Trending publication
Nutter Bank Report, June 2011
Print PDFHeadlines
1. Federal Reserve Issues Final Rule Limiting Debit Card Interchange Fees
2. Court Rules that Chronic Overdrafts May Trigger a Bank’s Duty to Prevent Fraud
3. GAO Recommends Changes to Prompt Corrective Action Framework
4. New Guidance Issued on Authenticating the Identity of Internet Banking Customers
5. Other Developments: Insurance Producers and Credit Risk Retention
1. Federal Reserve Issues Final Rule Limiting Debit Card Interchange Fees
The Federal Reserve on June 29 issued a final rule establishing limits on debit card interchange fees. Under the rule, which was required by the Dodd-Frank Wall Street Reform and Consumer Protection Act, the maximum permissible interchange fee that an issuer may receive for an electronic debit transaction will be the sum of 21 cents per transaction and 5 basis points multiplied by the value of the transaction. The Federal Reserve also approved a companion interim final rule that allows for an upward adjustment of no more than 1 cent to an issuer's debit card interchange fee if the issuer develops and implements policies and procedures reasonably designed to achieve the fraud-prevention standards set out in the interim final rule. If an issuer meets these standards and wishes to receive the adjustment, the issuer must certify its eligibility to receive the adjustment to the payment card networks in which it participates. The average debit card transaction is valued at $38, according to the Federal Reserve. When combined with the maximum permissible interchange fee under the new rules, an issuer eligible for the fraud-prevention adjustment could receive an interchange fee of approximately 24 cents for the average debit card transaction. The limits on debit card interchange fees and the fraud-prevention adjustment are effective on October 1, 2011. Comments on the interim final rule are due by September 30, 2011.
Nutter Notes: Under the Dodd-Frank Act, issuers that have assets of less than $10 billion are exempt from the debit card interchange fee limits. To assist payment card networks in determining which issuers are subject to the debit card interchange fee limits and which are exempt, the Federal Reserve plans to publish by mid-July and annually thereafter lists of institutions that are above and below the small issuer exemption asset threshold. Also, the Federal Reserve plans to annually survey the networks and publish a list of the average interchange transaction fees each network provides to its covered and exempt issuers. The final rule also prohibits network exclusivity arrangements and routing restrictions. The rule prohibits all issuers and networks from restricting the number of networks over which electronic debit transactions may be processed to less than two unaffiliated networks. The effective date for the network exclusivity prohibition is April 1, 2012, with respect to issuers, and October 1, 2011, with respect to payment card networks. Issuers of certain health-related and other benefit cards and general-use prepaid cards have a delayed effective date of April 1, 2013, or later in certain circumstances. Issuers and networks are also prohibited from inhibiting a merchant's ability to direct the routing of an electronic debit transaction over any network that the issuer has enabled to process them. The merchant routing provisions are effective on October 1, 2011.
2. Court Rules that Chronic Overdrafts May Trigger a Bank’s Duty to Prevent Fraud
A Massachusetts appeals court recently held that chronic insufficiency of funds in an attorney’s client funds account would trigger a bank’s duty to make reasonable inquiry with respect to the overdrafts and to attempt to prevent a diversion of the funds in the account. The May 12 ruling came in a case brought against a bank by an investor in a Ponzi scheme allegedly perpetrated by an attorney using a client funds account at the bank. The attorney allegedly induced the victim, a foreign corporation, to lend him funds for the purchase of assets in the U.S. by offering to hold the funds in an account designated as a “client account,” seeking to persuade the victim of the security of the funds. The victim was told it would receive interest payments and a share of any profits when the assets were sold. The victim agreed to invest $5 million and wired the funds to the attorney’s client account at the bank. Several months later and after multiple inquiries, the victim was informed by the attorney that he did not invest the funds as promised, and that he had instead used the funds to pay other debts. The attorney subsequently pleaded guilty to multiple counts of mail fraud, wire fraud and money laundering arising from fraudulently obtaining funds from clients and business associates and other illegal activity. The victim’s claim against the bank alleges that the bank was negligent because the bank failed to make reasonable inquiry and endeavor to prevent a diversion after learning that the client account was chronically overdrawn. The court held that the bank, if it knew of the chronic insufficiency of funds in the client account, owed a duty to all those who had placed funds in the client account.
Nutter Notes: Ordinarily, a bank does not have a duty to monitor the use of deposit accounts it holds. However, when a bank has sufficient notice of wrongdoing involving a deposit account, that knowledge may trigger an affirmative duty to make inquiry about the use of the account and to interfere to prevent misuse of the funds in the account. The court in this case held that such a duty is triggered by knowledge of chronic insufficiency of funds in an attorney’s client trust account. Massachusetts court rules require banks that hold client trust accounts to report overdrafts on a client account to the Board of Bar Overseers (lawyers in Massachusetts are only permitted to maintain trust accounts with banks that have agreed to make such reports to the Board of Bar Overseers). In this case, the court found that the bank was aware of the chronic overdrafts in the client funds account, but did not report the overdrafts to the Board of Bar Overseers as was required, or take any steps to investigate the matter. The bank argued that it did not know that the account was a trust account covered by the Board of Bar Overseers’ reporting requirements. An account is subject to those reporting requirements if funds deposited in it are held for clients or any other fiduciary capacity in connection with a representation by the attorney. The court held that the fact that an account is opened by an attorney and labeled a “trust account,” “escrow account,” “client funds account,” conveyancing account” or “IOLTA account” or using a similar moniker may be sufficient to establish that the account is a client trust account for which the bank has reporting obligations.
3. GAO Recommends Changes to Prompt Corrective Action Framework
A recent report by the U.S. Government Accountability Office (“GAO”) recommends that the federal banking regulators add new triggers to the prompt corrective action (“PCA”) framework for depository institutions that would require early and forceful regulatory action to address unsafe banking practices. The June 23 report, required by the Dodd-Frank Act, examines the outcomes of the use of PCA on the Deposit Insurance Fund (“DIF”) of the FDIC, the extent to which PCA thresholds, regulatory action and other financial indicators help address possible bank failure, and options for making PCA a more effective tool. The GAO’s analysis suggests that, although PCA has provided a mechanism to address financial deterioration in banks, the PCA framework did not prevent widespread losses to the DIF, which is a key goal of PCA. According to the report, every bank that underwent PCA because of capital deficiencies and failed since 2008 produced a loss to the DIF. The report also found that those losses were comparable as a percentage of assets to the losses caused by failed banks that did not undergo PCA. The GAO concluded that the PCA framework’s current triggers limit its ability to promptly address bank problems. To improve the effectiveness of the PCA framework, the report recommends that the Federal Reserve, FDIC and OCC consider additional triggers that would require “early and forceful regulatory actions tied to specific unsafe banking practices” and suggests adding a measure of risk to the capital category thresholds and modifying the capital ratios that place banks into PCA capital categories.
Nutter Notes: The GAO noted that the effectiveness of the current PCA framework is limited because of its reliance on capital, which can lag behind other indicators of a bank’s health. The report indicates that problems with a bank’s assets, earnings or management typically are present and visible before such problems affect bank capital. The GAO argued that, once a bank falls below the PCA capital thresholds, it may not be able to recover regardless of the regulatory action imposed. The report suggests that other financial indicators, including measures of asset quality and liquidity, may be better suited to predict future bank failure. In terms of adding one or more additional trigger mechanisms to PCA, the report suggests that a measure of asset quality or asset concentration would improve the likelihood that the PCA framework would reduce losses to the DIF because noncapital triggers were shown to be more effective in identifying those banks that failed without undergoing PCA. Another option – incorporating an institution’s risk profile into PCA capital categories – would add a measure of risk to the capital category thresholds beyond the existing risk-weighted asset component. The report also suggests that regulators consider changing accounting rules used to measure capital levels to enhance the effectiveness of PCA.
4. New Guidance Issued on Authenticating the Identity of Internet Banking Customers
The Federal Financial Institutions Examination Council (“FFIEC”) has issued a supplement to its guidance entitled Authentication in an Internet Banking Environment first issued in October 2005 (the “2005 Guidance”). The supplementary guidance issued on June 28 reinforces the risk-management framework described in the 2005 Guidance and updates the FFIEC member agencies’ supervisory expectations regarding customer authentication, layered security and other controls in what the FFIEC describes as an increasingly hostile online environment. The FFIEC noted that customers and financial institutions have experienced substantial losses from online account takeovers. The supplementary guidance emphasizes the need for performing risk assessments, implementing effective strategies for mitigating identified risks and raising customer awareness of potential risks. The new guidance recommends that institutions review and update their risk assessments at least every 12 months and consider factors such as changes in the customer base using Internet banking, changes in the functionality offered through Internet banking and actual incidents of security breaches, identity theft, or fraud. The FFIEC said that its member agencies have directed examiners to formally assess financial institutions under the enhanced expectations outlined in the supplementary guidance beginning in January 2012.
Nutter Notes: The 2005 Guidance provides that depository institutions should use effective methods to authenticate the identity of Internet banking customers and that the techniques employed should be “commensurate with the risks associated with the products and services offered and the protection of sensitive customer information.” The 2005 Guidance provides minimum supervisory expectations for effective authentication controls applicable to high-risk online transactions involving access to customer information or the movement of funds to other parties. The 2005 Guidance also provides that institutions should perform periodic risk assessments and adjust their control mechanisms as appropriate in response to changing internal and external threats. The appendix attached to the new supplementary guidance contains a discussion of online threats and control methods that should be considered when performing a risk assessment of customer authentication controls. The supplementary guidance also discusses the effectiveness of certain methods of customer authentication. For example, the guidance warns that simple device identification, such as a “cookie” loaded on the customer’s personal computer, is less secure than other methods. According to the new guidance, the FFIEC member agencies no longer consider simple device identification, as a primary control, to be an effective risk mitigation technique.
5. Other Developments: Insurance Producers and Credit Risk Retention
• DOI to Review Insurance Producers Continuing Education Compliance
The Massachusetts Division of Insurance (the “DOI”) issued a bulletin on June 3 to notify resident insurance producers licensed in Massachusetts, including licensees employed by banks, that the DOI will review their compliance with continuing education (“CE”) requirements. The DOI announced that all resident insurance producers have until December 31, 2011 to come into compliance with any outstanding CE requirements.
Nutter Notes: Massachusetts law generally requires resident insurance producers to complete a minimum of 60 hours of CE instruction during the first 36-month period after the date of their original licensure, and 45 hours of instruction every 36-month period thereafter. The DOI announced that it will not take any enforcement action against non-compliant licensees until after December 31.
• Comment Period Extended on Credit Risk Retention Proposed Rules
The federal banking regulators and three other federal agencies announced on June 7 that the comment period on the proposed rules to implement the credit risk retention requirements of the Dodd-Frank Act (commonly referred to as “skin-in-the-game” requirements) will be extended to August 1, 2011. Comments were originally due by June 10.
Nutter Notes: The proposed rule generally would require sponsors of asset-backed securities to retain at least 5% of the credit risk of the assets underlying the securities and would not permit sponsors to transfer or hedge that credit risk. The proposal was issued by the OCC, the Federal Reserve, the FDIC, the SEC, the FHFA and HUD.
Nutter Bank Report
Nutter Bank Report is a monthly electronic publication of the Banking and Financial Services Group of the law firm of Nutter McClennen & Fish LLP. Chambers and Partners, the international law firm rating service, has ranked Nutter’s Banking and Financial Services practice among the top banking practices in the nation. The 2009 Chambers and Partners review says that a “real strength of this practice is its strong partners and . . . excellent team work.” Clients praised Nutter banking lawyers as “practical, efficient and smart.” Visit the U.S. rankings at ChambersandPartners.com. The Nutter Bank Report is edited by Matthew D. Hanaghan. Assistance in the preparation of this issue was provided by Lisa M. Jentzen. The information in this publication is not legal advice. For further information, contact:
Kenneth F. Ehrlich
kehrlich@nutter.com
Tel: (617) 439-2989
Michael K. Krebs
mkrebs@nutter.com
Tel: (617) 439-2288
This update is for information purposes only and should not be construed as legal advice on any specific facts or circumstances. Under the rules of the Supreme Judicial Court of Massachusetts, this material may be considered as advertising.