The State of State Regulation

In the realm of financial regulations, federal-level regulations tend to attract the most coverage from the media since federal agency activity can have impact across the entire country.  From the beginning of the recession fallout in 2009, approximately 17,500 pages have been added to the Federal Code Register, which houses the government’s federal regulations.  Most financial regulations stem from the federal level, and it’s easy to forget that each state often has its own unique variation. Each state has different needs or concerns, and while they cannot make the law less stringent than federal mandates, they can make the regulation stricter.  

State-level Financial Enforcement Actions over the past 12 months (Since October 30, 2018)

The challenges faced by national or large regional banks with branches in various states is to navigate the federal, independent and state agencies in each jurisdiction where they conduct business or have customers.  It is already challenging for a bank compliance team to keep track of and manage federal regulations, and with a growing emphasis on state-level laws and regulations, there is an additional layer of difficulty in managing compliance demands.  

The typical method used by most banks today is a manual approach, in other words massive spreadsheets and email threads. But as the regulatory environment continues to increase in pace and volume, and the penalties for non-compliance become even greater, banks will be forced to re-evaluate their current manual procedures in favor of solutions that help automate the aggregation, synthesization and dissemination of regulatory content. By focusing on a several highly regulated financial practices, the wide differences between regulations at the state-level can be seen.

Here are six examples of financial regulations that vary from state to state:

2. State Laws for Automated Calls

The Telephone Consumer Protection Act (TCPA) allows you to send healthcare appointment reminders as well as general appointment reminders without prior consent.  The FCC Small Entity Compliance Guide covers automatic call regulations including opt-out requirements.

When it comes to automated calls, there is a myriad of state rules on the subject.  There are states which ban all automated sales calls, and there are some states that define allowable circumstances and prohibited basis.  Some states restrict what time these calls can be placed or whether they can call a cell phone. Then some states have no legislation addressing automated calls at all. (ReminderCall.com, 2015) In addition, there is no uniform single-term used across all the states for this topic. Some states refer to it as telemarketing, telephone solicitation, automated dialing, home solicitation and so on. Managing the range of terms used to describe this topic is just another reason it is complicated to manage regulations across various states.

In 2018, South Carolina adopted and New York State announced stricter guidelines for telecommunications.  (Gupta, 2018) For banks which have customers in these states, compliance professionals must determine how the bank can contact customers living in these different states.  Larger banks must figure out how to program automated call models to obey and operate according to the laws in 50 different states and have the ability to adapt when the laws change.  For example, in South Carolina solicitation calls or texts are not permitted before 8 am or after 9 pm (EST). For a bank headquarters on the west coast, they cannot call customers who live in South Carolina until 10 am (MST).  If every state has a different time frame, it is important to take into account these time differences and regulations to stay in compliance.

3. Consumer Real Estate Foreclosure

In addition to federal laws, foreclosure proceedings are additionally outlined by state legislation.  In some states, foreclosures are always judicial; meaning the foreclosing party files a lawsuit with the court.  In other states, the foreclosure could be either judicial or nonjudicial (which means the foreclosing party follows a set of state-specific, out-of-court procedures to foreclose on the home); in those states usually, one or the other is predominately used.

Is a deficiency judgment allowed?  When a house is sold at a foreclosure sale for less than the outstanding balance, the difference between the total debt and the foreclosed sales price is called the deficiency.  Some states let the foreclosing party file a personal judgment, or “deficiency judgment” against the borrower. Other states prohibit deficiency judgments under certain circumstances which vary state to state.

Can you redeem the home after the foreclosure sale?  Certain states give foreclosed homeowners a period called a “redemption period” to buy back or “redeem” the home after foreclosure.  Depending on state law, to redeem the borrower must reimburse the purchaser for the amount he or she paid at the sale (plus certain allowable costs) or repay the total mortgage debt, plus interest and expenses.

Do you get the right to reinstate before the foreclosure sale?  Reinstatement occurs when the borrower brings the delinquent loan current in one payment satisfying all the overdue payments, plus fees and expenses incurred because of the default.  In a foreclosure, state law sometimes gives a borrower the right to reinstate up until a specific deadline. (Loftsgordon, n.d.)

In 2016 alone, 31 states introduced new legislation regarding foreclosures.  Since then ten bills and resolutions have been enacted or adopted thus far in 2018.  (Morton, 2016) For banks with mortgages on properties in different states it’s important that collections staff understand the foreclosure laws for different states.  Failure to execute a proper foreclosure could delay proceeding and cost the bank extra money in unnecessary legal fees.

4. Marijuana

Image Source: bipartisanpolicy.org

According to a report by FinCEN (the Treasury Department’s Financial Crimes Enforcement Network), by the end of March 2018, 411 banks and credit unions in the U.S. were “actively” operating accounts for marijuana-related businesses (MRBs). FinCEN publishes on its website a monthly update for Marijuana Banking that shows a steady increase of both Credit Unions and Retail Banks providing services to marijuana businesses. The most recent report says, “As of 12 July 2018, FinCEN has received a total of 57,801 SARs [suspicious activity reports) using the key phrases associated with MRBs. Several of the SARs contain more than one key phrase, which accounts for the numbers for each key phrase being greater than the total.”

What does this mean for a retail bank operating in multiple state-jurisdictions? Based on the states’ enforcement trends, one branch may be able to offer services to an MRB, whereas the same bank with a branch location in a different state may not. The varying level of enforcement activity by jurisdiction becomes an important indicator for bank compliance teams to monitor.

5. Privacy

Image Source: eff.org

In June 2018, California became the first state to pass its own privacy law, going into effect in 2020, the stringent law mirrors that of Europe’s GDPR. California’s privacy act will give California residents four major rights:

1. the right to know, through a general privacy policy and with more specifics available upon request, what personal information a business has collected about them, where it was sourced from, what it is being used for, whether it is being disclosed or sold, and to whom it is being disclosed or sold;

2. the right to “opt out” of allowing a business to sell their personal information to third parties (or, for consumers who are under 16 years old, the right not to have their personal information sold absent their, or their parent’s, opt-in);

3. the right to have a business delete their personal information, with some exceptions; and

4. the right to receive equal service and pricing from a business, even if they exercise their privacy rights under the Act.

California’s economy is so strong, that the privacy laws set in California will set the bar for any business that has California residents as customers. This is going to have a major impact across state lines, even globally, for financial institutions that operate in California or have residents in California. California’s privacy law will likely supersede any other jurisdiction’s privacy regulations, much like how the EU’s GDPR is impacting any business that operates within the EU market.

Compliance Challenges

The challenges faced by banks operating in multiple state-jurisdictions are enormous.  There are fifty states, and each state has their own spin on a wide variety of state laws, in addition to federal regulations, there are many regulatory agencies a bank has to track and manage to ensure compliance.  Most compliance professionals are forced to get their information from each state legislative website or banking associations they are a member of. Then each regulation needs to be read, analyzed, interpreted, implemented and managed and since regulations are dynamic, this is an ongoing process across organizations and disseminated to the relevant internal stakeholders.  

State updates might happen at the same pace as federal regulation, but they are exponential, meaning that for every one federal regulation there could potentially be fifty variations of state restrictions on the same subject matter.

The challenges of  allocating enough human capital to manually track and manage regulatory changes is what traditionally makes the compliance department a major cost center, but there are unique technological opportunities that RegTech solutions can directly address. 

RegTech can consolidate the regulatory activity and updates at the state-level, make it easily searchable by different topics like Money Transmitter, Foreclosures, and Automated Calls – just to name a few. An end-user platform for compliance teams that allows them to search and filter by state regulatory activity and topic area, and set focused alerts and comprehensive summaries of changes, would significantly increase productivity and reduce the amount of time it takes for compliance teams to find the information relevant to them and manage the changes required.  These RegTech platforms can provide much-needed comprehensive feed of regulatory content relating to specific products or services instead of manual tracking of such information. These tools could assist in improving compliance accuracy and reduce or eliminate human error.

—

Compliance.ai provides modern regulatory change management solutions that distill regulatory content into tangible, actionable intelligence. Compliance.ai is a leading innovator in RegTech, leveraging artificial intelligence and Expert-in-the-Loop approaches to provide the most comprehensive collection of regulatory content and insights to compliance professionals at the federal and state level.

Try the Basic Edition for free or schedule a demo to learn more.

Other Resources:

• State of Affairs: Cybersecurity & Privacy Regulations
• The Bank Secrecy Act & Cryptocurrency Regulation in the US
• Blockchain, Regulation, and Privacy