Header graphic for print

Banking & Finance Law Report

Texas Federal Court decision illustrates need for BYOD policies

Posted in Labor Law, Other Articles

EDITOR’S NOTE:  This recent post from the PWMA Employer Law Report on the importance a BYOD policy highlights an area of current concern for bankers and other employers.

Saman Rajaee was a salesman for Design Tech Homes. He used his personal iPhone to connect to his employer’s Microsoft Exchange Server, which allowed him to access his work-related email, contacts and calendar from his phone. Design Tech did not have a BYOD policy. When Rajaee’s employment terminated, Design Tech remotely wiped his phone, which deleted all of his data, including personal emails, texts, photos, personal contacts, etc.

Rajaee sued under the federal Stored Communications (“SCA”) and Computer Fraud and Abuse Acts (“CFAA”) as well as raising various state law claims. Design Tech moved for summary judgment on the federal claims. On the SCA claim, the court held, based on Fifth Circuit precedent, that information an individual stores to his hard drive or cell phone is not in electronic storage within the meaning of the statute.

Design Tech was successful on the CFAA claim as well, but was forced to take a much riskier path than would have been necessary had it simply had a BYOD policy. Generally speaking, the CFAA prohibits accessing a protected computer without authority or in excess of authority, but requires a showing that the computer owner sustained at least $5000 in losses specifically due to either the cost of investigating and responding to an offense or the costs incurred because of a “service interruption.” In Rajaee, the court held that the value of the data wiped from Rajaee’s phone was not the type of loss or cost contemplated as being recoverable under the CFAA. In addition, the court held that the deletion of Rajaee’s data did not constitute a “service interruption.” As a result, his claim under the CFAA failed.

Takeaway for Employers:

Employers using a BYOD environment really need to put a BYOD policy in place. Had Design Tech had such a policy, it could have – and indeed, should have told its employees, including Rajaee, that upon separation of employment (or, for instance, also if the device is lost or stolen), any device used to access the employer’s network would be wiped. This would enable the employees to preserve any important personal data on their devices. In addition, using containerization software would permit the employer to segregate business data from personal data on the phone, which also would permit the employer to wipe only the business data upon separation from employment.

 

Here we go again: Does the DOL’s request for information regarding self-directed brokerage accounts mean new fee disclosure requirements are coming soon?

Posted in ERISA

If you’re a fan of the tv show “The Simpsons,” you might remember an early episode where Homer Simpson launched a crusade against every public safety issue in the city. The result was practically every square inch of the town contained signs alerting people to every dip, pothole, and other nuisance on the roads. After watching that episode again recently (we won’t admit which one of us got sucked into the tv marathon), we were reminded of a first year torts class in law school that discussed the efficacy of public safety notices. The professor made the comment, “A wealth of information leads to a poverty of attention.”

That comment is especially fitting with respect to ERISA fee disclosures, particularly regarding defined contribution plans. Recently, the DOL requested information and comments about self-directed brokerage accounts (“SDBAs”). The DOL’s history with trying to provide guidance on SDBAs provides a great illustration of the difficulty of determining how much information is too much. On one hand, the DOL has been concerned that defined contribution plan participants will be unable to navigate the wide universe of investment options available under SDBAs unless strict procedural rules are in place. On the other hand, the plan sponsor community has tried to make clear that rank-and-file employees typically are not interested in SDBAs. Instead, more sophisticated investors request this feature, and they do not need a detailed protective regime. The DOL, to its credit, has recognized the different points of view on this issue and has sought input to help develop a balanced approach to regulating SDBAs.

DOL’s Early Attempts to Regulation SDBAs

As background, ERISA’s fiduciary duties require plan sponsors to offer a diverse menu of investment options to participants in defined contribution plans. Plans typically contain a packaged menu of options that are called Designated Investment Alternatives (“DIAs”). With DIAs, the plan sponsor compiles a list of funds, from which the plan participants can select for investment of their plan contributions. As with any benefit plan governed by ERISA, plan fiduciaries are required to act prudently for the exclusive benefit of plan participants. As such, plan sponsors must monitor the DIAs to ensure they remain prudent investments and make certain the funds continue charging reasonable fees for their services. Further, participants must have enough information to make an educated decision as to which fund to direct investment, a responsibility that additionally falls to the plan fiduciary. Required disclosures include information regarding the prior performance of the fund, comparative benchmarks, and fee amounts.

In addition to DIAs, plans may offer participants the option to look outside the plan for alternative funds in which to invest. When participants elect this method, it is referred to as a Self-Directed Brokerage Account (“SDBA”). SDBAs place the burden of making investment decisions on the participant, giving control over where their money will go. SDBAs actually originated to meet the demands of more sophisticated employees who (in theory) are sophisticated enough to analyze a wide range of investment options on their own. They thought that they could make better investment decisions than their employers and wanted their employers out of their investment decisions and financial planning. The people who demanded SDBAs in many ways were similar to the types of participants who would fall into a top-hat plan select group eligible to participate in nonqualified deferred compensation plans.

In terms of fiduciary standards, however, allowing participants the freedom to fail may not be either prudent or in their best interest. The DOL’s concern initially appears to have been that plan fiduciaries use SDBAs to shirk some of the more onerous fiduciary duties by placing these kinds of investment decisions in the hands of participants.

To address those potential concerns, the DOL issued FAB 2012-02 in May of 2012. The question-and-answer-styled bulletin explained that where high volumes of SDBA participants began investing in the same fund, compliance with fiduciary duties would require monitoring and disclosure similar to that associated with DIAs. The guidance failed to provide any definitive threshold, beyond which the additional disclosures would be required. In the midst of this uncertainty, sponsors and brokers feared the heightened duties would apply to nearly every fund in which SDBA investors participated. Given that the entire universe of investment funds is open to these participants, the list could have been extensive. As a result, plan sponsors and brokers expressed widespread alarm over the content of the guidance.

Because of their concern, a mere month later, the DOL issued a revision removing all of the offending requirements, but maintaining a tone that suggested a general distrust of self-directed brokerage accounts. The revision additionally explained that the DOL would keep the topic open, returning to it later for further discussion.

Recent Request for Additional Information

That time is upon us. In the DOL’s recent request for information regarding SDBAs, the DOL has included questions concerning the following:

  • The number of plan participants who opt for an SDBA;
  • Demographic information about those participants;
  • Comparative analysis of outcomes and costs for SDBAs and DIAs;
  • The fiduciary to participant and the fiduciary to broker relationships;
  • The amount of information available to participants;
  • Fiduciary knowledge of their duties with respect to SDBA participants.

In the introductory portion of its information request, the DOL cites the debate regarding the overall merits of allowing SDBAs in defined contribution plans. On one hand, the DOL cited articles that indicated the need for fiduciaries to analyze thoroughly the different investment options available in an SDBA before making them available to participants, essentially to protect participants from themselves. In essence, the DOL provided support for its initial position on the topic. On the other hand, the DOL acknowledged commentary that explained that brokerage windows actually benefit both sophisticated and unsophisticated participants. The reason is that SDBAs reduce the need for a plan to provide a large number of DIAs in order to satisfy specific investment option demands by more sophisticated participants.

What the Future May Hold

It is unclear where the DOL will go from here. In the past, the DOL showed clear apprehension with respect to the use of SDBAs, and it appears that the DOL still has some of those concerns. The DOL should be applauded, however, for understanding the counterargument and reaching out to the industry to assist with determining the extent of new procedural requirements for SDBAs. As of now, the DOL is only requesting information. While the future remains uncertain, it appears that additional guidance will be coming soon.

 

“The Bandits’ Club” gets its due

Posted in Bank Litigation, Regulation and Compliance

Our colleagues at Antitrust Law Source posted an interesting update about probable charges alleging that traders at approximately a dozen global banks – including Deutsche Bank, JPMorgan Chase, Barclays, and USB – fixed the foreign exchange market, or “forex,” market. The U.S. Department of Justice may bring charges by the end of the year. Read the complete article on Antitrust Law Source.

Porter Wright Announces New Antitrust Law Site

Posted in Other Articles, PWMA News, PWMA Practice

We wanted to take a moment to announce our newest endeavor, Antitrust Law Source. Antitrust Law Source is a new site designed for visitors to quickly and easily learn about developments in this growing arena. The site primarily will focus on providing news and legal updates in the antitrust arena in a podcasting format. The podcasts will feature a variety of insights, educational offerings, discussions and interviews with thought leaders across a variety of industries.

The site is prepared by members of our firm’s Antitrust Practice Group and will feature news and information on a wide range of areas, including:

  • Agriculture
  • Civil litigation
  • Compliance programs/audits
  • Consumer protection
  • Criminal and civil government enforcement
  • Distribution, pricing and promotional allowance programs
  • Healthcare
  • Intellectual property/Technology
  • International issues
  • Legislative matters
  • Mergers, acquisitions and joint ventures
  • Privacy and data security

We encourage you to visit the site and share your thoughts with us.

 

CIP To Cover Small Business Ownership And Control

Posted in Bank Regulation, BSA/AML, Regulation and Compliance

It has been an active couple of weeks for FinCEN from a regulatory pronouncement perspective. For example, FinCEN has proposed a regulation to amend existing “know your customer” rules for certain financial institutions to require the verification of beneficial owners of legal entities. Legal entities in this context would mean corporations, partnerships or similar business entities. Public companies, regulated entities and trusts other than business and statutory trusts, would not be covered.

In addition, FinCEN issued an advisory for financial institutions on the importance of a “culture of compliance” with respect to BSA/AML. The guidance had these suggestions based on recent enforcement actions: ensure leadership that supports compliance; don’t mitigate BSA/AML efforts in light of revenue considerations; operating departments must share with compliance staff BSA/AML information; the organization must devote adequate resources to BSA/AML compliance; BSA/AML compliance should be tested by an independent party and the organization’s leadership and staff should understand the purpose and use of BSA/AML reporting. FIN-2014-A007 is available here.

FinCEN’s proposal to amend existing “know your customer” rules requires a financial institution would have to identify each individual who directly or indirectly own 25% or more of the equity and one individual who has responsibility to control, manage or direct the legal entity. This information is to be recorded on the standard certification form.

The proposal is available here. Comments are due on October 3rd, 2014. The original release contemplates that the rule would be effective one year after adoption, so it would appear that late 2015 is the earliest the final version of the regulation might become effective.

The proposed regulation is the culmination of a regulatory process that began in March 2012. While it is intended to be consistent with existing requirements for covered financial institutions, the proposed regulation is intended to address elements of a customer due diligence that had been previously unaddressed by regulation, according to FinCEN.

For FinCEN, the key elements of (customer due diligence) include: (i) identifying and verifying the identity of customers; (ii) identifying and verifying the identity of beneficial owners of legal entity customers (i.e., the natural persons who own or control legal entities); (iii) understanding the nature and purpose of customer relationships; and (iv) conducting ongoing monitoring to maintain and update customer information and to identify and report suspicious transactions.

The first element is already included in existing customer identification program requirements. The rule change is intended to address the three remaining elements. For covered financial institutions FinCEN believes its proposal is “substantively” the same as existing requirements or rules issued by the regulatory agencies for those institutions.

 

Conflict of Interest and Cognovit Judgment

Posted in Attorneys and Clients, Collection and Foreclosure, Commercial Law, Litigation

Does a conflict of interest arise under the Ohio Rules of Professional Conduct (“Rules”) when an attorney confesses judgment on a cognovit note? No, according to a recent opinion (Opinion 2014-3, August 8, 2014) issued by The Supreme Court of Ohio’s Board of Commissioners on Grievances & Discipline (“Board”), so long as the cognovit note contains a warrant of attorney that expressly waives a conflict and permits a creditor’s attorney to confess judgment pursuant to R.C. §2323.13. In issuing the Opinion, the Board reaffirmed and updated Advisory Opinion 93-3, which found no conflict existed under Ohio’s former Code of Professional Responsibility, which the current Rules replaced in 2007.

R.C. §2323.13 permits an attorney hired by a creditor to obtain cognovit judgment without notice or hearing in certain commercial transactions (typically loans and guaranties of loans) by producing in court a valid warrant of attorney that also contains a specific warning to the debtor of the rights being surrendered and otherwise complies with law. Ohio courts grant such cognovit judgments because the debtor consented in advance to the creditor obtaining a judgment upon the debtor’s default.

The Opinion specifically finds that confessing judgment does not create a conflict of interest under R. 1.7 of the Rules, which governs conflicts of interest, because the confessing attorney represents only the creditor and not the debtor under both contract law and statute. DiBenedetto v. Miller, 180 Ohio App.3d 69, 72, 2008-Ohio-6505, 904 N.E.2d 554 ¶15 (1st Dist.). In other words, there is no conflict of interest or violation of the Rules because the creditor’s attorney does not have an attorney-client relationship with the debtor.

Covered affirmative action employers — more scary news from the OFCCP

Posted in Bank Regulation, Labor Law, Regulation and Compliance

On August 6, 2014, the Office of Federal Contract Compliance Programs (OFCCP) announced a proposed rule that should be of real concern to covered affirmative action federal contractors. The OFCCP is the agency that enforces federal affirmative action laws. If the proposed rule is adopted, it will add compensation data to the information that covered employers must submit with their annual EEO-1 reports. Keep in mind the “web” of coverage under affirmative action laws reaches far. Coverage is triggered not just by direct federal contracts but also by contracts to provide goods or services to any private sector entity, as long as those goods or services are used in connection with fulfilling some federal contract that your customer or their customers may have. Coverage of financial institutions is triggered by being a depository for federal funds or by being an issuing or paying agent for U.S. Savings Bonds or Notes. Coverage issues and obligations can vary with the dollar volume of the covered work.

The Specifics:

What:

Currently, the annual EEO-1 report contains race, ethnicity, and gender information about your workplace, sorted by nine EEO job-type categories. The proposed rule would expand the report to include the following information for each of the EEO categories by race, ethnicity, and gender: total number of employees; total W-2 income; total hours worked.

Who:

The obligation to provide compensation information on EEO-1 reports would apply to covered affirmative action employers with more than 100 employees and a covered federal contract or subcontract for $50,000 or more covering a period of at least 30 days, including modifications.

The Concerns:

The employer community which is subject to affirmative action obligations has very legitimate concerns about this new reporting obligation. OFCCP will use the data as part of its method for identifying contractors for compliance reviews. An OFCCP compliance review can involve not just review of the Company’s written affirmative action plan, but, also, a detailed review of its employment practices including compensation, hiring, and terminations. Employers have a legitimate question whether this broad-based compensation data is a legitimate basis for identifying a contractor for compliance review based on alleged concern about equal pay. A second, very real concern for the covered employer community is confidentiality of compensation information. OFCCP assures that the information can be submitted on a web-based data tool conforming with government IT security standards. But, EEO-1 reports are subject to Freedom of Information Act requests from the public. Even though OFCCP assures companies they will be given notice of any FOIA requests for their data and an opportunity to object, there is no assurance that the objections would be successful. Therefore, this proposed rule opens the door for confidential compensation information to be made available to competitors and the general public.

OFCCP intends to release aggregate summary compensation data by race and gender annually to the public. OFCCP believes that public dissemination of the aggregate data will give employers an opportunity to evaluate their own compensation structure against that of others in their industry.

 

Delaware Extends Its Voluntary Unclaimed Funds Compliance Program

Posted in Unclaimed Funds

In a move of interest to both businesses organized under Delaware law and businesses that hold funds owned by Delaware residents, Delaware’s unclaimed property voluntary compliance program has been extended. Pursuant to 79 Del. Laws, c. 278 (the “Act”), which was signed by Governor Markell on June 30, 2014, the deadline to enter the Secretary of State’s voluntary compliance program (the “SOS VDA Program”), has been extended to September 30, 2014, and the deadline to resolve all unclaimed property liability under that program has been extended to June 30, 2016. Before the Act, those deadlines had been June 30, 2014 for entry into the SOS VDA and June 30, 2015 for resolution of liabilities.

The SOS VDA offers participants the opportunities to reduce years of liability and to eliminate interest and penalties.

Those who should participate include holders of property owned by Delaware residents and businesses organized under Delaware law that cannot locate a last known address for the owner of property. This second category, based on the holder’s place of organization, follows the U.S. Supreme Court case Texas v. New Jersey, 379 U.S. 674 (65), pursuant to which unclaimed property will be reported to the state of the owner’s last known address. However, if the owner’s last address is unknown or is in a foreign country, the unclaimed property is reported to the holder’s state of organization.

In addition to extending the entry and resolution deadlines, the Act made three other changes to Delaware’s unclaimed property law:

Record Confidentiality: The Act provides that it is unlawful for any officer or employee of the Department of Finance or the Department of State to disclose any of the following: (i) the amount of unclaimed property reported to the state; (ii) the terms of any annual filing, unclaimed property voluntary self-disclosure agreement or settlement agreement; or (iii) any supporting documentation related to such reports or agreements.

Penalties: Penalties for failure to file an unclaimed property report have been reduced from 5% of the amount owing under the report per month with a maximum penalty of 50% of the amount owing under the report to the lesser of (i) 5% of the amount owing under the report per month (not to exceed 50% of the amount owing under the report), or (ii) $100.00 per day (not to exceed $5,000).

Interest: The Act eliminates the imposition of 0.5% interest on unremitted unclaimed property.

For more information about unclaimed funds compliance, contact Polly Harris, Esq. at Porter Wright at mailto:pharris@porterwright.comor (614)227-1962. The Delaware Secretary of State’s unclaimed funds web site can be found at http://revenue.delaware.gov/unclaimedproperty.shtml.

 

FDIC Guidance on Agricultural Credits

Posted in Agricultural Lending, Bank Lending, Bank Regulation, Commercial Lending, Community Banking, Regulation and Compliance

At a time of relative affluence in the farming industry, the FDIC has issued a warning on a need for monitoring agricultural credits. FIL-39-2014 (July 16, 2014) suggests that banking institutions of all sizes should carefully consider a recent, negative projection by the U.S. Department of Agriculture.

While current market conditions are good, the projection suggests there will be a slowdown in the growth of the farming and livestock sectors and that agriculture may be affected by adverse weather and declining land values, among other factors.

The guidance suggests that financial institutions should work carefully with agricultural borrowers when they experience financial difficulties. The guidance states that the FDIC’s supervisory expectations previously expressed in a 2010 financial institution letter continue (although the letter is rescinded in light of the current letter).

Cash flow analysis, secondary repayment sources and collateral support levels must be considered in order to properly analyze agricultural credits, according to the guidance.

The guidance notes that smaller farms and ranches rely on the personal wealth and resources of the owners, including off-farm wages. A universal review of the financial strength of the credit is required.

The guidance also notes workout strategies must be specifically tailored for agricultural credits in light of experience in the 1980’s with depreciating farm land values, among other factors. The guidance suggests that properly restructured loans to farming operations with a documented ability to repay under the modified terms will not be subject to adverse classification because the value of the underlying collateral has declined.

Personal Liability, Bank Directors and the Business Judgment Rule

Posted in Bank Regulation, Community Banking, Corporate Governance, Corporate Law, Regulation and Compliance

Last April, a trade association for bank directors, the American Association of Bank Directors reported the results of a survey designed to measure the impact of concerns about personal liability on the decision of bank board members to resign and by individuals to turn down board seats on banking organizations.

One of the key concerns, the survey highlighted, is the possibility of an FDIC lawsuit against the directors if a bank failure occurs. The fear was bank directors would be liable for decisions made as directors notwithstanding what is commonly referred to as the business judgment rule. Generally, the business judgment rule shields corporate directors, including bank directors, from liability when board decisions result in losses to the corporation or to shareholders.

The AABD mentioned in particular a then pending lawsuit in Georgia arising out of FDIC claims related to the failure of Buckhead Bank. These claims against the directors sounded in simple negligence regarding the making of loans. And the directors had asserted the business judgment as a defense.

A few days ago the Georgia Supreme Court ruled on the matter and the decision is worth a review by bank directors and managers even though they don’t do business in Georgia. The Georgia Supreme Court decision elegantly summarizes the business judgment rule including its history and common law origins. So the opinion is a useful “read” for bankers everywhere because the development of local jurisprudence in most states is likely similar to the process described in the opinion.

The decision concluded the business judgment rule in Georgia does not preclude, as a matter of law, all claims sounding in ordinary negligence against officers and directors of a bank in a lawsuit brought by the FDIC as a receiver for the bank.

The Georgia court notes that the standard of care required of bank directors is to exercise the same skill ordinarily prudent men would exercise in positions at similarly situated banking institutions. The Court also observes that under Georgia law, it is reasonable for an officer or director to rely on information prepared by employees, other officers, counsel and public accountants which the director or officer reasonably believes to be within the preparer’s professional or expert competence.

For some, the ruling will confirm fears expressed in the AABD survey. That survey indicated that in the past 5 years roughly 25% of the 80 banks responding to the survey reported that a director had resigned out of fear of personal liability, a person had refused to serve out of a similar fear or a director had refused to serve on the board loan committee for a similar reason. The cautionary report of the AABD noted, further, anecdotal reports that bank examiners in some instances have sought information from directors concerning their net worth including recent tax returns.

For others, however, the ruling will confirm their understanding of what has always been the basic legal environment for bank directors:

[T]he business judgment rule makes clear that, when a business decision is alleged to have been made negligently, the wisdom of the decision is ordinarily insulated from judicial review, and as for the process by which the decision was made, the officers and directors are presumed to have acted in good faith and to have exercised ordinary care. . . Although this presumption may be rebutted, the plaintiff bears the burden of putting forward proof sufficient to rebut it. All together, the limited standard of care, the conclusive presumptions as to reasonable reliance, and the rebuttable presumptions of good faith and ordinary care offer meaningful protection, we think, to officers and directors who serve in good faith and with due care. The business judgment rule does not insulate “mere dummies or figureheads” from liability, of course, but it never was meant to do so.

The survey regarding bank director participation is available here and Georgia Supreme Court’s opinion is FDIC v. Loudermilk, No. S14Q0454, — S.E.2d —, 2014 WL 3396655 (Ga. July 11, 2014).