Courtesy of Zack Needles, Credit Union Times
Like malware and computer viruses themselves, the consequences of cyberbreaches have a way of spreading in unpredictable ways.
A recent ransomware attack on third-party payroll and timekeeping software provider Kronos has led to several wage-and-hour class actions in recent weeks against everyone from PepsiCo to The Giant Company, alleging that the hack resulted in overtime pay violations for hourly workers.
As of April 6, there have been seven lawsuits (most in April, though a few were filed in late March) all stemming from the December 2021 cyberattack on Kronos.
While plenty has been written about potential cyber liability exposure for companies whose vendors are compromised, this latest crop of litigation shows how third-party cyberbreaches can also lead to other causes of action, such as labor & employment claims.
All of the complaints allege that hourly employees were shorted on overtime pay as a result of the Kronos breach.
Johnson Controls International, an Ireland-headquartered building equipment manufacturer, was sued April 3 in the Eastern District Court for the District of Wisconsin on behalf of a putative class of current and former non-exempt hourly employees. The case is Henderson v. Johnson Controls, Inc.
Frito-Lay North America Inc., a subsidiary of PepsiCo, was sued April 4 in the U.S. District Court for the Eastern District of Texas. The suit was filed on behalf of a putative class of current and former non-exempt hourly employees.
PepsiCo itself has been sued three times so far:
- First, it was sued March 23 in the U.S. District Court for the Southern District of New York on behalf of a class of current and former non-exempt hourly employees.
- Then, it was sued in the U.S. District Court for the Central District of California on March 30 on behalf of a class of current and former non-exempt hourly employees.
- It was also sued on April 4 in the U.S. District Court for the District of New Jersey; the case is Ellis et al v. PepsiCo, Inc.
That same day, a suit was filed against Baptist Health Systems in the U.S. District Court for the Middle District of Florida on behalf of current and former non-exempt hourly employees. The case is Mitchell v. Baptist Health System, Inc.
Also on April 4, The Giant Company LLC, parent company of the Giant supermarket chain, was sued in the U.S. District Court for the Middle District of Pennsylvania, again on behalf of current and former non-exempt hourly employees.
Many of the complaints are very similarly worded, alleging that, after the Kronos breach in December 2021, defendants “could have easily implemented a system for recording hours and paying wages to non-exempt employees until issues related to the hack were resolved,” but didn’t.
Some complaints allege the defendant employer “made the economic burden of the Kronos hack fall on frontline workers—average Americans—who rely on the full and timely payment of their wages to make ends meet.”
Similarly, another complaint read ”[b]ecause PepsiCo could not access Plaintiff’s and the members of the putative Class’ and Collective’s time records during the outage period, and because PepsiCo failed to adopt and have in place a functional back-up plan for recording hourly employee time and timely processing hourly employee payroll, PepsiCo could not—and did not—accurately pay its hourly employees during the outage period.”
The class actions, according to the complaints, seek “to recover the unpaid wages and other damages owed by [defendant] to all these workers, along with the penalties, interest, and other remedies provided by federal and [state[ law.”
All but one of the suits allege that, by failing to pay overtime, the defendants violated the Fair Labor Standards Act in addition to various state laws.
The New Jersey suit against PepsiCo, however, only claims violations of the New Jersey State Wage and Hour Law.
Courtesy of By Samuel J. Robinson, MLive.com
Michigan State Capitol
A ballot committee is working to put a question on the November ballot that would stop payday lenders from charging “predatory” interest rates if approved by voters.
The Michiganders for Fair Lending campaign officially launched its petition drive effort Wednesday to cap high payday loan interest rates advocates say create a cycle of debt that becomes impossible to escape. The group said it wants to change the current payday loan landscape to one that gives access to small loans to those that need them, not one that creates a debt trap.
“Payday lenders target Michigan’s most vulnerable communities by offering quick cash that traps people into an endless cycle of debt with outrageously high interest rates,” said Michiganders for Fair Lending Spokesperson Josh Hovey.
“State lawmakers have been urged for years to put a stop to predatory lending practices. The people being harmed by these loans cannot afford to wait any longer. That’s why we’re bringing the issue directly to voters this November.”
In Michigan, the typical payday loan carries the equivalent of a 370% annual percentage rate (APR). Michiganders for Fair Lending’s proposal would cap payday loans at no more than 36% APR.
Payday loans are marketed as short-term, but the vast majority of borrowers get caught in a long-term debt cycle, fair lending advocates say. Roughly 70% of payday borrowers in Michigan borrow again the same day they pay off a previous loan, according to research from the Consumer Financial Protection Bureau. The same study found that the average payday loan borrower ends up taking out 10 loans over the course of a year.
Michigan Attorney General Dana Nessel describes a payday loan as a short-term, high-cost transaction where customers borrow money for a service fee. Michigan law calls this type of loan a “deferred presentment service transaction,” because the customer’s check is held for a period of time before it’s cashed. The loans aren’t like car payments, as borrowers aren’t able to make installment payments.
Payday loans have high service fees and a short repayment period. For example, a customer who borrows $100 for two weeks and is charged $15, will pay a service fee equal to a triple-digit APR. The actual cost of the two-week loan is $15, which equals a 391 percent APR. And that’s still not included additional fees for “eligibility checks” or processing.
Payday loan stores often let customers unable to repay the loan take out a second payday loan to pay off the first. Service fees can cause the customer to be stuck in a cycle of debt.
“It’s a slippery slope,” Nessel said in a consumer alert focused on the process.
Fair lending advocates say payday loan stores are undoubtedly predatory. Stores deploy manipulative tactics and enter customers into a process that creates a cycle of debt that traps people into poverty, Hovey said.
“Stopping predatory lending is an issue in Michigan that resonates across parties, geographic regions, age and income levels. Even in the divisive climate of today, this is one issue that the vast majority of people can agree on,” said Jessica AcMoody, policy director at the Community Economic Development Association of Michigan.
Courtesy of Ray Birch, CUToday.info
The group opposing the merger of the $1.088-billion Vermont State Employees Credit Union—including its former CEO–with $1.94-billion New England FCU remains committed to blocking the deal, and their position has not changed following VSECU’s recent annual meeting, which one person called “member unfriendly.”
That former VSECU CEO, Steven Post, who is leading the effort to convince members to vote no on the combination later this year, told CUToday.info the annual meeting at the close of March only strengthened the group’s position.
“It was probably the most member unfriendly annual meeting I’ve ever been to,” said Post, who watched the virtual event with 150 other members. “The board chair announced at the beginning they would only entertain 30 minutes of discussion on the merger—the most consequential decision of the institution’s life. And, they proceeded have a lot of technology challenges for people to overcome in order to participate.”
But VSECU CEO Rob Miller told CUToday.info the meeting’s merger discussions, and the deal itself, have not been rushed, and that the two-hour annual meeting dedicated appropriate time to merger conversations, including questions from members.
‘Calling All Members’
As CUToday.info reported, Post and two former board members of the CU are expressing opposition to VSECU’s plan to merge with NEFCU, and have created a website (www.callingallmembers.org) urging others to help stop the merger. The deal still requires approval from NCUA, which is expected to take three to five months. Pending all the necessary approvals, the newly unified credit union, which would be the largest in the state, could begin operating in early 2023, the credit unions said.
Text on the website seeks to make VSECU members aware of how mergers work in credit unions.
“Has the merger already happened?,” reads one headline. “NO! The merger has not taken place,” the text on the website continues. “Yes, the email that was sent to members with its subject line ‘We are merging with New England Federal Credit Union’ was designed to make members think the merger was sure to happen. Many members believe that the proposed merger has already been approved with just a vote of the Board of Directors.
“Members must vote, too!” reads another headline. “You would have had to read ¾ of the way through the notice before learning that the proposed merger requires the approval of VSECU members, not just the Directors,” the text continues.
Group Takes to the Media
In a joint letter published on VTDigger.com, Post, former board chair M. Jerome Diamond, and former board chair Kimberly B. Cheney, wrote that even as this year VSECU celebrates its 75th anniversary this year, its current CEO and board have decided to “merge VSECU out of existence.”
In addition to what the group has stated and posted online against the merger, Post, during an interview with CUToday.info, alleged that VSECU’s leaders—Miller and attending board members—said little during the annual meeting that expanded on the credit union’s original reasons for going through with the merger, which Post asserts really just comes down to “bigger is better.”
“During the meeting they still put forth their basic advertising that bigger is better and that members would experience a better credit union than they have today,” said Post. “But if you look at everything around what the credit union has today, and how they feel about themselves, it’s a pretty good and extraordinary credit union.”
According to its call report, VSECU reported net income of $13.1 million and capital of 8.96% at year-end 2021. New England FCU is based in Willison, Vt. and reported $28.1 million in net income, with capital of 11.9%. The CUs are the two largest in the Green Mountain State and combined would have approximately 167,000 members.
Post estimated 30 minutes were dedicated to merger discussions during the annual meeting and that 15 questions were asked, some of which Post alleged were “softballs,” questions he believes the credit union asked members to read.
Concern Over Speed of Deal
What is also concerning the group opposing the merger is how quickly the deal has been assembled.
Post said he learned that discussions about the merger between the two organizations started in October of last year.
“So, in a matter of months they went from initial discussion to final agreement. And, they are moving toward a member vote, apparently, without hiring any independent third-party consultant or advisor to work directly with the board.”
In short, Post alleged the merger has happened “very fast, behind closed doors and without any other input than from the CEO (Miller), as far as we can tell.”
Post said the annual meeting only reinforced his group’s thinking that the merger should not be allowed to happen.
“We (former leadership team and board of directors) worked very hard to build a strong Vermont credit union designed for Vermonters,” said Post, alleging the deal moves the credit union away from its original mission. “This credit union was custom-made for our field of membership. Plus, we already had the scale to compete. We might not have had the scale to compete with Chase, but this combination does not bring that kind of scale.”
Post reiterated that VSECU is strong and that no merger is needed.
“We’re a strong, healthy credit union in this marketplace and are perfectly capable of continuing on our own,” said Post. “If the current leadership doesn’t want to do that, well, I don’t know who’s gaining from this.”
‘Best Interests of Members’
In speaking with CUToday.info, Miller emphasized members will benefit from the comination.
“This merger is in the best interests of our members and it’s an investment in the state of Vermont and its residents,” Miller said. “It will provide our current members with tremendous benefits, and they will have access to more products and services. They will have access to eight new branch locations without us having to build them. We’re going to have better loan and deposit rates, because we will choose the best between both of our organizations. Members will save money on fees.”
Miller said that greater size will be a benefit, as well.
“In the long run pulling our resources together allows us greater financial strength and resiliency,” he said. “When you bring two large balance sheets together you’re going to achieve scale and you’ll also gain greater diversity in the balance sheets that strengthens the credit union.”
Plenty of Time Allowed
Miller challenged Post’s allegation that the merger has been rushed and the deal has not fully discussed and vetted.
“We did start in October with our initial discussions, but our board has been engaged in strategic discussions all last year and actually culminated with a retreat in September. So, they’re well aware of the strategic considerations,” Miller explained. “They were having strategic discussions as to what direction we were going.”
Regarding allegations the merger decision was made by a very small group of people, Miller said, “Our board is elected by the membership to make decisions based on the best interest of our members. They consulted with me. They consulted with our management team. They consulted with an independent consultant. They did their due diligence.”
When asked by CUToday.info to provide the name of the consulting group VSECU used, Miller responded, “We have and will continue to engage a number of consultants and industry experts through the process. We meet and consult with those experts frequently.”
No Financial Incentives
Miller, who will continue on as president/COO with the new credit union—the name of which has yet to be determined—said a salary increase for his role has not been addressed.
New England FCU CEO John Dwyer will be CEO of the new organization if it is completed.
“I have no guarantees…My salary is going be managed as it is today, on a market-rated basis based on comps and other things,” Miller said. “There’s no promise or agreement for my salary to go up or down.”
Miller stressed there are no benefits to himself or the VSECU executive team from the deal.
“There will be no merger-related financial arrangements. If there were we would have to disclose them in our application to NCUA. And I can tell you there will not be, and that’s not what this is about,” said Miller. “This merger is about providing greater value and greater services to our members, to our employees and to all Vermonters.”
Miller said there will be no merger-related distribution of excess net worth to members, “since this is a merger of equals.”
Positive Feedback from Members
Miller said members have been receptive to the merger based on interactions he and the credit union have had with them, and that during the annual meeting questions were asked and an appropriate amount of time was dedicated to merger discussions.
“The meeting lasted for nearly two hours. We allocated 30 minutes for questions specific to the merger,” explained Miller.
Miller said members who had questions that time did not allow to be addressed were told they could send them to the credit union and they will be answered on the CU’s website at a later date.
“This was our annual meeting, not a meeting that was held for the purpose of debating or discussing the merger,” added Miller. “But, given the timing of the announcement of the merger, we wanted to make time for that.”
‘Independence is Better’
The group’s website (www.callingallmembers.org) not only strongly opposes the merger but also addresses current VSECU leadership.
“We believe independence is better than a merger – much better,” the website states. “VSECU is perfectly capable of being present for at least another 75 years, and it should be. The problem we have, and it’s a big one, is that VSECU does not have the leadership needed to assure it is a prominent provider of cooperative financial services in Vermont, for Vermonters. In fact, as confirmed by this merger proposal, our credit union does not have the leadership that will choose to keep VSECU in existence at all. How can this be?”
“As members, we have a lot of work to do to preserve the vision of VSECU as a credit union for Vermont and all Vermonters. We are here to coordinate the work it will take to defeat this merger and over time to put dedicated leadership in place at our credit union,” text on the website continues. “We are calling on all members to make change simply by voting. Join us in the effort to preserve VSECU; first by defeating this merger proposal and then by helping to elect and hire new leadership.”
Unfounded Allegations
Miller said those allegations made on the site are unfounded.
“I’m very proud of the performance of this organization in the time that I’ve been here,” Miller said. “But it’s not just me, it’s all the people. So, when you call for a change in leadership because you don’t think the credit union is headed in the right direction, it’s not just me that you’re pointing fingers at. It’s everyone who works here. It’s just wrong. I will hold our performance up against anyone else. We have done well financially. We have done well in the community. In fact, some of the information (the group opposing the merger) put on their website acknowledges VSECU is a vital part of our community and it shouldn’t go away. Well, it can’t be both. We can’t be a real really vital part of our community and also have poor leadership and management at the same time.”
Miller said VSECU will be communicating with members before the vote, which is expected to take place in the Fall.
“We want to make sure they are as informed as they can be and we’re confident they’re going to see the value in the merger,” he said.
‘Defeating This Merger’
Former CEO Steven Post disagrees.
“We’re getting members more engaged and aware of this merger. I think the more we’re able to do that, the more support will gain and have a better chance of defeating this at this merger when it comes to vote,” Post said.
Courtesy of Matthew Gracey-McMinn, Payments Journal
“We would like to text or call you with a code.” That familiar phrase usually means multi-factor authentication (MFA) is in play. It’s an added layer of protection that businesses are using to protect accounts, and it’s become commonplace at financial institutions to secure personal data. From banks to brokers to crypto wallets, there is an expectation that it is implemented by institutions. However, MFA is far from foolproof. Criminals can still find their way around it to carry out attacks.
The holy grail for hackers is to successfully takeover an account utilizing techniques such as credential stuffing. This requires the attacker to acquire a list of username and password pairs and then thrust the credentials onto login pages using bots. The speed and volume at which bots can fill in login forms helps the hacker find a winning credential combo quickly. The data used often comes from leaks, stolen device fingerprints, or session cookies sold on the dark web or marketplaces like Genesis Market.
So, suppose a criminal launches an attack that could be attempting millions of logins within a few hours. In that case, the success rate can yield hundreds or thousands of accounts. Credentials can be validated and used to reset a password, completely control an account, and even transfer funds elsewhere.
MFA can stop an account takeover following a successful credential stuffing attack by requiring more than just a password to validate a legitimate login and prevent automated attempts. But it’s not airtight. Some sites use 2FA (two-factor authentication), a type of MFA that uses two factors for login, such as credentials and a device.
The secret ingredient for hackers to bypass MFA security is using a combination of bots and human intervention. The goal is to either sidestep the need to use MFA for access or use tricks to fool account owners into handing over MFA codes.
Here are the five most common techniques financial services organizations need to know about:
- Targeting financial aggregator sites. APIs are easily exploitable via financial aggregator sites. Customers of services such as Mint or Plaid use these apps to manage their finances, aggregating accounts into a single view. These apps can access account information and even make changes using the bank’s API or a web app, sometimes without requiring MFA. A threat actor can perform credential stuffing using a financial aggregator app to bypass MFA controls or can target the aggregator app itself taking over a customer’s account there and thereby getting some degree of access to their banking information.
- Stealing security questions with social engineering. The most common method of verifying a user’s identity is through security questions. Security questions are often in place to bypass MFA if users lose or don’t have access to their device. Attackers use social engineering, which can be as simple as looking at social media profiles, to answer common security questions and access accounts without MFA. Bots can then use credential stuffing techniques to bypass MFA and input answers to security questions using brute force or publicly available data.
- Generating phishing scams. Phishing is one of the most popular means of acquiring sensitive information such as passwords or answers to security questions. Attackerstry to convince individuals to visit a fake login page and input the MFA code. The threat actor might also email or phone an individual and impersonate their bank to ask for the MFA code. In this way, attackers gain access to MFA codes maliciously rather than bypass MFA.
- Exploiting Man-in-the-middle (MITM) tactics. The threat actor positions themselves between the bank and the customer (often using malware) and intercepts messages between them. This tactic is used to acquire an MFA code by linking to a fake page asking for the code.
- Using SIM swapping techniques. Bad actorsintercept text messages sent to a user’s phone number and send them to another handset. This is accomplished by calling the user’s SIM provider, impersonating the customer, and passing on security questions. The criminal convinces the provider to swap the phone number to the attacker’s SIM card. Once set up, they use the phone number as authentication to access the account.
MFA might present a more vigorous defense than using a password, but it’s not a fool-proof guarantee against successful attacks. Bypassing MFAs may require human intervention, but it can still happen. When you factor in bots attacking at scale, the risk increases, and the success rate becomes much higher. Banks need to be on the lookout for malicious activity and educate customers about deceptive behavior such as phishing and social engineering. Adding extra layers of security to stop the bot attacks that are the precursor to the phishing and social engineering attacks will also help to protect systems. Don’t forget, security requires greater depth to successfully deal with more sophisticated criminals. Financial institutions must stay one step ahead.
Disclaimer: This article represents the views of the author only. They are not themselves a statement of any official government policy and does not represent the views or policy of the National Association of State Credit Union Supervisors (NASCUS),
Regulation is vitally important for the safety, soundness, and integrity of the financial system, and to ensure consumer protection and public confidence. Regulatory reform is perfectly consonant with those goals; I’ve always believed the regulatory system could and should be effective without being excessive.
That also means that regulations need to change with the times, responding to shifts in market conditions, public demand, technology, and so forth. So last August, when I spoke to the Payments, Banking, and Compliance Conference here in Washington and urged federal action to normalize banking services for cannabis-related businesses, I was speaking from that perspective — the perspective of common sense regulatory reform in response to a rapidly evolving market reality.
I emphasized that marijuana legalization is ultimately inevitable on the federal level, and as such, we need to clarify and harmonize federal banking laws and regulations as they pertain to the state-legal cannabis industry and marijuana-related businesses. I argued — and I believe I may have staked out the clearest position on this question of any federal financial regulator, to date — that the legal and regulatory infrastructure must evolve so this growing industry can take part in the mainstream financial services industry. I urged Congressional action, which needs to happen sooner, rather than later.
That was about eight months ago. I would love to be able to stand here and say that since that day, tremendous progress has been made on this pressing issue, and we’re well on our way to having a framework we can use to move forward.
Unfortunately, I don’t believe that’s the case. At least not yet.
“I emphasized that marijuana legalization is ultimately inevitable on the federal level, and as such, we need to clarify and harmonize federal banking laws and regulations as they pertain to the state-legal cannabis industry and marijuana-related businesses. I argued — and I believe I may have staked out the clearest position on this question of any federal financial regulator, to date — that the legal and regulatory infrastructure must evolve so this growing industry can take part in the mainstream financial services industry. I urged Congressional action, which needs to happen sooner, rather than later.”
I’ll admit I find that frustrating, and I imagine many of you share that frustration. However, I continue to be optimistic about the potential for cannabis banking reform, and we can point toward a number of reassuring signs.
Indicators of Progress
For example, in February, we saw the House of Representatives pass the Secure and Fair Enforcement (SAFE) Banking Act, which would go a long way toward normalizing banking activities for cannabis businesses. I don’t typically take positions on pending legislation, but the SAFE Banking Act seems like a good place to start in addressing this problem. Yes, we know the House has moved on this legislation previously and it hasn’t yet passed the Senate, but let’s be optimistic that further action may follow. Hope springs eternal, I always say.
I can also tell you that the community of federal executive branch regulators is taking this issue very seriously, as we want to be prepared to act when Congress does pass some form of legislation. I can tell you the NCUA has an internal working group focused on preparing for what we’ll need to do to respond when the time comes. So, know that regulators are working to prepare the ground for what comes next, even if those efforts are not entirely visible right now.
Moreover, we’re seeing various state initiatives to address the banking and tax status of cannabis businesses. For instance, just last month lawmakers in New York introduced legislation to reform the state tax code to allow cannabis enterprises to deduct business expenses. Meanwhile, lawmakers in Pennsylvania and Washington are also working on related issues, and I’m sure there are others. I’m not entirely satisfied that the most constructive action seems to be happening at the state level. We need a federal solution, rather than a patchwork of state reforms. But in the absence of Congressional action, I’m pleased that these state officials are working to address this issue, and I commend them for their leadership and foresight.
And we need that federal solution because the situation, as it stands, is untenable. Here we have a rising industry that is growing and will only continue to grow. And yet the basic commercial banking infrastructure needed to provide financial services to this rapidly growing industry is virtually non-existent.
Just a few weeks ago, the Treasury Department’s Financial Crimes Enforcement Network, or FinCEN, published their Marijuana Banking Update(opens new window). This report shows that as of September of last year, we had 553 banks and 202 credit unions providing services to marijuana-related businesses, in accordance with FinCEN’s 2014 guidelines. As you all are aware, those guidelines provide the only legitimate way, at least right now, for cannabis businesses to secure depository accounts with financial institutions.
Now, the good news is that the number of financial institutions working with MRBs has, in fact, grown, if slowly. But let’s put those numbers in context. My agency, the NCUA, regulates and insures the nation’s credit unions, which includes almost 5,000 institutions. Yet, only 202 of those are providing services to one of the fastest-growing industries in the nation.
“And we need that federal solution because the situation, as it stands, is untenable. Here we have a rising industry that is growing and will only continue to grow. And yet the basic commercial banking infrastructure needed to provide financial services to this rapidly growing industry is virtually non-existent.”
I am not satisfied with that, nor should you be. That’s why I’m pleased that you all are hosting this event here in Washington today, because what we need is ongoing communication between industry leaders, regulators, and other stakeholders to keep the momentum going.
Credit Unions and the Cannabis Industry
In the meantime, the NCUA is trying to offer as much helpful guidance as possible to the federally insured credit unions we oversee. We make it clear to credit unions, in particular state chartered credit unions in states where marijuana is legal, are welcome to serve cannabis- and marijuana-related businesses provided that they do their due diligence, observe all relevant “Know Your Customer” and Bank Secrecy Act requirements, and adhere to the FinCEN guidance.
I also understand our team has compiled a compendium of all the state laws related to cannabis and marijuana enterprises so that NCUA examiners can quickly refer to relevant state requirements in their dealings with credit unions. So, we’re trying to offer as much clarity and direction as we can, while we await definitive action from Congress.
I’ll note that the NCUA does have some solid background on issues related to cannabis banking, given the work we did in 2019 to normalize banking services for hemp-related businesses. At the time I was serving as the Chairman of the NCUA Board, and one of the first regulatory reforms I undertook was to push for interim regulatory guidance on providing financial services to hemp-related businesses. Many credit union industry leaders were focused on this issue, and we knew we needed to take action.
Our approach was not overly prescriptive or heavy-handed. We simply sought to provide credit unions the ability to test the waters and to determine how best to serve this burgeoning industry until we had definitive regulatory guidance from the USDA, which finally took effect last year. I’m proud of the fact that we were able to take a leading role in setting standards and clarifying a forward direction, at least for the credit union industry. I hope we can continue to provide that leadership, but again, definitive legislative action from Congress on cannabis banking reform is sorely needed.
And let’s be clear: normalizing financial services is only one piece of the puzzle. There are a variety of other issues that will need to be addressed either by Congress or by executive branch regulators. There are going to be regulatory challenges related to the FDA; the agricultural and environmental implications; the law enforcement and criminal justice side; and questions of equity to ensure that the industry is inclusive and all communities are benefiting in a fair and just fashion. Most of these issues are outside my area of expertise and control, and I hope the Emerging Markets Coalition is working with regulators and policymakers in these areas as well to address these challenges.
Frankly, I’m glad that I’m only working on the financial angle because that’s probably the easiest piece of this equation to address. From the financial side, we’re basically talking about handling deposits, clearing electronic transactions, and setting up mechanisms for credit. We have the tools in place to do all of that right now.
I recognize that makes it sound over-simplified. But I want to make it clear that our goal here is eminently achievable. There’s a quote I like from the late General Colin Powell, who said that leaders need to be simplifiers, people who are able to “cut through argument, debate and doubt to offer a solution everybody can understand.” Well, in this case, I think we all understand the problem pretty clearly, as well as the solution. As a regulator, I’ll do all I can, but we need a concerted push, which is why I appreciate the work that the Emerging Market Coalition is doing to drive this issue.
Conclusion
One additional reassuring sign is that I now regularly hear about this issue from financial industry leaders. Whereas even a few years ago, many of them might have been a little diffident or uncertain about cannabis banking, they now raise the question all the time: “What are you all doing in Washington about banking for marijuana businesses?” And I always tell them, “Look, I’m already on your side here! Go talk to your Congressional delegation. We need their help.”
As Prepared for Delivery on April 7, 2022
Last week the Cybersecurity and Infrastructure Security Agency published a quick guide on ID-ing Social Media Bots; automated programs that simulate human engagement on social media platforms.
Social Media Bots use artificial intelligence, big data analytics, and other programs or databases to masquerade
as legitimate users on social media. They vary depending on their function and capability: Some are helpful, like
chat bots and automated notifications, but some can be used to manipulate real users. When misused, Bots can
amplify disinformation and distort our perception of what’s important, polluting or even shutting down online
conversations.
Recognizing Bot behavior can help us respond to their attacks.
Courtesy of Henry Meier, Esq., SVP, General Counsel, New York Credit Union Association
Of course they do, but that’s not the appropriate question that regulators should be asking themselves. The real question is, whether or not financial regulators should mandate if how and when credit unions choose to address these challenges? My answer to this question is that credit unions should be left to address climate change in a way which best reflects a given institutions resources, risk profile, and membership base.
As luck would have it, I’m not the only one who feels this way. Earlier this week the FDIC released a draft of the principles it expects bankers to consider when addressing climate change issues. Crucially the proposed guidance only applies to institutions that have $100 billion or more in assets (yes, that’s billion with a B, Dr. Evil).
In a statement accompanying the proposal, FDIC chairman Martin J. Gruenberg explains that “all financial institutions, regardless of size, complexity, or business model, are subject to climate-related financial risks. However, smaller financial institutions, especially community banks, may lack the financial resources and expertise necessary to effectively identify and measure climate-related financial risks.”
What is true for community banks is certainly true for credit unions. After all, the small handful of institutions that will be subject to the FDIC’s framework, hold more assets then the entire credit union industry. This approach is similar to one taken by NCUA board members Hood and Hampton, who have stressed that at this point, individual credit unions are best positioned to respond to climate change without prodding by regulators.
What I like so much about the FDIC’s statement is that it underscores that you don’t have to be a climate change denier to recognize that imposing specific requirements on many financial institutions at this time would impose clear burdens without resulting in any clear benefits. Simply put, we are still years away from cost effectively identifying the cost associated with climate change on a micro level and integrating these costs into specific financial products. For example, without access to the most sophisticated computer modeling, can anyone really predict how many thirty-year mortgages are not appropriately priced given the risks posed by climate change in specific geographical areas? Imagine how much Fiserv would charge for adding this on to your core processer?
And even if we had cost effective technology in place, there are some complicated legal and policy tradeoffs that have to be considered. Most importantly there is no shortage of research indicating that the effects of climate change disproportionality impacts low-income communities. What is the best way to address climate change while at the same time ensuring that low-income communities have access to cost effective housing and basic financial services and products?
Do All Financial Institutions Have A Role To Play In Combating Climate Change?
Read the entire article here.