that will justify requiring the originator to repurchase the loan. In the last economic downturn, I personally experienced more than one instance of a mortgage lender suffering the infliction of extreme financial and emotional pain caused by buyback demands from secondary market purchasers like FNMA, FHLMC and private institutional investors. A "pure" mortgage banker, who holds and services few loans, may think he's passed on the risk (absent outright fraud). Sophisticated originators know better.
As interest rates continue to rise (shutting more potential borrowers out of the market), and the yield curve continues to flatten (increasing the dependence of lenders on fee income generated by loan volume), the pressure to "let slide" or even "cover over" defects in the borrower or property, or other problems uncovered in the underwriting process, will increase. When the cycle turns (as it always does) and defaults rise, those originating lenders who sacrificed sound underwriting in return for fee income will find the grim reaper knocking at their door once again, whether or not they own the loan.
Last Thursday, the Senate Judiciary Committee approved the Personal Data Privacy and Security Act co-authored by Senators Spector and Leahy. Nevertheless, it appears that no data security bill will be passed by Congress this year. At this point, all the various bills circulating in the current session are doing is "teeing up" the matter for a resolution in 2006.
Among the differences in the various bills (and points of contention between state and federal regulators, and banks and privacy advocates) that will have to be ironed out next year are:
federal preemption of state law.
exclusive federal enforcement.
exemption of financial institutions already subject to federal banking guidelines.
customer access to personal information held by businesses and right to correct inaccurate information.
ability of customers to "freeze" their credit reports.
restrictions on transfer of social security numbers.
level of seriousness and likelihood of expected consequences that triggers a data security breach notification to a consumer.
For the most part, it looks like the fun is over for 2005, but should resume in 2006.
Press reports about the current status are here, here and here.
On November 17, the federal banking agencies issued final rules that restrict the ability of "senior examiners" to be employed by financial institutions for one year following their leaving the agency, if they have had "broad authority" with respect to examinations of those institutions and meet certain other criteria. The final rules are substantially identical to the proposed rules that I posted about in August.
Yesterday, the federal banking agencies adopted final rules in accordance with Section 411 of the Fair and Accurate Credit Transactions Act (FACTA or the FACT Act), which amended the Fair Credit Reporting Act (FCRA). Section 411 prohibits, with certain exceptions, creditors from (1) using medical information about consumers as a factor in determining the consumer's eligibility, or continued eligibility, for credit, or (2) sharing such information among affiliates, without becoming a "consumer reporting agency" under the FCRA. The final rules set forth the exceptions to the general rule, and enumerate those circumstances when creditors may use medical information for such purposes. The final rules are substantially identical to the "interim final rules" issued in June 2005, with the exception of technical changes and the following substantive changes:
revised an example to clarify that worker's compensation income can be considered, in the same manner as disability income and other benefits, as income to be relied upon as a source of repayment.
revised an example that addressed a lender requiring a consumer to obtain a debt cancellation contract, credit insurance or debt suspension agreement, to emphasize that it should be obtained from a "nonaffiliated third party," in order to avoid any implicit indication that the ant--tying restrictions of the Bank Holding Company Act would not apply to such a situation.
The final rules replace the interim rules, and are effective April 1, 2006.
DaimlerChysler wants a bank. Not just any bank, because federal law would prohibit a commercial enterprise like an automobile maufacturer from owning one, but one of those industrial banks out of Utah. The kind that slips through the loopholes.
Two more retail groups announced Monday that they have filed class action suits against Visa USA, MasterCard Inc. and a number of major banks over the fees they charge for processing credit card transactions.
The latest cases, filed in the U.S. Court for the Eastern District of New York, were brought by the American Booksellers Association and the National Grocers Association and several of its members, including Affiliated Foods Midwest, Coborn's Inc., D'Agostino's Supermarkets and the Minnesota Grocers Association.
Grocers and booksellers: you can't stop them, you can only hope to contain them.
Subscribe in a reader
