Filed under: Current Issues in Credit Unions
The gang took the month off so our intrepid producer Victor put together a “best of” show for your listening enjoyment. Download or play it here.
Filed under: Consumer Financial Protection Bureau | Tags: attorney-client privilege
By David S. Brown, Esq.
The ABA and the Banking Industry Respond by Supporting Legislation that Would Impose Consistency
The U.S. Consumer Financial Protection Bureau (CFPB) has issued a final rule stating that the submission of protected information to the CFPB during the course of an investigation shall not be construed as waiving the attorney-client privilege or the attorney work product doctrine. Specifically, 12 C.F.R. § 1070.48(a) reads:
In general. The submission by any person of any information to the CFPB for any purpose in the course of any supervisory or regulatory process of the CFPB shall not be construed as waiving, destroying, or otherwise affecting any privilege such person may claim with respect to such information under Federal or State law as to any person or entity other than the CFPB.
Moreover, the CFPB also pledged to honor the attorney-client privilege when it shares information from banks with other federal and state agencies. To this end, the CFPB amended 12 C.F.R. § 1070.47(c) to read, “The CFPB shall not be deemed to have waived any privilege applicable to any information by transferring that information to, or permitting that information to be used by, any Federal or State agency.” The new rules became effective on August 6, 2012.
Under Title X of the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank Act”), the CFPB was established as an independent agency within the Federal Reserve System responsible for regulating the offering and provision of consumer financial products and services under the Federal consumer financial laws. The Dodd-Frank Act also gave the CFPB the authority to “prescribe rules regarding the confidential treatment of information obtained from persons in connection with the exercise of its authorities under Federal consumer financial laws.” The CFPB claims that it has the authority to compel all “supervised entities” to submit privileged or work product protected information.
Although the new rules were created to govern the disclosure of information related to consumer transactions, it’s conceivable that the information disclosed could impact commercial accounts as well. After all, financial institutions and their servicers – law firms, collections agencies, etc. – often treat the numerous accounts in a debtor’s defaulted portfolio as one for collection purposes. For instance, consider a small business owner who personally guaranteed a business line of credit (a commercial account), and who also has a personal credit card and a home equity line of credit (both consumer accounts) all with the same bank. Once the bank obtains a judgment on any one of these accounts, it will likely want to conduct a debtor’s examination – or similar post judgment execution – to determine the debtor’s collectability. If all three accounts are being handled in house, or by the same law firm or collection firm, it’s probable that a single debtor’s examination will be conducted for all three accounts and that the information obtained will be shared for the collection of all three accounts. Thus, the commercial account, and the information obtained through it, may become part of a CFPB investigation if the CFPB determines that it was used as a vehicle to obtain information about the debtor’s collectability with respect to the consumer accounts.
Now, the CFPB has already made clear that it will be sharing privileged information about consumer accounts with other federal and state agencies. The concern, of course, is that third parties will attempt to obtain the disclosed information through document subpoenas, public records requests or depositions – resulting in the disclosure of information otherwise protected by the attorney-client privilege. Such information could be used to defend still pending matters, to prosecute FDCPA violations, to support a motion for relief from judgment and to otherwise interfere with the collections process. Moreover, the American Bar Association (ABA) has made clear that the CFPB’s new rule will undermine the attorney-client privilege and the work product doctrine by causing supervised entities to routinely waive these protections in an effort to avoid being labeled as “uncooperative” by the CFPB, and by chilling and seriously undermining the confidential lawyer-client relationship.
In an effort to avoid such situations, the ABA and the financial industry as a whole, are supporting legislation in Congress that would “preserve the privileged status of materials submitted to the CFPB”. Specifically, H.R. 4014 and S. 2099 are identical bills pending in Congress that would, “clarify that sharing privileged information with the Consumer Financial Protection Bureau (CFPB) does not waive certain legal privileges and would not open that information or a financial institution up to a third-party subpoena.” Under current law, sharing privileged information with a covered agency during the course of a supervisory or regulatory process does not waive attorney-client, work-product, or other privileges recognized under federal or state law. Covered agencies include, for example, any federal banking agency, the Farm Credit Administration, the Government Accountability Office, and the Federal Housing Finance Agency. H.R. 4014 and S. 2099 would add the CFPB to the list of covered agencies, thus protecting information shared with the bureau in a similar manner. Although the CFPB’s new rules require it to follow this practice in the absence of legislation, enacting this H.R. 4014 or S. 2099 would eliminate any uncertainty about whether the CFPB can protect such information.
This is a development that should be monitored closely over the coming weeks as Congress is expected to adjourn sometime in the middle of December. In order for either of these bills to become law, Congress will need to act on them before the adjournment. Additionally, financial institutions will need to work closely with their legal counsel to establish when it is proper to share information, both internally and with the CFPB, and when the attorney-client privilege or the work product doctrine should be raised.
Sources:
12 C.F.R. § 1070.48.
Carter Dougherty, U.S. Consumer bureau Issues Rule on Attorney-Client Privilege, Bloomberg, June 28, 2012.
12 C.F.R. § 1070.47.
The Federal Register, The Daily Journal of the United States Government, Confidential Treatment of Privileged Information, https://www.federalregister.gov/articles/2012/07/05/2012-16247/confidential-treatment-of-privileged-information
Wm. T. Robinson, III, President, Comment Letter, American Bar Association, April 12, 2012, http://www.americanbar.org/content/dam/aba/uncategorized/GAO/2012apr13_attorneyclientprivileges_l.authcheckdam.pdf
Congressional Budget Office, Cost Estimate, March 19, 2012, http://www.cbo.gov/publication/43112
Suspicious Activity Reports are unique documents among all the paperwork that a credit union must process. No other document comes to mind that has the protections and ability to affect other laws than the SAR. Few other documents carry the heavy civil and criminal penalties that the SAR does if the document is not timely and properly filed. Moreover, no other document must be kept secret at the credit union with the degree of intensity that the SAR requires.
Sound intriguing? Perhaps it is from the law enforcement side. However, most folks on the credit union side of the world never imagined that they would cross into the realm of law enforcement and yet that’s really what BSA is. All editorials aside, a client recently asked me whether or not credit union directors needed to look at the actual SAR documents every month or would just giving a report as to how many SARs were filed in a given month suffice? The answer is that no one at the credit union should look at a SAR unless he or she has a legitimate business purpose to so view it. This includes directors. Unless a director is part of a BSA audit team or has some other legitimate “need-to-know” basis, he or she should not see the actual SAR documents or paperless versions thereof.
Section 748.1 of the NCUA Regulations states that the management of the credit union must notify the board of SARs filed by the credit union. The NCUA has further explained that this means notifying the board every 30 days as to when SARs are filed. FinCEN has also stated:
Additional risk-based measures to enhance the confidentiality of SARs could include, among other appropriate security measures, limiting access on a “need-to-know” basis, restricting areas for reviewing SARs, logging of access to SARs, using cover sheets for SARs or information that reveals the existence of a SAR, or providing electronic notices that highlight confidentiality concerns before a person may access or disseminate the information.
See FIN-2012-A002. See also FIN-2010-A014.
It is also important to remember that the person upon whom the SAR is being filed can never be told about it. This applies to directors, officers and employees as well. SARs are, in effect, legal plutonium and must be handled with extreme caution. If this sounds wrong or alien or counter-intuitive, understand where this is coming from. SARs are a law enforcement tool. The rules surrounding them sound more in the secret side of law enforcement than in the open and caring environment one normally finds in the credit union.
