Did you know that you can receive the Executive Briefing via email? We have a special Executive Briefing email list. It's free! Click here to subscribe.
The conclusion reached and the warning implied by the Securities and Exchange Commission and the Manhattan district attorney in the announcement of the settlements with two of the largest financial institutions in the United States in the Enron case has sent a wave of concern through the financial industry. [See BOL Top Stories for July 29th for information about the settlements.]
J. P. Morgan Chase and Citigroup agreed to pay almost $300 million in fines and penalties leading Stephen Cutler, the S.E.C.'s enforcement director, to point out that, "If you know you are helping a company mislead its investors, then you are in violation of securities laws."
In defense of the banks, as reported in the New York Times, Marc J. Shapiro, vice chairman of J.P. Morgan Chase wrote in a letter to Robert M. Morgenthau, the Manhattan district attorney, "Our view historically was that our clients and their accountants were responsible for the clients' proper accounting and disclosure of the transactions."
The handling of this case and the similar one against Merrill Lynch & Company that resulted in an $80 million settlement, have a significance far beyond the current issues. Most transactions between Enron and the banks met legal and accounting requirements, but still led to what regulators said was misleading information in the company's financial reports. This effectively illustrates that banks and other financial institutions will face major legal difficulties if they can be held responsible for transactions that are legal, but result in an outcome that deceives investors. As Mr. Shapiro wrote, the banks must hold themselves to a higher standard than to depend on the client's accounting and disclosure. And the bank must be sure the borrower makes complete disclosure by using stricter standards and greater oversight of complex deals in order to protect itself from liability.
The other troubling result of this case and settlement is the decision last year by a federal judge in Houston allowing private suits filed by investors to proceed against financial institutions.
Regulators and examiners will be considerably more diligent in examining transactions of like ilk in the near future. To be forewarned is to be forearmed.
Predatory lending is a front-burner topic in all the financial regulatory agencies. Payday lending is a core concern. The OCC has delivered numerous statements advising financial institutions to avoid predatory lending practices. Most recently, the FDIC has issued examination procedures for paday lending. The examination procedures will be used by both safety and soundness examiners and by compliance examiners.
The procedures include guidance for management of a payday lending program. The message to bank management is clear: the board of directors has clear and non-delegable responsibility for making decisions about implementing a payday lending program and for ensuring that the program is managed responsibly.
This advice to the board and to senior management is not unique, but it has not often been this clear a mandate. Examiners will evaluate the role directors played in the decision to implement payday lending or similar programs. Examiners will ask probing questions to determine the extent to which the board actually took responsibility rather than delegating it. This includes reviewing due diligence in the selection of a payday lending partner, ensuring that any contract protects the financial institution and provides clear responsibilities for all parties, and ensuring that the institution has adequate staff and training for that staff to run the program.
If your institution is considering payday lending, explain the FDIC's expectations to the board. Give the board a summary of their responsibilities.
Look over the last time the board received an audit report and consider the level of attention the board gave to the report.
Keep an eye on the competition. Watch the different lending practices that are available in your market and consider how your institution can provide the best service.
In the opinion of consumer advocates, G-L-B isn't enough. Consumer advocates continue to ask for more protection. Information sharing, information leaks, and aggressive marketing practices simply pour fuel on a fire. In the wake of sending out annual privacy notices, the time is right to take a hard look at information protection and sharing practices within your institution.
As you review your practices, keep in mind the pulse of consumer concerns. Consumers would prefer opt-in to opt-out. Consumers don't like getting phone calls during dinner. Consumers usually like to do their own shopping. And, in the opinion of the consumer, you don't own the information about them that you have on file - they do.
An effective privacy and information program should have several core elements.
Secure procedures for collection, storage, and use of consumer information.
Clear instructions and policies on the value your institution places on protecting the consumer's privacy, including consequences of violations of law or policy.
Assigned responsibility for managing consumer information privacy.
Accountability of all managers for violations.
Regular information security reviews.
Consideration of the consumer privacy interest whenever you consider ways to use customer information. This should include a review by legal or audit before proceeding with a new program.
Taking Care of the Details Mary Beth Guard, Executive Editor, BankersOnline.com
Recently, I read about the tragic crash of a small airplane. The pilot and passengers perished in the accident. A few days later, however, the story took an ugly turn when news reporters discovered the pilot allegedly hadn't met all necessary licensing requirements. Suddenly, the company that owned the tiny commercial service was being portrayed as the wrongdoer because the person they allowed to fly the plane hadn't done all his paperwork. The company's reputation was trashed iin the media for several days before the company was finally able to unearth the documentatioin to show the pilot had the proper credentials.
In the banking context, financial institutions can suffer similar (although not life-threatening) exposure when employees selling insurance or securities on their behalf are not properly licensed.
Imagine, for example, a scenario where Robert obtains a large loan and secures it with a substantial portion of his assets. Credit life insurance is offered, but declined. After Robert dies suddenly of a heart attack, his wife asserts that she remembers Robert telling her he had obtained credit insurance to cover the debt in the event of his death. The bank reports no such insurance was purchased. The widow files suit, alleging fraud, breach of contract, and whatever else her lawyer can throw into the petition. During the discovery process, it is determined that the bank employee's insurance license had expired prior to the time of the loan transaction. That fact plants seeds of doubt in the minds of the jurors about the veracity of the bank's account and the professionalism of its staff.
Pete Hyser, president of PC-Designs, a provider of web-based insurance tracking software for the insurance, banking and the broker/dealer communities, outlines some of the questions that help you understand what is involved in having a foolproof licensing system:
Are your license records accurate?
Do they match state records?
Can you easily notify states when an agent has been terminated? What if the agent is a qualified officer?
Can you produce a report of active and terminated agents who worked in the agency between a date range?
Can you track all of your licensing documentation from beginning to end and never lose track of your state and carrier items?
Watch out for notebooks and spreadsheets because they have no error checking. The marketing of annuities and insurance has never been on the cutting edge of most bank's marketing plans but lack of attention to detail can have a bearing on the bank's reputation and even whether it can do business in a state.
Who's Liable When a Hacker Gains Access? Mary Beth Guard, Executive Editor, BankersOnline.com
Busy bank customers like the freedom of being able to access their accounts whenever, wherever. But when the point of access is a public terminal, the possible dangers are great. The recent case involving a hacker who used keystroke logging software to steal the user names and passwords of 450 online banking customers who utilized computers at Kinko's brings the problem into sharp focus and points to the need for financial institutions to protect themselves through aggressive customer education initiatives and strongly worded contractual agreements.
If your institution offers online banking, we suggest taking the following steps:
Take a good, hard look at your customer education measures for Internet security. How have you communicated recommended Internet security precautions to your customers? Do you reinforce those lessons periodically through statement stuffers, on-screen messages, or emails?
Specifically look at whether you have addressed with your customers the risks of logging on to online banking from a machine other than their own. If the advice you have given simply instructs the customer to close the browser after the session, you haven't begun to protect the customer against the type of keystroke logging activity that took place in the Kinko's case. [And the Kinko's case is not an isolated incident. Similar exploits have been reported to have taken place at cybercafes and other public venues.]
Look at whether you are currently using an electronic services agreement. In it, you should be contractually requiring the customer to carefully select and protect his user name and password. The agreement should prohibit sharing passwords, should discourage writing down password information, and should state that in the rare event when it is necessary to put the password in writing, all necessary steps should be taken by the customer to safeguard that writing. The customer should be required to immediately report a compromised or lost password to your institution, and should be encouraged to periodically change his password. A recitation of the risks of using public computers should be given, and the contract should state that the customer is liable for losses that result from violating the agreement's provisions relating to password security or use of a public terminal. The agreement should spell out precautions that can be taken to reduce the danger, in the event the customer chooses to assume the risk of using a public PC (or even a shared PC at home or at the office). {Suggestions are given in the Kinko's article.
The bottom line is that your institution only has control over some of the risks of online banking. The customer has a duty to avoid risky behavior, too. Educate customers about the risks. Inform them about the safety measures they should observe. Make them contractually liable for losses if they fail to take the prescribed precautions.
Don't miss a single issue of BOL's Executive Briefing. Click the link below to access our archive page.
BankersOnline is a free service made possible by the generous support of our advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all banking professionals. Support our advertisers and sponsors by clicking through to learn more about their products and services.
Print Friendly!
Email This Article!
Discuss NOW!
