404

Page not found.

Intro:      0:00-1:20

Advertising Rules and Regulations:    1:20-7:15

Social Media Platform Rules:    7:15-34:35

Advertising/Social Media Best Practices:  34:35-56:46

By:  Michael Mulvey

As of January 1, 2024, the Corporate Transparency Act (“CTA”) became effective. This legislation requires certain reporting requirements as part of the Anti-Money Laundering Act of 2020. To enforce these requirements, the Treasury Department’s Financial Crimes Enforcement Network (“FinCEN”) created a registry to receive all reportable information. This legislation intends to reduce the occurrences of money laundering, tax fraud, drug trafficking, and terrorism in the United States using shell companies. The federal government may make the information available to state and foreign agencies with the intent to combat the illicit activities mentioned. Credit unions and other financial institutions may obtain access to this information for the purpose of member/customer due diligence if sufficient need is shown. While we can agree on the intent of this legislation, it does create an administrative obligation on millions of small businesses.

The first question you may be asking is, “what does this mean for my organization?” To answer this question a determination is made whether the entity is a “reporting company” under the CTA. Reporting companies are defined as:

a corporation, limited liability company, or other similar entity that is created by the filing of a document with a secretary of state or a similar office under the law of a state or Indian tribe or formed under the law of a foreign county and registered to do business in the United States by the filing of a document with a secretary of state or similar office under the laws of a state or Indian tribe.

This definition may seem broad, there are twenty-three types of entities exempt from reporting. This list of exempted entities includes credit unions, other entities under the supervision of a regulatory agency (ex. broker-dealer), and subsidiaries of certain exempt entities. This means credit unions and CUSOs that are wholly owned or controlled by credit unions are exempt from the reporting requirements. While the CTA does not define what “controlled by” means, my presumption is majority control of the entity. In the case of collaborative CUSOs, owned by credit unions and third parties, a case-by-case determination needs to be made whether an exemption applies. If no exemption applies, then the reporting company must file a Beneficial Ownership Interest (“BOI”) report with FinCEN. The BOI report includes the full legal name of the reporting company (including DBAs), tax identification number, justification of formation, current United States business address, beneficial owner information, and company applicant information.

Your next question is, “who are beneficial owners?” Beneficial owner(s) means an individual who directly or indirectly, through a contract, arrangement, understanding, relationship, or otherwise, (i) exercises substantial control over the entity, or (ii) owns or controls not less than twenty-five percent of the ownership interest of the entity. This includes the reporting company’s president(s) CEO, CFO, COO, general counsel, and any other individual exercising substantial control. As currently enacted the CTA does not define what “substantial control” means, hopefully, we receive clarity on this in the future. The reporting company must provide FinCEN with each beneficial owner’s name, date of birth, residential or business address, and a unique identifying number from an acceptable identification document (such as a driver’s license or passport). The company applicant is the person or persons that file the organizational documents with a state. The company applicant reporting is only required for entities formed after January 1, 2024. Entities formed prior to January 1, 2024, do not need to provide this information.

Concerning the timing of the filing, if the entity existed prior to January 1, 2024, the first report is not due until January 1, 2025.  If the entity is formed during 2024, the initial report is due within 90 days after the creation of the entity with the respective state.  Any entity created on January 1, 2025, or after, will have 30 days from the creation of the entity to file. If any reported information needs amending, an updated report is due within 30 days of the date the change leading to the amendment occurred.

To enforce these reporting requirements, there is a potential for civil or criminal penalties for failing to report or remedy a report.

To assist with potential questions, I am including links to FinCEN’s webpage with FAQs on this topic Beneficial Ownership Information Reporting | FinCEN.gov along with FinCEN’s BOI Small Compliance Guide v1.1 (fincen.gov) for additional information.

Lastly, FinCEN reported fraudsters are attempting to solicit information from individuals and entities that may be subject to reporting. FinCEN reiterated it does not send unsolicited requests. Any unsolicited communication attempting to collect this type of information is fraudulent and should not be responded to.

I will continue to provide updates on CTA reporting as additional information is provided. If you have any questions about the CTA and its reporting requirements, feel free to reach out.

Happy Holidays! As we prepare for the New Year, we are looking back at 2023 and revisiting a few of the topics we covered this year.

Did you know that Messick Lauer & Smith has a LinkedIn page where you can find articles and summaries on topics we believe are important for everyone in the credit union and CUSO industries? Some of the topics we covered there included this article by Jenn Winston on the NCUA’s final rule expanding member expulsion. Mike Mulvey highlighted the importance of maintaining corporate separateness between a credit union investor and a CUSO. New articles are posted to LinkedIn weekly, be sure to follow our page to stay up to date on all things industry related. If you are not on LinkedIn, you can find these articles on our website.

2023 also saw our “In the CU” podcast grow and included some special guest interviews. Brian Lauer interviewed the Honorable Rodney Hood about his time at the NCUA and his thoughts on the future of the industry. Earlier this year, Mike Heller discussed the CUSO Examination process with Mark Treichel, the NCUA Interpreter. Amanda Smith provided her insights and best practices on creating charitable foundations, which is something we have seen increased interest in over the last year. You can subscribe to “In the CU on most streaming platforms so you don’t miss an episode or find the full list.

Some topics deserve more in-depth discussion than a podcast can provide. We have periodically released webinars you can watch on demand. This year we have updated our CUSO 101 webinar, discussing regulatory requirements and business considerations when forming a CUSO. We also recently published a webinar on the NCUA’s recent final rule on Financial Innovation, which will continue to have significant impacts on the credit union and CUSO industries. You can find the most recent webinars on our website.

In looking towards 2024, our goal is to continue providing timely updates and analysis on new rules and regulations impacting the credit union industry. We will also be providing more articles, podcasts, and webinars throughout the year. If there are any topics you would like to see our firm cover in the new year, please email us at with your thoughts at mailbag@cusolaw.com.

Keep your eyes peeled for a refresh to our website, cusolaw.com, in the new year. If you would like to provide a testimonial for our new website, you can do that here.

We genuinely enjoy working with our clients and appreciate the continued trust in our firm to help your organization have continued success.

FCU Bylaw Amendments will be required for updating member expulsion policy.

This summer, the NCUA adopted a final rule permitting a federal credit union (“FCU”) to expel a member for cause by a two-thirds vote of the FCU’s board of directors. The NCUA was required to develop a policy under which a member could be expelled. This policy was published in July and became effective on August 25, 2023.  The NCUA has recently updated the language in the model bylaws on their website to reflect these changes.

To recap, the prior bylaws allowed an FCU to expel a member by either a two-thirds vote of the members at a special meeting convened for that purpose or a lack of participation, as defined in the FCU’s policy.  This final rule was intended to provide flexibility for FCU’s by allowing them to expel a member for cause with a two-thirds vote by the board of directors. To expel a member under this provision, the FCU must amend its bylaws to include procedures for expelling and provide notice to the members.

Under the final rule, the NCUA Board clarifies what constitutes a “member not in good standing”, which includes substantial or repeated violations of the membership agreement; a substantial or repeated disruption to the operation of the FCU; or fraud/attempted fraud or other illegal conduct related to the FCU.  To note, a disruption can include threats, violence, abuse of FCU employees, and other types of harassment by a member.

Once the FCU has adopted the amended bylaws, they must provide notice of the expulsion policy, either by providing the policy in written or electronic form, to each member, or by providing the optional standard disclosure notice to each member.  We recommend providing the standard disclosure notice rather than the entire policy to your members. Only after the notice is provided can the FCU begin to expel members under the policy.  You can find the optional standard disclosure notice here in the Official NCUA Commentary section.

The final rule also establishes procedures an FCU must follow when expelling a member.  Prior to expelling a member, they must be notified in writing and provided with a reason for the expulsion.  The final rule gives a member 60 calendar days from the date of receipt of a notification of pending expulsion to request a hearing from the FCU’s board of directors. FCUs are not required to provide an in-person hearing under the rule and a virtual or telephonic hearing is sufficient if it provides an opportunity for the member to orally present their case to the board. If a member does not request a hearing within the 60-day period, they shall be deemed expelled at the expiration of the period. If there is a hearing, the board has 30 days to hold a vote on the expulsion. The rule does not include a right to appeal the board’s decision.  However, the FCU must provide information to the member about the effect of the expulsion and must provide details on how to submit complaints to the NCUA if it cannot be resolved between the FCU and the member. The final rule also provides details on how a member can be reinstated after expulsion.

The rule retains the limitation of services policy and the NCUA Board recommends that the policy be used as a tool to be used in conjunction with the new expulsion policy and that the expulsion policy be used sparingly.

You can read the final rule here: https://www.govinfo.gov/content/pkg/FR-2023-07-26/pdf/2023-15715.pdf.  If you have any questions on how to implement this change or amend your bylaws, please contact our office and we can assist you.

The NCUA’s new Financial Innovation Rule offers credit unions new and exciting lending opportunities. However, with these new and exciting opportunities come more responsibility on credit unions to reassess, strengthen and update their loan purchasing and lending policies and procedures. This webinar goes into detail about what changes were made to the NCUA’s loan participation and eligible obligations rules, what practical effects those changes have on credit unions’ contracts and policies in this area, as well as other CUSO considerations in light of the new rule change. If you have any questions about the new Financial Innovation Rule or your credit union’s loan purchasing or lending programs, feel free to reach out to us.

Financial Innovation – Loan Participation and Eligible Obligations Webinar

-What’s changed? (0:00-24:13)

-Policy/contractual considerations (24:13-49:56)

-CUSO considerations (49:56-53:57)

 

Third party relationships can present great opportunities to credit unions to meet their strategic goals and to expand member services in an increasingly competitive marketplace.  However, these opportunities must be properly evaluated, with risks assessed and adequately mitigated.  This webinar reviews the NCUA’s supervisory guidance as to how credit unions should evaluate their third party relationships and also discusses other best practices credit unions should consider.  If you are a CUSO, this is also a helpful resource for what credit union clients will be looking for when evaluating a potential business arrangement.  If you have any questions about the webinar or your own third party risk management program, feel free to reach out to us.

Content:

Initial Risk Assessment (0:00-05:37)

Due Diligence (05:37-27:25)

Ongoing Risk Monitoring (27:25-39:47)

By:  Jennifer Winston

Jwinston@cusolaw.com

Last month, the CFPB released Consumer Financial Protection Circular 2023-01 emphasizing unlawful negative option marketing practices.

The CFPB has stated that engaging in negative option marketing practices violate the Consumer Financial Protection Act’s (CFPA) prohibition on unfair, deceptive, or abusive acts or practices (UDAAP).  “Negative option” refers to either a term or condition under which a seller may interpret a consumer’s silence, failure to take affirmative action to reject a product or service, or failure to cancel an agreement as acceptance or continued acceptance of the offer.  These negative options are commonly seen in automatic renewal plans, continuity plans, and trial marketing plans. The CFPB argues that serious harm to consumers occurs when the consumer is charged when they did not wish to receive the product or service. The CFPB has received many consumer complaints, especially from older consumers, that did not intend to purchase or subscribe.  In addition, complaints have been received about the difficulty of cancelling subscription-bases services and charges that still occur after cancellation.

The CFPB gives three areas where negative option marketing practices may violate the CFPA – disclosure, consent, and cancellation.  Violations may occur in these areas when the seller:

  • Misrepresents or fails to clearly and conspicuously disclose the material terms of a negative option program;
  • Fails to obtain consumers’ informed consent; or
  • Misleads consumers who want to cancel, erects unreasonable barriers to cancellation, or fails to honor cancellation requests that comply with procedures.

An example of a disclosure violation provided by CFPB is when a consumer signs up for a free trial but is actually enrolled in a subscription program with recurring monthly fees unless cancelled by the consumer by a specific date. Terms that are disclosed in a fine print or low contrast would still result in a violation because disclosures must be clear and conspicuous.   A consent violation would occur when a seller falsely represents to a consumer they are agreeing to receive information about a service when they are actually purchasing it or fails to explain automatic, recurring charges at the time of purchase.   Cancellation violations occur when consumers must make multiple requests to cancel or are persuaded from cancelling with misrepresentations about costs and benefits of the product.  Depending on the facts in each case, such conduct may be unfair, deceptive, or abusive under the CFPA.

Credit unions and other entities should be aware that in addition to the CFPA’s UDAAP prohibitions, the violations discussed in this circular may also violate the Electronic Fund Transfer Act (EFTA), Regulation E, and the Telemarketing Sales Rule.

Please reach out to our office if you have any questions on how this circular may impact your marketing practices.

By:  Michael Mulvey

mmulvey@cusolaw.com

 

One of the benefits of forming a CUSO is the limited liability protection offered to a CUSO’s investor(s). In order to maintain this protection, the CUSO and investing credit union(s) must maintain corporate separateness. This means the two entities’ operations are separate and distinct from each other. The reason this is important is because in the event of litigation, plaintiffs will attempt to break down the limited liability protection and hold the credit union liable for the actions of the CUSO. This is known as vicarious liability.

NCUA Rules and Regulations Part 712.4(a) requires that “A FICU and a CUSO must be operated in a manner that demonstrates to the public the separate corporate existence of the FICU and the CUSO.”  The Regulation lists six (6) business practices to maintain corporate separateness. Avoiding vicarious liability to the credit union is the goal and the six (6) business practices are but a means to accomplish that goal.

The following is a list of the six (6) listed business practices and how they apply to a credit union:

1.      Its respective business transactions, accounts, and records are not intermingled.

In a successful vicarious liability lawsuit, the parent company is not maintaining separate books and records from its subsidiary company. It is important to keep separate books and records for the CUSO. The CUSO should have its own operating account and accounting ledger. While in some cases a credit union may consolidate the CUSO onto its ledger, the CUSO should maintain separate accounting records.

2.     Each observes the formalities of its separate corporate procedures.

A CUSO is a separate business entity from the credit union. Like the credit union’s bylaws, the CUSO will have its own governing documents stating the CUSO’s governance structure and the rights of its investor(s). The CUSO’s Board should have regular meetings and keep the minutes of each meeting. All major decisions should be documented in the minutes or by resolution in accordance with the CUSO’s governing documents.

3.     Each is adequately financed as a separate unit in the light of normal obligations reasonably foreseeable in a business of its size and character.

The key here is the CUSO should be adequately capitalized and have the necessary insurance coverage for the type of business. To determine the necessary amount of capital required, I recommend clients prepare a business plan to determine how much capital is needed to operate a successful business. While there is no set threshold amount for adequate capitalization, generally courts look to see if there is sufficient capital to cover foreseeable operations and obligations.?

If the CUSO does not have sufficient capital to operate as an independent business, a court may decide the CUSO is a division of the credit union and allow for a plaintiff to bring a claim against the credit union.

4.    Each is held out to the public as a separate enterprise.

This is an important consideration in making sure no one is misled as to whether the person is dealing with the credit union or the CUSO.  To prevent any confusion between the credit union and the CUSO each entity should have separate phone numbers, email domains, company letterhead, business cards and operating accounts. If the credit union and the CUSO operate in the same building, the CUSO should have separate office space with appropriate signage in the building. Lastly if the credit union provides links to the CUSO’s services on its website there should be proper disclosures letting the person know they are dealing with the CUSO.

5.     The Credit Union does not dominate the CUSO to the extent that the CUSO is treated as a department of the Credit Union.

Every wholly owned CUSO I know has a board consisting of the staff and/or directors of the investing credit union, with an occasional outlier that has one or two people not affiliated with the credit union who also serve on the CUSO board. It would not make any business sense to have a subsidiary controlled by people other than individuals associated with the owners.  However, those boards should not be dominated by the directors of the investing credit union.  If the CUSO’s board is dominated by the credit union’s directors, it is evidence to suggest the CUSO and credit union are not separate and distinct entities.

6.     Unless the credit union has guaranteed a loan obtained by the CUSO, all borrowings by the CUSO indicate the credit union is not liable.

It is important for lenders to understand the credit union will not be held liable for the borrowings of the CUSO. This again reinforces the fact the CUSO is a separate and distinct entity that operates independently from its investing credit union(s).

If you have any questions or concerns about maintaining corporate separateness between your credit union and CUSOs feel free to reach out. I am happy to discuss this topic with you.

By:  Michael J. Heller

mheller@cusolaw.com

Part 1:  Contract Review

As credit unions increasingly rely on third party relationships to remain operationally efficient and competitive and to provide the most innovative and up-to-date services to members, contract review, negotiation, and monitoring are, and will continue to be, critical aspects of an effective third party risk management program.  As such, credit unions must have a team in place that specializes in each of these critical stages of the contract life cycle in order to best implement the credit union’s operational and strategic goals, better serve members, and know how best to react in the event the third party relationship turns sour.  This post is the first of an initial three-part series that will focus primarily on the first prong of the contract life cycle – contract review.  Not all third party relationships are the same, so this post will focus on a high level overview from the credit union perspective of what to consider when reviewing contracts for more complex third party arrangements that include critical services provided to the credit union.

Every third party contract review should address, at a minimum, a clear and unambiguous scope of services provided by the third party, along with the responsibilities and obligations of each party to the contract.  Given the growing complexity of the nature of third party relationships, if the third party utilizes subcontractors to provide services under the contract, this should also be clearly addressed so the credit union is knowledgeable as to the parties involved in the delivery of services and, if the subcontractor is critical to the third party’s ability to deliver services to the credit union, the credit union can request due diligence materials on those critical subcontractors or perform proper due diligence on the critical subcontractors itself.  This is essential given the growing regulatory emphasis on the credit union’s understanding of the service delivery flow to better locate vulnerabilities as part of its third party risk mitigation strategy.  Performance standards should also be included in the contract, along with third party reporting obligations (including the frequency at which the credit union should expect the reports), and what remedies are available to the credit union in the event the third party fails to meet contracted service levels.  Also, building broad auditing rights into the contract will better help the credit union collect the information necessary to properly assess third party performance.

If the credit union is sharing sensitive, proprietary confidential information, and certainly when the credit union is sharing member, non-public personal information, the third party contract should include or reference the third party’s confidentiality and data security practices, including, but not limited to, the third party’s business continuity and contingency planning processes, to protect credit union confidential information.  This should incorporate, at a minimum, data security standards included in NCUA Rules and Regulations Part 748, but also include more protective security standards for credit unions in states with more extensive legal privacy requirements.  The contract should also address when and how credit union confidential information will be returned or adequately disposed.

There are also certain boilerplate legal terms to pay attention to in order to ensure that the credit union itself is adequately protected while also making sure that the contract is not overly protective of the third party service provider – most notably, the indemnification and limitation on liability provisions.  The credit union should also be aware of particular legal issues that may arise given the state law that governs the contract, as well as the dispute resolution procedures included.  Finally, there may be limitations imposed on the credit union’s ability to transfer its obligations under the contract or to modify its terms.  Credit unions should seek maximum flexibility in these areas to best protect their interest in the third party arrangement.

There are also numerous other contractual considerations given the particular context of the business arrangement (i.e. intellectual property rights in software product offerings, third party infringement indemnification, insurance limits, member complaint procedures for member servicing issues, etc.) that are specialized enough to be the subject of future posts.  But there is another important area of contract review that must be adequately addressed and fully understood prior to execution – the credit union’s exit strategy.  There could be a multitude of hurdles that impact a credit union’s decision to move on from a third party service provider (i.e. long contractual terms, early termination fees, financial costs associated with transitioning to a new service provider, etc.).  It is best practice for a credit union to fully understand how best it can exit a third party contract to ensure that its transition to provide similar services with another service provider, or internally, can be accomplished without facing exorbitant costs to move forward.

Contract review is integral to a credit union’s due diligence process and lays a solid foundation for the credit union to best assess risks presented in a third party relationship from a contractual standpoint.  In addition to having the board involved in the decision-making process, credit unions should also have a team assembled that can best identify third party risk and mitigation strategies in the contractual process, including, but not limited to, subject matter expert attorneys and leaders from all relevant business units.  The next post in this series will focus on the credit union’s right to negotiate to ensure that it does not enter into third party arrangements with contractual terms that could adversely affect the credit union’s ability to meet its operational and strategic goals and to continue to provide its members with innovative service offerings.

By:  Michael Heller

mheller@cusolaw.com

 

The Federal Trade Commission (“FTC”) published a new proposed rule on January 19, 2023 to prohibit the use of non-compete clauses in certain agreements.  The proposal is currently in the commentary period, which will end on March 20, 2023.  If adopted, the proposed rule will require employers that use non-compete clauses to remove them from their agreements.  In addition to removing the non-compete clauses, employers will be required to provide individualized communications to current and former employees who have been/are affected by the non-compete clause to notify them that the clause has been removed and will no longer be enforceable.  The proposed rule applies to a wide classification range including, but not limited to, employees, independent contractors, interns, and volunteers.  Certain employer classifications are excluded from coverage of the proposed rule; most notably federally chartered credit unions.

The proposed changes do not extend to other restrictive covenants like non-solicitation or non-disclosure obligations since those provisions should protect legitimate business interests and do not necessarily prevent an employee from seeking or accepting employment with another business.  However, the proposed rule is clear that if these types of covenants are so unusually broad to effectively function as non-compete clauses, they will be considered to be non-compete clauses and will be prohibited.  This determination is made on a case-by-case basis considering factors outlined in the proposed rule.

If you have any questions about the proposed FTC rule change or if you would like us to review any agreements that you think may be affected by this proposed rule change, please contact us.