In July 2019, the Consumer Financial Protection Bureau (“CFPB”) issued an update to its 2016 Advisory and Recommendations for Financial Institutions on Preventing and Responding to Elder Financial Exploitation (“Update”). The Update focuses on recent developments in state laws related to elder financial exploitation (“EFE”) and makes a number of recommendations to financial institutions on how to best handle EFE.
Developments in State Law
The Update highlighted four principal sets of state law developments.
As of April 2019, 26 states and the District of Columbia require financial institutions or certain financial professionals to report suspected EFE.
Since 2016, a substantial number of states have enacted legislation permitting delayed disbursements of funds or transaction holds when a financial institution believes that financial exploitation may occur. Generally, when a financial institution chooses to hold a transaction, it must report the suspected financial exploitation. Most states’ statutes apply only to broker/dealers, financial advisers, or others dealing in securities. Several states, however, also extend their statutes to depository institutions such as banks and credit unions.
Since 2016, Kentucky, Tennessee, Texas, and Utah have enacted new laws regarding the production of records to investigatory agencies. Kentucky and Texas (along with Illinois Minnesota, and Wisconsin) now require that financial institutions provide records related to suspected EFE to Adult Protective Services (“APS”) and law enforcement, either as part of a report or referral or upon request pursuant to an investigation. Tennessee and Utah (along with North Carolina) now require that financial institutions provide records related to suspected EFE to authorized investigatory agencies if the agency serves a subpoena. Additionally, Maryland and Washington permit, but do not require, financial institutions to provide records related to suspected EFE as part of a report or referral or upon request pursuant to an investigation.
Ohio now requires that employees of banks, savings banks, savings and loan associations, or credit unions, in addition to certain financial professionals, report suspected financial exploitation.
CFPB Recommendations to Financial Institutions
The CFPB also made a series of recommendations in the Update.
Protocols and Procedures:
First, financial institutions should develop and implement internal protocols and procedures for protecting account holders from EFE, including training requirements, procedures for making reports, compliance with the Electronic Fund Transfer Act as implemented by Regulation E, means of consent for information-sharing with trusted third parties, and procedures for collaborating with key stakeholders.
Second, financial institutions should harness technology to detect EFE by ensuring that their fraud detection systems include analyses of the types of products and account activity that may be associated with EFE risk.
Third, financial institutions should report suspected EFE to all appropriate local, state, or federal responders, regardless of whether reporting is mandatory or voluntary under state or federal law (which, in general, does not violate the privacy provisions of the Gramm-Leach-Bliley Act).
Fourth, financial institutions should file Suspicious Activity Reports (“SARs”) when the financial institution suspects EFE. When a financial institution files an EFE-related SAR, it should also report to APS and/or relevant law enforcement agencies. Financial institutions should work with their legal counsel to expedite their responses to requests for SAR supporting documentation by law enforcement and other agencies with authority to access SARs.
Fifth, financial institutions should collaborate with other stakeholders such as law enforcement, APS, and service organizations, as well as expedite documentation requests and provide financial records at no charge to APS and law enforcement when requested.
Finally, financial institutions should establish clear, efficient training protocols to enhance their capacity to prevent, detect, and respond to EFE. This training curriculum should include indicators of potential EFE, describe what actions to take when employees detect problems, and describe the roles of management, frontline staff, and other employees. A key benefit from following this suggestion is that under the Federal Senior Safe Act, which became effective in June 2018, an eligible financial institution[i] is not liable for disclosing suspected EFE to certain agencies if the institution has trained its employees on identifying EFE and the disclosure is made in good faith and with reasonable care by a trained employee.[ii]
These developments at the state level and recommendations by the CFPB strongly indicate a governmental full‑court press against EFE. While local, state, and federal agencies and law enforcement are all working to identify and address EFE, financial institutions play an integral role in the process. Financial institutions should ensure compliance with state law and should train their personnel to detect EFE and report suspected EFEs to relevant law enforcement and governmental agencies.
[i] Eligible institutions are depository institutions, credit unions, investment advisers, broker/dealers, insurance companies, insurance agencies, insurance advisers, and transfer agents.
[ii] Specifically, the training must: (1) instruct any individual attending the training on how to identify and report the suspected exploitation of a senior citizen internally and, as appropriate, to government officials or law enforcement authorities, including common signs that indicate the financial exploitation of a senior citizen; (2) discuss the need to protect the privacy and respect the integrity of each individual customer of the covered financial institution; and (3) be appropriate to the job responsibilities of the individual attending the training.