Financial Service Alert

The FRB published revisions to the disclosure requirements for credit and charge card solicitations and applications. Regulation Z, implementing the federal Truth in Lending Act, requires that certain direct mail and other solicitations and applications to open credit and charge card accounts include disclosures in the form of a table, commonly known as the "Schumer Box." The amendments are intended to make the disclosures more noticeable and easier to understand. The amendments require that the annual percentage rate ("APR") for purchase transactions be provided in no less than 18-point type and appear under a separate heading from other APRs, such as penalty rates. APRs for cash advances and balance transfers must be included in the Schumer Box. The Schumer Box disclosures must be "readily noticeable," meaning in at least "12-point type," and in a "reasonably understandable form." New commentary clarifies that to satisfy the current requirement that the Schumer Box be prominently located, it should be on the same page as the application or solicitation reply form or, if located elsewhere, the form should contain a clear and conspicuous reference to the location of the disclosures. Additionally, in the interest of reducing clutter in the Schumer Box, new commentary prohibits the inclusion of additional information inside the table. The revisions are effective immediately and compliance is mandatory as of October 1, 2001.

• OCC Authorizes Financial Subsidiary to Engage in Title Insurance Agency Activities

The OCC issued a decision (Corporate Decision #2000-14) approving a national bank’s proposal to sell title insurance, as agent, through a financial subsidiary. The decision notes that financial subsidiaries are authorized to act as insurance agents for all types of insurance, including title insurance, in any state. Therefore, although federal law provides that national banks generally may not engage in any activity involving underwriting or sale of title insurance, financial subsidiaries of national banks are permitted to engage in those activities. The decision also reconfirms that financial subsidiaries must obtain appropriate licenses and abide by applicable state laws in conducting the insurance activities.

• FDIC Issues Guidance Concerning Bank Monitoring of Computer Network Security

The FDIC issued a letter (the "Letter," FIL-67-2000) in which it suggests that banks consider utilizing certain practices described in the Letter to help the banks secure network operating systems and applications run by these operating systems. In the Letter, the FDIC warns banks of the need to increase computer security to protect the bank against "crackers/hackers." The FDIC notes that a bank’s systems, whether linked to the Internet through an in-house connection or through a third-party outside service provider, are subject to the risk that a cracker/hacker will exploit a weakness in the system and thereby gain access to the network and, "ultimately, to financial institution data." The Letter asserts that banks are expected to perform regular security reviews on routers, firewalls, network servers and other devices to ensure the systems are up-to-date and remain secure. Moreover, bank management should prepare a written recovery plan and form an incident response team to address potential attacks on the bank’s computer system. In the Letter, the FDIC suggests banks make use of certain Internet sites that provide "free notification of systems and application vulnerabilities." The Letter notes that the majority of improper systems intrusions are the acts of individuals within the bank and, accordingly, it is imperative to maintain strong internal controls, including periodic reviews of employee systems access levels and background checks of staff and contractor personnel with access to the bank’s systems or financial data. Should the bank use a third party service provider with respect to its Internet site or to process customer data, the bank, states the Letter, should independently evaluate the service provider’s security programs to make certain that adequate controls are in place to protect the financial data of the bank and its customers.

• Proposed OTS Strategy Regarding Mutual Savings Associations, Mutual Holding Companies and Mutual-to-Stock Conversions

As briefly reported in a past issue of the Alert, the OTS issued a proposed rule (the "Proposed Rule", OTS-2000-57) under which it proposes to implement a new comprehensive regulatory strategy with respect to mutual institutions, mutual holding companies ("MHCs") and the mutual-to-stock conversion process. The stated purpose of the Proposed Rule is to help the OTS retain the attractiveness of the mutual form of ownership. The July 25, 2000 issue of the Alert discussed the portion of the OTS strategy that was implemented immediately and that makes it easier for thrifts to repurchase stock. The other section of the Proposed Rule concerns policy guidance for mutuals, changes to the mutual-to-stock conversion process and amended application procedures. With respect to policy guidance for mutuals, the Proposed Rule focuses on capitalization, compensation, on-site examinations and financial analyses of mutual institutions. The OTS states that it is exploring "the use of subordinated debt instruments, mutual capital certificates, non-withdrawable accounts, trust preferred securities and other financing transactions" as means of raising capital for mutuals. Under the Proposed Rule, in connection with mutual-to-stock conversions, management of an MHC that desires to convert must meet with the OTS to review the proposed business plan before filing a plan of conversion. The Proposed Rule also sets forth required elements of the business plan and requires management of the converting entity to satisfy the OTS that, after conversion, the stock form entity would earn a reasonable return on equity, meet other financial standards, and have sufficient management depth, systems capacity and legal and accounting support. The OTS has extended the comment period until November 9, 2000.

The OCC has issued a bulletin (OCC Bulletin 2000-25) that summarizes the federal laws and regulations, applicable to national banks and their subsidiaries, concerning privacy and disclosure of consumer financial information. A copy of the OCC Bulletin is available from GPH upon request.