Online Form Builder for Consumer Privacy Notices
May 18, 2010 by Bierce & Kenerson, P.C.
The privacy of consumer financial transactions was a cornerstone of the Gramm-Leach-Bliley Act (GLB). Eight U.S. federal regulators are responsible for enforcing the GLB privacy rule: the Board of Governors of the Federal Reserve System, Commodity Futures Trading Commission, Federal Deposit Insurance Corporation, Federal Trade Commission, National Credit Union Administration, Office of the Comptroller of the Currency, Office of Thrift Supervision and the Securities and Exchange Commission (SEC).
In light of the importance of privacy, financial institutions have sought and finally obtained some predictability in their compliance.
Model Form of GLB Privacy Notice. On November 17, 2009, the eight agencies issued a final GLB model form that, if used, provides a legal safe harbor to firms that voluntarily choose to use the model form in satisfaction of the GLB disclosure requirements for privacy notices.
Online Form of GLB Privacy Notice. On April 15, 2010, the eight federal regulators released an Online Form Builder that regulated financial institutions can download and use to develop and print customized versions of a model consumer privacy notice. The “form builder’ enables a regulated financial institution to select the version of the model form that fits its practices, such as whether the institution provides an opt-out for consumers.
To obtain a legal “safe harbor” for complying with the law’s disclosure requirements, financial institutions must follow the instructions in the model form regulation when using the Online Form Builder. The Online Form Builder is available at: http://www.federalreserve.gov/newsevents/press/bcreg/privacy_notice_instructions.pdf
Health Spending Accounts: Employers and Co-Employers Can Escape ERISA Fiduciary Liability through HR Outsourcing
October 9, 2009 by Bierce & Kenerson, P.C.
The Medicare Prescription Drug, Improvement, and Modernization Act of 2003, Pub. L. No. 108-173 (the “Medicare Modernization Act”) was signed by President Bush on Dec. 8, 2003. Under this law, “health spending accounts” (“HSA’s”) are authorized to allow individuals to pay for current health expenses and save for future qualified health expenses on a tax-free basis. Section 1201 of the Medicare Modernization Act added section 223 to the Internal Revenue Code to permit eligible individuals to establish HSAs for taxable years beginning after December 31, 2003. To be eligible for an HSA, an individual must be covered by a High Deductible Health Plan (“HDHP”) and must not be covered by another health plan.
In late April 2004, the U.S. Department of Labor clarified that HSA’s that are offered and managed by third-party providers, independent of an employer’s plan, do not constitute employee welfare benefit plans governed the onerous eligibility, vesting, fiduciary duty and other requirements of Title I of the Employee Retirement Income Security Act of 1974 (“ERISA”). However, the employer could be liable as an ERISA fiduciary under certain circumstances.
This administrative legal interpretation opens the door for independently provided HSA’s through insurance companies, healthcare systems, preferred purchasing providers and other organizations that do not directly employ the HSA participant. For professional employer organizations (“PEO’s”) who are co-employers, the opportunity to provide HSA’s is opened up, provided that the PEO is not engaged in activities that would qualify the HSA as an ERISA-covered plan.
Overview.
The Department of Labor’s guidance makes clear that while private-sector employer-sponsored HDHPs are group health plans subject to ERISA’s reporting, disclosure, fiduciary responsibility and other requirements, HSAs generally will not constitute ERISA-covered employee benefit plans. Instead, HSA’s will be treated as “group insurance” or “group-type insurance” programs that fall within the “safe harbor” of plans that are no deemed employee welfare benefit plans within the meaning of section 3(1) of ERISA.
The guidance also clarifies that an employer can make contributions to the HSA of an eligible individual without being considered to have established or maintained the HSA as an ERISA-covered plan, provided that the employer’s involvement with the HSA is limited.
Why HR Outsourcing Works.
Title I of ERISA imposes reporting, disclosure, fiduciary duty and other requirements upon employers who establish or maintain health or welfare benefits for their employees. Outsourcing the establishment and management of HDHP’s removes the employer (and, in the case of a PEO, the co-employer) from that degree of managerial control and discretion that makes an HDHP a regulated ERISA benefit plan. Employers seeking to make HDHP’s available to their employees should do so only through an independently offered plan that the employer does not manage.
What the Employer Can Do (ERISA).
To avoid coming under ERISA’s scope, the employer (or co-employer) may:
- pay contributions to an HSA that is established and maintained by an independent entity;
- impose terms and conditions on contributions that would be required to satisfy tax requirements under the Internal Revenue Code (the “Code”), and
- limit the forwarding of contributions through its payroll system to a single HSA provider (or permit only a limited number of HSA providers to advertise or market their HSA products in the employer’s workplace).
The employer (and also the HSA provider) may:
- restricts the ability of the employee to move funds to another HSA beyond those restrictions imposed by the Code.
What the Employer Can Do (Tax).
On April 12, 2004, the Internal Revenue Service issued For months before January 1, 2006, an individual who would otherwise be an “eligible individual” under section 223(c)(1)(A), but is covered by both an HDHP that does not provide benefits for prescription drugs and by a separate health plan or rider that provides prescription drug benefits before the minimum annual deductible of the HDHP is satisfied (i.e., the separate prescription drug plan is not an HDHP), will continue to be an “eligible individual” and may make contributions to an HSA based on the annual deductible of the HDHP.
What the Employer May not Do (ERISA).
The employer will run afoul of ERISA if the employer were to play a role in the design or administration of the HSA. Excessive control will occur if the employer does any of the following:
- limit the ability of eligible individuals to move their funds to another HSA beyond restrictions imposed by the Code;
- impose conditions on utilization of HSA funds beyond those permitted under the Code;
- make or influence the investment decisions with respect to funds contributed to an HSA;
- represent that the HSAs are an employee welfare benefit plan established or maintained by the employer; or
- receive any payment or compensation in connection with an HSA.
Best Practices in HRO.
Employers and their HR service providers and insurers can adopt some practical “best practices” in order to secure the benefits of the safe-harbor provisions of Section 3(1) of ERISA.
HSA Plan Providers.
To assist the employer in avoiding any implication that the employer (or co-employer) is engaged in any of these ERISA-regulated activities, HSA plan providers should design their plans and promotional and marketing activities to clearly fall within the “safe harbor” and clearly to address these issues.Employers and PEO’s.
Employers (and PEO’s and other statutory co-employers) should amend their employee welfare benefit plans to clarify that the employer is not engaged in any such activities and that the employees can not rely upon the employer for more than payments as contemplated by the HSA plan.
More.
For further details including citations and detailed best practices, contact wbierce@outsourcing-law.com or one of our attorneys.
Mortgage Loan Servicing and Other Outsourcing by TARP-Assisted Entities: Criminalization of Contract Fraud under Government Contracts
September 27, 2009 by Bierce & Kenerson, P.C.
Do you know whether you are a subcontractor receiving payments from an entity assisted under the U.S. Troubled Assets Relief Program or the American Recovery and Reinvestment Act of [February] 2009? You should be aware of the criminalization of contract fraud and the protection of whistleblowers denouncing contract fraud in your operations.
Mortgage and other TARP-Related Fraud Claims. The U.S. federal Fraud Enforcement and Recovery Act of 2009 (“FERA”) identified fraud in mortgage origination as a key systemic risk in the financial system. P.L. 111-10, S. 386, 111th Cong., 1st Sess. So it extended the definition of criminal fraud affecting financial institutions to include frauds by mortgage lending businesses that finance or refinance any debt secured by an interest in real estate, including private mortgage companies, so long as their activities “affect interstate or foreign commerce.” And “major fraud against the Government” was extended to include any fraud involving “any grant, contract, subcontract, subsidy, loan, guarantee, insurance or other form of Federal assistance, including through the Troubled Asset Relief Program [“TARP”], an economic stimulus, recovery or rescue plan, provided by the Government, or in the Government’s purchase of any troubled asset as defined in the Emergency Economic Stabilization Act of 2008.” 18 U.S.C. § 1031(a), as amended by FERA.
Budget for Prosecutions. The presumption is that there are criminal frauds in TARP operations. For the initial year, FERA appropriated $265 million for prosecution of such frauds: $75 million for the FBI to investigate mortgage fraud, $50 million for U.S. Attorneys, $35 million for the Department of Justice (allocated $20 million to the Criminal Division and another $15 million for the Civil Division), $5 million for the Tax Division of the Department of Justice, $30 million to combat postal fraud, $30 million for HUD, $20 million for the Secret Service and $20 million for the SEC.
Liability. FERA imposes triple damages liability (plus fines plus the Government’s costs of prosecution) on an extended scope of frauds under the False Claims Act, 31 U.S.C. § 3729(a), as amended. While an element of “knowing” action is involved in such frauds, it may be hard to distinguish between a knowing intention to complete a record that is vague or incomplete with “knowingly making, using or causing to be made a false record or statement to an obligation to pay or transmit money or property to the Government.” If you find you made this mistake, you can cleanse your sins and pay only double damages by confessing in 30 days.
Scienter. So what level of consciousness is required to have criminal “knowledge?” By definition, the terms “knowing” and “knowingly” means that a person “has actual knowledge of the information; [or] acts in deliberate ignorance of the truth or falsity of the information; or acts in reckless disregard of the truth or falsity of the information.” To prove a “knowing” fraud, the prosecutor does not need to prove a specific intent to defraud. FERA, 31 U.S.C. § 3729(b), as amended.
The Government as Customer. Under FERA, anyone who submits a payment request to “a contractor, grantee or other recipient” is subject to a claim of criminal fraud, provided that the money or property to be spent is to be used “on the Government’s behalf or to advance a government program or interest” where the U.S. Government provides “any portion” of the money or property.
Whistleblower Protection. FERA protects “any employee, contractor or agent” from being “discharged, demoted, suspended, threatened, harassed, or in any other manner discriminated against in the terms of conditions of employment because of lawful acts” to stop violations. Such protection includes 200% of back pay plus interest on back pay, special damages and litigation and attorneys’ costs. 31 U.S.C. § 3730(h) as amended.
Impact on Mortgage Loan Servicers. In companion legislation, the “Helping Families Save Their Homes Act of 2009” defines guidelines for “servicers” of mortgage loans who have conflicting duties of serving the interests of investors and the Governmental interest in limiting needless foreclosures that destabilize property values and damage State and local economies. P.L. 111-22, S. 896, 111th Cong., 1st Sess. (2009). “Servicers” provide the services of collecting and paying over to lenders the principal and interest on mortgage loans. Where the loans are bundled and sold as securities (CDO’s, trusts, special purpose entities, participation certificates) or otherwise bundled as a pool of residential mortgage loans, the “servicers” act on behalf each of the lenders across a spectrum of loans.
In the “Helping Families” act, Congress authorized mortgage loan services to “modify mortgage loans and engage in other loss mitigation activities” consistent with Treasury guidelines and defined a “safe harbor” under the Truth in Lending Act (15 U.S.C. § 1472(h), as amended) to do so. In essence, Congress rewrote the mortgage loan servicing contracts.
First, the servicer has some duty to maximize the net present value of the mortgages. In such case, the Helping Families law redefines that duty as not to maximize the value of any single mortgage, but across all mortgage holders combined.
Second, the service is not liable if it implements a “qualified loss mitigation plan” (for residential loan modification or workout, such as by loan sale, real property disposition, trial modification, pre-foreclosure sale, or deed in lieu of foreclosure). This plan needs to meet three criteria: (i) the borrower has defaulted, or default is imminent or reasonably foreseeable, (ii) the borrower occupies the property as the principal residence, and (iii) the servicer determines (under Treasury guidelines) that the loss mitigation plan is “more likely to provide an anticipated recovery on the outstanding principal debt” than the anticipated recovery through foreclosure. By acting under these “safe harbor” principles, the servicer “that is deemed to be acting in the best interests of all investors” is statutorily exempt from liability to any party and is not subject to equitable remedies such as a stay or injunction.
The Perilous “Safe Harbor.” This is not much of a “safe harbor,” since the law is riddled with the tests of “reasonableness” as to the likelihood of the borrower’s future default and as to whether the “loan mitigation” (restructuring or workout) plan is truly in the best interests of the majority of lenders. In mid-September 2009, the Treasury Department issued new “guidance” tax rules that make it easier for distressed property owners to restructure their loans that were bundled into mortgage pools and sold to investors as securities, since earlier “guidance” prevented delinquent commercial developers from talking to servicers about restructuring, and similar “guidance” applied to residential mortgages. (Note: the “Helping Families” law does not apply to commercial mortgage-backed securities, “CMBS”).
Lessons for Service Providers Exercising Business Judgment, such as Loan Servicers. Loan servicing, particularly for bundled or pools of residential mortgages, constitutes a classic outsourcing transaction for well-defined scope of services. While the Real Estate Settlement Procedures Act has traditionally governed loan servicing, the global recession of 2007 and after has placed loan servicers in a unique conflict of interest beyond the usual need to occasionally restructure a loan under pre-recession conditions. The service remains in the challenging position of having to make judgments about whether loan modification will have a higher yield to investors than loan foreclosure. Their job is to identify and work with financially sound borrowers to pursue alternative “loss mitigation” for those who are not. The servicer remains subject to liability for errors in judgment, even if made in good faith. In short, the economics converted the exception into the rule: most loans now need some “loan mitigation.”
In the case of residential and commercial mortgages, the servicers came under Treasury regulations governing defaulting, or imminently defaulting, loans.
Lessons can be learned for those providing “financial and accounting” services, particularly services where mistakes can be seen as possible frauds:
- Using Tools and Business Process Automation to Support Business Judgments. Where a service provider is hired to deliver services that exercise business judgment, the risks of mistake can be reduced by “automating” those business processes that support the exercise of judgment. In the case of mortgage loan servicers, the use of “net present value” computations (which assumes certain market factors such as interest rates and future payment streams) set the framework for deciding whether loans in the loan portfolio would have a higher value if restructured than if foreclosed. In other services, the use of metrics, software tools and other automation techniques help not only with predictive diagnostics, but also with remediation of errors in judgment or service quality. In all services where regulatory compliance is a part of the provider’s role, the policies and procedures manuals should establish decision trees and work flows that meet the regulatory framework.
- Avoiding Fraud Claims. Fraud claims offer a claimant an easy way to pursue an aggressive litigation strategy. Being inherently based on unique facts, each case of “fraud” defies the usual motion by a defendant for summary judgment. By adopting legally compliant workflows and having more than one person responsible for making business judgments, a service provider has a better chance of avoiding fraud liability for “rogue” decisions. While outsourcing is based on well-defined business processes that can be automated or performed by one person, the exercise of business judgment should be a team sport to avoid risks of weak judgment, bad judgment or bad faith (“scienter”).
- Multiple Customers, Conflicting Duties. When the scope of services includes any services that require the exercise of business judgment, prudence or good faith, the service provider should identify how it can legitimately serve the interests of “multiple masters.” The “Helping Families” act gives some leeway by allowing the servicer to act for the general advantage of all “masters,” even though some masters (lenders) will not be getting pari passu equal treatment with the others. Pari passu does not work for multiple customers in a bundle or pooled service.
- Contractual Safe Harbors. Similarly, when the scope of services requires such business judgment or even fiduciary duty, the service provider and enterprise customer should define contractually what considerations and processes should be adopted to reach a “satisfactory” outcome.
- “Change of Control” + “Force Majeure” = Increased Risk. When collateralized debt obligations became unmarketable as “toxic,” the government stepped in and imposed a new framework. Parties to an outsourcing relationship should carefully consider the possibility of such intervention and changes in risk and reward structures by governmental fiat.