Financial Services Law - Feb 14, 2014

by Manatt, Phelps & Phillips, LLP

In This Issue:

  • Manatt Expands National Financial Services Practice with Additions of Carol Van Cleef and David Gershon
  • For Community Banks, A Volcker Rule Recap
  • Bit by Bit(coin), Virtual Currency Inches Toward Regulation
  • Tribal Immunity Protects Online Payday Lenders from California Prosecution
  • Ninth Circuit: Credit Card Fees Are Constitutional – For Now
  • FDIC, OCC Take Action Against Third-Party Service ProviderFDIC, OCC Take Action Against Third-Party Service Provider

Manatt Expands National Financial Services Practice with Additions of Carol Van Cleef and David Gershon

Carol Van Cleef joined the Washington, D.C., office of Manatt, Phelps & Phillips, LLP, as a partner in the Financial Services and Banking practice. Considered one of the nation’s leading experts on issues related to payments systems and virtual currencies, including Bitcoin and other crypto and commodity backed currencies, Ms. Van Cleef has extensive experience in the financial services arena with a concentration on electronic payments, anti-money laundering and Office of Foreign Assets Control compliance programs, state money transmitter licensing, privacy and data security, and other banking regulatory and enforcement issues. She represents banking organizations and credit unions, money services business and nonbanking entities, securities firms, insurance companies, finance companies, money service businesses and hedge funds in federal and state regulatory, compliance and enforcement matters. 

In addition, David Gershon joined the San Francisco office as a partner in the Financial Services and Banking practice. Mr. Gershon focuses on securities and general corporate matters for financial institutions and technology companies. His experience includes mergers and acquisitions, securities law compliance, private placements and corporate governance. Mr. Gershon was formerly general counsel of a NASDAQ-listed semiconductor company and a venture-backed software developer.

For Community Banks, A Volcker Rule Recap

Financial institutions have been inundated with information since the release of the final Volcker Rule on December 10, 2013 (click here to view our previous newsletter). For community banks, questions remain: Which parts of the Volcker Rule are applicable and which are not? Are 10-K disclosures required? And when does the final rule take effect?

The regulations under Section 619 of the Dodd-Frank Act – the so-called Volcker Rule – are clearly aimed at banking entities that engage in proprietary trading and invest in hedge funds, typically thought of as large, internationally active institutions. But the Volcker Rule applies with equal force to the average local bank as well. To determine its impact, a banking entity needs to identify points where its business involves either proprietary trading or covered funds.

Community banks may benefit from thinking about these questions:

  • What does the treasurer invest in? Almost certainly these investments will meet the definition of “proprietary” under the final Volcker Rule – but they may or may not constitute “trading.” The final rule features a rebuttable presumption drawing the line for “trading” at 60 days, a helpful clue for financial institutions. However, the 60-day period is only a presumption. Future regulatory interpretations, which may come in interpretive releases, cases, and examination discussions, will help to flesh out what is meant. Assuming an investment meets the definition of both “proprietary” and “trading” under the rule, does the treasurer have to change his or her investment strategy? Not necessarily. The Volcker Rule includes many exceptions. Government securities, for example, are exempted and the language is broad enough to cover a lot of what most bank treasury departments use for temporary investments. Another exemption exists for hedges but presents some complications. Each hedge must be tied to specific risks, then monitored and adjusted if the risk changes. Records must be kept about the relationship between the hedge and the related risk. These requirements will likely result in procedural changes for banks once the Volcker Rule is effective.

  • Does the banking entity invest in private funds? Call them hedge funds, private equity funds, or something else, institutions must use caution when handling an investment that meets the definition of a “covered fund” under the final rule. The limit on investing in all covered funds is 3 percent of Tier 1 Capital, and a banking entity’s investment in any single covered fund cannot be more than 3 percent of that covered fund. Again, the Volcker Rule contains multiple exemptions. Most helpful to banks is an exception for funds that invest in whole loans; other carve-outs exist for small business investment companies and business development corporations. If specific requirements are met, derivatives, securitizations, and commercial paper conduits can also qualify for exceptions from covered funds. A private fund that engages in merchant banking transactions may not be exempt. Banking entities will need to review the exceptions and the specific requirements to ensure that an exclusion applies before investing in pooled vehicles.

  • Does the banking entity organize pooled investments for others? Whether for a consortium of small banks or for investment by retail customers, the Volcker Rule allows a banking entity to act as a sponsor of a private fund. The institution can use its own money to seed the fund (even if that gives the banking entity more than 3 percent of the fund at the beginning), but the seeding period only lasts one year; after 12 months, the 3 percent ownership limit applies. The banking entity or an affiliate can remain involved in managing the fund in other respects after the seeding period, but should review the final rule for details on how the management and sponsorship arrangement must be constructed.

Why it matters: While most of the Volcker Rule’s more burdensome provisions are aimed at practices and business lines that are found only at the largest banks, some are pertinent to much smaller and simpler banking institutions. No entity is too small to consider these questions. If something about the business must be modified to conform to the final rule, is it a material change? With annual reporting season coming, a material impact could require disclosure. Therefore, financial institutions would be best served to identify such issues as soon as possible – and well before the implementation date for Volcker Rule changes on July 15, 2015.

Bit by Bit(coin), Virtual Currency Inches Toward Regulation

Has the time come to regulate virtual currency? At a recent hearing held by the New York Department of Financial Services, the answer appeared to be “yes.”

Over the two-day hearing, participants discussed such possibilities as the development of a state licensing system for virtual currency, while others expressed concern that regulation could stifle innovation.

Lawmakers leaned toward the need for regulation, particularly as they argued virtual currency presents a risk of illicit activity. New York County District Attorney Cyrus Vance, Jr., referred to the “digital Wild West” in his remarks. “While we have and will continue to aggressively prosecute individuals who use digital currency to facilitate their criminal activities, we need stronger tools to combat new emerging threats derived from these payment systems,” he said.

Deputy U.S. Attorney for the Southern District of New York Richard Zabel agreed, noting the obstacles presented by prosecuting the misuse of virtual currency, given its anonymity. “These currencies present complex challenges to law enforcement in terms of identifying and locating criminals who corruptly exploit them,” he said. “We have had some success, but it is difficult work in part because of the layers of anonymity and geographical distance that our investigations have to overcome.”

Zabel’s remarks were made in the wake of federal money laundering charges filed by his office against the CEO of a Bitcoin exchange start-up. BitInstant founder Charlie Shrem knowingly facilitated illegal purchases on Silk Road, the now defunct black market of the Internet, federal prosecutors charged. According to the complaint, Shrem ran afoul of anti-money laundering laws because the company failed to collect information about customers, monitor their transactions, and report suspicious transactions to the government as required by the Bank Secrecy Act.

Players in the virtual currency industry were less enthusiastic about potential regulation. Cameron and Tyler Winklevoss, investors in BitInstant, cited the Shrem indictment to suggest that existing laws don’t need to be expanded, while Bitcoin investor Fred Wilson recommended that lawmakers “regulate at the edges.” For video of the panel presentations at the New York hearing and written testimony, click here.

On Tuesday, February 11, 2014, Benjamin Lawsky, the Superintendent of the New York State Department of Financial Services, followed up his comments from the earlier hearings by stating that he would expect that the regulations which New York will adopt to govern digital currency will include consumer disclosure rules, capital requirements and a framework for permissible investments with consumer money.

Why it matters: New York could become the first regulator of virtual currency if the Department of Financial Services creates a “BitLicense” system to regulate virtual currency exchanges as discussed at the hearing. While attendees presented varying perspectives on the type and level of regulation, most seemed to accept that some type of law(s) will be forthcoming. As Lawsky noted, the “lack of regulation is simply not tenable for the long term.”

Tribal Immunity Protects Online Payday Lenders from California Prosecution

In a defeat for authorities seeking to crack down on Internet payday lenders, a California appellate court affirmed dismissal of a complaint filed by a state financial regulator against five Indian tribe-affiliated lenders.

Following an investigation, the Commissioner of the California Department of Corporations (now the California Department of Business Oversight) filed a complaint against Ameriloan, United Cash Loans, US Fast Cash, Preferred Cash, and One Click Cash alleging the defendants provided short-term payday loans over the Internet in violation of California law. Specifically, the complaint – which sought injunctive relief, restitution for consumers, and civil penalties – claimed the defendants charged excessive loan fees, failed to provide customers with required written notices, and engaged in deferred deposit transactions, commonly referred to as payday loans, without a state license.

The two owners of the five companies – Miami Nation Enterprises (MNE) and SFS, Inc. – sought to dismiss the complaint based on tribal immunity as wholly owned corporations of the Miami Tribe of Oklahoma and the Santee Sioux Nation, respectively.

Both federally recognized Indian tribes submitted declarations about the companies’ relationship to their tribes and the economic benefits the tribes derived from operating the business. For example, MNE’s board of directors consists of tribe members, while a wholly owned subsidiary processes and approves loan applications pursuant to underwriter criteria proposed by MNE. Profits from MNE and its subsidiary directly or indirectly fund government services for tribe members, the Miami Tribe said, and the “cash advance business is a critical component of the Miami Tribe’s economy and governmental operations.”

But the Commissioner pointed to the day-to-day operations of the cash advance businesses to argue that the lenders were actively operated and controlled by nontribal third parties – not the tribes themselves or tribally owned corporations. The government also pointed to information obtained from the Federal Trade Commission that MNE and SFS received just one percent of the gross revenues from the cash advance and loan business, while the nontribal company retained the net cash flow, characterizing the relationship as a “rent-a-tribe” scheme.

The case turned on one question, the California Court of Appeal said: whether MNE and SFS and the businesses they operate function as “arms of the tribe.” The court focused its inquiry on whether the tribal entities were sufficiently related to their respective tribes to be protected by tribal sovereign immunity.

“There can be little question that MNE and SFS, considered initially by themselves and without regard to the payday lending activities at issue in this enforcement action, function as arms of their respective tribes,” the court wrote, noting that MNE was created directly under tribal law with the express intent to be covered by tribal sovereign immunity. “[W]e believe the tribe’s method and purpose for creating a subordinate economic entity are the most significant factors in determining whether it is protected by a tribe’s sovereign immunity and should be given predominant, if not necessarily dispositive, consideration.”

“[T]he Miami Tribe of Oklahoma and MNE are closely linked through method of creation, ownership, structure, control and other salient characteristics; and, although the operations of MNE are commercial rather than governmental…extension of immunity to it plainly furthers federal policies intended to promote tribal autonomy,” the panel said. The court reached a similar conclusion with regard to SFS, adding that “because the reservation is in a severely depressed region, those profits are essential to maintaining a functioning tribal government able to provide necessary services to the tribe’s members.”

The tribes’ relationship to the cash advance and short-term loan businesses was a “slightly more complicated” issue for the court. While day-to-day operations are handled by a third-party, nontribal entity, “MNE and SFS have final decisionmaking authority to approve or disapprove any loans,” and the operations are “subject to the oversight and control” of MNE and SFS, the court said.

“In other words, MNE and SFS are not merely passive bystanders to the challenged lending activities,” the court wrote. “A tribal entity engaged in a commercial enterprise that is otherwise entitled to be protected by tribal immunity does not lose that immunity simply by contracting with non-tribal members to operate the business.”

The panel emphasized that whether or not the tribes negotiated good or poor management agreements was irrelevant. “In the end, tribal immunity does not depend on our evaluation of the respectability or ethics of the business in which a tribe or tribal entity elects to engage,” the court wrote, affirming dismissal of the Commissioner’s complaint. “Absent an extraordinary set of circumstances not present here, a tribal entity functions as an arm of the tribe it if has been formed by tribal resolution and according to tribal law, for the stated purpose of tribal economic development and with the clearly expressed intent by the sovereign tribe to convey its immunity to that entity, and has a governing structure both appointed by and ultimately overseen by the tribe.”

To read the decision in California v. Miami Nation Enterprises, click here.

Why it matters: The ruling was a blow to regulators seeking to crack down on the allegedly illegal payday lending businesses conducted by arms of Indian tribes (click here for our previous newsletter). Rejecting the Commissioner’s argument that the lenders were engaged in “egregious, deceptive and exploitive practices prohibited by California law,” the court said the relevant inquiry for tribal immunity was not the equities involved but a pure jurisdictional question. However, the court noted that its outcome was not a stamp of approval for the cash advance and short-term loan businesses. “[W]e obviously take no position in the policy debate over the general undesirability or predatory nature of online payday loans and express no view on the merits of the Commissioner’s allegations that the cash advance and short-term loan services offered by the tribal entities violate [state law],” the panel wrote.

Ninth Circuit: Credit Card Fees Are Constitutional – For Now

Credit card penalty fees – like over-limit and late fees – are constitutional and do not violate consumers’ due process rights, the Ninth Circuit U.S. Court of Appeals recently held.

Although the court ruled in favor of the bank defendants, two concurring opinions from the panel left open the door for case law development.

A class of consumers seized upon a line of U.S. Supreme Court decisions addressing the substantive due process limits on punitive damages in the tort context. Over the last approximately two decades, the justices have developed jurisprudence effectively limiting a punitive award to a single-digit ratio between punitive and compensatory damages in tort claims in cases such as BMW of North America, Inc. v. Gore, 517 U.S. 559 (1996), and State Farm Mut. Auto Ins. Co. v. Campbell, 538 U.S. 408 (2003).

The court based its holdings in substantive due process, reasoning that outsize punitive damage amounts (for example, a punitive award 500 times the actual damages) were grossly excessive, were a form of “supercompensation” for plaintiffs, and did not further a state’s legitimate interests in punishing unlawful conduct and deterring its repetition and, thus, did not comport with due process.

Relying upon the same theory, a group of cardholders filed suit against those among the largest issuers of consumer credit cards in the United States on constitutional grounds, contending that contractually provided late fees and over-limit charges are analogous to punitive damages imposed in the tort context. Fees typically range between $15 and $39, which vastly exceed the harm actually suffered by the issuers, the class alleged.

But the court disagreed.

The National Bank Act and the Depository Institutions Deregulation and Monetary Control Act permit issuers to charge the fees as long as they are legal in the issuers’ home states, the three-judge panel said.

As for the constitutional challenge, the court said the liquidated damages at issue – the predetermined sum to which cardholders contractually agree to – were distinct from punitive damages, which sound in tort claims. Finding the two types of damages too dissimilar, the court declined to apply the principles of substantive due process.

“Cardholders allege that the penalty fees in this case are purely punitive – the banks are compensated for the lost time value and collection costs associated with any breach by high penalty interest rates, making the overage charges a form of double-dipping,” the panel wrote. “But considering that the penalty clauses at issue originate from the parties’ private – albeit adhesive – contracts, they are distinct from the jury-determined punitive damages awards at issue in Gore and State Farm. . . .”

“Because constitutional due process jurisprudence does not prevent enforcement of excessive penalty clauses in private contracts, and the fees were permissible under the National Bank Act and DIDMCA,” the court affirmed dismissal of the complaint. While the other two judges on the panel concurred in the result, they filed separate opinions. Judge Stephen Reinhardt said he concurred “reluctantly,” and wrote that the Supreme Court should consider its due process jurisprudence in the consumer contract context.

“[I]f due process is violated when courts award disproportionate punitive damages in the tort context, due process is equally violated when courts enforce the punitive and substantially more disproportionate penalty clauses in contracts of adhesion,” he opined, suggesting that the proposition “deserves further exploration and analysis.” “[S]hould the new Supreme Court doctrine continue in effect, the extension of that doctrine as requested by cardholders should eventually become the law under the Due Process Clause.”

To read the opinion in Pinon v. Bank of America, click here.

Why it matters: The Ninth Circuit panel declined to extend the substantive due process jurisprudence of punitive damages to consumer contracts like the cardholder agreements, leaving issuers free to charge fees as long as they meet the requirements of the National Bank Act and the Depository Institutions Deregulation and Monetary Control Act. However, the concurring judges encouraged further exploration of the issue, finding that the Supreme Court’s line of cases should be evenly applied to both corporations and consumers. Issuers should keep an eye out for further development of this argument, which, if successful, could have a serious impact on consumer contracts.

FDIC, OCC Take Action Against Third-Party Service Provider

Proving an important reminder for financial institutions, the Federal Deposit Insurance Corporation and the Office of the Comptroller of the Currency entered into a joint cease and desist order with two technology service providers based on “unsafe or unsound banking practices” in the performance of their services.

The action comes on the heels of guidance issued by the OCC offering national banks advice on third-party risk management (click here to view our previous newsletter).

Las Vegas-based BServ and New Jersey’s FUNDtech Corporation both offer technology services for financial institutions. But the FDIC and OCC determined that the agencies “had reason to believe [the companies] engaged in unsafe or unsound banking practices in the performance of the services that [were provided] to insured depositor institutions.”

The consent order listed six examples of how BServ and FUNDtech did so:

  • “Operating without an internal auditor or an integrated risk-focused audit program, with no effective process to ensure that all high-risk areas [were] audited;

  • Operating without a comprehensive due diligence program or formalized policies and procedures to monitor, measure, and evaluate vendor risk or determine which vendors [had] access to non-public customer information;

  • Operating without an enterprise-wide risk assessment to determine related risks and vulnerabilities of assets throughout the company;

  • Operating without effective business continuity or disaster recovery planning;

  • Operating without effective patch management procedures to identify and address software vulnerabilities; and

  • Operating without an effective log review program to detect, identify, and act on potential threats in a timely manner.”

Pursuant to the order, the vendors are required to increase the participation of their boards to take on full responsibility for establishing policies and supervising the companies’ activities. New management must be hired (including an independent Internal Auditor and a senior Vendor Management Coordinator) and new programs and procedures put in place, from audit and vendor management programs to a full information security risk assessment.

BServ and FUNDtech also promised to provide progress reports to client banks and the agencies on a quarterly basis.

To read the consent decree in In the Matter of FUNDtech Corp., click here.

Why it matters: The agencies’ action and consent order reinforces the message that regulators are keeping an eye on financial institutions’ third-party relationships. Entities would be well advised to review and take into account the OCC’s guidance so as to ensure compliance

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Manatt, Phelps & Phillips, LLP | Attorney Advertising

Written by:

Manatt, Phelps & Phillips, LLP

Manatt, Phelps & Phillips, LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at:

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.