Banking and Finance Law Report : Banking & Finance Lawyer & Attorney : Porter Wright Morris & Arthur Law Firm : Bankruptcy, Commercial Lending

The Securities and Exchange Commission and the Commodity Futures Trading Commission have adopted rules that require most broker-dealers, mutual funds, investment advisers, and certain other regulated entities to create programs to prevent identity theft. The new rules become effective May 20, 2013, and entities regulated by the new rules must comply by November 20, 2013.

Regulated entities subject to the rules must develop identity theft prevention programs to detect “red flags” signaling potential identity theft, to respond appropriately to such red flags, and to periodically update detection programs as identity theft risks change.

Among other requirements, the Red Flag Rules apply to “financial institutions” that offer or maintain “covered accounts.” “Covered accounts” are defined broadly to include personal accounts designed to permit multiple transactions and any account with a reasonably foreseeable risk of identity theft to customers. “Financial institutions” include any entity that holds a transaction account belonging to a consumer on which the account holder can make withdrawals to pay third parties. Examples cited by the SEC include:

1. a broker-dealer that offers custodial accounts;
2. a registered investment company that enables investors to make wire transfers to other parties or that offers check-writing privileges; and
3. an investment adviser that directly or indirectly holds transaction accounts and that is permitted to direct payments or transfers out of those accounts to third parties.

Many of these entities likely have identity theft prevention programs because they were previously required by Federal Trade Commission rules; however some entities, such as investment advisers, may have avoided scrutiny of their programs due to lax enforcement and may face increased attention now that the SEC and CFTC are charged with enforcing the Red Flag Rules for these entities.

Regulated entities should evaluate current red flag programs in the context of the SEC’s and CFTC’s new enforcement duties to determine if improvements are needed.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Financial institution executives with responsibility for the management of the technology of their financial institutions or their institution's relationship with technology service providers (TSPs) should become familiar with the updated guidance regarding supervision of TSPs by financial institutions that was issued on October 31, 2012 by various federal banking regulatory agencies.  The issuance updates material that is nearly ten years old.

The Federal Financial Institutions Examination Council (FFIEC) released a revised Supervision of Technology Service Providers booklet (TSP Booklet), part of the FFIEC Information Technology Examination Handboot (IT Handbook).  The FFIEC exists to prescribe uniform principles, standards, and report forms and to promote uniformity in the supervision of financial institutions.  The TSP Booklet describes federal financial institution regulatory agencies' statutory authority to supervise TSPs that contract with federally regulated financial institutions and provides guidance for these institutions and their examiners.  The TSP Booklet, which replaces and rescinds a March 2003 booklet, emphasizes that the ultimate responsibility for the conduct of third-party service providers and their compliance with applicable law and regulation lies with a financial institution's management and board of directors.

The TSP Booklet describes the federal Risk Based-Examination Priority Ranking Program (RB-EPRP) and the Uniform Rating System for Information Technology (URSIT) used in evaluating TSPs of financial institutions. The RB-EPRP utilizes a risk-based approach to determine the examination priority of TSPs, while the URSIT is used to consistently assess and rate IT-related risks of financial institutions and their TSPs.

Concurrently with the TSP Booklet, the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, and the Office of the Comptroller of the Currency jointly released, Administrative Guidelines for the Implementation of the Interagency Program for the Supervision of Technology Service Providers (Guidelines), detailing the processes federal agencies follow to implement interagency supervisory programs and including reporting templates for examiners to use in their supervision. While the TSP Booklet provides useful guidance to financial institutions, the Guidelines are more tailored to agency managers and field examiners.

Financial institutions and TSPs must be cognizant of the risks, laws, regulations and agency guidance implicated in the outsourcing of technology services by financial institutions to third-party TSPs. Furthermore, financial institution technology outsourcing arrangements should be carefully set forth in written contracts and thoroughly reviewed by qualified legal counsel. 

• Email This
• Print
• Comments
• Trackbacks
• Share Link

In October, the Consumer Financial Protection Bureau published its first supervision examination manual which will be of interest to bankers and other financial service executives.

On one level, the manual is fairly pedestrian and may contain little surprising in that most bankers have a fairly extensive appreciation of (and experience with) an examination process. And, of course, the Bureau has direct supervisory authority only over the roughly 100 large banks, thrifts, and credit unions that have assets more than $10 billion.

What should be interesting to many bankers, however, is the insight the Manual provides into the examination approach of the Bureau, an approach that will doubtlessly influence and inform the practices and procedures of all other financial institution regulators, large and small. Essentially, the Manual describes the Bureau's process for risk assessment: first there will be the establishment of the inherent risk of a particular "product" line for consumers and then there will be an assessment of an entity's set of quality controls to manage and mitigate the risks.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

On Monday, May 16, 2011, the revisions to FINRA’s Discovery Guide (“Guide”) and Document Production Lists (“Production Lists”) for customer arbitration proceedings take effect. These revisions will apply to all customer cases filed on or after May 16. FINRA first adopted the Guide in 1999 for use in customer arbitration proceedings and last revised the Guide in 2007. The Guide supplements the discovery rules contained in the FINRA Code of Arbitration Procedure for Customer Disputes. (See Rules 12505-12511.)

FINRA’s revisions to the Guide expand the guidance FINRA gives to parties and arbitrators on the discovery process. This expanded guidance is particularly important because of the growing prevalence and raising costs of electronic discovery (“e-discovery”). The revisions to the Guide also replace the current fourteen Production Lists with just two Production Lists of presumptively discoverable documents. One Production List will specify which documents firms/associated persons should produce. The other Production List will specify which documents customers should produce.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

In Notice 2011-34 issued April 8, 2011, the IRS provided supplemental guidance regarding foreign financial account reporting requirements under the Foreign Account Tax Compliance Act (“FATCA”). All businesses that makes payments to foreign financial institutions should be aware of these rules which take effect in 2013.  The recently released supplemental guidance, which is expected to be part of extensive future regulations, clarifies certain withholding, documentation, and reporting requirements under FATCA. Because many questions remain, it is expected that the IRS will continue to release additional FATCA guidance.

Background

Beginning on January 1, 2013, a 30% withholding tax will be imposed on certain U.S. source payments (“withholdable payments”) made to foreign financial institutions (“FFIs”). Withholding will be required on payments made to FFIs that do not enter into an agreement with the IRS to provide information on financial accounts held by certain U.S. persons. FATCA is another weapon in the IRS’s arsenal to track and monitor potentially abusive foreign account strategies, although FATCA applies to legitimate and routine business payments as well.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

The Foreign Account Tax Compliance Act (FATCA) [Sections 1471-1474 of the Internal Revenue Code] was enacted to prevent U.S. taxpayers from evading U.S. tax obligations by parking funds in foreign accounts or with foreign investors. FATCA requires each U.S. entity to withhold 30% of certain payments made after 2012 to foreign investors or foreign lenders unless such foreign entities satisfy certain new disclosure and reporting requirements. 

Failure to comply with FATCA will subject the U.S. entity to penalties and fines. Domestic lenders and domestic borrowers alike should ensure that foreign entities are FATCA compliant by adding language to the parties' credit agreement that obligates each existing and future foreign entity to provide tax documents, certificates and other tax information upon demand. An example of such language follows:

Promptly upon receipt of written request, each Foreign Lender shall deliver to the Borrower and the Agent any information, document, or certificate, properly completed and in a manner prescribed by law or satisfactory to the Borrower or the Agent, as the case may be, in order to permit the Borrower or the Agent to make a payment under this Agreement or the Loan Documents without any withholding on account of any tax otherwise required to be withheld under FATCA, and each Foreign Lender shall strictly comply with any disclosure or information reporting requirements (including entering into an agreement with the Internal Revenue Service) that are required to secure an exemption from any United States withholding taxes.

Depending on whether you are a domestic lender or domestic borrower, FATCA raises other issues you may want to consider with your legal advisor.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

In its capacity as statutory agent for some of our client companies, our firm’s statutory agent corporation, Acme Agent, Inc., has recently received this “Corporate Minutes Disclosure
Statement” from a company called Ohio Corporate Compliance. You may have received a similar notice. You should not respond to this notice if you receive it. Despite containing a small
disclaimer that it is a solicitation from a private company, the notice is made to appear as if it were an official government document that requires a response. However, this is not a document required from any governmental agency, and the information requested is not information that the Ohio Secretary of State would be asking of the vast majority of companies. The notice is very similar to a notice sent by the same company in early 2009.

If you do respond to the solicitation, you will be providing Ohio Corporate Compliance with internal, confidential corporate information such as the names of your shareholders, directors, and officers, in addition to paying an unnecessary $150 annual fee. In return, you may only receive some form corporate document with your company-specific information inserted. The solicitor does not commit—nor is it authorized—to make any public filing. However, the private information you provide may be used by this company for other purposes.

We have informed the Ohio Secretary of State’s Legal Department that these notices are being sent so that they may investigate and respond as they deem appropriate. We understand that the matter may be referred to the Ohio Attorney General for action.

If you receive this notice and have any questions regarding it, please feel free to contact Barry Kiser of Acme Agent, Inc. (227-2113) or Jack Beeler (227-1959).

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Many community banks under pressure to raise capital are considering selling new shares of stock to investors; however, doing so may cause some banks to be required to register under Section 12(g) of the Securities Exchange Act of 1934. The Act provides that even if a company has never made a public offering of stock, it must register its stock with the SEC if has more than $10 million in assets and 500 shareholders of record. Once registered, the company must comply with the SEC’s costly periodic reporting requirements.

Even the smallest of banking organizations typically have more than $10 million in assets so the important requirement to avoid registration is to remain below 500 shareholders of record. As banks seek new investors, remaining below the threshold becomes difficult.

The American Bankers Association has long argued that the 500 shareholders threshold should be raised to somewhere between 1,500 and 3,000.  The ABA argues that when the 500 shareholders threshold was set in 1964, the number of investors in the marketplace and the market presence of 500 shareholders were 3-6 times smaller than they are now. Thus, the 500 shareholders threshold should be increased 3-6 times. The ABA laments that many community banks have had to redeem stock at the expense of capital to reduce the number of their shareholders of record to below 300, the requirement to deregister under the Exchange Act.

The SEC has considered updating the 500 shareholders threshold at various times since 1996 but has not yet done so. Community banks eager to raise capital without burdensome SEC reporting costs continue to push for change.
 

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Having your laptop or smartphone searched or detained by Customs on your way back from a business trip would be a nightmare for most travelers, including bankers and other finance professionals. However, this scenario is quite possible under new governmental policies. In 2009, Customs and Border Protection (“CBP”) and Immigration and Customs Enforcement (“ICE”) both issued their respective new policies on border searches of electronic devices. It was a coordinated effort of CBP and ICE to update and harmonize their border policies to detect an array of illegal activities, including terrorism, cash smuggling, contraband, child pornography, copyright, and export control violations.

With all the technology innovations that allow business travelers to carry massive amounts of information in small electronic devices, CBP and ICE are facing an enormous challenge. On the one hand, travelers have a legitimate right to carry information on electronic devices. In that respect, there are serious concerns regarding the traveler’s expectation of privacy. On the other hand, the government has a duty to combat illegal activities and to enforce U.S. law at the border. The difficulty is finding the right balance between the government’s duty to enforce the law and the rights of travelers.

The legal basis for ICE and CBP policies is the border search exception to the Fourth Amendment requirement that officers obtain a warrant before searching someone’s property. But, assuming that they have this power, another key issue is exactly what CBP and ICE are allowed to do with one’s laptop. In short, they have authority to search and share information on laptops, disks, drives, tapes, mobile phones, Blackberries, cameras, music players, and any other electronic or digital devices — with or without “reasonable suspicion1” of illegality. Detention of the devices and/or information requires probable cause that an illegal activity is underway or is about to occur.

Searches
CBP searches may be conducted with or without suspicion of an unlawful activity. To the extent practicable, CBP searches should be conducted in the presence of a supervisor. ICE searches should be conducted by an ICE Special Agent, CBP Officer, or Border Patrol Agent. The searches should be conducted in the presence of, or with the knowledge of, the traveler. Naturally, the guidelines provide for exceptions to the traveler’s presence under certain circumstances where national security or operational considerations are an issue. ICE guidelines specifically state that the traveler’s consent for the search is not needed.

Detention
CBP detention of a device should not exceed five days, but that period can be extended. ICE detention periods may be longer — up to 30 calendar days or longer — if circumstances warrant. CBP is required to issue a Custody Receipt to the owner of the device (CBP Form 6051D) at the time of detention. ICE will also give the owner of the device documentation regarding its custody. Detention of electronic devices requires probable cause to believe that the device, or its contents, contains evidence of illegality that CBP and ICE are authorized to enforce.

• Email This
• Print
• Comments
• Trackbacks
• Share Link