Legislative Update

July – September 2006

Recent Developments

FDIC Imposes Six-Month Moratorium on ILC Deposit Insurance Applications

On July 28 the Federal Deposit Insurance Corporation (FDIC) announced that it would not consider industrial loan companies’ (ILCs) applications for deposit insurance until January 31, 2007. Industrial loan companies originated in the early 1900s as small loan companies for industrial workers, but they are now state-chartered depository institutions that have many of the same powers as state commercial banks.

While ILCs satisfy the definition of banks under the Federal Deposit Insurance Act (which requires that these firms’ deposits be insured), they are not considered banks under the Bank Holding Company Act. This means that some activities that are prohibited for banks under the Bank Holding Company Act are permissible for ILCs. In particular, ILCs and their parent companies (unlike banks and bank holding companies) may engage in commercial activities, and their consolidated business may not be supervised by a federal banking regulator. Because of this distinction, ILCs have become a popular vehicle by which some companies enter the banking industry, and the FDIC has received an increasing number of applications for deposit insurance for ILCs. Additionally, the FDIC has observed an increase in the number of notices of a change in bank control affecting ILCs.

The FDIC imposed a six-month moratorium on the consideration of applications by ILCs for deposit insurance or notices of change in control. During this period, the FDIC will study the risk ILCs may pose to the deposit insurance fund. The FDIC will also study whether ILCs should receive additional regulatory supervision in order to protect the deposit insurance fund. (For more information on the moratorium, see 71 Federal Register, pp. 43482-4.)

Credit Card and Debit Card Issuers Settle Foreign Currency Conversion Fee Case

Several large credit card and debit card issuers agreed to pay $336 million to settle a federal class-action lawsuit that claimed they broke antitrust and disclosure laws when charging customers for transactions denominated in foreign currency or with a foreign merchant. The $336 million settlement will be used to compensate eligible holders of Visa, Interlink, Plus, MasterCard, Cirrus, and Maestro cards issued by the defendants (Visa, MasterCard, Bank of America, Bank One/First USA, Chase, Citibank, Diners Club, HSBC/Household, MBNA, and Washington Mutual/Providian). The settlement also requires new disclosures to be made by the defendents. On November 8, the United States District Court for the Southern District of New York granted preliminary approval of the settlement (MDL No. 1409, ML 21-95).

Summary of Federal Legislation – New Legislation

Industrial Bank Holding Company Act of 2006 (H.R. 5746).

Introduced by Rep. Gillmor (R-Ohio) on July 10, 2006.

Status: Referred to the House Committee on Financial Services.

This bill requires all industrial bank holding companies to register with the Federal Deposit Insurance Corporation (FDIC) within 90 days of their creation. As part of their registration, industrial bank holding companies must submit information to the FDIC about their financial condition, ownership, operations, management, and intercompany relationships (of the holding company and its subsidiaries).

The bill also permits the FDIC to examine industrial bank holding companies and their subsidiaries. The FDIC may share the results of its exams with other federal and state regulators and, if it chooses, use the other regulatory agencies’ examination reports in lieu of completing its own exams.

The bill prohibits industrial banks from being controlled by commercial firms, which are defined as companies that earned at least 15 percent of their consolidated gross annual revenue from nonfinancial activities in at least three of the four previous calendar quarters. Exemptions are provided, however, to industrial banks that existed before October 1, 2003, or those that had no change in control after September 30, 2003. Commercial firms will be exempted from this prohibition if they acquired an industrial bank holding company between October 1, 2003, and June 1, 2006; if they had no change in control after June 1, 2006; and if they did not acquire any other depository institution after May 31, 2006. These institutions will continue to be exempted as long as they do not expand their business activities or the states in which they operate after May 31, 2006.

Summary of Federal Legislation – Pending Legislation

Internet Gambling Prohibition and Enforcement Act (H.R. 4411).

Introduced by Rep. Leach (R-Iowa) on November 18, 2005.

Status: Passed by the House; Referred to the Senate.

This bill makes it illegal to engage in Internet gambling transactions that occur within, originate in, or culminate in the United States. The bill prohibits people from using the Internet to make bets, providing information to help others place bets, or arranging to receive compensation from those activities. Further, it makes it illegal to accept credit, electronic fund transfers, or checks as payment for placed wagers or for information that was given to assist other bettors. The bill instructs depository institutions to seize the funds from depository accounts that are owned by an illegal Internet gambling business, or if they include proceeds from or are used to fund illegal gambling transactions.

Summary of Judicial Developments

A Presenting Bank Must Indemnify an Issuing Bank for Altered Checks, Even When the Original Check Has Been Destroyed

The U.S. Court of Appeals for the Seventh Circuit ruled that a bank whose customer alters a check must indemnify the bank whose customer wrote the check, even if the original check has been destroyed and cannot be examined for signs of alteration (Wachovia Bank v. Foster Bancshares, No. 05-3703). Wachovia Bank sued Foster Bank after one of Foster’s customers, Sunjin Choi Choi, fraudulently deposited into her personal account a check for $133,026. The check was written by one of Wachovia’s customers, and it did not name Choi as the payee. Wachovia Bank filed a suit to request that Foster Bank indemnify Wachovia for the amount of the check.

The Uniform Commercial Code says that when a bank (Foster, in this case) presents a check for payment, it warrants to the issuing bank (Wachovia) that the check has not been altered. Foster argued, however, that Wachovia could not prove the check was altered because it destroyed the original check and replaced it with an electronic image of the check. Therefore the court had to consider whether the check was most likely altered, in which case Wachovia would win, or forged, which would make Foster Bank the winner.

The court ruled that because changing the payee’s name is the most common form of alteration, the check was most likely altered instead of forged. Further, the court noted that Foster Bank could have taken precautionary measures given the size of the check, including temporarily banning withdrawal of the funds until an investigation could verify the legitimacy of the check. Instead, because Foster could not show any reason to believe the check had been forged, the court ruled that Foster must indemnify Wachovia for the check as though it were altered.

Summary of Federal Regulations – Board of Governors of the Federal Reserve System

New Basel Capital Accord (9/25)

The Office of the Comptroller of the Currency, the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, and the Office of Thrift Supervision (together, the Agencies) issued a proposed rule to implement the New Basel Capital Accord (Basel II). Among other things, the accord specifies international standards for setting the minimum amount of capital banks are required to hold against the risk of unexpected credit, market, or operational losses.

The proposed rule consists of three sections, or pillars. The second and third pillars establish standards for supervisory review and public disclosures by banks. These have not changed significantly from the August 2003 advance notice of a proposed rule (see Banking Legislation and Policy, July-September 2003). The first pillar, which governs banks’ minimum capital requirements, has changed in a number of important ways.

The proposed rule distinguishes between three categories of banks: “core” banks, “opt-in” banks, and all other banks. The first two categories of institutions will eventually calculate their minimum capital requirements using “advanced methods” that rely in part on risk parameters estimated by a bank’s internal models and data. The minimum capital requirements of the other banks will continue to follow the rules promulgated to implement the 1988 Basel Accord, but the agencies expect to make some modifications to those in a separate rule.

An institution is a core bank if it, or its holding company, has consolidated assets (excluding the assets of insurance underwriting subsidiaries) of $250 billion or more, or has a consolidated (on balance sheet) foreign exposure of $10 billion or more. Core banks will be required to use advanced methods, subject to the approval of their primary supervisor. Banks may voluntarily opt in to the advanced methods, again subject to the approval of their supervisor. The agencies expect 11 of the largest internationally active banks to satisfy the definition of core banks and another 10 institutions to opt in.

Core and opt-in banks will eventually use advanced approaches to calculate their risk-weighted assets (the denominator of the minimum risk-based capital requirement ratio). The risks being measured include credit, market, and operational risk. Operational risk is defined as the risk of losses resulting from inadequate or failed internal processes, people, or external events, but excludes strategic and reputational risks.

Before adopting the advanced approaches, a bank must first develop an implementation plan. Opt-in banks may do this at any time, but core banks must adopt a plan within six months after the proposed rule is finalized. For these banks, the plan must incorporate a start date for the phase-in period (see below) and set a date for using its internal models within 36 months after the proposed rule becomes final. For at least four consecutive quarters, a bank would conduct a “parallel run,” calculating its required capital under the advanced approaches but remaining subject to the current risk-based capital requirements. A bank may not begin its parallel run prior to January 1, 2008.

The bank’s supervisor will determine when an institution is ready to use the advanced methods to calculate its required capital. This is followed by a three-step phase-in period that limits the degree to which a bank may reduce its minimum capital requirements. In the first step the bank’s risk-based capital requirement cannot be less than 95 percent of the existing risk-based capital requirements; in the second step the floor is relaxed to 90 percent; and in the third step it is reduced to 85 percent. Each step will last at least four consecutive quarters and a bank’s supervisor will determine when it is ready to graduate to the next step.

Advanced Approaches

Under the advanced approach, risk-weighted assets will be calculated using parameters estimated from the bank’s own models and data. The proposed rule departs significantly from the 2003 advance notice in that the minimum capital requirements for credit risk will be calculated to absorb unexpected losses up to the 99.9th percentile of the distribution of credit losses. Expected losses should be absorbed by the bank’s reserves for loan losses. If the bank’s reserves exceed its expected losses, it can credit the excess reserves equally to tier 1 and tier 2 capital, up to a limit of 0.6 percent of the bank’s credit risk-weighted assets. If expected losses exceed the bank’s loan loss reserves, the difference must be deducted equally from tier 1 and tier 2 capital.

There are several steps in the process of calculating a bank’s risk-weighted assets. The bank first divides its exposures into four categories: wholesale (loans to corporate, individual, sovereign, or government entities), retail (residential mortgages, qualifying revolving loans, and other loans to consumers), securitization, and equity. Retail exposures will be assessed at the level of homogeneous risk groups, while wholesale exposures are evaluated at the level of individual obligors (for the probability of default) and individual exposures (for loss given default and other parameters). Ratings for individual wholesale obligors must be reviewed at least once a year. The assignment of individual retail exposures to risk segments must be reviewed at least quarterly.

Thus key ingredients in the calculations are the bank’s segmentation of obligors into different categories of risk and the resulting estimates of several risk parameters: probability of default (PD), exposure at default (EAD), expected loss given default (ELGD), loss given default (LGD), and in some instances an adjustment (M) for the remaining maturity of the exposure. These estimated parameters are used as inputs in a set of formulas provided by agencies to calculate the bank’s minimum capital requirements.

Probability of default is the long-run average oneyear default rate for obligors (wholesale exposures) or the risk segment (retail exposure) that is estimated over a mix of economic conditions (including an economic downturn). The minimum amount of data required to estimate this parameter is five years.

Exposure at default is the value of an exposure (including interest and fees) at the time of default. EAD should reflect an estimate of any additional principal drawn before the default would occur during a period of economic downturn. For wholesale exposures, the minimum amount of data required to estimate this, and the other loss parameters, is seven years, including a period of economic downturn. For retail exposures, five years of data, including a period of economic downturn, are required to estimate these loss parameters.

Expected loss given default is the percentage of exposure at default expected to be lost in a default within one year. This parameter is estimated over a mix of economic conditions, including a period of economic downturn. ELGD is used to calculate expected credit losses, which are compared to the level of the bank’s reserves. In contrast, loss given default is an estimate of the percentage of exposure at default expected to be lost in a default within one year during a period of economic downturn. LGD is used in the calculation of unexpected losses that are incorporated in the minimum capital formulas.

To calculate risk-based capital for operational risk, banks will be required to use the advanced methods approach (AMA), which allows them to use their own internal operational risk management systems to assess exposure to operational risk. The proposed rule gives banks a lot of flexibility in calculating their operational risk and does not require them to use a specific methodology. However, they will be required to demonstrate their systems’ accuracy by producing an estimate of operational risk exposure that meets a one-year, 99.9th percentile soundness standard. Banks must estimate both expected and unexpected operational loss.

The proposal also contains details about disclosures required under Pillar III of the accord. These include details on the design of the bank’s internal models, the resulting parameter estimates, and a comparison of previous estimates with actual outcomes.

Comments on this proposed rule are due January 23, 2007. For more information, see 71 Federal Register, pp. 55829-78.

Electronic Fund Transfers (8/30)

The Board of Governors of the Federal Reserve System (the Board) issued an interim final rule to revise Regulation E, which implements the Electronic Fund Transfer Act. The rule requires merchants to notify check-paying customers at the point of sale if they plan to collect fees for insufficient funds electronically. A customer can then decide whether to engage in the transaction. Beginning in 2007, merchants must post this notice in a prominent place near the register and provide a copy to the customer. Also, beginning in 2008, the notice must disclose the dollar amount of the insufficient funds fee and an explanation of how the fee is calculated.

This interim final rule becomes effective on January 1, 2007. Comments on it were due September 19. For more information, see 71 Federal Register, pp. 51451-7.

Payroll Cards (8/30)

The Board of Governors of the Federal Reserve System (the Board) issued a final rule to clarify that payroll card accounts are subject to Regulation E, which implements the Electronic Fund Transfer Act. A payroll card is generally a magnetic-striped card, similar to a credit card, that is “loaded” with an employee’s wages. Employees can use the card to withdraw money at automated teller machines or to make purchases at the point of sale, in the same manner as they use debit or credit cards. These payroll cards can be managed by the employer, a third-party payroll processor, or a depository institution.

The final rule permits depository institutions to have some flexibility in providing account information to payroll cardholders. Depository institutions need not provide periodic account statements if they make account information available via telephone, provide Internet access to information on the most recent 60 days of account activity, and provide written copies of this information at the request of the account holder. Employers and third-party service providers are not subject to these rules as long as they do not hold the accounts or provide electronic fund transfer services to account holders.

Payroll cardholders may report errors in their account summaries up to 60 days after they electronically access the account (provided the error is reported at that time) or after they receive a written history that includes the error. If a financial institution is unable to track when the customer electronically accesses his or her account, the institution must allow the customer to report errors for up to 120 days after the error is reported.

This final rule becomes effective on July 1, 2007. For more information, see 71 Federal Register, pp. 51437-51.

Summary of Federal Regulations – Office of the Comptroller of the Currency

Identity Theft Red Flags (7/18)

All financial institutions and creditors are required to develop identity theft prevention programs to help them recognize and investigate red flags — patterns, practices, and activities — that indicate the possible risk of identity theft. Red flags include fraud and active duty alerts appended to a consumer’s credit report, an address discrepancy, a pattern of activity that is inconsistent with the customer’s usual activity, an increased volume of credit inquiries, or other suspicious patterns. The program must list procedures for spotting identity theft red flags, evaluating which red flags present the most risk to the firm’s accounts, and mitigating the risks posed by the red flags.

In its mitigation procedures, the firm must explain how it will verify the identity of a person opening an account, check for red flags, and determine whether the red flag is evidence of identity theft. An institution should address the risk of identity theft by monitoring the account, contacting the customer, considering changing the password or security code, assigning a new account number, or closing the account.

If the financial institution contracts with a service provider to handle the account on its behalf, the firm must ensure that the service provider complies with the firm’s identity theft prevention program. The firm’s board of directors or senior management must oversee the development and implementation of its identity theft prevention program, and the board must be given an annual report that evaluates the effectiveness of the program.

The rule also requires firms to verify their customers’ identities if a consumer reporting agency notifies the firm of a discrepancy between the address the customer provided and the address on file with the consumer reporting agency. If the firm verifies the customer’s identity, it is required to furnish the correct address, as confirmed by the customer, to the consumer reporting agency that notified it of the discrepancy.

Comments on this proposed rule were due September 18. For more information, see 71 Federal Register, pp. 40786-826.

Gift Card Disclosures (8/14)

The Office of the Comptroller of the Currency (OCC) issued a guidance to national banks about gift card marketing and disclosures. The guidance divides gift cards into two main categories: retail gift cards, which are offered by a retailer and can be used only at establishments owned by that retailer, and bank-issued gift cards, which generally bear the logo of a payment card network, such as Visa or MasterCard, and can be used wherever the payment card is accepted. Because a gift card is not ordinarily used by the person who bought it, gift-card-issuing banks must ensure that the disclosures are clear to the recipient.

Basic information should be included on the card and should disclose the card’s expiration date, the amount of any maintenance or other fees, and a way in which the recipient can receive more information about the card. Other important disclosures, such as the name of the issuing bank or how to receive a replacement card, should be included on material that is designed to be given with the card, such as its packaging. National banks should also avoid deceptive marketing claims, such as claiming a card has no expiration date when it has service and maintenance fees that are, in effect, the same as having an expiration date.

For more information about this guidance, see the OCC’s bulletin, OCC 2006-34.

FACTA Information Collection (8/31)

The Office of the Comptroller of the Currency, the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the Office of Thrift Supervision, the National Credit Union Administration, and the Federal Trade Commission (together, the Agencies) issued a notice of their plan to assemble a panel of creditors and other users of consumer reports. The Agencies plan to survey the panel about their information-sharing habits every three years. The Agencies are required by the Fair and Accurate Credit Transactions Act (FACTA) to study the information-sharing practices of financial institutions and creditors (for more information about FACTA, see Banking Legislation and Policy, October-December 2003). The Agencies will choose the panel based on factors that include whether a potential respondent has affiliates with which it can share information and whether it is likely to use credit reports.

Comments on this notice were due October 30. For more information, see 71 Federal Register, pp. 51888-91.

Summary of Federal Regulations – Federal Deposit Insurance Corporation

Industrial Loan Companies (8/23)

The Federal Deposit Insurance Corporation (FDIC) issued a notice that it is accepting comments on industrial loan companies (ILCs) and industrial banks, including the benefits, any detrimental effects, risks, and supervisory issues associated with the industry. The FDIC is concerned that because of their special regulatory treatment, ILCs may pose additional risk to the deposit insurance fund. In addition to seeking comments on the industry, the FDIC also imposed a six-month moratorium on ILC applications and notices of change in control (see the Recent Developments section of this publication) in order to examine the risks posed to the deposit insurance fund.

Comments on this notice were due October 10. For more information, see 71 Federal Register, pp. 49457-9.