December 11, 2011

Do Community Banks Need to Worry About the "Volcker Rule"?

Section 619 of the Dodd-Frank Wall Street Reform and Consumer Protection Act contains restrictions on financial institutions ability to engage in "proprietary trading" or be associated with a private equity or hedge fund. The Act required the SEC and federal banking regulatory agencies to promulgate final rules implementing the restrictions by October 21, 2011.  The agencies were a late, but on November 7, 2011, issued proposed regulations under Section 619. 

History.  Known as the "Volcker Rule", these restrictions were the brainchild of former (1979-87) Federal Reserve Board Chairman Paul Volker, who argued proprietary trading by insured banks introduced unacceptable risk to the deposit insurance fund.  In 1933, the Glass-Steagall Act required a separation of commercial banking from investment banking and brokerage activities. This division remained until 1999.

Proprietary trading is defined as “trading activity” in which a “banking entity” acts as “principal” in order to profit from “near-term” price changes.

While most community banks do not consider themselves to be engaged in proprietary trading in the sense that Wall Street investment banks trade, they do often take short-term positions in government securities as a risk-management tool.  Since investments in government securities are exempt form the Volcker Rule, community banks need not change course.

Trust Department Trading.  Trading within the trust department as part of its bona fide fiduciary activity is not proprietary, so the Volcker Rule does not prevent short-term strategies from being employed by the bank in its fiduciary capacity, subject to certain conditions.

Compliance Program Required.  The proposed regulations require that even banks not engaged in proprietary trading adopt a policy and procedures to prevent it from engaging in restricted activities without first establishing a compliance program.  Examiners are likely to begin looking for these policies in 2012.

Final Rules. The Act calls for the final rules to be effective by the earlier of (a) 12 months after the date of the issuance of the final rules, or (b) two years after the date of enactment of the Dodd-Frank Bill (July 21, 2012).  There will be a grace period during which financial institutions may divest impermissible assets.  That period should end July 21, 2014.

December 3, 2011

Legal Myths on Trial: FDIC Deposit Insurance

In the aftermath of the financial crisis and ongoing bank seizures across the country, rumors and half-truths regarding FDIC deposit insurance have become widespread. A few are "put on trial" and judged below.

Myth: If you have more than $100,000 in a bank account and your bank is closed by banking regulators, only $100,000 per person is insured.

Verdict: False. The standard deposit insurance coverage limit was temporarily increased from $100,000 to $250,000 approximately three years ago to ease fears in the wake of the financial crisis. The Dodd-Frank Wall Street Reform and Consumer Protection Act (enacted July 21, 2010) made that increase permanent.

The FDIC provides separate coverage for deposits held in different ways, so it is possible for a person to have more than $250,000 in coverage by carefully structuring accounts. The coverage rules are complex and should be reviewed by a knowledgeable attorney or banker when someone has more than $250,000 in deposit accounts at a single financial institution.

If my bank is seized by regulators, the FDIC has up to 99 years to return my money.

Verdict: False. For years, the FDIC has received questions from worried account holders who have heard that if their bank is seized, the FDIC can take up to 99 years to turn over insured deposit account funds. In fact, there is no hard deadline, 99 years or otherwise. Instead, federal law requires the FDIC to make insured funds available to depositors "as soon as possible" after a seizure, and the FDIC typically does so by the next business day.

Myth: Accounts opened in different branches of a bank are separately insured.

Verdict: False. While a depositor can increase the available FDIC deposit insurance by carefully using different accounts as mentioned, above, the same is not true with respect to using different branches of a single bank. FDIC deposit insurance is determined on a per-bank basis. Accounts opened at different branches of the same institution are combined for purposes of coverage limits.

Some banks operate branches under different names, particularly after a merger, which can confuse customers about the availability of separate coverage unless the bank provides adequate disclosures. For this reason, the FDIC requires banks using more than one name to disclose their legal identity to depositors.

Myth: As long as my bank is insured by the FDIC, any account I open is insured up to the coverage limit ($250,000).

False. The FDIC insures only deposit accounts, which include checking accounts, savings accounts, NOW accounts, certificates of deposit (CDs), and money market deposit accounts (MMDAs). Other accounts, however, including securities accounts (mutual funds, etc.) and certain insurance products, are not FDIC-insured even if they are opened or sold at an insured bank. To minimize confusion, federal law requires insured institutions to clarify deposit insurance coverage (or the lack thereof) in advertisements and account materials.

A law firm's trust account coverage limit is $250,000.

Verdict: False (for now). IOLTA accounts have unlimited insurance for the time being. In November 2008, the FDIC began the Transaction Account Guarantee Program, which temporarily provided unlimited insurance for non-interest bearing accounts and IOLTA accounts. The Dodd-Frank Wall Street Reform and Consumer Protection Act extended the insurance for non-interest bearing accounts through the end of 2012, but failed to address IOLTA accounts. That oversight was corrected when H.R. 6398 was enacted on Dec. 29, 2010, extending unlimited coverage to IOLTA accounts through the end of 2012.

[This article was first published in the November 2011 issue of The Advocate by the North Carolina Bar Association.]

Website Privacy--It's Not Just For Facebook. Does Your Company's Website Pass the Test?

This week the Federal Trade Commission announced a settlement of its action against Facebook over privacy practices. (You can read the FTC's press release here.) The alleged misconduct by Facebook included failing to adhere to its own privacy policies as disclosed on its website. This presents an opportunity to address some important--but often overlooked--facts about website privacy law that all businesses should be aware of if they maintain a website:

1. Businesses with websites that are used to collect information (even through a "Contact Us" email address or embedded form, or through cookies) generally need a website privacy policy to protect them from liability.

2. Companies sometimes make assurances in their website privacy statements that they fail to put into practice. This is particularly unfortunate when the companies create avoidable risk by establishing privacy standards that are more strict those required by law. This can happen when a company (or its website designer) simply mimics another company's privacy statement without first understanding all of the considerations that may have gone into that other company's statement. There is no "standard" policy that will suit all companies.

3. The Federal Trade Commission Act and the FTC's rules govern website privacy policies, and care should be given to comply with their requirements, which are more complex than many realize.

4. A few states have their own website privacy rules, and California's are the most rigorous. If your company's website can reasonably be understood to be directed at California residents (including websites directed at U.S. audiences generally), it will need to comply with California's unique rules.

5. Websites that facilitate transactions may have additional financial privacy protection obligations and disclosure requirements under financial privacy laws, particularly if credit is extended for online transactions.
6. Websites directed at children (in whole or in part) are subject to additional restrictions and requirements under the Children's Online Privacy Protection Act. If your webpage has a "kids" section, you need to have a COPPA disclosure and policies and procedures to comply with the COPPA rules.

7. The federal CAN-SPAM Act is not a privacy law per se, but does require, among other things, internet/email advertisers to provide an opt-out mechanism for electronic marketing. Although the CAN-SPAM Act does not require the opt-out mechanism be described in a website privacy policy, it is customary to do so.

8. Websites that solicit consumers' electronic agreement, whether to a transaction or another policy, should take care to observe the requirements of the federal E-Sign Act and the versions of the Uniform Electronic Transactions Act adopted by the states to which the site is directed. These laws impose requirements on electronic signatures, records and notices, and include often-overlooked consumer protection provisions. I have personally seen many instances of websites that attempt to comply with these laws but come up short.

Website privacy is gaining increasing attention from governmental entities, consumer groups and plaintiffs' class action attorneys, and I foresee it as an emerging source of risk for many businesses. Having advised local, national and international businesses on website privacy issues, I believe most of that risk is avoidable if care is taken to observe the patchwork of applicable legal requirements.