The SEC recently published final rules that allow publicly traded bank holding companies and banks to simplify their public disclosures and provide more meaningful information to investors. Most of the rules become effective on May 2, 2019, which allow many registrants to benefit from them on their Form 10-Q filings for the quarter ended March 31, 2019.

This post is intended to highlight those changes that we expect to be most significant to registrants in the banking industry. BCLP has also produced a more thorough summary of the final rules as applicable to all registrants. The complete, 252-page adopting release is available here.

MD&A

Most registrants provide three years of MD&A narrative.  The new rule allows such registrants to omit discussion of the earliest of the three years if such discussion was previously filed, so that the 10-K MD&A will address only the year being reported and the previous year.  Smaller reporting companies are only required to provide two years of financials and MD&A (and emerging growth companies are allowed to omit periods prior to their IPO), so these registrants will not see any benefit from this change.

The revisions to the MD&A requirements also eliminate the requirement that issuers provide a year-to-year comparison.  In the related commentary in the adopting release, the SEC characterizes this change as providing registrants flexibility to tailor their presentation.  Hopefully, over time, the SEC’s expressed purpose will encourage creative approaches to this area. 

Exhibits – Material Contracts

Previously, a two year “lookback” applied, such that material contracts entered into in the two years prior to the filing were required to be disclosed on the exhibit index even if the contracts had been fully performed.  A common example is merger agreements—companies are currently required to continue to file merger agreements as exhibits even after closing.  The new rule eliminates this requirement (other than for newly public companies), such that material contracts that have been fully performed are no longer required to be disclosed.

In a case of first impression, the Fifth Circuit held that a defendant is not required to plead as an affirmative defense under the Real Estate Settlement Procedures Act that it had complied with Section 1024.41 of the Code of Federal Regulations by responding properly to a borrower’s loss mitigation application. Germain v. US Bank National Association, — F. 3d — (2019 WL 146705, April 3, 2019). It affirmed the dismissal of the borrower’s RESPA claim on a summary judgment motion, based on the following facts.

After repeated defaults beginning in 2009, the borrower Plaintiff filed three or four loss mitigation applications, asking for loan modifications in 2012, 2013 and 2014, in addition to filing bankruptcy in 2013. Each time, the loan servicer responded to the application properly. When the lender accelerated the loan and scheduled it for foreclosure in 2015, Plaintiff filed a lawsuit. It alleged the Defendants violated RESPA by failing to comply with Section 1024.41(d). That regulation section requires that a servicer who denies a loss mitigation application must notify the applicant of the reason he was denied any trial or permanent loan application option available pursuant to the regulation.

In their Answer to the complaint, the Defendants denied the allegation that they had failed to comply with Section 1024.41(d). The unstated basis for the Answer’s denial was that the loan servicer had complied Section 1024.41(i), which states: “A servicer is only required to comply with the requirements of this section for a single complete loss mitigation application for a borrower’s mortgage loan account.” The Court of Appeals ruled that the denial, without the detail, was sufficient, and affirmed the district court’s determination that the Defendants were not required to plead Section 1024.41(i) as an affirmative defense.

In previous posts in our BankBCLP.com series on this topic, we’ve attempted to define “open banking” and the ways in which it is attracting increasing industry attention through open APIs.  As our series continues, we describe how open banking is or may be regulated, as well as its critical licensing and intellectual property implications in practice.

As we have previously described, at least in the United States, “open banking” is more of a sweeping term of art than a distinct practice or product.  As a result, its legal and regulatory implications are potentially wide-ranging.    

In the United Kingdom, “Open Banking” is a more precise legal term for a sharing framework that the Competition and Markets Authority (CMA) has introduced for the stated purposes of increasing competition and expanding customer control over financial data.  In 2017, the CMA began to implement this framework by requiring the nine largest banks and building societies in the U.K. to begin sharing certain customer information with registered third-party providers (with customer consent).  In its earliest stages, this data sharing requirement was limited to data specific to the institution, as opposed to its customers, such as branch and ATM locations.  Subsequent stages have focused on transaction histories and even payments APIs.  These stages provide an early look at some of the more tangible consumer-oriented use cases for open banking.  For example, third-party applications can facilitate real-time bank location or price comparison shopping.

Importantly, under Financial Conduct Authority (FCA) implementing rules, the providers to whom this access is granted must be approved as a form of payments business or specialty service provider in the U.K. or in another jurisdiction under certain passporting provisions.  In any case, this will subject the provider to direct supervision and examination by a U.K. or EU regulator.  This framework dovetails with the European Union’s revised Payment Services Directive (PSD2) data security regulation in that these registered providers must specifically demonstrate PSD2 compliance.  The CMA is touting Open Banking as a secure, transparent means of providing consumers with more control over their finances. 

Other jurisdictions are taking a similar, top-down approach to open banking.  Australia is mandating that its four largest banks make certain banking information available on a “read only” API basis beginning July 2019.  India’s Unified Payments Interface (introduced August 2016) is an open API-based platform for real-time payments.  It ties to the government’s policy goals of minimizing the use of cash, promoting digital identity, and leveraging mobile devices in a rapidly developing economy.  Hong Kong published an open API framework in July 2018.  On the other end of the spectrum, China and Singapore are taking a more industry-driven approach.  China’s extensively cashless and mobile economy is incorporating open banking as a market response, rather than by regulatory mandate.

Bank merger activity is reducing the number of U.S. banks at a rate of about 5% per year. It’s unclear how long this pace of industry consolidation will continue. Investment bankers, who have an interest in the level of activity continuing, are often quick to counsel bank boards of directors that the merger market may never be better than it is right now. Each year, the boards of hundreds of banks decide to heed the advice of those suggesting it’s time to sell.

A decision to sell a bank is one of the two most important decisions a board addresses (the other being selection of the CEO in a succession process). The strength of a board lies in the manner in which it approaches such a decision. Some boards will have gone through a lengthy process of reaching consensus before exploring potential merger opportunities. Others will find themselves considering unexpected merger offers without first having reached consensus. Vigorous debate can be healthy and productive in the process of a board reaching the best decision for the bank and its shareholders. Regardless of the circumstances in which a potential sale or merger of a bank is being considered, it is critical that all board members have access to the same level of information and be able to provide input throughout the process.

When board members believe they have been kept out of the loop on information flow, or they haven’t been adequately involved in considering a course of action, the strength of a board is undercut. Decision making is often adversely impacted as a result. This is particularly true in connection with consideration of the sale of a bank. Throughout the process of a board investigating options and considering strategic alternatives, the board members should have confidence that they are privy to all communications of importance with both professional advisers and potential merger partners.

We have seen far too many instances in which a director, on his or her own initiative and without authorization from the board as a whole, embarks on private outreach to potential merger partners. These directors usually feel justified in such action as a result of frustration with the pace at which the full board is moving or a sense that the CEO is resistant to the idea of selling the bank. Whatever the driving force, such independent action by a director can result in a breakdown in trust among the board and rarely results in a successful merger transaction.

This post is the second in a series discussing Open Banking, its implementations, and its implications.  Part 1 is here.

APIs or “Application Programming Interfaces” are everywhere in ecommerce, and they provide the building blocks in the primordial soup of innovations that may stem from open banking. 

Among other roles, APIs provide a protocol allowing one computer system to talk with another.  For example, The Weather Channel (“TWC”) has invested heavily in providing detailed meteorological information and forecasts by region.  TWC could conceivably require people to visit its website as the exclusive way to access this information.  Instead, however, TWC permits some of its information to be accessed automatically across apps, websites, and services and in ways third-party developers can predictably map (e.g., certain tagged data reflects values like “75°F” or “Partly Cloudy”).  TWC has determined such use advances the TWC business plan.  Conversely, the developers of apps, websites, and services have determined using the TWC API is superior to reinventing what TWC has accomplished—or not offering weather information at all. 

Without an API, a third party could create a bot to visit the TWC website and automatically “scrape” the information, but such an approach poses risks.  First, even a slight change to the TWC website could cause the bot to misunderstand which data it is supposed to scrape.  Second, such an approach raises contractual and copyright risks.  See, e.g., Ticketmaster L.L.C. v. RMG Technologies, Inc., 507 F. Supp.2d 1096 (C.D. Cal. 2007) (granting injunctive relief on grounds that defendant infringed copyright and terms of use through automated screen-scraping of Ticketmaster’s site in order to facilitate its own large-volume ticket brokerage).  Third, this conversion step fails to capture the richer, more reliable, and more on-point data TWC is willing to make available via its API. 

The background to the Eleventh Circuit’s decision in Marchisio v. Carrington Mortgage Services, LLC, — F. 3d — (11th Cir. March 25, 2019)(2019 WL 1320522) demonstrated repeated recklessness by a lender in updating its reporting databases after repeated litigation and settlements.

The borrowers defaulted on their home loans in 2008; the loan servicer brought a foreclosure action; in 2009, the parties settled with a deed in lieu of foreclosure that extinguished first and second loans and required the loan servicer to report to the credit reporting agencies that nothing more was due on the loans. The loan servicer failed to correct the credit reporting and continued to try to collect on the nonexistent debt, prompting the borrowers/Plaintiffs in 2012 to file a lawsuit under the Fair Credit Reporting Act. The parties settled the FCRA suit in 2013, with the loan servicer/Defendant agreeing to correct the credit reporting. The loan servicer failed to timely comply with this correction requirement within 90 days and issued three erroneous reports that the second loan was delinquent.

The Plaintiffs then disputed with the credit reporting agencies the reporting of a balloon payment due on the second loan. In response, the loan servicer investigated the dispute. However, because the loan servicer had not updated its database to reflect the settlements, it erroneously verified to the credit reporting agencies that the Plaintiffs were delinquent, and then in 2014 charged them for lender-placed insurance on the property, which the Plaintiffs no longer owned. This led in 2014 to the second lawsuit with the FCRA claim that the 11th Circuit addressed. This lawsuit “caught Defendant’s attention” and immediately prompted it to update its database, correct its previous errors and accurately report the status of Plaintiffs’ second loan, finally.

This post is the first in a series discussing open banking, its implementations, and its implications. 

“Open banking” is a phrase that has been coined to capture a current theme in financial sector innovation – one that some say is going to revolutionize banking.  For years, banks have given their customers increasing access to account information.  Now, with open banking, the access is opening to the point where customers can potentially obtain financial services in entirely novel ways, and the customer’s expectations of their bank may shift. 

The push to open consumers’ financial data goes back decades.  In the 1990s and 2000s, financial institutions began giving customers online access to their accounts—and instantaneous access to information previously reserved for monthly statements. Card-based transactions gradually shifted away from signed papers with carbon copy receipts to electronic devices.  With rapid access to financial information, debit cards that could immediately draw on bank accounts became more feasible.  Meanwhile, third-party vendors, such as Intuit, Microsoft, and Checkfree, were among the providers who encouraged institutions to go even further by making financial data available in a format that could be imported into their software; their work led to the promulgation of the Open Financial Exchange (“OFX”) data stream format, among others. 

In the past 10 years, the priorities in data exchange have incorporated the agenda of government proponents.  Notably, in 2016, a U.K. regulatory authority required the country’s nine largest banks to allow certain registered third-party developers to access certain customer data.  In 2018, the European Economic Area began implementing the Second Payment Services Directive (“PSD2”), including its goal to provide financial data through a central register.  In the United States, the Consumer Financial Protection Bureau has expressed its view that consumers should have timely, secure, and transparent access to their financial account information and to data sharing opportunities.  During this same time, digitization has accelerated to unprecedented levels in all facets of life and commerce, and data privacy risk awareness and regulation has emerged. 

The public comment period for the banking agencies’ capital simplification rules for qualifying community banking organizations (i.e. the Community Bank Leverage Ratio proposal) are due on Tuesday, April 9th.

As previously discussed, the regulators have proposed a new, alternative, simplified capital regime for qualifying institutions that will deem an institution to be well-capitalized so long as it maintains a leverage ratio of at least 9% and adequately capitalized so long as it maintains a leverage ratio of at least 7.5%. While initially proposed last November, publication in the Federal Register was delayed until February of this year. As a result the comment period for the rule ends on Tuesday, April 9, 2019. Comments can be submitted online through Regulations.gov.

Through the publication of this blog post, the primary comments online appear to be the appropriate threshold for the new Community Bank Leverage Ratio. As background, EGRRCPA, the statutory basis for the reforms, obligates the regulators to apply a threshold of between 8% and 10%, and the regulators proposed 9%. Most of the submitted comments, including several from community bankers, comments from the Kansas Bankers Association and the Independent Bankers Association of Texas argue for a lower 8% ratio. Conversely, the Mercatus Center has submitted a comment supporting a 10% ratio.

Editor’s Note: BCLP’s consumer financial services team is a group of specialized lawyers from around the U.S., adept in state court rumbles, courthouse steps foreclosures, and bankruptcy court interludes. They are also deep thinkers in consumer law, and were waiting for this ruling today. If you have a portfolio of consumer loans and want some efficient, value-maximizing handling, give us a call. Here’s the take from Zina Gabsi, from our Miami CFS practice.

Earlier today, the U.S. Supreme Court issued its long-awaited opinion on whether law firms pursing non-judicial foreclosures are “debt collectors” as defined by the Fair Debt Collection Practices Act (“FDCPA”), 15 U.S.C. §1692 et seq. Obduskey v. McCarthy & Holthus LLP, Case No. 17-1307 (March 20, 2019). In its ruling, the Court held that a business engaged in no more than a non-judicial foreclosure is not a debt collector under the FDCPA. (Business lawyers around the US breathed a collective sigh of relief.) Instead, the Court held that those pursuing non-judicial foreclosures are subject to the more limited FDCPA restrictions contained in section 1692f(6).

The FDCPA defines a debt collector as “any person … in any business the principal purpose of which is the collection of any debts, or who regularly collects or attempts to collect, directly or indirectly, debts owed or asserted to be owed or due another.” 15 U.S.C. §1692a(6). But the statute also includes the “limited-purpose definition” which states that “[f]or the purpose of section 1692f(6) [the] term [debt collector] also includes any person … in any business the principal purpose of which is the enforcement of security interests.” Thus, the statute creates a set (debt collectors) and a subset (people that only seek to enforce security interests). The subset certainly includes “repo men,” but according to the Supreme Court, the subset also includes lawyers pursuing non-judicial foreclosures. The subset is subject to far less restrictions and mandates under the FDCPA.

The Court considered three factors in coming to its conclusion: (i) the text of the FDCPA itself; (ii) Congress’s intent; and (iii) the FDCPA’s legislative history. The Court explained that but for the limited-purpose definition (the subset), those pursuing non-judicial foreclosure would in fact be debt collectors under the additional provisions of the FDCPA. However, the Court notes that a plain reading of the limited-purpose definition, “particularly the word ‘also,’ strongly suggests that one who does no more than enforce security interests does not fall within the scope of the general definition. Otherwise why add this sentence at all?” Obduskey, at page 8. To interpret the definition of a debt collector under the FDCPA otherwise would render the addition of the “limited-purpose definition” superfluous. Id., at page 9. Furthermore, the Court posited that Congress “may well have chosen to treat security-interest enforcement differently from ordinary debt collection in order to avoid conflicts with state nonjudicial foreclosure schemes.” Id.

Of note, the Court rejected Obduskey’s argument that “McCarthy engaged in more than security-interest enforcement by sending notices that many ordinary homeowner would understand as an attempt to collect a debt backed up by the threat of foreclosure.” Id., at page 13. The Court explained that such notices were likely required under state law in order to pursue the non-judicial foreclosure and therefore the FDCPA’s “(partial) exclusion of ‘the enforcement of security interests’ must also exclude the legal means required to do so.” Id.

Justice Sotomayor wrote a concurring opinion to make two observations: “First, this is a close case, and today’s opinion does not prevent Congress from clarifying this statute if we have gotten it wrong. Second, as the Court makes clear, ‘enforcing a security interest does not grant an actor blanket immunity from the’ mandates of the FDCPA.” She interestingly noted that Congress may not have contemplated the Court’s interpretation because even though States do regulate nonjudicial foreclosures, the FDCPA was enacted “to promote consistent State action to protect consumers against debt collection abuses.”

The holding sheds light (for the moment) on the scope of the limited-purpose exception to the FDCPA’s definition of a debt collector as it relates to nonjudicial foreclosures. “[W]hether those who judicially enforce mortgages fall within the scope of the primary definition is a question we can leave for another day.” Id., at page 12. We will cover that another day too!

The Supreme Court of Georgia issued its latest opinion on March 13, 2019 in the continuing litigation over whether former directors and officers of the now defunct Buckhead Community Bank can be held liable for financial losses from commercial real estate loans.

The Georgia Supreme Court had previously advised a Georgia federal court, where the case was filed by the FDIC, that the directors and officers of the bank could be held liable if they were negligent in the process by which they carried out their duties. Following that opinion, rendered in 2014, the case returned to federal court, and a trial was ultimately held in 2016. In that trial, the jury concluded that some of the directors and officers were negligent in approving some loans and awarded the FDIC $4,986,993 in damages.

The trial judge in the case found that the defendants were “jointly and severally liable” for the award, meaning that the entire verdict could be collected from any one of the defendants. The defendants appealed contending that joint and several liability had been abolished by the General Assembly in 2005. The defendants also argued that the trial court should have given the jury the opportunity to apportion the damages among each of the defendants according to their respective degrees of fault. In considering the appeal, the United States Court of Appeals for the Eleventh Circuit again sought direction from the Supreme Court of Georgia on this new issue of law.

On Wednesday, in a 39-page opinion, the Georgia Supreme Court responded, providing answers to some, but not all, of the questions raised by the Eleventh Circuit. The Georgia Supreme Court held that joint and several liability can still be imposed in Georgia on defendants “who act in concert insofar as a claim of concerted action involves the narrow and traditional common-law doctrine of concerted action based on a legal theory of mutual agency and thus imputed fault.” The Supreme Court indicated that this was a very narrow exception to the usual rule that damages must apportioned among defendants.