Dear Sir or Madam:
The Independent Community Bankers of America (ICBA)1 appreciates the opportunity to offer comments on the agencies' third installment of the EGRPRA2 project. Mandated by Congress, the EGRPRA project is an overall review of agency rules to identify outdated, unnecessary, or unduly burdensome regulatory requirements. Earlier installments have examined applications, powers, international operations and consumer lending requirements. This particular installment reviews Consumer Protection: Account/Deposit Relationships and Miscellaneous Consumer Rules.
Community banks play a vital role in the economic well being of countless individuals, neighborhoods, businesses, organizations and communities throughout the country. However, the increasing burden and costs of regulatory compliance is eroding the ability of community banks to continue doing business. While the industry as a whole has been profitable, smaller community-based banks and thrifts, especially when confronted with increasing competition from a variety of fronts, have not been nearly as profitable. As shown by FDIC statistics, many smaller institutions have significantly lower returns on assets (ROA) and returns on equity (ROE). The erosion of this profitability by compliance costs, which weigh more heavily on smaller banks that have less ability to spread the costs across accounts and customers, is causing many community bankers to consider selling or merging. The loss of community based financial institutions would be a great loss to local communities, but unless there is a drastic reversal of public policy and a reduction in regulatory burden, the community bank may very well go the way of the corner grocery store and the local hardware store.
As pointed out so eloquently by John Reich, the FDIC's vice-chairman, smaller community banks are disappearing, in part due to the level of regulatory burden.3 In Congressional testimony, Reich stressed the importance of regulatory burden reduction to community banks and the communities they serve: "I believe that in looking to the future, regulatory burden will play an increasingly significant role in shaping the industry and the number and viability of community banks….if we do not do something to stem the tide of ever increasing regulation, America's community banks will disappear from many of the communities that need them most." More recently, two economists for the Federal Reserve reached the same conclusion.4 These are factors that the agencies should keep at the forefront in their evaluation of regulatory burden.
ICBA's specific comments about each of the categories of regulations are listed below. We have boldfaced our recommendations.
Privacy of Consumer Financial Information
Privacy Notices are Burdensome and Costly. In 2003, the federal banking agencies estimated the amount of time that bankers must expend to comply with the federal privacy requirements under the Gramm-Leach-Bliley Act. For example, the FDIC estimated that it a bank or thrift, on average, required 45 hours annually to comply with the requirements of the GLBA privacy rules. The ICBA believes that this seriously understates the demands of the rule. While it is true that the major compliance efforts affected banks and thrifts during the first year as they implemented policies, practices and procedures to comply with the new requirements, the rule still imposes a significant burden and cost on the industry.
Anecdotal evidence from an informal survey of ICBA leadership bankers indicates that for small community banks with between 3,000 and 6,000 customers, it takes a minimum of 80 hours each year to comply with the demands of the GLBA privacy rules; those estimates are from banks that do not share information in ways that require the bank to provide an opt-out option. For a larger urban bank with just over $1 billion in assets, it can take nearly 2750 hours to comply annually. In addition to preparation and mailing of notices, all banks and thrifts must audit the programs, ensure that employees are properly trained, and monitor compliance on a regular basis.
For banks or thrifts that provide an opt-out option, the time devoted to compliance with the privacy rule dramatically increases. In addition to providing notice and monitoring for compliance with the mandated disclosures, a bank or thrift that is required to offer an opt-out option must also ensure that systems and procedures are in place to track the customers that opt out. If the bank or thrift offers levels of opting out (allowing a customer to elect to opt-out from some or all information sharing), the increased layering adds further to the burden.
Because many community-based institutions only share information as permitted under one of the exceptions under the GLBA privacy statute and regulations, they do not experience the added burden of offering an opt-out option. However, even for banks that do not offer an opt-out, to suggest that a bank can comply with the GLBA privacy mandates by spending only 45 hours annually fails to recognize the requirements that the rule imposes. That burden estimate may be accurate for very small banks and thrifts (those with fewer than 2,000 customers), but for the great majority of community banks, it is incorrect. We believe, at a minimum, the hours expended are likely to be four to five times the agencies' estimate.
Privacy Notice Requirements Should be Greatly Simplified. Generally, the ICBA believes that the purpose of a privacy notice should be to explain to customers the bank's policy of collecting non-public personal information about consumers, how the bank might share that information and, where applicable, how the customer can opt out from that information sharing.
The ICBA has long advocated the creation of an optional short-form privacy notice. Anecdotal evidence suggests that few consumers read privacy notices, and a short form notice would more likely be read, making it both more useful and more in keeping with its intended purpose. However, since banks have developed and revised privacy notices over the past three years to meet existing compliance standards, ICBA strongly urges that the use of any new alternative short-form privacy notice be optional and not mandatory. This is especially critical for smaller institutions that are only likely to share information as permitted by existing exceptions such that they are not required to offer consumers an option to opt out from information sharing and, as a result, are likely to already have shorter notices.
If an optional short form alternative notice is developed, it should be one that can be used in lieu of the existing long form, as it would be burdensome and confusing for financial institutions to be required to have both a short form privacy notice and a long form privacy notice. And it is equally important to educate consumers so they understand that not all banks are required to offer the right to opt out since they only share information as permitted by one of the statutory exceptions.
The Annual Notice Requirement is Unnecessary for Most Community Banks. ICBA believes that an annual notice of a bank's privacy policies is unnecessary. The current requirement that all consumer customers receive an annual copy of the bank's privacy notice is unduly burdensome, with the costs far outweighing any minimal benefits. We recognize there is an annual notice provision in the statute, but the statute also grants the agencies leeway in drafting regulations. Specifically, section 504(b) permits the agencies to grant exceptions to the provisions of section 502(a) through (d) when it would be consistent with statutory purpose. Section 502(a) requires a notice that substantially complies with the provisions of section 503, the annual notice requirement.
ICBA submits that it would be possible for the regulators to interpret these provisions to allow an exception from the annual notice requirement for financial institutions that only share information in such a way that they are not required to offer consumers an opt-out option. If the agencies do not feel comfortable with such an interpretation, ICBA strongly urges the agencies to recommend that Congress consider eliminating the annual mailing requirement to reduce cost and regulatory burden.
Providing the bank's privacy notice at account opening would ensure that the provisions are called to the consumer's attention and should be thoroughly adequate for the great majority of consumers, especially customers of banks that are not required to offer an opt-out option. If and when the bank's information sharing practices change, a revised notice could be provided. There would be an added benefit in providing notice only when there is a change in the bank's information sharing practices and procedures: the notice would call attention to the changes, as opposed to the current requirement of annual mailing by all financial institutions that merely ensures customer indifference to notices, making it increasingly likely that the notices are unheeded and unread.
Need for Regulatory Study. Because the privacy rules have identified by bankers as unduly costly and burdensome, ICBA believes that this is a regulation that requires careful study by the agencies. For example, many community bankers report that most consumers disregard the annual privacy notices. And yet, the cost of compliance for producing, mailing and distributing the notices can be excessive. Community bankers report that consumers are less concerned with the information provided in the privacy notices than about other information, such as protection from identity theft (the FACT Act has provided a number of tools to protect consumers from identity theft that are still in the process of implementation).
Since the benefits to consumers appear to be far outweighed by the costs of compliance, the ICBA strongly urges the agencies to undertake a study of the usefulness of the annual privacy disclosure. Meeting with focus groups of consumers as well as realistically assessing the costs associated with compliance with these requirements would give regulators better information about whether this regulation is achieving its goals in an efficient manner. Given the reports from consumers, community banks and others, ICBA strongly suspects that it is not serving its purpose.
ICBA also supports federal preemption of state law in the privacy area to prevent a patchwork of state laws with divergent information sharing restrictions. Differing federal and state privacy requirements make it difficult for banks to develop short, simple and understandable notices. Notices that combine both federal and state requirements often result in consumer confusion. A national privacy standard would allow banks to develop a simpler and more understandable privacy notice.
Safeguarding Customer Information
Community banks are strong guardians of the security and confidentiality of their customer financial information. Safeguarding customer information is central to maintaining public trust and key to long-term customer retention. Accordingly, as a matter of good business practice and as required by the Gramm-Leach-Bliley Act, banks have implemented and upgraded security measures to ensure customer information is properly secured.
For example, ICBA supports appropriate measures to thwart identity theft and to mitigate its impact on customers and banks alike. Identify theft results in fraud losses to banks and harms consumers who suffer emotional distress and must spend time and resources to report the theft to law enforcement authorities and creditors, monitor their credit reports, and endeavor to repair damaged credit histories. The Fair and Accurate Credit Transactions Act of 2003 instituted a number of measures to help reduce the incidence of identity theft and mitigate damage to victims including easier consumer access to review credit reports and correct errors, restrictions on who can access credit report information, and better support and assistance for identity theft victims.
Under the provisions of the Gramm-Leach-Bliley Act, the banking agencies issued rules requiring banks and thrifts to develop written programs, approved by the bank's board, for ensuring the confidentiality and safety of customer information. Recently, those requirements were expanded under the Fair and Accurate Credit Transactions Act of 2003 (FACT Act) to include consumer information.
While ICBA does not disagree with the general parameters of these requirements, it is also important to recognize three essential points. First, most community banks have taken appropriate steps to protect the sanctity of customer information for many years. The protection of that information and maintaining customer confidence is the bedrock of trust on which community banks rely. Especially in smaller communities, loss of customer confidence would be devastating to any community bank.
Second, examiners and regulators have a broad variety of tools at their disposal to ensure that community banks take appropriate steps to protect customer information. Even without the specificity of the safeguarding customer information rules, regulators have the authority to ensure that banks and thrifts conduct themselves in a safe and sound manner. Cavalier disregard for the security and confidentiality of customer information is not compatible with operating in a safe and sound manner.
Third, the requirements under the Gramm-Leach-Bliley Act rules, while admittedly flexible, can be seen as prescriptive in what each bank must do. These rules demonstrate one of the essential problems with regulatory burden. Most, if not the great majority, of community banks already had programs and procedures in place to ensure customer information was maintained in a safe and sound manner. However, the introduction of regulatory requirements adds an entirely new dimension to the compliance element. Policies and procedures must be reviewed and analyzed against the new mandates to ensure that they have been properly followed; employees must be trained to ensure that they follow these new mandates; and audit procedures must be developed and added to an extremely full audit schedule to check for compliance.
A requirement that ensures what nearly every community bank was already doing adds new complexity and cost to verify that what was being done is being done. The examination process and the application of these rules by examiners - who may not agree with the bank's interpretation of the rule, no matter how valid that interpretation - also adds additional cost and burden. It is these elements that consume valuable banking time and resources and detract from the ability to serve customers that frustrate bankers and encourage them to consider selling or merging with larger institutions that have additional staff and resources to address these issues.
Electronic Fund Transfers
Given the widespread use of PIN-initiated transactions at ATMs and retail locations, community bankers are increasingly frustrated that consumers do not share greater liability for account transactions resulting from consumer negligence in the handling of their PIN. Under the Electronic Fund Transfer Act (EFTA), if notification is given within two business days of discovery of the loss or theft, the consumer is liable for only $50. If the consumer fails to provide notification within the 2-day period, the consumer is liable up to $500. Finally, the consumer is liable for all unauthorized withdrawals if notification is not given within 60 days after receiving a statement showing unauthorized withdrawals.
Consumers who share their PIN, keep the PIN in a purse or wallet in manner so that it is easily associated with the card, or write the PIN on the card are negligent in the handling of their PIN. In instances where consumer negligence in protecting the PIN results in unauthorized transactions, the consumer bears no responsibility for their negligence if notice is made within the appropriate time frame. Financial institutions should not be responsible for losses resulting from the negligence of consumers in the handling of their PIN. This imbalance was questionably appropriate when electronic access devices were in their infancy, but it is unfair in today's environment where consumer familiarity with the importance of protecting the PIN is commonplace. Additionally, this imbalance fosters an environment for perpetuating fraud.
The EFTA gives the Federal Reserve Board of Governors (Board) flexibility in issuing regulations that take into account, and allow for, the continuing evolution of electronic banking services. The ICBA strongly urges the Board to use this flexibility to develop new provisions for correcting this imbalance, including raising consumer liability and shortening the time frame for reporting any errors to place additional onus on the consumer for monitoring account activity and reporting suspicious transactions in a timely manner and using reasonable practices to protect their PIN. At a minimum, ICBA recommends increasing consumer liability to $500 in instances where the financial institution can substantiate that consumer negligence in protecting the PIN led to the account compromise.
Given the pervasive use of technology to provide consumers 24/7 access to account information, it is quite reasonable for consumers to have a shorter period for reporting suspicious transactions. These modifications would reduce losses resulting from consumer negligence and fraud. Additionally, if necessary, the Board should seek additional statutory authority from the Congress to address this imbalance.
ICBA also recommends extending the notification requirement for a change in account terms or conditions contained in the initial Regulation E disclosure from 21 days to 30 days, consistent with Regulation DD to reduce regulatory burden and to decrease the likelihood of non-compliance, confusion, and misinterpretation.
The Board is currently seeking comments on proposed revisions to Regulation E addressing issues related to electronic check conversion transactions, payroll cards, supplemental access devices, error resolution, preauthorized electronic transfers, and other matters. ICBA applauds the Board for the use of its flexible statutory authority, referenced above, to address the issues contained in the latest proposed Regulation E amendments. ICBA will provide specific comments on the proposed revisions to the Board by the November 19, 2004 comment deadline.
Truth in Savings
Community bankers frequently complain that the many disclosures mandated by the Truth-in-Savings Act and Regulation DD mean little to their customers, and that many consumers promptly discard their disclosures in the trashcan. While bankers believe that the information provided does allow customers to comparison shop, it is important to recognize that when the statute and rule were adopted, few consumers had complained about the inability to comparison shop using simple interest rate information. In fact, most consumers seem to still rely on the simple interest rate information when comparing different types of accounts.
Moreover, in some ways, Truth-in-Savings may do a consumer disservice. Because compliance with the disclosure restrictions mandated by the statute and the rule can be time consuming and costly, banks have reported taking steps to simplify compliance by eliminating various accounts. This decreases the availability of products available to consumers. Second, to simplify compliance, some banks have reported eliminating combined statements, again doing a customer disservice.
Recently, in response to consumer activists' concerns about the disclosures provided for courtesy overdraft protection programs, the Federal Reserve proposed instituting a whole spectrum of new disclosures under Regulation DD. Perhaps one of the most onerous of these disclosures is the year-to-date information on fees assessed for overdrafts. Community bankers report that overdrafts often occur because customers do not properly reconcile their statements at the end of each month. As a result, overdrafts can occur and the courtesy programs allow customers to clear checks without suffering the embarrassment and additional merchant fees that may be assessed for a bounced check. However, if the Federal Reserve's proposal is adopted without change, the costs and burdens of implementing changes to comply with these disclosures will lead many community banks to discontinue offering courtesy overdraft protection. This is another example of banks discontinuing a consumer service-one that many consumers find beneficial and helpful--due to the application of a consumer protection regulation. And, since many consumers have developed bad habits relying on float between the time a check is written and the check is processed, elimination of these services will do a great disservice to these consumers as Check 21 is implemented and checks clear more quickly as they are processed electronically.
While banks have had more than ten years to develop compliance programs and procedures to adapt to the requirements of Truth-in-Savings, given the disadvantages to consumers that the regulation can cause and given the little attention that consumers seem to pay to the mandated disclosures, ICBA strongly recommends that the Federal Reserve undertake a study of the utility of the disclosures, meeting with a variety of consumer focus groups across the country. As recently stated by the Comptroller of the Currency, John Hawke, "we need better insights into what information consumers themselves believe is important to their decision making."5 The study should also assess the costs for software and other compliance needs associated with the rule, since ultimately, the consumer must pay for these disclosures through increased account fees. ICBA suspects that such a study would confirm that the costs for the disclosures and the associated compliance far outweigh the usefulness and benefits of the disclosures.
Consumer Protection in Sales of Insurance
The consumer protection regulations for the sale of insurance were issued under Section 305 of the Gramm-Leach-Bliley Act and require banks to make oral and written disclosures to consumers in connection with the consumer's initial purchase of an insurance product or annuity.6 The rules require that the bank disclose:
- The insurance product or annuity is not a deposit or other obligation of, or guaranteed by, the bank or an affiliate of the bank;
- The insurance product or annuity is not insured by the FDIC or any other agency of the United States, the bank, or an affiliate of the bank; and
- In the case of an insurance product or annuity that involves an investment risk, there is investment risk associated with the product, including the possible loss of value.
The rules also require that, at the time a consumer receives the disclosure, or at the time of the initial purchase by the consumer of an insurance product or annuity, the bank obtain a written acknowledgment by the consumer that the consumer received the disclosures.
In general, bankers find the disclosure requirements burdensome and unnecessary. A customer does not need to know, for instance, that credit life insurance is not a deposit or other obligation of the bank and not insured by the FDIC since the customer is unlikely to confuse the two because of their divergent characteristics. Similarly, the disclosures are unnecessary in connection with the sale of casualty or property insurance.
ICBA recommends that the regulations exclude those insurance products that present little, if any, potential for consumer confusion. Section 305 of GLBA based its requirements on the Interagency Statement on Retail Sales of Nondeposit Investment Products. The reason that banking regulators issued that Statement was to help consumers distinguish between deposit products and non-deposit products. However, the possibility of a customer confusing products such as credit life insurance, property and casualty insurance, and long-term health care insurance with savings and deposit products is very low. These products have no interest or other investment features and require consumers to pay a premium in exchange for a benefit. Therefore, consumers do not need a disclosure statement distinguishing these kinds of insurance products from deposits.
Bankers find it particularly burdensome when they have to make these disclosures in connection with the sale of credit insurance. Not only is there little resemblance between credit insurance and a deposit product, but Regulation Z requires banks that exclude the cost of credit insurance from their Truth in Lending disclosures to separately disclose the costs of the insurance and the fact that insurance coverage is not required to obtain a loan.
The disclosure rules also require that, at the time a consumer receives the disclosure, or at the time of the initial purchase by the consumer of an insurance product or annuity, the bank obtain a written acknowledgment by the consumer that the consumer received the disclosures. Since insurance sales are often conducted over the phone, it is difficult to communicate the disclosures and interpret them for customers. Furthermore, bankers find it unnecessarily burdensome to obtain the customer's written acknowledgement of the disclosures.
FDIC Advertisement of Membership
Part 328 of the FDIC regulations require a bank to display the official sign of the FDIC (e.g., the FDIC logo) at each station or window where insured deposits are usually and normally received in its principal place of business and in all its branches. Saving associations also are subject to the same requirements except they are required to display the "eagle" sign rather than the FDIC logo. Banks are also required to include the official advertising statement "Member FDIC" in all advertisements for loans, securities, and trust services unless a specific exemption is provided in the regulations.
Generally, banks do not find these requirements to be a burden as long as they are reasonably interpreted and not strictly construed. For instance, banks should be able to occasionally take deposits at a customer service desk or a branch manager's desk without having to display the official FDIC sign as long as a teller station displays the sign and the teller station is the place where deposits are normally received. Banks should have the flexibility of taking deposits at other locations within a branch that don't display the official sign as long as deposits are not normally received at those locations. As long as the regulators maintain a flexible approach to these regulations, then they should not become a burden to banks.
Deposit Insurance Coverage
We applaud the FDIC's steps in recent years to simplify the rules about deposit insurance coverage including issuing revised rules on joint accounts, living trust accounts and payable on death accounts. However, the rules still need simplification and streamlining. Customers know that they can organize accounts to expand coverage beyond $100,000, but how that works and what steps are needed are confusing to both consumers and front-line bank employees.
The rules regarding trust accounts and employee plan accounts still need further simplification as do the recordkeeping requirements for banks. ICBA would support simplification of the rules provided it does not reduce the ability of individual consumers to expand coverage through multiple rights and capacities, especially since the coverage levels have been steadily eroded by inflation since they were last raised in 1980. ICBA also suggests that the FDIC expand its programs and tools to educate bankers and the public about the deposit insurance rules. For example, we would recommend that the EDIE CD-ROM be distributed to every branch office of every bank. This would assist bankers and the public with questions about deposit insurance coverage.
Prohibition Against Use of Interstate Branches Primarily for Deposit Production
These regulations were issued under Section 109 of the Riegle-Neal Interstate Banking and Branching Efficiency Act and require the banking agencies to review interstate banks to determine if the bank's ratio of loan-to-deposits in a host state is less than 50 percent of the relevant host state loan-to-deposit ratio. If it is, then the agencies must review the loan portfolio of the bank and determine whether the bank is reasonably helping to meet the credit needs of the communities in the host state that are served by the bank and not using its interstate branches primarily for deposit production.
These regulations are necessary to prevent banks from operating branches outside of their home state primarily for the purpose of deposit production. ICBA supports these regulations and does not recommend that they be changed. ICBA also supports amending GLBA to increase the average loan-to-deposit ratio threshold from 50 percent to 80 percent. The current threshold of 50 percent is too low to be meaningful since it is a very low hurdle.
Regulatory burden and compliance requirements are consuming more and more resources, especially for community banks. The time and effort taken by regulatory compliance divert resources away from customer service. Even more significant, the community banking industry is slowly being crushed under the cumulative weight of regulatory burden, causing many community bankers to seriously consider selling or merging with larger institutions, taking the community bank out of the community.
ICBA urges the Congress and the regulatory agencies to address these issues before it is too late. The regulatory burden from consumer protection rules can be reduced while maintaining appropriate and meaningful consumer protection.
ICBA strongly supports the current efforts of the agencies to reduce regulatory burden, and looks forward to working with the agencies and with Congress to ameliorate these burdens to ensure that the community banking industry in the United States remains vibrant and able to serve our customers and communities.
Thank you for the opportunity to comment. If you have any questions or need any additional information, please contact either of ICBA's regulatory counsels, Robert Rowe and Chris Cole, or ICBA's Director of Payment Policy, Viveca Ware, at 202-659-8111.
Karen M. Thomas
Executive Vice President and Director, Regulatory Relations Group
1 The Independent Community Bankers of America represents the largest constituency of community banks of all sizes and charter types in the nation, and is dedicated exclusively to protecting the interests of the community banking industry. ICBA aggregates the power of its members to provide a voice for community banking interests in Washington, resources to enhance community bank education and marketability, and profitability options to help community banks compete in an ever-changing marketplace. For more information, visit ICBA's website at www.icba.org.
2 The Economic Growth and Regulatory Paperwork Reduction Act of 1996.
3 Statement of John M. Reich, Vice Chairman, Federal Deposit Insurance Corporation on Consideration of Regulatory Reform Proposals before the Committee on Banking, Housing and Urban Affairs, United States Senate, June 22, 2004
4 "Small Banks Far From Thriving," American Banker, August 20, 2004, p. 10
5 Remarks by John D. Hawke, Jr., Comptroller of the Currency, October 4, 2004.
6 See 12 CFR Part 14.40 for national banks, 12 CFR Part 208.84 for state member banks, 12 CFR Part 343.40 for state non-member banks, and 12 CFR Part 536.40 for savings associations.