Our Attorneys

FFIEC Responds to Increased Cyber Threats With New Cybersecurity Assessment Tool 

The Federal Financial Institutional Examination Counsel (FFIEC) recently developed and released a Cybersecurity Assessment Tool in light of the growing number and sophistication of threats to financial institutions from cyber attacks. The tool is consistent with principles set forth in the now-familiar Cybersecurity Framework published by the National Institute of Standards and Technology (NIST) as well as FFIEC’s IT Handbook.

The tool assists management of financial institutions with analyzing the firm’s inherent risk for cybersecurity threats based on a number of factors, including the quantity and types of technologies and internet connections deployed, the role of online and mobile products and services offered, and what organizational characteristics demonstrate the firm’s security awareness and care or, conversely, vulnerability to cyber intrusion.

Each institution will rate differently based on its own threat profile and levels of inherent risk. Financial institutions have long taken security seriously due to the obvious liability concerns with loss or destruction of financial assets. But cyber risks present a unique vulnerability and financial institutions can no longer claim surprise or lack of awareness to the threat. Systematic and continuous risk management strategies are key to reducing risk and ultimately reducing liability should the firm suffer a breach.

How can lawyers help? Attorneys specializing in information security and risk management should be involved at every stage of risk assessment and mitigation, as well as crisis response. Cyber and information security responsibility should not rest exclusively with the IT department because it inherently involves issues of liability risk and standards of care.

Lawyers can help with integrating information security, privacy and employment policies with cybersecurity protocols and policies; establishing and maintaining incident response programs; analyzing the reasonableness of cybersecurity investments – or lack thereof – against the legal standards of care; reviewing and negotiating insurance policies; establishing and maintaining active third party vendor risk management systems including contract review; and ultimately responding immediately and effectively in the event of an information or cybersecurity incident to help manage the crisis and mitigate the damages.

Rita Heimes, Counsel
Co-chair, Information Security & Risk Management Group
Verrill Dana LLP


FEMA Issues New Rules, Although Not A Watershed Moment 

Five federal regulatory agencies recently announced a joint rule that modifies regulations that apply to loans secured by properties located in special flood hazard areas. Flood hazard areas are delineated on maps issued by the Federal Emergency Management Agency (FEMA) and pertain to areas within the floodplain having a one percent or greater chance of flood occurrence in any given year.

The final rule requires regulated lending institutions, or servicers acting on their behalf, to escrow premiums and fees for flood insurance for any loan secured by residential improved real estate or a mobile home. The rules impact loans that are made, increased, extended, or renewed on or after January 1, 2016. Under a small-lender exception, certain lending institutions with total assets of less than $1 billion may not be required to escrow flood insurance premiums.

Additionally, the joint rule grants regulated lending institutions the authority to secure flood insurance coverage for a borrower with insufficient coverage and include the cost of the coverage in the outstanding loan. This type of coverage is known as “force-placed flood insurance coverage.” The rule also stipulates circumstances under which a lender must terminate force-placed flood insurance coverage and refund payments to a borrower. For example, if a borrower obtains a flood insurance policy that overlaps with a force-placed policy, the lender or servicer must refund any premiums paid by borrower for this overlap period.

Lastly, the rule includes a statutory exemption from the requirement to purchase flood insurance for a structure that is a part of a residential property if that structure is detached from the primary residence and does not also serve as a residence, such as a garage or barn. However, lenders may nevertheless require flood insurance on detached structures to protect the collateral securing the mortgage.

A copy of the final rule will be published in the Federal Register shortly, but an advance copy is available here.

If you have any questions about how your property may be impacted by FEMA’s new rules please contact Charlie Katz-Leavy or Mat Todaro.


FDIC issues TRID Exam Procedures: Integrating TILA and RESPA

On June 30th of this year, the FDIC issued guidelines for banks related to compliance examination procedures for Truth-in-Lending Act (TILA) and the Real Estate Settlement Procedures Act (RESPA).  The Integrated Disclosure Rule for the two acts is commonly referred to as “TRID."  

The TRID rules were issued by the Consumer Financial Protection Bureau (CRPB) in late 2013, and further revised in February of this year.  The rules are slated to go into effect on August 1, although the CFPB is currently taking comments on delaying the effective date to October 3, 2015.  The comment period closes on July 7.

Briefly, the TRID rules sought to integrate the RESPA and TILA disclosures for certain closed-end mortgages, excluding certain loans such as reverse mortgages, home equity lines of credit, and mobile home loans.  The new rules also modified the timing of disclosures and revised the definition of “application” triggering the disclosure requirements.  The new definition is a 6-factor test requiring the following information from the consumer:  name, income, social security number, property address, estimated value of property, and loan amount sought. 

To assist banks with compliance, the CFPB developed a comprehensive set of online resources for TILA-RESPA Integrated Disclosure Rule implementation, which is available here.  The resources include a compliance guide, a guideline to forms, a closing factsheet, a disclosure timeline, and sample disclosure forms. 

Thenew examination procedures also addressed changes to the following rules: 

  • Higher Priced Mortgage Loan Appraisal Rule, which exemps certain transactions from appraisal requirements;
  • Mortgage Servicing Rules, which modified the definition of “small servicer” to include nonprofit entities servicing fewer than 5000 mortgages;and
  • Ability to Repay/Qualified Mortgage Rule, which added a “cure provision” allowing creditors or assignees a set amount of time to refund to the consumer excess points, fees, or interest on either as necessary to allow the mortgage to maintain Qualified Mortgage (QM) status.

The examination guidelines were issued as part of Financial Institution Letter FIL-27-2015, which can be found here


Department of Labor Proposes to Guarantee Overtime Pay to Workers Earning Less than $50,440 Annually

The Department of Labor issued proposed rules yesterday, to address President Obama’s 2014 Presidential Memorandum calling for an update to the overtime regulations, to “modernize and simplify” them while ensuring that the “intended overtime protections are fully implemented.”

The proposed rules would raise the threshold under which workers are guaranteed overtime, from the current $455 a week ($23,660 a year) to $970 a week ($50,440 a year) in 2016. Going forward, the DOL also proposes to automatically update the salary threshold based on inflation or a fixed percentile of earnings.

Notably, the proposal does not recommend changes to the “duties test” and the DOL reiterated its position that as salaries rise, a less robust examination of the employees’ duties is needed. It stopped short, however, of abandoning the duties test altogether, stating “[w]hile the salary provides an initial bright-line test for [overtime] exemption, application of a duties test is imperative to ensure that overtime-eligible employees are not swept into the exemption.” As part of the rule making process, the DOL is seeking comments on the following issues:

Click to read more ...


Financial Institutions . . . In the News

  • Machias Bancorp MHC and its subsidiaries newest bank directors are Zachary Means and LuAnn Ballesteros. (Mount Desert Islander 6.4.2015)
  • US Regulators urge caution when considering reverse mortgages.  (Maine News Online 6.5.2015)
  • Financial decisions today may not be wise for tomorrow.  (Pittsburg Post-Gazette 6.11.2015)
  • Houses vacated during the foreclosure process create numerous issues for lenders and neighborhoods.  ( 6.12.2015)
  • Androscoggin Bank’s trust department seeking approval to become Portland Trust Co. to have offices in Lewiston and Portland.  (PPH 6.15.2015)
  • Maine community banks almost double the value of commercial loans processed from 2007 to 2014.  (PPH 6.18.2015)
  • Mortgage restrictions imposed on six banks for failing to comply with home foreclosure enforcement orders.  (Maine News Online 6.18.2015)