BANK BROKERS LLC

Federal Reserve Bank Announces Nationwide Mortgage Licensing System and Registry (SAFE ACT)

The federal bank, thrift and credit union regulatory agencies, along with the Farm Credit Administration, have announced that the Nationwide
Mortgage Licensing System and Registry will begin accepting federal registrations today, Jan. 31, 2011.

Under the Secure and Fair Enforcement for Mortgage Licensing Act (S.A.F.E. Act) and the agencies' final rules, residential mortgage loan
originators employed by banks, savings associations, credit unions or Farm Credit System institutions must register with the registry, obtain
a unique identifier from the registry, and maintain their registrations. More information on this is found at: http://mortgage.nationwidelicensingsystem.org/fedreg/Pages/default.aspx.

Federal Reserve Announces Online Publication Rules About Credit Decision and Notices

Lenders often consider a consumer's credit history or credit score when deciding whether, and at what cost, to extend credit. A new online Federal Reserve publication helps consumers better understand new notices they may receive from lenders when credit reports or credit scores affect a decision to grant credit.

The publication, "What You Need To Know: New Rules about Credit Decisions and Notices," describes the types of notices consumer may receive and provides links to sample notices. It includes information about what consumers should do if they receive a notice, including instructions on how to dispute credit report errors.

The notices are required by rules issued by the Federal Reserve Board and the Federal Trade Commission. The new rules, which took effect January 1, 2011, generally require a creditor to provide a consumer with a notice when, based on the consumer's credit report, the creditor provides credit to the consumer on terms that are less favorable than those provided to other consumers. Consumers who receive this "risk-based pricing" notice will be able to obtain a free credit report to check the report's accuracy.

As an alternative to providing risk-based pricing notices, creditors can choose to provide consumers who apply for credit with a free credit score and information about their score. Today, most consumers must pay a fee to obtain their credit score.

As anticipated, on January 25, 2011, the Securities and Exchange Commission (the "SEC") proposed amendments to the accredited investor standards in its rules under the Securities Act of 1933, as amended (the "Securities Act"), to reflect the requirements of Section 413(a) of the Dodd-Frank Wall Street Reform and Consumer Protection Act (the "Dodd-Frank Act").¹ The SEC also proposed technical amendments to Form D and a number of rules to conform the language in the rules to the language of Section 413(a) and to correct cross-references to former Section 4(6) of the Securities Act, which was renumbered Section 4(5) by Section 944 of the Dodd-Frank Act.

The "Red Flags" Rules: A Burgeoning Standard of Care for Financial Institutions

What Are the Red Flags Rules?

The Red Flags Rules mandate that all financial institutions and creditors who maintain covered accounts develop and implement written programs to identify, detect, and respond to specific activities indicative of identity theft.

Identification of Red Flags: The program must identify the "red flags" of identity theft that may arise in daily business operations.

Detection of Red Flags: Covered financial institutions and creditors must develop procedures for spotting red flags when they do arise.

Responding to Red Flags: The program must detail what actions will be taken when a red flag is detected.

Ensuring Constant Vigilance: Because identity thieves are never complacent, any identity theft program must detail how it will address the latest threats.

Compliance with the Rules.

The Red Flags Rules require that "financial institutions" and "creditors" that offer or maintain "covered accounts" be able to recognize and address signs of identity theft.

The term "financial institutions" includes: (1) all banks, savings associations, and credit unions; and (2) any other person that directly or indirectly holds a transaction account belonging to a consumer. 16 C.F.R. § 681.2(7) (referencing 16 C.F.R. § 603.2(a)).

A "creditor" is "any person who regularly extends, renews, or continues credit; any person who regularly arranges for the extension, renewal, or continuation of credit; or any assignee of an original creditor who participates in the decision to extend, renew, or continue credit." 16 C.F.R. § 681.2(5) (referencing 15 U.S.C. § 1681a(r)(5)).

The term "covered account" has two parts: (1) A covered account is one used "primarily for personal, family, or household purposes, that involves or is designed to permit multiple payments or transactions." 16 C.F.R. § 681.2(3). Such accounts include credit card, mortgage and checking accounts.

(2) Also included is any other account "for which there is a reasonably foreseeable risk to customers or to the safety and soundness of the financial institution or creditor from identity theft." Id. This definition seeks to address concerns that certain other accounts — like proprietorship accounts — may be vulnerable to identity theft.

Effect of Complying with the Red Flags Rules.

The Red Flags Rules impose civil penalties and do not provide for a private right of action. Yet failure to comply with them carries far greater costs than simply the risk of governmental sanction.

First, compliance with the Red Flags Rules assures consumers that proactive steps are being taken to fight identity theft. Early and consistent adopters of the Red Flags Rules may well receive a "security premium" from consumers.

Second, the best way to remedy a problem is to avoid it altogether. By adopting, updating, and adhering to its Red Flags program, a financial institution or creditor can address the problem of identity theft when it is easiest to do so — before it arises.

Finally, compliance with the Red Flags Rules may assist financial institutions and creditors in addressing any potential negligence claims that may arise should an instance of identity theft occur.

While the Red Flags Rules do not provide a private cause of action, there is good reason to believe that these Rules will form the baseline standard of care. Like the Red Flags Rules, the Health Insurance Portability and Accountability Act ("HIPAA") does not provide a private cause of action. See Acara v. Banks, 470 F.3d 569, 571 (5th Cir. 2006) (collecting cases and noting that "every district court that has considered this issue is in agreement that the statute does not support a private right of action"); see also O'Donnell v. Blue Cross and Blue Shield of Wyo., 173 F. Supp. 2d 1176 (D. Wyo. 2001). Yet a number of courts recently have permitted plaintiffs to bring suit where HIPAA violations have been used to sustain state-law negligence claims and RICO actions. See Acosta v. Byrum, 638 S.E.2d 246, 253 (N.C. App. 2006) (holding that while HIPAA does not create a private right of action, reference to HIPAA may help establish a breach of the appropriate standard of care).

The result is that while the Red Flags Rules do not provide a cause of action, they may serve as a baseline standard of care in proving a claim premised upon another cause of action.

Conclusion.

Identity theft poses a real threat to consumers, financial institutions, and creditors alike.

The Red Flags Rules require that financial institutions and creditors who provide covered accounts develop a program for detecting and responding to potential instances of identity theft. By implementing these Rules, financial institutions and creditors can address consumers' concerns about identity theft, avoid identity theft problems before they arise, and minimize exposure to legal liability.

Bank Brokers LLC is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts