Skip to main content
Menu Icon Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations


Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • Agencies update guidance on liquidity risks and contingency planning

    On July 28, the OCC, FDIC, NCUA and Fed issued an addendum to the Interagency Policy Statement on Funding and Liquidity Risk Management, issued in 2010. The update on liquidity risks and contingency planning emphasizes that depository institutions should regularly evaluate and update their contingency funding plans, referencing the unprecedented deposit outflows resulting from the early 2023 bank failures. According to the addendum, depository institutions should assess the stability of their funding, keep a range of funding sources, and regularly test any contingency borrowing lines in order to prepare staff in the case of adverse circumstances. Additionally, the addendum states that if contingency funding arrangements include discount windows, the depository institutions should ensure they can borrow from the discount window by (i) establishing borrowing arrangements; (ii) confirming that collateral is available to borrow in an appropriate amount; (iii) conduct small value transactions regularly to create familiarity with discount window operations; (iv) establish familiarity with the pledging process for collateral types; and (v) be aware that pre-pledging collateral can be useful in case liquidity needs arise quickly. The agencies also state that federal and state-chartered credit unions can access the Central Liquidity Facility, which provides a contingent federally sourced backup liquidity where a credit union’s liquidity and market funding sources prove inadequate.

    Bank Regulatory Federal Issues OCC NCUA Federal Reserve FDIC Credit Union Liquidity Risk Management

  • NCUA annual report to Congress covers cybersecurity

    Privacy, Cyber Risk & Data Security

    On June 28, the NCUA released its annual report on cybersecurity and credit union system resilience to the House and Senate banking committees. The report outlines measures the agency has taken to strengthen cybersecurity within the credit union system, outlines significant risks and challenges facing the financial system due to the NCUA’s lack of authority over third-party vendors, and addresses current and emerging threats. Explaining that cybersecurity is one of the NCUA’s top supervisory priorities with cyberattacks being a top-tier risk under the agency’s enterprise risk management program, the report discusses ways the NCUA continues to enhance the cybersecurity resilience of federally insured credit unions (FICUs). Measures include continually improving the agency’s examination program, providing training and support, and implementing a final rule in February, which requires FICUs to report any cyberattacks that disrupt its business operations, vital member services, or a member information system as soon as possible (and no later than 72 hours) after the FICU’s “reasonable belief that it has experienced a cyberattack.” The final rule takes effect September 1. (Covered by InfoBytes here.) The report also raises concerns regarding the NCUA’s lack of authority over third-party vendors that provide services to FICUs. Calling this a “regulatory blind spot” with the potential to create significant risks and challenges, the agency stresses that one of its top requests to Congress is to restore the authority that permits the agency to examine third-party vendors.

    Privacy, Cyber Risk & Data Security Federal Issues NCUA Credit Union House Financial Services Committee Senate Banking Committee Third-Party

  • Court orders credit union to pay $5 million to settle overdraft allegations


    On June 27, the U.S. District Court for the Northern District of New York granted final approval of a class action settlement, resulting in a defendant credit union paying approximately $5.2 million to settle allegations concerning illegal overdraft/non-sufficient funds (NSF) fees and inadequate disclosure practices. As described in plaintiffs’ unopposed motion for preliminary approval, the defendant was sued in 2020 for violating the EFTA (Regulation E) and New York General Business Law (NY GBL) § 349. According to plaintiffs, defendant charged overdraft fees and NSF fees that were not permitted under its contracts with its members or Regulation E. Plaintiffs’ Regulation E and NY GBL liability theories are premised on the argument that defendant’s “opt-in form did not inform members that these fees were charged under the ‘available balance’ metric, rather than the ‘actual’ or ‘ledger’ balance metric”—a violation of Regulation E and NY GBL § 349. The plaintiffs’ liability theory was that defendant’s “contracts did not authorize charging overdraft fees when the ledger or actual balance was positive.” 

    Under the terms of the settlement, defendant is required to pay $2 million, for which 25 percent of the settlement fund will be allocated to class members’ Regulation E overdraft fees, 62.5 percent will go to class members’ GBL overdraft fees, and 12.5 percent will be allocated to class members’ breach of contract overdraft fees. Defendant is also required to pay $948,812 in attorney’s fees, plus costs, and $10,000 service awards to the two named plaintiffs. Additionally, the defendant has agreed to change its disclosures and will “forgive and release any claims it may have to collect any at-issue fees which were assessed by [defendant] but not collected and subsequently charged-off, totaling approximately $2,300,000.”

    Courts State Issues New York Overdraft NSF Fees Consumer Finance Credit Union Settlement Class Action EFTA Regulation E

  • Virginia credit unions may offer virtual currency custody

    State Issues

    On March 23, the Virginia governor signed HB 1727, which amends the Virginia code to allow credit unions operating in the commonwealth to engage in virtual currency custody services, provided the credit union “has adequate protocols in place to effectively manage risks and comply with applicable laws and, prior to offering virtual currency custody services, the credit union has carefully examined the risks in offering such services through a methodical self-assessment process.” The amendments stipulate that in order to engage in such services, a credit union must implement effective risk management systems and controls, confirm adequate insurance coverage, and maintain a service provider oversight program.

    The amendments further provide that a credit union may offer such services in a fiduciary or nonfiduciary capacity; however, in order to provide virtual currency custody services in a fiduciary capacity, the credit union must first obtain approval from the State Corporation Commission. Commission approval is contingent upon a credit union having sufficient capital structure to support providing such services, credit union personnel being adequately trained to ensure compliance with governing laws and regulations, and that granting such authority is in the public interest. The amendments are effective July 1.

    State Issues State Legislation Virginia Credit Union Digital Assets Virtual Currency

  • NCUA approves final cyber incident reporting rule

    Agency Rule-Making & Guidance

    On February 16, the NCUA approved a final rule that requires federally-insured credit unions (FICUs) to notify the agency as soon as possible (and no later than 72 hours) after a FICU “reasonably believes that a reportable cyber incident has occurred.” Specifically, the rule requires FICUs to report cyber incidents that lead “to a substantial loss of confidentiality, integrity, or availability of a network or member information system as a result of the exposure of sensitive data, disruption of vital member services, or that has a serious impact on the safety and resiliency of operational systems and processes.” Under the rule, FICUs must report any cyberattacks that disrupt their business operations, vital member services, or a member information system within 72 hours of the FICU’s “reasonable belief that it has experienced a cyberattack.” The NCUA explained that the 72-hour notification requirement provides an early alert to the agency but that the rule does not require the submission of a detailed incident assessment within this time frame. The final rule takes effect September 1. Additional reporting guidance will be provided prior to the effective date.

    “Through these high-level early warning notifications, the NCUA will be able to work with other agencies and the private sector to respond to cyber threats before they become systemic and threaten the broader financial services sector,” NCUA Chairman Todd M. Harper said. Harper further explained that “[t]his final rule will also align the NCUA’s reporting requirements with those of the federal banking agencies and the Cyber Incident Reporting for Critical Infrastructure Act.”

    Agency Rule-Making & Guidance Federal Issues Privacy, Cyber Risk & Data Security NCUA Credit Union Data Breach

  • NCUA will maintain loan interest rate ceiling at 18%

    Agency Rule-Making & Guidance

    On January 27, the NCUA board unanimously voted to maintain the current temporary 18 percent interest rate ceiling for loans made by federal credit unions (FCUs) for another 18 months. The extension starts after the current period ends March 10. According to the announcement, the National Association of Federally-Insured Credit Unions (NAFCU) urged the NCUA to immediately raise the interest rate ceiling to 21 percent in order to help mitigate interest rate-related risks facing FCUs. Recognizing that the NAFCU “has consistently advocated for a floating permissible interest rate ceiling to address constraints of the 15 percent ceiling set by the FCU Act,” NCUA Chairman Todd Harper said the agency is conducting an analysis of a floating interest rate ceiling that should be completed by the April board meeting.

    Agency Rule-Making & Guidance NCUA Interest Rate Credit Union

  • 7th Circuit affirms dismissal of NSF fees action


    On October 25, the U.S. Court of Appeals for the Seventh Circuit affirmed a district court’s ruling dismissing a putative class action alleging an internet credit union improperly charged account holders non-sufficient funds (NSF) fees. Plaintiff claimed she signed an account agreement with the credit union, which required the use of a ledger-balance method when assessing NSF fees, and that only one NSF fee is permitted per transaction. According to the plaintiff, the credit union breached its contract by charging her a $25 NSF fee when she attempted to pay a $6,000 bill, even though her account’s ledger balance was $6,670.94 at the time. She further claimed the credit union charged multiple NSF fees for the same item. The credit union maintained, however, that the contract allowed it to use the “available-balance method” to assess such fees instead. The opinion explained that the ledger-balance method calculates a balance based on posted debits and deposits (and does not incorporate transactions until they are settled), whereas the available-balance method considers holds on deposits and transactions that have been authorized but not yet settled when calculating a customer’s balance. The district court granted the credit union’s motion to dismiss, rejecting the plaintiff's account balance theory by “explaining that ‘the plain, unambiguous language states that a member needs sufficient available funds’ and reasoning that [plaintiff’s] proposed reading would render [the contract’s] use of the word ‘available’ meaningless.” The district court also maintained that the plural use of the word “fees” permitted the credit union to charge multiple fees when a merchant presented the same transaction more than once.

    On appeal, the 7th Circuit agreed with the district court that the agreement did not prohibit the credit union from “charging multiple NSF fees for a transaction that is presented and rejected several times.” While recognizing that the credit union “could have drafted the [a]greement more clearly than it did,” the appellate court determined that the credit union never promised “not to use the available-balance method to assess NSF fees or not to charge multiple fees when a transaction is presented to it multiple times,” and upheld the dismissal of plaintiff’s breach-of-contract claim.

    Courts Appellate Seventh Circuit Consumer Finance NSF Fees Class Action Credit Union

  • District Court grants defendant’s motion to compel arbitration in electronic signature case


    On August 22, the U.S. District Court for the District of Nevada granted a defendant credit union’s motion to compel arbitration regarding a consumer’s signature on bank-owned equipment. According to the order, the plaintiff alleged that the defendant violated 42 U.S.C. § 407 by transferring Social Security benefits from his savings account to his checking account to pay a debt. In March, a magistrate judge determined “that given ‘the liberal construction courts are to afford pro se complaints, it appears Plaintiff states a claim against [the defendant] at least for purposes of surviving screening’ and ordered that the case would proceed against [the defendant]” who filed the motion to compel arbitration. The order further noted that in support of their assertion, defendant provided documentation evidencing the plaintiff’s agreement to arbitrate all claims regarding his account. The defendant submitted an affidavit, a copy of the signature card that the plaintiff executed when he opened his account with the credit union, all subsequent signature cards executed by the plaintiff, and a copy of the “Important Account Information for Our Members,” among other things. According to the affidavit, the signature card the plaintiff executed when he opened his account included the “agreement to the terms and conditions outlined in the Important Account Information for Our Members,” and further indicated that the “[w]ritten notice we give you is effective when it is deposited in the United States Mail with proper postage and addressed to your mailing address we have on file.” The order noted that the “Notice of Change to the Terms and Conditions of Your Account was provided,” and “[t]hat document included a mandatory arbitration provision and the ability to opt out of arbitration.” The defendant argued “that by not exercising his right to opt-out, the agreement necessitates the action be moved into arbitration.” The plaintiff asserted that his signature was collected on an electronic device and because the signature was collected electronically, it was incorporated by fraud. The plaintiff also contended that he did not explicitly sign a document setting forth an arbitration clause because he only electronically input his signature to obtain a debit card.

    According to the district court, the plaintiff “does not assert that he did not sign the signature card when he initially opened his account and received the debit card. He asserts that he never agreed to arbitrate his claims because he never received or signed an arbitration agreement.” The district court granted the defendant’s motion to compel arbitration determining that a valid arbitration agreement existed between the parties and that the agreement encompasses the plaintiff’s claims. Among other things, the district court explained that “a valid arbitration agreement exists,” because the “signature card signed by [the plaintiff] certifies ‘[a]greement to the terms and conditions outlined in the Important Account Information For Our Members disclosure and any other material pertaining to the account.’” The district court further wrote that such “statement plainly refers to an external document, and plainly states that the [plaintiff] agreed to be bound by the terms contained therein. Moreover, [the plaintiff’s] assertion that he did not actually receive the Important Account Information For Our Members disclosure does not defeat the signature card’s statement that [the plaintiff] bound himself to the terms contained therein.” Additionally, by signing the signature card, the plaintiff agreed to arbitrate every claim arising from or relating in any way to his account.

    Courts Electronic Signatures Arbitration Debit Cards Credit Union Consumer Finance

  • CFPB receives rulemaking petition seeking validation of credit score models for credit unions

    Federal Issues

    Recently, the CFPB received a rulemaking petition seeking validation of credit score models for credit unions. The petition, which seeks “a rule governing the requirement to periodically validate credit scores for all lending or financing entities,” argues that validation is necessary to measure the effectiveness of credit scores being used to measure credit risk. Claiming that general letters of compliance from credit reporting agencies are inadequate, the petitioner explains that these letters do not “address the misapplication of credit scores by banks, credit card issuers, auto financing groups or individual credit unions that are the primary cause of errors and financial exclusion.” According to the petitioner, “[o]nly a statistically valid empirically derived study based on funded and declined loans will resolve many of the issues in consumer lending today.” The petitioner points out that validation reports “provide the information necessary to measure the efficiency of the credit score being used to measure credit risk,” and that “[d]emographic comparisons of funded and declined applicants can also be used to identify if the underwriting guidelines used in the application of credit scores result in acceptable percentages of financial inclusion for minorities or protected consumer groups.”

    Federal Issues CFPB Credit Scores Credit Union Consumer Finance Credit Reporting Agency

  • District Court partially affirms summary judgment in interest case


    On April 28, the U.S. District Court for the Southern District of New York granted in part and denied in part parties’ motions for summary judgment in a suit challenging the retroactive application of a New York statute reducing the state’s statutory interest rate on money judgments arising out of consumer debt. In doing so, the court considered S5724A, the Fair Consumer Judgment Interest Act. As previously covered by InfoBytes, the New York governor signed S5724A in December 2021, which amended the civil practice law and rules relating to the rate of interest applicable to money judgments arising out of consumer debt. Specifically, the bill provides that the interest rate that can be charged on unpaid money judgments is 2 percent and applies to judgments involving consumer debt, which is defined as “any obligation or alleged obligation of any natural person to pay money arising out of a transaction in which the money, property, insurance or services which are the subject of the transaction are primarily for personal, family or household purposes […], including, but not limited to, a consumer credit transaction, as defined in [section 105(f) of the civil practice law and rules].” The bill became effective April 30. According to the suit, a group of credit unions (plaintiffs) filed a federal class action lawsuit seeking to enjoin the enforcement or implementation of S5724A. The plaintiffs sought to invalidate the retroactive portion of S.5724A, arguing that it is an unconstitutional taking in violation of the Fifth Amendment and violative of their substantive due process rights guaranteed under the Fourteenth Amendment. The plaintiffs claimed that they are collectively owed about $3.8 million of outstanding consumer judgments, which includes approximately $1 million in interest, and sought a preliminary injunction enjoining the effective date of S572A. The plaintiffs brought suit against the Chief Administrative Judge of the New York State Courts, and the sheriffs of three New York counties in their official capacity on the basis that those parties “will be involved in enforcement of the Amendment.” The district court issued the preliminary injunction with respect to the sheriffs, relying on the credit unions’ arguments that retroactive application will “eradicate millions of dollars from the balance of judgments lawfully due and owing to judgment creditors.” The district court noted that “[r]egulatory takings … involve government regulation of private property [that is] . . . so onerous that its effect is tantamount to a direct appropriation or ouster. Thus, ‘while property may be regulated to a certain extent, if regulation goes too far it will be recognized as a taking.’”

    Courts New York Credit Union Interest State Issues Interest Rate Class Action


Upcoming Events