Trending publication
Nutter Bank Report, October 2014
Print PDFThe Nutter Bank Report is a monthly electronic publication of the firm’s Banking and Financial Services Group and contains regulatory and legal updates with expert commentary from our banking attorneys.
Headlines
1. New Guidance Emphasizes Board’s Role in Establishing Corporate Culture
2. Court Allows Bank to Pursue Insurer for Reimbursements Made to Hacked Depositor
3. Permissible Investments Expanded under Massachusetts Legal Investment List Law
4. CFPB Proposes a No-Action Letter Program
5. Other Developments: FAIR Plan and Credit Risk Retention
1. New Guidance Emphasizes Board’s Role in Establishing Corporate Culture
The Basel Committee on Banking Supervision—the primary global standard-setter for the prudential regulation of banks made up of bank regulators from 28 nations—has issued revised guidance on principles of corporate governance for banks. The revised corporate governance principles released on October 10 build on the Basel Committee’s 2010 principles for enhancing corporate governance. Specifically, the revised principles strengthen guidance on risk management, including the roles played by business units, risk management teams and internal audit and control functions and the importance of a sound risk culture to drive risk management within a bank. The revised principles also expand the guidance on the role of the board of directors in overseeing the implementation of effective risk management systems and emphasize the importance of the board’s collective competence as well as the obligations on individual directors to dedicate sufficient time to their duties and to remain current on developments in banking. The revised principles recognize that compensation systems are a key component of corporate culture through which the board and senior management of a bank convey acceptable norms for risk-taking. The principles on corporate governance also provide guidance for bank regulators in evaluating the processes used by banks to select board members and senior management. The revised principles recommend that bank regulators strengthen their ability to assess the effectiveness of a bank’s risk governance and its risk culture.
Nutter Notes: The Basel Committee’s revised principles on corporate governance for banks reflect a trend among bank regulators in emphasizing the importance of corporate culture in risk management, particularly the role of a banking organization’s board of directors in establishing a bank’s risk management culture. The first principle of the Basel Committee’s revised corporate governance guidance is that “[t]he board has overall responsibility for the bank, including approving and overseeing the implementation of the bank’s strategic objectives, governance framework and corporate culture.” The revised principles recommend that a bank’s board take a number of measures to establish the “tone at the top,” such as setting and adhering to corporate values for the board, senior management and other employees that create expectations that business should be conducted in a legal and ethical manner. The revised principles also recommend that a bank’s board promote risk awareness and convey the expectation that the board does not support excessive risk-taking. According to the revised principles, a bank’s board is responsible for ensuring that steps are taken to communicate throughout the bank the corporate values, professional standards or codes of conduct the board sets, together with supporting policies, and reinforcing those standards with appropriate disciplinary actions for unacceptable behavior.
2. Court Allows Bank to Pursue Insurer for Reimbursements Made to Hacked Depositor
A federal district court in Pennsylvania recently held that a bank’s payments to a commercial deposit customer reimbursing the customer for fraudulent transfers made after a data security breach could not be excluded from coverage under the bank’s insurance policy by the insurer on the basis that the payments were “voluntary” – despite the fact that the bank did not seek the insurance company’s consent before making the payments. The October 6 decision on a motion for summary judgment by the insurer involved a case where a business customer of a bank was the victim of a malware attack that allowed a hacker to obtain the on-line banking credentials of an officer of the business and transfer over $3 million out of its account. The bank reimbursed the business customer for the fraudulent transfers under Article 4A of the UCC in effect under Pennsylvania law and submitted a claim to the bank’s insurance company under its professional liability policy. The insurance company denied coverage on the basis that the bank breached the voluntary payments exclusion under the policy. The court held that the bank’s reimbursement payments to its customer were not voluntary payments because they were compelled by Article 4A and therefore inherently involuntary. The court concluded that the payments are not subject to the voluntary payments exclusion in the policy, which will allow the bank to argue at trial that the insurance company was not prejudiced by the bank’s payment prior to notifying the insurance company of the claim.
Nutter Notes: Section 204(a) of UCC Article 4A generally requires a bank to reimburse depositors for unauthorized funds transfers to the extent that the bank is not entitled to enforce such transfers, and to pay interest on the reimbursable amount. The relevant provision of the insurance policy provided that the insurance company would not be liable for any “settlement, defense costs, assumed obligation, admitted liability, voluntary payment, or confessed or agreed damages or judgment to which [the insurer] has not consented.” [Emphasis added.] The policy also prohibited the bank from voluntarily making any payment with respect to any claim covered by the policy without the insurer’s written consent. The case is an important precedent for banks seeking to recoup from insurers reimbursement for payments made to depositors for fraudulent transfers resulting from data breaches or cyber-security incidents. While banks should as a general rule make every reasonable effort to give prompt notice to insurers to attempt to avoid coverage disputes arising from fraudulent transfers, state and federal data security breach notice requirements often require banks to take immediate and costly response measures that do not permit time to wait for insurers to react to claims.
3. Permissible Investments Expanded under Massachusetts Legal Investment List Law
Governor Patrick has signed into law a bill that amends the Massachusetts legal investment list law, which requires the Commissioner of Banks to annually issue a list of equity and fixed instrument investments deemed permissible for state-chartered banks and certain other regulated entities. The amendment signed by the Governor on October 9, Chapter 343 of the Acts of 2014, preserves the authority of the Commissioner to issue the annual list of legal investments, but adds authority for Massachusetts banks to invest in certain types of debt and equity securities that are separate from, and in addition to the Commissioner’s legal investment list. Permissible investments under the amended law include certain municipal and corporate notes and bonds, and the common stock, notes and bonds of banks and bank holding companies under certain circumstances. The amended law provides authority for banks to invest in all bonds, notes or other interest-bearing obligations of the United States or Massachusetts, or in obligations that are unconditionally guaranteed by the United States or Massachusetts, and bonds, notes or other interest-bearing obligations issued or unconditionally guaranteed by other states that have not materially defaulted on an obligation within the past 20 years. It also provides direct authority for investments in guaranteed obligations of Fannie Mae, any obligations of a federal home loan bank, obligations of the Export-Import Bank of the United States, and mortgage backed securities guaranteed by Ginnie Mae or issued by Freddie Mac, among other debt securities. The amendments to the legal list law become effective on January 8, 2015.
Nutter Notes: The amendments to the legal list law add a due diligence requirement to the expanded investment authorities. Before a bank or other regulated entity relying on the legal list law may make a permissible investment, the law requires the institution to conduct an appropriate level of due diligence to determine whether an investment is both permissible and appropriate for the institution. The amended law provides that such due diligence may include both internal and external analyses. The amended law specifically provides that, for debt instruments, such an analysis may not rely solely on a credit rating agency and the institution must determine that the instrument has both a low risk of default by the obligor and that the full and timely repayment is expected over the expected life of the investment. Investments not specifically authorized by the amended legal list law are still eligible for inclusion on the Commissioner’s annual list. Banks and other regulated entities relying on the legal list law may petition the Commissioner to consider specific investments for addition to the Commissioner’s annual list, such as mutual funds investing solely in legal investments, provided that such investments meet any additional criteria required by the Commissioner under the law.
4. CFPB Proposes a No-Action Letter Program
The CFPB has issued a proposal for a limited Policy on No-Action Letters that would establish a process to reduce regulatory uncertainty that may exist for certain emerging products or services by allowing CFPB staff to advise financial institutions about the permissibility of a new product or service in the planning stage. Specifically, the proposed program announced on October 10 would allow CFPB staff to send a No-Action Letter to a financial institution that advises the institution that the staff does not plan to recommend “the initiation of supervisory or enforcement action with respect to specific aspects of a particular legal requirement in connection with [the institution]’s offering or provision of a new product,” as it has been described to the CFPB staff. Under the proposed program, the CFPB could modify or revoke a No-Action Letter, and limit such a letter by time, volume or in other ways. Under the proposed policy, the No-Action Letter would not be available unless the financial institution shows that the new product or service promises substantial consumer benefits. The CFPB would require a No-Action Letter applicant to demonstrate the characteristics of the proposed product or service, how it will work, and what consumer risks are involved. The applicant would need to explain the regulatory uncertainty that exists and how that uncertainty interferes with the development of the product or service. The applicant also would be required to demonstrate consumer safeguards and how consumer interests and safety will be monitored. Comments on the proposed No-Action Letter policy must be submitted to the CFPB by December 15.
Nutter Notes: According to the CFPB, a No-Action Letter would not be a waiver of any law or regulation, and it would not give the applicant financial institution an exemption from complying with any statutory or regulatory requirement. A No-Action Letter also would not describe the CFPB’s official interpretation of a statutory or regulatory requirement. A No-Action Letter would provide assurance to the applicant financial institution that, subject to certain limitations, the CFPB staff would not recommend enforcement action against the institution with respect to the statutory or regulatory requirements specified in the letter. A No-Action letter would not provide any assurance that another federal or state regulator, or another person, could not claim that the product or service has violated statutory or regulatory requirements. The CFPB’s proposal describes certain circumstances under which it may specifically refuse to grant or deny a No-Action Letter application, either with or without an explanation. Such circumstances include the applicant or its principals being the subject of ongoing governmental law enforcement investigation, supervisory review, or enforcement action with respect to the new product or service or a related or similar product or service. The CFPB said that it expects that No-Action Letters would be provided rarely and on the basis of exceptional circumstances. Under the proposal, applicants would not have a legal entitlement to no-action treatment of regulatory uncertainties.
5. Other Developments: FAIR Plan and Credit Risk Retention
- Governor Signs FAIR Plan Legislation
Governor Patrick has signed into law a bill that will require the Massachusetts Property Insurance Underwriting Association (MPIUA), known as the Massachusetts FAIR Plan, to include liability coverage in its Non-Owner Occupied Dwelling policy for 1-to-4 family residential units. The legislation was signed by the Governor on October 9.
Nutter Notes: Generally, a residential property owner who cannot not get a Non-Owner Occupied Dwelling policy in the standard voluntary market must obtain it through the Massachusetts FAIR Plan. Until the law becomes effective, the FAIR Plan’s Non-Owner Occupied Dwelling policy only covers the property and not liability, requiring the owner to obtain liability coverage separately. The law, Chapter 346 of the Acts of 2014, amends Section 1 of Chapter 175 of the General Laws of Massachusetts. The law becomes effective on January 8, 2015.
- Federal Banking Agencies Approve Credit Risk Retention Rule
The federal banking agencies announced on October 22 that they have approved a final rule requiring sponsors of securitization transactions to retain risk in those transactions as required by the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank Act”). The final rule will be effective 1 year after publication in the Federal Register for residential mortgage-backed securitizations and two years after publication for all other securitization types. Publication is expected shortly.
Nutter Notes: The final rule generally requires sponsors of asset-backed securities (“ABS”) to retain not less than 5% of the credit risk of the assets collateralizing the ABS issuance. The rule also includes prohibitions on transferring or hedging the credit risk that the sponsor is required to retain. As required by the Dodd-Frank Act, the final rule defines a “qualified residential mortgage” (“QRM”) and exempts securitizations of QRMs from the risk retention requirement. The QRM definition is aligned with the CFPB’s definition of a qualified mortgage.
Nutter Bank Report
Nutter Bank Report is a monthly electronic publication of the Banking and Financial Services Group of the law firm of Nutter McClennen & Fish LLP. Chambers and Partners, the international law firm rating service, after interviewing our clients and our peers in the profession, has ranked Nutter’s Banking and Financial Services practice among the top banking practices in the nation. The 2012 Chambers and Partners review says that a “broad platform” of legal expertise in the practice “helps clients manage challenges and balance risks while delivering strategic solutions,” while the 2013 Chamber and Partners review reports that Nutter’s bank clients describe Nutter banking lawyers as “proactive” in their thinking, “creative” in structuring agreements, and “forward-thinking in terms of making us aware of regulation and how it may impact us,” which the clients went on to describe as “indicative of a true partner.” The 2014 Chamber and Partners review describes us as “great – very knowledgeable, very responsive and very nice.” Visit the U.S. rankings at ChambersandPartners.com. The Nutter Bank Report is edited by Matthew D. Hanaghan. Assistance in the preparation of this issue was provided by Lisa M. Jentzen. The information in this publication is not legal advice. For further information, contact:
Kenneth F. Ehrlich
kehrlich@nutter.com
Tel: (617) 439-2989
Michael K. Krebs
mkrebs@nutter.com
Tel: (617) 439-2288
This update is for information purposes only and should not be construed as legal advice on any specific facts or circumstances. Under the rules of the Supreme Judicial Court of Massachusetts, this material may be considered as advertising.
