Archive for April 29, 2010
OTS Cracks Down on Overdraft Practices, Proposes New Guidance
On April 23, 2010, the Office of Thrift Supervision (OTS) reached agreement with Woodforest Bank, a thrift institution located in Refugio, Texas, concerning its overdraft protection program. The OTS also issued proposed Supplemental Guidance on abusive overdraft practices.
In consenting to two Orders from the OTS, Woodforest Bank agreed to cease certain unsafe or unsound practices identified by the OTS, including the origination of loans with a low probability of repayment, unfair, misleading or deceptive marketing or advertising practices and disclosures in connection with the Bank’s overdraft protection program. Under the terms of the agreement, the Bank will set aside more than $12 million to pay restitution to existing and past Bank customers harmed by the Bank’s overdraft protection practices, as well as pay $400,000 as a civil money penalty.
On April 29, 2010, the OTS also published proposed Supplemental Guidance on Overdraft Protection Programs in the Federal Register, which, if finalized, would update the Guidance on Overdraft Protection Programs previously issued by the OTS in 2005. In its proposed Supplemental Guidance, the OTS emphasized that thrift institutions must accurately represent the features of overdraft protection programs and clarify that overdraft protection is not a “free” account feature, while disclosing applicable program fees to the customer. The OTS also highlights a thrift institution’s responsibility to explain to customers that payment of overdrafts by the thrift institution is discretionary and to disclose circumstances under which the institution will not pay an overdraft. Additionally, the proposed Supplemental Guidance advises thrift institutions to provide customers with information regarding alternatives to overdraft protection and place reasonable aggregate limits on overdraft fees. Comments to the proposed Supplemental Guidance are due on or before June 28, 2010. The proposed Supplemental Guidance may be found here: http://www.ots.treas.gov/_files/482132.pdf.
New and Improved BSA/AML Examination Manual
Today the Federal Financial Institutions Examination Council released the 2010 version of the Bank Secrecy Act/Anti-Money Laundering Examination Manual. This revised manual further clarifies supervisory expectations, reflects feedback from the banking industry and examination staff, and incorporates regulatory changes since the manual’s release in 2007. The revised manual can be found here: http://www.ffiec.gov/bsa_aml_infobase/documents/BSA_AML_Man_2010.pdf.
Massachusetts Passes Aggressive New Data Security Law
Do you own or license personal information about a resident of Massachusetts? If so, then a new data security law, 201 CMR 17.00, applies to you. You must develop, implement and maintain a comprehensive information security program that includes a security system covering computers, including any wireless system. Among other requirements, you must ensure that, where technically feasible:
- All data containing personally identifiable information (PII) must be encrypted on the wire and as its transmitted across public networks or wirelessly. This means, for example, that PII must be sent over HTTPS, not HTTP and must be encrypted when stored in SQL Server. This rule has significant implications for database applications.
- All PII data stored on laptops or other portable devices, such as smartphones and USB drives must be encrypted.
- Backup tapes must be encrypted on a prospective basis.
Penalties for noncompliance are enforced through Massachusetts General Law Title XV: Regulation of Trade, chapter 93A, section 4. Civil money penalties may be assessed of up to $5,000 per breach or lost record, as well as reasonable costs of investigation and litigation, including attorneys fees. Any data breach must be reported to both the Office of Consumer Affairs and Business Regulation and the Attorney General.
The law became effective March 1, 2010 and can be found here: http://www.mass.gov/Eoca/docs/idtheft/201CMR1700reg.pdf.
Answers to Frequently Asked Questions regarding the rule can be found here: http://www.mass.gov/Eoca/docs/idtheft/201CMR17faqs.pdf.
