In a recent decision that has sent shockwaves through the banking industry, a federal appellate court in New York has ruled that, for usury purposes, non-bank buyers of charged-off credit card debt are not allowed to step into the shoes of a national bank that originated and sold the debt. We think the ruling in Madden v. Midland Funding, LLC (May 25, 2015) is flat wrong because it contradicts 182 years of well-settled law, disrupts secondary markets, and interferes with the core powers of a national bank to sell its loans to third parties.
Commercial Real Estate Portfolio Reminder: New Rules on Increased Risk Weighting for Commercial Real Estate Loans Now in Effect
Written by: Joseph Hipskind
The first quarterly Consolidated Reports of Condition and Income for 2015 have been generated and fresh attention is being paid to the possibility of increased risk weighting for many real estate loans. For most banks, savings and loan holding companies and large bank holding companies, new rules for the risk weighting of “High Volatility Commercial Real Estate” (HVCRE) loans went into effect on January 1, 2015. As a result of these new rules, some loans that might have been classified as being risk-weighted at 100 percent are now being risk-weighted at 150 percent.
Most followers of the actions of the multi-national Basel Committee on Banking Supervision, which includes the United States, and the U.S. banking agencies are well aware of the increased focus on capital adequacy and risk management. The Basel Committee’s Basel III Accord took aim at the financial crisis of 2007. The framework developed as part of Basel III led to the Federal Reserve Board’s promulgation of rules in 2003 which implement both the Basel III Accord and the Dodd-Frank Wall Street Reform and Consumer Protection Act. These rules were also approved and promulgated by the OCC and the FDIC. One small part of these rules focus on lending institution exposure to real estate loans.
The final rules amount to hundreds of pages of text and one such final rule relates to what U.S. banking agencies classify as HVCRE loans. In what amounts to a material change to past practice, HVCRE loans are required to be risk-weighted at 150 percent. HVCRE loans include all loans that finance the acquisition, development and construction of commercial real estate, with important exceptions. One to four family residential properties, certain loans for the purchase or development of agricultural land, and certain loans for projects that qualify as community development investment are exempt from the HVCRE classification.
Also, as elucidated in the FDIC’s final rule codified in Title 12 of the Code of Federal Regulations in Part 324, a commercial real estate loan may avoid the HVCRE classification if:
- the loan-to-value ratio (LTV) is equal to or less than the maximum supervisory LTV (which is 80% for commercial construction loans), and
- the borrower contributes capital to the project in the form of cash or unencumbered readily marketable assets (or has paid development expenses out of pocket) of at least 15% of the real estate project’s “as completed” appraised value, and
- the borrower contributed the amount of capital before the advance of funds under the loan and the borrower’s 15% is contractually required to remain in the project until the loan is converted to a permanent loan, sold or paid off.
These rules were finalized in 2013 but the first quarter of 2015 presented the first opportunity for banks to grapple with the new rules. Naturally, if such work has not already been done, financial institutions should take immediate action on reviewing real estate loan portfolios in light of the new rules. Among other things, “as completed” appraisals for real estate projects must be reviewed for the “as completed” appraised value. Borrower contribution to the capital of the project must be calculated. Loan documents should be analyzed to determine whether contributed capital is contractually required to remain in the project. And, looking ahead, care should be taken in insuring that future real estate loans include appropriate contractual provisions to address these points.
Written by: Zane Gilmer
On July 1, 2015, Minnesota will join 23 other states and the District of Columbia as the latest jurisdiction to permit the sale of medical marijuana. Minnesota’s medical marijuana laws are much more restrictive than many of its sister states’ marijuana laws in terms of who may purchase products, the types of products that may be sold or consumed, and the number of facilities permitted to sell the products. Nevertheless, those restrictions do not eliminate the myriad of issues created by permitting the sale of marijuana, including compliance challenges for banks and other financial institutions. This article will address some of the key compliance issues that face Minnesota’s financial industry following the legalization of medical marijuana.
The “Cash-Only” Problem
Most of the major credit card companies prohibit the use of their card networks for marijuana purchases. As a result, “legalized” marijuana sales across the country are conducted largely on a cash basis. Many states that permit either medical or recreational marijuana have seen marijuana revenues soar into the millions of dollars on a weekly basis. The scenario in Minnesota will likely be no different. Financial institutions, however, have to proceed with caution in banking those marijuana proceeds.
The Bank Secrecy Act (“BSA”), for instance, requires banks to monitor money passing through their institutions for potential money-laundering activities. To comply with the BSA, banks are required to a file Suspicious Activity Report (“SAR”) related to certain transactions they suspect involve potential money laundering. Because the cultivation, possession, and distribution of marijuana are illegal under the federal Controlled Substances Act, any proceeds deriving from those transactions would be proceeds of an illegal transaction. Any marijuana-related business (“MRB”) attempting to bank proceeds of marijuana sales would trigger the bank’s obligation to file a SAR. Banks that fail to file a SAR for a reportable activity face criminal and civil fines and other penalties. As a result, many banks in states where marijuana is legal have refused to offer depository services to marijuana businesses.
On February 14, 2014, in response to banks’ reluctance to accept marijuana proceeds, the Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”) and the Department of Justice (“DOJ”) issued separate guidance to financial institutions related to providing banking services to the marijuana industry.
The DOJ guidance makes clear that the provisions of the BSA, money-laundering statutes, and the unlicensed money remitter statute remain in effect with regard to marijuana-related conduct, despite efforts at the state level to legalize marijuana. The DOJ guidance advises that its prosecutors, in determining whether to initiate an investigation or to charge an individual or institution for violation of a provision related to marijuana conduct, should focus on whether the conduct violates any of the following eight enforcement priorities:
- Preventing the distribution of marijuana to minors;
- Preventing revenue from the sale of marijuana from going to criminal enterprises, gangs, and cartels;
- Preventing the diversion of marijuana from states where it is legal under state law to other states;
- Preventing state-authorized marijuana activity from serving as a pretext for trafficking other illegal drugs or other illegal activity;
- Preventing violence and the use of firearms in the cultivation and distribution of marijuana;
- Preventing drugged driving and the exacerbation of other adverse public health issues related to marijuana;
- Preventing the growing of marijuana on public lands and other public safety hazards associated with marijuana on public lands; and
- Preventing marijuana possession or use on federal property.
The guidance explains that a violation of one of these priorities may be ripe for investigation or prosecution, whereas a marijuana-related activity that does not implicate one of these priorities may not be appropriate for prosecution. Notably, however, the DOJ guidance does not guarantee that marijuana-related activities that do not implicate one of these priorities will not be prosecuted.
FinCEN, for its part, issued much more tangible guidance for the financial industry. Indeed, FinCEN’s stated goals in issuing its guidance were to clarify BSA “expectations for financial institutions seeking to provide services to marijuana-related businesses” and to “enhance the availability of financial services for, and the financial transparency of, marijuana-related businesses.”
Development and Implementation of Thorough Customer Due Diligence Programs Required
FinCEN’s guidance provides that “the decision to open, close, or refuse any particular account or relationship should be made by each financial institution based on a number of factors specific to that institution.” To make these decisions, financial institutions are expected to develop and implement a thorough due diligence program that includes: (1) verifying with state authorities whether the MRB is licensed and registered; (2) reviewing the state application and supporting documentation submitted by the MRB to state authorities in support of its marijuana application; (3) requesting from state authorities information related to the MRB and individuals involved with it; (4) developing an understanding of the MRB’s “normal and expected activity,” including the products it sells and types of customers it serves; (5) ongoing monitoring of adverse public information concerning the MRB; (6) ongoing monitoring for any suspicious activity; and (7) updating the due diligence information on a periodic basis. The financial institution must also consider whether the MRB is in violation of one of the DOJ’s eight priorities or state law.
SARs for MRBs
If, after completing due diligence, the financial institution decides to provide services to the MRB, the financial institution must file one of two SARs: either a “Marijuana Limited” SAR—if the financial institution “reasonably believes” that the MRB is not in violation of any of the DOJ’s eight priorities or state law—or a “Marijuana Priority” SAR—if the financial institution reasonably believes that the MRB is in violation of one of the DOJ’s eight priorities or state law. In addition, the financial institution must file a “Marijuana Termination” SAR if it provides financial services to an MRB and later decides to terminate that relationship due to money-laundering concerns or if the MRB is in violation of one of the DOJ’s priorities.
To assist financial institutions in determining which SAR to file, the FinCEN guidance sets forth the following “red flags” that, if present, could mean that an MRB is violating one of the DOJ priorities or state law:
- An MRB appears to be using a state-licensed marijuana business as a pretext to launder money related to other criminal activity;
- An MRB cannot produce sufficient documentation and other evidence to demonstrate that it is duly licensed and operating in a manner consistent with state law;
- An MRB cannot demonstrate the legitimate source of significant outside investors;
- An MRB appears to be disguising its involvement in the marijuana industry;
- A review of publicly available information about an MRB and related parties reveals negative information;
- An MRB or related parties have been subject to state or local enforcement actions;
- An MRB engages in international or interstate activity;
- The owners or related parties of an MRB reside outside of the state in which the MRB is located;
- An MRB is located on federal property or marijuana that is sold by the business is grown on federal property;
- An MRB’s proximity to a school is not in compliance with state law; and
- An MRB purporting to be a “nonprofit” is engaged in commercial activity inconsistent with its designation as a nonprofit.
If any of these red flags exist, the financial institution must conduct further due diligence to determine whether the MRB is in compliance with the guidance.
Compliance Challenges Not Limited to Depository Accounts
In addition to the compliance challenges of providing depository services to MRBs, banks are also faced with similar issues related to extending loans to MRBs. Not only could such action be viewed as “aiding and abetting” a federal offense, but any loan proceeds and collateral securing the loan could be subject to federal forfeiture. The same may also be true for loans to third parties. For example, if a bank lends money to a strip mall developer who then rents space to an MRB, the debt service paid by the borrower/landlord is likely going to be paid with at least some proceeds of marijuana sales by the borrower’s tenant, because the tenant likely used those proceeds to pay rent to the borrower. Further, banks risk litigation, including claims related to violations of the federal Racketeer Influenced and Corrupt Organizations Act —for providing knowing assistance to MRBs in violation of federal drug laws—and False Claims Act lawsuits —for using proceeds of federally backed loan programs to fund or assist state MRB operations that are unlawful under federal law.
In short, there are a myriad of compliance challenges facing banks in the wake of marijuana legalization. Those challenges, however, have proven manageable. The key is to develop and implement thorough policies and procedures based on DOJ and FinCEN guidance.
 31 U.S.C. § 5311, et seq.; see also 18 U.S.C. §§ 1956 and 1957 (federal anti-money laundering statutes).
 FinCEN Guidance, “BSA Expectations Regarding Marijuana-Related Businesses,” February 14, 2014, available at http://www.fincen.gov/statutes_regs/guidance/pdf/FIN-2014-G001.pdf; James M. Cole, “Guidance Regarding Marijuana Related Financial Crimes,” U.S. Department of Justice, February 14, 2014, available at http://www.justice.gov/usao/co/news/2014/feb/DAG%20Memo%20-%20Guidance%20Regarding%20Marijuana%20Related%20Financial%20Crimes%202%2014%2014.pdf.
 DOJ Guidance, p. 2.
 Id.; James M. Cole, “Guidance Regarding Marijuana Enforcement,” U.S. Department of Justice, August 29, 2013, available at http://www.justice.gov/iso/opa/resources/3052013829132756857467.pdf.
 Press release announcing FinCEN guidance, available at http://www.fincen.gov/news_room/nr/html/20140214.html.
 See, e.g., 21 U.S.C. § 853 (forfeiture statute related to controlled substances violations); 18 U.S.C. § 981, et seq. (forfeiture statute related to money laundering).
 18 U.S.C. § 1961, et seq.
 31 U.S.C. § 3729, et seq.
Written by: Bryce Langford, Summer Associate
The most imminent threats facing banks today are not gun-wielding robbers like John Dillinger and Bonnie and Clyde. Today’s financial institutions face a different kind of threat— cyberattacks. Banks and their customers rely upon technology more so today than they ever have before. Because so much banking business is conducted online, the threat of cyberattacks on commercial customer deposit accounts increases rapidly.
The most significant type of cyberattack in the banking industry is called “corporate account takeover,” which occurs when a computer hacker steals a depositor’s online banking credentials and then, acting as the depositor, makes fraudulent outgoing wire transfers. The customer’s funds end up in very far-away places. To the bank, the transactions appear to be authorized by the accountholder and valid. By the time the bank and depositor realize there has been a theft, it is usually too late to recover the funds. Who bears the loss—the bank or the customer? Laws and regulations in the last decade have increased the liability for banks who do not take the proper preventative measures to insure against corporate account takeover. This article examines those laws and regulations, and discusses how banks can best manage the risk of account takeovers.
The UCC rules. Under Article 4A of the Uniform Commercial Code (“UCC”), the general rule is that the loss falls on the bank for an unauthorized outgoing wire, even if it appears to the bank that the transaction has been authorized. However, there are two exceptions to this rule: (1) the depositor fails to report the unauthorized debits to its account within one year and (2) the bank has in place a “commercially reasonable security procedure” to protect against hacking, the security procedure is embodied in a contract between bank and customer, and the bank accepted the outgoing wire in good faith and in compliance with the security procedure. The rules governing the second exception have been heavily litigated; they are codified in UCC 4A-201 through 4A-204.
The FFIEC guidance. To determine what is a commercially reasonable security procedure, the Federal Financial Institutions Examination Council (“FFIEC”) periodically releases “guidance” to help banks to “identify and mitigate cyberattacks.” The most recent guidance was issued on March 30, 2015. It includes eight “risk mitigation” recommendations for financial institutions. This is a must-read for bankers.
- Financial Institutions should securely configure systems and services.
- Financial Institutions should review, update, and test incident response and business continuity plans.
- Financial Institutions should conduct ongoing information security risk assessments.
- Financial Institutions should perform security monitoring, prevention, and risk mitigation.
- Financial Institutions should protect against unauthorized access.
- Financial Institutions should implement and test controls around critical systems regularly.
- Financial Institutions should enhance information security awareness and training programs.
- Financial Institutions should participate in industry information-sharing forums, such as the Financial Services Information Sharing and Analysis Center.
The expectation of layered security. The eight recommendations set out by the FFIEC in 2015 expand upon earlier recommendations issued in 2005 and 2011. One of the most important aspects of the earlier guidance was the FFIEC’s recommendation of layered security. The 2011 Guidance described layered security as “the use of different controls at different points in a transaction process so that a weakness in one control is generally compensated for by the strength of a different control.” The FFIEC recommends that financial institutions use more than a single layer of customer authentication. The most common example of a single layer of authentication is requiring a customer’s username and login. The FFIEC requires more security layers than simply requiring password authentication. Financial institutions should consult the FFIEC guidelines for examples of other layers of authentication.
The FFIEC guidelines set forth two particularly important types of layered security: (1) the use of dual-factor authentication such as usernames/passwords plus tokens, callback or challenge questions and (2) the use of software to detect out-of-pattern transactions involving outgoing wires. Keep in mind that the courts use the FFIEC guidance to determine whether the bank’s security procedure was commercially reasonable and in good faith. Courts sometimes confuse commercially reasonable and good faith. By employing layered security and complying with the FFIEC Guidance, banks can show their security procedures were commercially reasonable and in good faith. Layered security is one of the best ways to protect a financial institution from civil liability as well as protect customers’ assets from the threats of deposit account takeover.
How the courts are resolving cyberattack disputes: the two key cases. There are two key federal appellate decisions in this area—one in favor of the customer and the other in favor of the bank. In 2012, the First Circuit held that a bank’s security procedure was not commercially reasonable even though it used dual-factor authentication. In Patco Construction Co., Inc. v. People’s United Bank, 684 F.3d 197 (1st Cir. 2012), the bank employed multiple security procedures to comply with the 2005 FFIEC guidance, but it lost the case because at least one procedure was counter-productive.
Most notably, the security company’s software allowed banks to set a threshold amount for transactions that would trigger a security challenge question to authenticate the transaction. Initially, the bank in Patco set the threshold at $100,000. The bank later lowered the threshold to $1, effectively requiring security challenge questions on every internet transaction. The bank argued that this raised the level of security because it required answering security questions for every transaction. In 2009, a hacker obtained a customer’s banking information and authenticated a series of transactions close to $600,000. The bank was unable to retrieve $243,406 of these funds.
The First Circuit held that the lower threshold of $1 triggering the challenge questions hurt customers by increasing the risk of fraud. The court’s rationale was that requiring challenge questions on every transaction gave hackers more opportunity to capture the vital information. The court also held that the bank did not have a practice of closely monitoring all transactions, even if it had warning that fraud was occurring. The court held that these failures, taken as a whole, showed that the bank’s security procedure was not commercially reasonable. This First Circuit case is significant because it shows that employing multi-layered authentication may still not insulate financial institutions from liability.
In contrast to the First Circuit’s decision, a 2014 case from the Eighth Circuit ruled in favor of the bank. In Choice Escrow and Land Title, LLC. v. BancorpSouth Bank, 754 F.3d 611 (8th Cir. 2014), the Eighth Circuit ruled that the bank’s security procedure was commercially reasonable and the bank acted in good faith. The bank provided four security measures for its customers. The first was a simple ID and password requirement. The second was authentication software that monitored the customer’s IP address and other specific information of the customer’s computer. This allowed the bank to ensure that the same computers were authorizing the transactions; if another computer or IP address was used, then the user had to correctly answer challenge questions. The third security layer allowed customers to place dollar limits on wire transfers. The fourth layer was called “dual control.” This measure required every outgoing wire transfer to be authenticated by two separate users with distinct IDs and passwords.
The Eighth Circuit held that the bank’s four levels of security authentication were commercially reasonable, even though the customer in the case had rejected two of them. The court noted that the Uniform Commercial Code releases a bank from liability if a security procedure is offered to a customer and the customer declines the procedure in writing and agrees to a different procedure. This effectively shifts the liability to the customer. The court rejected the argument that to be “commercially reasonable,” a security procedure must include a human being manually reviewing every payment order submitted to the bank. Further, the court found that the bank acted in good faith, and pursuant to agreement, in accepting the outgoing wires.
Importantly, the Eighth Circuit relied on the FFIEC guidance as a test for determining what is a commercially reasonable security procedure. The court called the FFIEC guidance the “primary authority” in measuring the reasonableness of a security measure. This is important for financial institutions to note, since the courts are relying heavily upon the FFIEC guidelines when considering liability in cases of cyberattacks.
Conclusion. Cases involving cybersecurity and financial institutions are sure to continue to flow in the coming years as customers and banks increasingly rely upon technology for conducting business and hackers increase in their ability to conduct cyberattacks. One of the best ways for a bank to protect itself against liability is to take action and measures that are in accord with the FFIEC guidance, including the 2015 version. As technology changes, so will the requirements of the FFIEC. Notably, the most recent guidance recommends that financial institutions should share with one another, in forums, how to mitigate cybersecurity threats. The courts have yet to litigate what exactly these forum-sharing recommendations mean, but financial institutions should be on notice that this is just one of the new requirements set out by the FFIEC. The best course of action for financial institutions is to work with legal counsel to insure the institution is up-to-date with the guidance issued by the FFIEC. Although the 2015 guidance attests that it “does not contain any new regulatory expectations,” experience shows that bank compliance with the new guidance is the best way to manage the risk of deposit account takeover. The attorneys of Stinson Leonard Street’s Banking and Financial Services division have extensive experience in this area of law, and financial institutions are encouraged to reach out to such experts.
Written by: David Kantor
Residential mortgage originators struggling to meet the August 1, 2015 implementation date for the new Truth-in-Lending RESPA Integrated Disclosure Rule received a reprieve yesterday.
CFPB Director Richard Cordray issued the following statement on the Know Before You Owe mortgage disclosure rule:
The CFPB will be issuing a proposed amendment to delay the effective date of the Know Before You Owe rule until October 1, 2015. We made this decision to correct an administrative error that we just discovered in meeting the requirements under federal law, which would have delayed the effective date of the rule by two weeks. We further believe that the additional time included in the proposed effective date would better accommodate the interests of the many consumers and providers whose families will be busy with the transition to the new school year at that time.
The public will have an opportunity to comment on this proposal and a final decision is expected shortly thereafter.
On June 24 the CFPB published its proposed rule for extending the effective date for implementation of the Know Before You Owe Rule to October 3, 2015. The public has until July 7 to submit comments.
See full release here.
Please join us for the 2015 Banking Conference on Wednesday, May 6. This informative event will include discussion on recent developments in the banking industry. Topics will include:
- Bankruptcy Risk
- Domestic Holds on Deposit Accounts
- Keeping the Guarantor on the Hook
- Spousal Guarantees
- Deposit Account Takeovers
- Consumer Financial Services
- Tax Credit Finance
- Banking Marijuana Businesses
- Vendor Diligence and Contracting
- ACH Origination Fraud Risk
- M&A Update
In addition, attendees will hear from a panel of banks and regulators on a variety of top bank issues and concerns.
This seminar will be presented live from our Kansas City, Minneapolis and Denver offices and video-conferenced to our St. Louis, Wichita, Phoenix and Omaha offices. Registration begins at 1PM (CDT). The seminar starts at 1:30PM (CDT) and will be followed by a reception at 5PM (CDT).
View the full agenda online.
Visit our website for exact office locations.
CLE credit is approved in:
NE 3.25 hours open
KS 3.5 hours open
MO 3.9 hours
AZ 3.25 hours
MN & CO pending
Written by: Evan Berquist
In a unanimous decision issued on January 13 of this year, the Supreme Court held that a borrower exercises its right to rescind a loan under Section 1635 of the Truth In Lending Act (“TILA”), simply by notifying its creditor of its intent to rescind within TILA’s three-year limitation period. See Jesinoski v. Countrywide Home Loans, Inc., No. 13-684, 574 U. S. ___, ___, (2015) (slip op., at 3). The Court reversed a decision by the Eighth Circuit, which held that a borrower could exercise its rights only if it filed a lawsuit within the three-year period. Before Jesinoski, courts were divided about what was required to exercise a borrower’s rights under the statute: five circuits held that a borrower must file a lawsuit, while only three circuit courts held that mere notice was sufficient. Jesinoski thus resolved an important circuit split decisively in favor of the borrowers.
Truth In Lending Act (“TILA”), 15 U. S. C. §§ 1601 et seq.
Congress first passed TILA in 1968, in order to help consumers “avoid the uninformed use of credit, and to protect the consumer against inaccurate and unfair credit billing.” 15 U. S. C. § 1601(a). Among other things, the Act and its implementing regulations require lenders to provide certain mandatory disclosures to consumers in mortgage loan transactions. TILA also grants borrowers the right to rescind loan transactions within given time periods. For up to three days following the closing of a loan transaction, borrowers can rescind the loan for any reason. If the lender failed to make the disclosures required by TILA, however, the borrower has three years to rescind the loan. See 15 U.S.C. § 1635(f). The question presented in this case was what the borrower has to do to exercise its rights of rescission within the 3-year period.
In 2007, the Jesinoskis closed a loan transaction with Countrywide Financial Services, Inc. (“Countrywide”). Exactly three years after closing the transaction, the borrowers mailed notice to Countrywide of their intention to rescind the loan. One year and one day after that—or four years and a day after the loan closing—the Jesinoskis filed suit against Countrywide, seeking to rescind the loan.
In federal district court, Countrywide moved for summary judgment, arguing that the borrowers had failed to satisfy the Act’s limitation period. The district court agreed, citing binding precedent in the Eighth Circuit that “a suit for rescission filed more than three years after consummation of an eligible transaction is barred by TILA’s statute of repose.” The Eighth Circuit affirmed.
The Supreme Court’s Opinion
In a unanimous opinion authored by Justice Scalia, the Supreme Court reversed. The Court resolved the case as a matter of simple statutory construction. In particular, the Court relied on 15 U.S.C. § 1635(a), which provides that a borrower “shall have the right to rescind . . . by notifying the creditor, in accordance with regulations of the Board, of his intention to do so.”* This language, the Court held, “leaves no doubt that rescission is effected when the borrower notifies the creditor of its intention to rescind.” The entire opinion went on for less than six pages, one of the shortest to be issued this Term.
In its opinion, the Court quickly rejected Countrywide’s arguments that rescission could result only from a lawsuit or judicial action. As Countrywide pointed out, under the common law doctrine of rescission, the borrower had to either tender the amount it had received to the lender (rescission at law) or receive a judicial decree of rescission (rescission at equity). The Court held that nothing in the Act, or in the Court’s jurisprudence, modifies “the clear import of 1635(a) . . . that a borrower need only provide written notice to a lender in order to exercise its right to rescind.”
Advocates for the financial services industry warn that the decision will harm consumers in the long run, by adding to clouds on title, incentivizing needless litigation, and injecting uncertainty into the mortgage market. As Countrywide argued in its brief, the circumstances presented in the Jesinowskis’ case—where a borrower sends notice of its intent to rescind but fails to bring a lawsuit within that time—already represented a “narrow, though frequently reprised, set of circumstances.” Following the Supreme Court’s decision, those circumstances are likely to become significantly more common. From now on, any bank that receives notice of a borrower’s intent to rescind a loan within three years of a loan closing should at least be prepared for the possibility of litigation.
* Following the events of this case, in 2010 Congress transferred rulemaking authority under the Act from the “Board” (Federal Reserve Board) to the Consumer Financial Protection Bureau. See Dodd-Frank Wall Street Reform and Consumer Protection Act, Pub. L. No. 111-203, as amended.