Banking Law Committee
Below is an update that was part of the Fall Meeting materials that we unfortunately did not get a chance to discuss. Thanks to Sabra Easterday for her update.
Sabra Easterday, Vice President (Deposits), M&T Bank
Business Law Section Fall Meeting
October 3 to 5, 2013
NYSBA - Banking Law Committee
Set forth below is an update on several new banking laws and regulations in New York (and beyond), as well as updates on some recent regulatory investigations affecting the banking industry. Being a depository lawyer, these updates relate to the depository side of banking (as opposed to the lending side of banking).
New Banking Laws and Regulations
1. New Remittance Transfers Laws
New rules regulating 'remittance transfers' become effective October 28, 2013 . Those rules are found in new Subpart B of Consumer Financial Protection Bureau ("CFPB") Federal Regulation E (which implements the Electronic Fund Transfer Act).
A remittance transfer is defined broadly to include electronic transfers of funds that are sent by consumers in the U.S. to recipients in foreign countries (e.g., international wires and ACH credits). Banks, thrifts, credit unions, money transmitters etc. that provide remittance transfer services will be subject to the new rules (although a 'safe harbor' is offered for those that provide less than 100 remittance transfers per year). Transfers of $15 or less are exempt.
Remittance transfer providers will be required to provide certain disclosures to senders of the transfer (e.g., disclosures of fees, taxes, exchange rate, timing of receipt of the transfer, total amount to be received by recipient etc.) and the CFPB recently issued model disclosure forms. The new rules set forth cancellation and refund rights for consumers (e.g., a right to cancel the transfer within 30 minutes of authorization), error resolution procedures (e.g., a right to file a notice of error within 180 days (240 days in some cases) after the transfer), as well as new liability standards for remittance transfer providers (and their agents).
The banking industry provided substantial public comment to the CFPB on the new rules. Banks were particularly concerned with the proposed liability standards for remittance transfers and with the practical difficulty of disclosing certain information not readily available to the remittance transfer provider (especially in open-network systems). Importantly, the Final Rule that was published in the Federal Register on May 22, 2013:
• made optional the requirement to disclose (i) fees imposed by the recipient institution and (ii) taxes collected by parties other than the remittance transfer provider. Additional disclaimers are required.
• made clear that an error (for which a sender is entitled to certain remedies, such as refund) does not include a remittance transfer provider's failure to deliver the funds transfer amount to a recipient due to the sender providing the wrong recipient account number or recipient institution identifier. Additional provisos and disclosures required.
One of the effects of the new remittance transfer rules was to move the governance of consumer wires from UCC-4A to Regulation E . Accordingly, in 2012, New York's UCC-4A was amended to bring the governance of consumer wires back to UCC-4A (except to the extent inconsistent with the new remittance transfer laws in Regulation E). Approximately 30 other States have now enacted similar changes to their UCC-4A. This was an important change, as UCC-4A sets forth a well established legal framework for consumer wires (in particular, relating to the allocation of liability between banks and customers for unauthorized/fraudulent wires).
2. Changes to ATM Disclosure Laws
NY Governor Cuomo signed into law on August 1, 2013 changes to NY's General Business Law to eliminate the requirement that ATM operators post a physical sign regarding ATM fees on each machine. This brings NY law into conformity with Federal law (i.e., CFPB Federal Regulation E, which was similarly amended in March 2013). Prior to this change, ATM operators were required to disclose ATM fees on the ATM screen or in a paper notice prior to the consumer paying the ATM fee, as well as on a physical sign or sticker on or at the ATM. The changes to these laws were made in response to growing concern in the banking industry over class action law suits being filed against financial institutions for technical breaches of the law, even though consumers had clear notice of the fees on the ATM screen or paper notice prior to the transaction. Several industry associations also reported that law suits were being filed against financial institutions in cases where vandals had removed the disclosure notices on ATMs and then claimed non-compliance by the financial institution .
Current Regulatory Investigations
3. Payday Lending and ACH Debits
On August 6, 2013, the New York Superintendent of Financial Services, Benjamin Lawsky, sent a letter to 117 financial institutions and NACHA requesting that they assist the New York Department of Financial Services ("DFS") to "choke off" ACH system access by the payday lending industry and to provide information to the DFS about steps the financial institution was taking to stop illegal payday loans from entering New York through the ACH network and changes that are necessary within the financial institution and at the ACH network level to stop illegal payday loans . In addition, 35 companies received cease and desist letters from Superintendent Lawsky from offering illegal payday loans to New York consumers.
As background, in February 2013, an article appeared in the New York Times criticizing banks, including J.P. Morgan, Bank of America and Wells Fargo, from enabling payday lenders to withdraw payments automatically from borrowers' bank accounts using ACH debits. Shortly after that article, in March 2013, J.P. Morgan announced that it would change certain internal policies to better protect consumers from payday lenders (including: charging customers only one "returned item fee" per month; making it easier to close accounts, even if there are pending charges; working with NACHA to proactively identify misuse of the ACH system; enhance training around stop payment instructions from customers.) .
4. Payroll Cards
Payroll cards are under investigation in NY! An article appeared in the New York Times on June 30, 2013 suggesting that some workers incur so many fees using payroll cards that their net income ends up being below the minimum wage. On July 3, 2013, NY Attorney General Eric Schneiderman sent letters to twenty of NY's largest employers requesting information about their use of payroll cards (responses were due July 22, 2013). In mid July 2013, Senator Chuck Schumer (D-N.Y.) (as well as Blumenthal, Manchin and 13 other senators) sent a letter to the CFPB and DOL urging them to investigate the fees and practices associated with payroll cards, including whether employers pressure employees to use payroll cards without offering other alternatives and whether an 'opt-out' program is appropriate. In recent years, payroll cards have become a growing alternative for employers as a cost-effective alternative to paper pay-checks and direct deposit. Payroll cards often are used by the un/under-banked who do not have check accounts at banks.
Non-Banking Laws (That Might Affect Banks)
5. Telephone Consumer Protection Act
Changes to the Telephone Consumer Protection Act of 1991 ("TCPA") will become effective on October 16, 2013. The TCPA, amongst other things, restricts telephone solicitations (i.e., telemarketing) and limits the use of automatic dialing systems, artificial or prerecorded voice messages, SMS text messages, and fax machines . The new changes to the TCPA will impact the ability of advertisers that offer or market products/services to consumers (which will include banks etc.) to contact consumers by telephone and fax.
Currently, under the TCPA, an advertiser only needs to obtain 'express consent' from the consumer in order to make unsolicited marketing calls to the consumer using an artificial or pre-recorded voice or auto-dialer. For residential landlines, there is an exemption to this requirement where there is an 'established business relationship' with the consumer. For cell lines, guidance published by the Federal Communications Commission ("FCC") in 1992 suggests that the consumer's express consent is provided when s/he provides a cell number when opening an account or applying for a loan.
After October 16, 2013, advertisers will need to obtain "unambiguous written consent" (i.e., prior express written consent) for all autodialed and/or pre-recorded calls or texts sent or made to cell phones and pre-recorded calls made to residential land lines. The 'existing business relationship' exemption mentioned above will no longer apply. The TCPA allows individuals and entities to file lawsuits and collect damages for breaches of the TCPA (e.g., greater of actual damages or statutory damages between $500 and $1500, per violation; treble damages for willful or knowing violations).
Some portions of the new TCPA rules have already gone into effect (e.g., the requirement to keep records of abandoned calls and average no more than 3% for each campaign over a 30-day period; opt-out mechanism to be announced at the outset of the message and be available throughout).
6. HIPAA
Changes to the Health Information Privacy and Accountability Act of 1996 ("HIPAA") and HITECH Act become effective September 23, 2013 . Among other things, the changes broaden the definition of a 'business associate', apply certain HIPAA regulations directly to business associates and makes business associates directly liable for non-compliance with HIPAA. A business associate is a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information ("PHI") (e.g., patient information) on behalf of, or provides services to, a 'covered entity' (e.g., a health care provider (such as a doctor or hospital), health plan or health care clearinghouse).
Historically, financial institutions have relied on an exception in Section 1179 of HIPAA which exempts certain activities of financial institutions from HIPAA, to the extent that those activities constitute authorizing, processing, clearing, settling, billing, transferring, reconciling, or collecting payments for health care or health plan premiums (e.g., cashing checks). However, the new 2013 rules make clear that a financial institution may be a business associate where the institution performs functions 'above and beyond' the payment processing activities, such as performing accounts receivable functions on behalf of a health care provider. Accordingly, financial institutions should review their activities to determine whether or not they are acting as a 'business associate' or 'covered entity' and need to comply with HIPAA.
For example, if a financial institution provides clearinghouse services for their health care clients, they may be a 'covered entity'. If the financial institution performs services for customers in the health care industry and obtain PHI in the process, the financial institution may be a 'business associate' - for example, a financial institution might receive PHI from a customer that is a hospital in connection with the provision of lockbox services to the customer (e.g., patient information included with lockbox remittances sent to the lockbox). If the financial institution, in turn, provides PHI to a vendor, additional obligations under the new HIPAA rules will apply (e.g., a requirement to sign a Business Associate Agreement with the vendor).
Kathleen A. Scott, Chair
New York State Bar Banking Law Committee