Legislative Update

April – June 2006

Recent Developments

Supreme Court will hear OCC Federal Preemption Case

On June 19, the U.S. Supreme Court agreed to hear a case that tests the extent to which national laws and regulations preempt state laws that govern state-licensed operating subsidiaries of national banks (Watters v. Wachovia Bank, N.A., No. 05-1342). The granted petition for a writ of certiorari, a request for judicial review, was filed by Michigan's commissioner of the Office of Financial and Insurance Services, Linda Watters. Watters maintains that, in addition to other requirements, Michigan law requires mortgage lenders to have a state lending registration in order to conduct business in the state. However, Wachovia Mortgage, a subsidiary of national banking association Wachovia Bank, surrendered its registration in 2003, claiming that the state's laws were preempted by the National Banking Act and the Office of the Comptroller of the Currency's regulations. In December, the U.S. Court of Appeals for the Sixth Circuit ruled that the Michigan laws do not apply to national banks' operating subsidiaries because they do not apply to national banks. Therefore, Wachovia Mortgage was permitted to conduct business in the state without being registered. (See Banking Legislation and Policy, October-December 2005 for more information about the appellate court's opinion.)

NACHA Approves Rules for Back-Office Check Conversion

The electronic payments association, NACHA, has approved a rule that allows retailers and bill payment cen-ters that accept checks at the point-of-sale or at manned bill payment locations to convert eligible checks to automated clearinghouse (ACH) debits in the back office. They are also permitted to convert eligible checks received in image files to ACH debits. Hard-copy and image file checks are ineligible for conversion if they are written for amounts greater than $25,000. To complete back-office conversions, retail-ers must take steps consistent with the Federal Reserve's Regulation E, which requires retailers to notify customers if their checks will be converted, ensure that their checks are properly converted, provide customer service contact information, and allow customers to opt out of having their checks converted.

Summary of Federal Legislation

Seasoned Customer Currency Transaction Report Exemption Act of 2006 (H.R. 5341)

Introduced by Rep. Bachus (R-Ala.) on May 10, 2006.

Status: Passed the House; Referred to the Senate Commit-tee on Banking, Housing, and Urban Affairs.

This bill exempts depository institutions from filing currency transaction reports for their "seasoned customers." Currency transaction reports are used to detect and investigate financial crimes, including money laundering and financing terrorism. The goal of the bill is to impose the reporting requirement only in circumstances in which the value of the information obtained exceeds the burden of creating and filing these reports. This bill would allow depository institutions to file an exemption notice for each eligible customer. After filing the notice, an institution would no longer file currency transaction reports for that customer's transactions. To be eligible, a customer must be a U.S. firm or authorized to conduct business in the United States. Also, the customer must have had a deposit account at the institution for at least 12 months, during which time the account was used for multiple currency transactions for which the filing of currency transaction reports is required.

The secretary of the treasury is charged with developing and enforcing regulations to implement the bill. The secretary will also determine circumstances under which a customer's exemption will be revoked and when a customer's exemption can be transferred from one depository institution to another in the event of a merger or acquisition between the two institutions.

Financial Services Regulatory Relief Act of 2006 (S. 2856)

Introduced by Sen. Crapo (R-Idaho) on May 18, 2006.

Status: Passed the Senate and received in the House.

The bill requires Federal Reserve Banks to pay interest on banks' reserve balances at least once per calendar quarter. (Depository institutions are required to hold reserve balances, or a portion of their customer deposits, at a Federal Reserve Bank.) The bill will also allow the Board of Governors of the Federal Reserve System to establish a reserve ratio that is less than 3 percent (and which may be 0) for the portion of a bank's transaction accounts that are $25 million or less. Currently, this ratio is fixed at 3 percent. Also, the reserve ratio for the portion of a bank's transaction accounts in excess of $25 million may range between 0 and 14 percent. Previously, the ratio could not be less than 8 percent.

The bill would permit national banks to pay dividends, as long as they did not exceed the total net income for the bank in that year or the bank's retained net income for the previous two years.

The bill contains a number of provisions that streamline bank processes. First, federal banking agencies may eliminate the requirement that a banking institution file reports of condition or they may reduce the number of reports that are required (currently, reports of condition must be filed four times a year). Also, the bill increases the limit for banks to be considered "small" and therefore eligible for the 18-month examination schedule instead of the normally required 12-month schedule. Currently, banks with up to $500 million in total assets (instead of $250 million) are eligible for the 18-month examination schedule.

The House of Representatives passed a similar reform measure in March. See Banking Legislation and Policy, January-March 2006 for more information.

Data Security Act of 2006 (S. 3568)

Introduced by Sen. Bennett (R-Utah) on June 26, 2006.

Status: Referred to the Senate Committee on Banking, Housing, and Urban Affairs.

This bill requires financial institutions to develop and enforce procedures to ensure the security of sensitive consumer account information. This includes safeguarding the information it maintains or communicates, as well as the information that another entity communicates on its behalf. The bill also requires financial institutions to notify consumers exposed to substantial harm as a result of a security breach. Service providers that maintain or com-municate such information on behalf of a financial institution are required to notify the institution when a security breach has been discovered. The bill would preempt most state legislation in this area.

The bill defines a breach of data security as the unauthorized acquisition of sensitive account or personal infor-mation but excludes instances in which the data cannot be used to make fraudulent transactions or to commit identity theft, such as when data have been encrypted.

Sensitive account information is defined as an account number, together with any security code that might be required to access or use the account. Sensitive personal information is defined as a person's name, address (or telephone number), together with either his or her Social Security number, driver's license number, or tax payer ID number. The definition excludes information that is publicly available and which has not been divulged illegally.

Under the bill, the primary obligation of financial institutions would be to develop and enforce procedures to prevent unauthorized use of a consumer's sensitive account or personal information that is reasonably likely to result in substantial harm or inconvenience to the consumer.

Substantial harm or inconvenience is defined as a material financial loss or civil or criminal penalties that result from unauthorized use of the information. It would also include the expenditure of significant time and effort by the consumer to either avoid material financial loss or correct erroneous information that results from unauthorized access to the information. But the bill explicitly excludes from this definition simply closing an account or changing the account number and any harm that is not the result of account fraud or identity theft.

If an institution suspects that a security breach has occurred, it must conduct an investigation to determine, among other things, if the compromised information is reasonably likely to be used in a way that will cause substantial harm or inconvenience to the affected consumers. In making this determination, the financial institution may take into account the likelihood that any resulting fraudulent transactions will be prevented by other security features in place. The institution must also take reasonable steps to restore the security of its data.

If the financial institution determines that the breach is reasonably likely to result in substantial harm or inconvenience to the affected consumers, it must notify, among others, its primary federal regulator, the appropriate law enforcement agency, and the affected consumers. The notice to consumers must include a summary of their right (under the Fair Credit Reporting Act) to dispute inaccurate information in their credit reports and to place a fraud alert in their credit file. If the breach involves 5,000 or more consumers, the institution must also notify each of the national credit reporting agencies.

Institutions may notify consumers in writing, by telephone, or by electronic mail. The notice must include a description of the information that was compromised, a summary of the steps taken to restore the security of the information, and a description of the victim's rights that are prescribed under the Fair Credit Reporting Act.

The bill specifies that implementing regulations shall be issued by the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the Federal Credit Union Administration, the Securities and Exchange Commission, the Commodity Futures Trading Commission, the Department of Housing and Urban Development, and the Federal Trade Commission. Federal agencies are also required to implement procedures to pro-tect the security of sensitive account and personal information they maintain or transmit and to notify consumers in the event of a breach that is likely to cause them substantial harm or inconvenience.

Finally, the bill preempts state legislation that sets standards for (1) protecting the security of information about consumers, (2) notifying consumers in the event of a breach, or (3) mitigating any loss or harm resulting from unauthorized access to the information.

Summary of Federal Regulations – Board of Governors of the Federal Reserve System

Bank Employees' Credit Card Use (5/22)

The Board of Governors of the Federal Reserve Sys-tem (the Board) issued a legal opinion to clarify the condi-tions under which a bank insider's use of a bank-owned credit card is considered an extension of credit in violation of Regulation O.

The legal opinion said that Regulation O permits the use of a bank credit card by a bank insider for the purpose of purchasing items or paying for expenses incurred on be-half of the bank. In addition, Regulation O permits credit card expenses of up to $15,000 incurred by a bank insider on an ordinary credit card. For these reasons, the Board said that the issuance of a bank-owned credit card to a bank insider is not a violation of Regulation O, even if the line of credit on the card exceeds $15,000. Furthermore, it is not believed to be an extension of credit to the individual if the card is to be used to make purchases on behalf of the bank. The bank would be in violation of Regulation O, however, if the bank-owned credit card was used to make personal purchases, and if the same line of credit, carrying the same terms and interest rate, was not made available to noninsiders.

For more information, see the Board's legal opinion at www.federalreserve.gov/boarddocs/legalint/federalreserveact/ 2006/20060522.pdf.

Fund Transfer Information (6/21)

The Board of Governors of the Federal Reserve System and the Financial Crimes Enforcement Network (together, the Agencies) issued a notice of a proposed rule to examine whether the threshold for reporting fund transfers should be lowered from its current level of $3,000. Current rules require financial institutions to collect, retain, and transmit information on fund transfers and transmittals of funds in amounts of $3,000 or more. The transmitter's financial institution must document the name and address of the transmitter, the amount that is transferred or transmitted, the date of the transaction, all payment instructions from the transmitter, and the identity of the recipient's financial institution. In addition, the recipient's bank is to record his or her name, address, account number, and any other iden-tifying information. The Agencies are considering lower-ing the threshold to $1,000 and are weighing the benefits to law enforcement agencies against the burdens to financial institutions.

Comments on this notice of a proposed rule are due August 21. For more information, see 71 Federal Register, pp. 35564-7.

Summary of Federal Regulations – Financial Crimes Enforcement Network

Business Check Cashing (3/31)

The Financial Crimes Enforcement Network (FinCEN) issued an advisory to help businesses determine if they meet the definition of a check casher or money services business under the Bank Secrecy Act. The advisory says that if a business cashes its employees' payroll checks, it is not considered to be a check casher, even if the business charges its employees a fee for the service. However, if the business cashes more than $1,000 worth of checks for any one individual in any one day, and the checks are not the business's own, then the business is acting as a check casher under the Bank Secrecy Act.

Next, a business would not be considered a check casher if it pays a nonemployee for goods or services with a check, at the request of the nonemployee, and then cashes the check. This interpretation applies even if the check is for an amount greater than $1,000. And, finally, a tax prep-aration business is permitted to cash its own tax refund an-ticipation loan checks for its taxpayer customers.

For more information about this advisory, see www.fincen.gov/msb_faqs_guidance_03312006.html.

Office of Thrift Supervision

Preemption of State Gift Card Rules (6/9)

The Office of Thrift Supervision (OTS) issued a legal opinion to clarify that federal law preempts state law restrictions on gift cards for federal savings associations and their operating subsidiaries. The opinion was written in response to a savings association's inquiry about its offering of "open loop" gift cards, which are accepted at any place where signature-based Visa or MasterCard debit cards are accepted. The cards are sold in amounts ranging from $25 to $500, and they carry with them several fees – one for the initial sale, a shipping fee, a monthly service fee, a fee for receiving the remaining funds by check, and a replacement fee for a card that is lost or stolen.

In offering these gift cards, the thrift questioned whether it was subject to five types of restrictive state laws. The state laws include provisions that (1) create licensing requirements for gift card issuers and sellers; (2) require disclosure about fees and expiration dates; (3) impose restrictions on issuance fees, inactivity fees, maintenance fees, and redemption fees; (4) regulate expiration date terms; and (5) require gift card issuers to exchange unused portions of the gift cards for cash.

The OTS ruled first that thrifts are permitted to issue gift cards, and they may charge a fee for the service. The OTS believes the issuing of gift cards is similar to deposit-taking activities, which are approved for savings associations. Next, the OTS noted that federal legislation and judicial precedent have determined that it is the regulator with the sole responsibility for regulating thrifts' deposit-taking activities. Therefore, all five categories of state laws that restrict gift cards are federally preempted for federal savings associations and their operating subsidiaries.

For more information about this legal opinion, see www.ots.treas.gov/docs/5/56218.pdf.

Summary of Judicial Developments

Class Action Lawsuits Against Discover Bank Must Be Arbitrated under Delaware Law

On March 30, the California Supreme Court let stand a ruling that mandates that class action lawsuits against Discover Bank must be arbitrated under Delaware law, the state in which the bank is incorporated (Discover Bank v. Superior Court, No. S140411). The case arose from a credit cardholder's complaint that Discover Bank inaccurately explained when late fees and finance charges would be imposed on accounts. Specifically, the bank disclosed that payments would be considered late if they were not received by a certain date, but in practice, late fees and finance charges were assessed if payments were not received by 1 p.m. on the specified date. California borrower Christopher Boehr claimed that Discover Bank breached the terms of its credit agreement, and he moved to file a class action lawsuit along with other borrowers who were similarly situated.

Discover Bank's credit agreements include terms that prohibit both parties from participating in classwide arbitration. The agreements also contain a choice-of-law clause that designates Delaware as the governing state for contract disputes. Delaware law permits enforcement of these types of arbitration agreements. Boehr petitioned the California court system to deem these types of clauses unenforceable, case than Delaware did, and the parties chose Delaware saying that California law prohibits arbitration clauses in law to be the governing standard in the credit agreement, credit agreements. However, the appeals court ruled that so the case is subject to Delaware law. Upon appeal, the California did not have a materially greater interest in the California Supreme Court declined to hear the case.