The September 2022 WBA Compliance Journal is now available. In this edition, WBA Legal covers Part 1 of a two-part series regarding contracting with minors. In this first part, readers will find a series of Q&As regarding WUTMA accounts and a new reference chart. The publication also includes a summary of recently published agency rules and notices and other important compliance-related updates for bankers.
Posts
By WBA Legal
In late August, the Board of Governors of the Federal Reserve System (FRB), Federal Deposit Insurance Corporation (FDIC), and Office of the Comptroller of the Currency (OCC) issued a new resource titled, Conducting Due Diligence on Financial Technology Companies, A Guide for Community Banks (Guide), which was intended to help community banks in conducting due diligence when considering relationships with fintech companies.
Use of the Guide is voluntary, and it does not anticipate all types of third-party relationships and risks. Therefore, a community bank can tailor how it uses relevant information in the Guide, based on its specific circumstances, the risks posed by each third-party relationship, and the related product, service, or activity (herein, activities) offered by the fintech company.
While the Guide is written from a community bank perspective, the fundamental concepts may be useful for banks of varying size and for other types of third-party relationships. Due diligence is an important component of an effective third-party risk management process, as highlighted in the federal banking agencies’ respective guidance; which, for FRB-regulated banks is SR Letter 13-19, for FDIC-regulated banks is FIL-44-2008, and for OCC banks is Bulletin-2013-29.
During due diligence, a community bank collects and analyzes information to determine whether third-party relationships would support its strategic and financial goals and whether the relationship can be implemented in a safe and sound manner, consistent with applicable legal and regulatory requirements. The scope and depth of due diligence performed by a community bank will depend on the risk to the bank from the nature and criticality of the prospective activity. Banks may also choose to supplement or augment their due diligence efforts with other resources as appropriate, such as use of industry utilities or consortiums that focus on third-party oversight.
The Guide focuses on six key due diligence topics, including relevant considerations and a list of potential sources of information. The following is a summary of the key due diligence topics within the Guide.
Business Experience and Qualifications
The agencies have identified that by evaluating a fintech company’s business experience, strategic goals, and overall qualifications, a community bank can better consider a fintech company’s experience in conducting the activity and its ability to meet the bank’s needs. Review of operational history will provide insight into a fintech company’s ability to meet a community bank’s needs, including, for example, the ability to adequately provide the activities being considered in a manner that enables a community bank to comply with regulatory requirements and meet customer needs.
Review of client references and complaints about a fintech company may provide useful information when considering, among other things, whether a fintech company has adequate experience and expertise to meet a community bank’s needs and resolve issues, including experience with other community banking clients. Review of legal or regulatory actions against a fintech company can be indicators of the company’s track record in providing activities.
When a community bank is considering a third-party relationship, discussing a fintech company’s strategic plans can provide insight on key decisions it is considering, such as plans to launch new products or pursue new arrangements (such as acquisitions, joint ventures, or joint marketing initiatives). A community bank may subsequently consider whether the fintech company’s strategies or any planned initiatives would affect the prospective activity. Further, inquiring about a fintech company’s strategies and management style may help a community bank assess whether a fintech company’s culture, values, and business style fit those of the community bank.
The agencies further instruct that understanding the background and expertise of a fintech company’s directors and executive leadership may provide a community bank useful information on the fintech company’s board and management knowledge and experience related to the activity sought by the community bank. A community bank may also consider whether the company has sufficient management and staff with appropriate expertise to handle the prospective activity.
For example, imagine that a fintech company, its directors, or its management have varying levels of expertise conducting activities similar to what a community bank is seeking. A fintech company’s historical experience also may not include engaging in relationships with community banks. As part of due diligence, a community bank may therefore consider how a fintech company’s particular experiences could affect the success of the proposed activity and overall relationship. Understanding a fintech company’s qualifications and strategic direction will help a community bank assess the fintech company’s ability to meet the community bank’s expectations and support a community bank’s objectives. When evaluating the potential relationship, a community bank may consider a fintech company’s willingness and ability to align the proposed activity with the community bank’s needs, its plans to adapt activities for the community bank’s regulatory environment, and whether there is a need to address any integration challenges with community bank systems and operations.
Financial Condition
Another step the agencies identified is for a bank to evaluate a fintech company’s financial condition to help the bank assess the company’s ability to remain in business and fulfill any obligations created by the relationship. Review of financial reports provide useful information when evaluating a fintech company’s capacity to provide the activity under consideration, remain a going concern, and fulfill any of its obligations, including its obligations to the community bank. Understanding funding sources provide useful information in assessing a fintech company’s financial condition. A fintech company may be able to fund operations and growth through cash flow and profitability or it may rely on other sources, such as loans, capital injections, venture capital, or planned public offerings.
Additionally, information about a fintech company’s competitive environment may provide additional insight on the company’s viability. Review of information on a fintech company’s client base can shed insight into any reliance a fintech company may have on a few significant clients. A few critical clients may provide key sources of operating cash flow and support growth but may also demand much of a fintech company’s resources. Loss of a critical client may negatively affect revenue and hinder a fintech company’s ability to fulfill its obligations with a community bank. A community bank may also consider a fintech company’s susceptibility to external risks, such as geopolitical events that may affect the company’s financial condition.
For example, some fintech companies, such as those in an early or expansion stage, have yet to achieve profitability or may not possess financial stability comparable to more established companies. Some newer fintech companies may also be unable to provide several years of financial reporting, which may impact a community bank’s ability to apply its traditional financial analysis processes. When audited financial statements are not available, a community bank may want to seek other financial information to gain confidence that a fintech company can continue to operate, provide the activity satisfactorily, and fulfill its obligations. For example, a community bank may consider a fintech company’s access to funds, its funding sources, earnings, net cash flow, expected growth, projected borrowing capacity, and other factors that may affect a fintech company’s overall financial performance.
Legal and Regulatory Compliance
The Guide further outlines how in evaluating a fintech company’s legal standing, its knowledge about legal and regulatory requirements applicable to the proposed activity, and its experience working within the legal and regulatory framework, better enables a community bank to verify a fintech company’s ability to comply with applicable laws and regulations.
A bank may want to consider reviewing organizational documents and business licenses, charters, and registrations as such documentation provides information on where a fintech company is domiciled and authorized to operate (for example, domestically or internationally) and legally permissible activities under governing laws and regulations. Reviewing the nature of the proposed relationship, including roles and responsibilities of each party involved, may also help a community bank identify legal considerations. Assessing any outstanding legal or regulatory issues may provide insight into a fintech company’s management, its operating environment, and its ability to provide certain activities.
A bank could also consider reviewing a fintech company’s risk and compliance processes to help assess the fintech company’s ability to support the community bank’s legal and regulatory requirements, including privacy, consumer protection, fair lending, anti-money-laundering, and other matters. A fintech company’s experience working with other community banks may provide insight into the fintech company’s familiarity with the community bank’s regulatory environment. Reviewing information surrounding any consumer-facing applications, delivery channels, disclosures, and marketing materials for community bank customers can assist a community bank to anticipate and address potential consumer compliance issues. Considering industry ratings (for example, Better Business Bureau) and the nature of any complaints against a fintech company may provide insight into potential customer service and compliance issues or other consumer protection matters.
For example, some fintech companies may have limited experience working within the legal and regulatory framework in which a community bank operates. To protect its interests, community banks may consider including contract terms requiring (a) compliance with relevant legal and regulatory requirements, including federal consumer protection laws and regulations, as applicable; (b) authorization for a community bank and the bank’s primary supervisory agency to access a fintech company’s records; or (c) authorization for a community bank to monitor and periodically review or audit a fintech company for compliance with the agreed-upon terms. Other approaches could include (1) instituting approval mechanisms (for example, community bank signs off on any changes to marketing materials related to the activity), or (2) periodically reviewing customer complaints, if available, related to the activity.
Risk Management and Controls
The agencies have also identified that by banks evaluating the effectiveness of a fintech company’s risk management policies, processes, and controls, such review helps a community bank to assess the company’s ability to conduct the activity in a safe and sound manner, consistent with the community bank’s risk appetite and in compliance with relevant legal and regulatory requirements.
Banks should consider reviewing a fintech company’s policies and procedures governing the applicable activity as it will provide insight into how the fintech company outlines risk management responsibilities and reporting processes, and how the fintech company’s employees are responsible for complying with policies and procedures. A community bank may also use the information to assess whether a fintech company’s processes are in line with its own risk appetite, policies, and procedures. Information about the nature, scope, and frequency of control reviews, especially those related to the prospective activity, provides a community bank with insight into the quality of the fintech company’s risk management and control environment. A community bank may also want to consider the relative independence and qualifications of those involved in testing. A fintech company may employ an audit function (either in-house or outsourced). In these cases, evaluating the scope and results of relevant audit work may help a community bank determine how a fintech company ensures that its risk management and internal control processes are effective.
Banks should also consider the findings, conclusions, and any related action plans from recent control reviews and audits as the information may provide insight into the effectiveness of a fintech company’s program and the appropriateness and timeliness of any related action plans. Evaluating a fintech company’s reporting helps a community bank to consider how the fintech company monitors key risk, performance, and control indicators; how those indicators relate to the community bank’s desired service-level agreements; and how the fintech company’s reporting processes identify and escalate risk issues and control testing results. A community bank may also consider how it would incorporate such reporting into the bank’s own issue management processes. Review of information on a fintech company’s staffing and expertise, including for risk and compliance, provide a means to assess the overall adequacy of the fintech company’s risk and control processes for the proposed activity.
Information on a fintech company’s training program also assists in considering how the fintech company ensures that its staff remains knowledgeable about regulatory requirements, risks, technology, and other factors that may affect the quality of the activities provided to a community bank.
For example, a fintech company’s audit, risk, and compliance functions will vary with the maturity of the company and the nature and complexity of activities offered. As a result, a fintech company may not have supporting information that responds in full to a community bank’s typical due diligence questionnaires. In other cases, a fintech company may be hesitant to provide certain information that is considered proprietary or a trade secret (for example, their development methodology or model components). In these situations, a community bank may take other steps to identify and manage risks in the third-party relationship and gain confidence that the fintech company can provide the activity satisfactorily.
For example, a community bank may consider on-site visits to help evaluate a fintech company’s operations and control environment, or a community bank’s auditors (or another independent party) may evaluate a fintech company’s operations as part of due diligence. Other approaches could include (a) accepting due diligence limitations, with any necessary approvals and/or exception reporting, compared to the community bank’s normal processes, commensurate with the criticality of the arrangement and in line with the bank’s risk appetite and applicable third-party risk management procedures; (b) incorporating contract provisions that establish the right to audit, conduct on-site visits, monitor performance, and require remediation when issues are identified; (c) establishing a community bank’s right to terminate a third-party relationship, based on a fintech company’s failure to meet specified technical and operational requirements or performance standards. Contract provisions may also provide for a smooth transition to another party (for example, ownership of records and data by the community bank and reasonable termination fees); or (d) outlining risk and performance expectations and related metrics within the contract to address a community bank’s requirements
Information Security
In understanding a fintech company’s operations infrastructure and the security measures for managing operational risk, a community bank may better evaluate whether the measures are appropriate for the prospective activity. A community bank may evaluate whether the proposed activity can be performed using existing systems, or if additional IT investment would be needed at the community bank or at the fintech company to successfully perform the activity. For example, a community bank may evaluate whether the fintech company’s systems can support the bank’s business, customers, and transaction volumes (current and projected). A fintech company’s procedures for deploying new hardware or software, and its policy toward patching and using unsupported (end-of-life) hardware or software, will provide a community bank with information on the prospective third party’s potential security and business impacts to the community bank.
For example, fintech companies’ information security processes may vary, particularly for fintech companies in an early or expansion stage. Community banks may evaluate whether a fintech company’s information security processes are appropriate and commensurate with the risk of the proposed activity. Depending on the activity provided, community banks may also seek to understand a fintech company’s oversight of its subcontractors, including data and information security risks and controls.
For a fintech company that provides transaction processing or that accesses customer data, for example, community banks may request information about how the fintech company restricts access to its systems and data, identifies and corrects vulnerabilities, and updates and replaces hardware or software. The bank may also consider risks and related controls pertaining to its customers’ data, in the event of the fintech company’s security failure. Also, contractual terms that authorize a community bank to access fintech company records can better enable the bank to validate compliance with the laws and regulations related to information security and customer privacy.
Operational Resilience
A community bank may evaluate a fintech company’s ability to continue operations through a disruption. Depending on the activity, a community bank may look to the fintech company’s processes to identify, respond to, and protect itself and customers from threats and potential failures, as well as recover and learn from disruptive events. It is important that third-party continuity and resilience planning be commensurate with the nature and criticality of activities performed for the bank.
Evaluating a fintech company’s business continuity plan, incident response plan, disaster recovery plan and related testing can help a community bank determine the fintech company’s ability to continue operations in the event of a disruption. Also, evaluating a fintech company’s recovery objectives, such as any established recovery time objectives and recovery point objectives, helps to ascertain whether the company’s tolerances for downtime and data loss align with a community bank’s expectations. A community bank that contemplates how a fintech company considers changing operational resilience processes to account for changing conditions, threats, or incidents, as well as how the company handles threat detection (both in-house and outsourced) may provide a community bank with additional information on incident preparation. Discussions with a fintech company, as well as online research, could provide insights into how the company responded to any actual cyber events or operational outages and any impact they had on other clients or customers.
Understanding where a fintech company’s data centers are or will reside, domestically or internationally, helps a community bank to consider which laws or regulations would apply to the community bank’s business and customer data. Another matter for a community bank to consider is whether a fintech company has appropriate insurance policies (for example, hazard insurance or cyber insurance) and whether the fintech company has the financial ability to make the community bank whole in the event of loss.
Service level agreements between a community bank and a fintech company set forth the rights and responsibilities of each party with regard to expected activities and functions. A community bank may consider the reasonableness of the proposed service level agreement and incorporate performance standards to ensure key obligations are met, including activity uptime. A community bank may also consider whether to define default triggers and recourse in the event that a fintech company fails to meet performance standards.
A fintech company’s monitoring of its subcontractors (if used) may offer insight into the company’s own operational resilience. For example, a community bank may inquire as to whether the fintech company depends on a small number of subcontractors for operations, what activities they provide, and how the fintech company will address a subcontractors’ inability to perform. A community bank may assess a fintech company’s processes for conducting background checks on subcontractors, particularly if subcontractors have access to critical systems related to the proposed activity.
For example, as with previous due diligence scenarios, fintech companies may exhibit a range of resiliency and continuity processes, depending on the activities offered. Community banks may evaluate whether a fintech company’s planning and related processes are commensurate with the nature and criticality of activities performed for the bank. For example, community banks may evaluate a fintech company’s ability to meet the community bank’s recovery expectations and identify any subcontractors the fintech company relies upon for recovery operations. A fintech company may have recovery time objectives for the proposed activity that exceed the desired recovery time objectives of a community bank. If a fintech company can meet the community bank’s desired recovery time objectives, the bank may consider including related contractual terms, such as a contract stipulation that the community bank can participate in business continuity testing exercises and that provides appropriate recourse if the recovery time objective is missed in the event of an actual service disruption.
A community bank may also consider appropriate contingency plans, such as the availability of substitutable service providers, in case the fintech company experiences a business interruption, fails, or declares bankruptcy and is unable to perform the agreed-upon activities. In addition to potential contractual clauses and requirements, a community bank’s management may also consider how it would wind down or transfer the activity in the event the fintech company fails to recover in a timely manner.
Conclusion
The agencies have outlined a number of relevant considerations, non-exhaustive lists of potential sources of information, and illustrative examples to assist community banks with identifying strengths and potential risks when considering relationships with fintech companies. The voluntary Guide helps provide a starting point for banks with their due diligence efforts. The Guide may be viewed here.
Highlighted Special Focus From the October 2021 Compliance Journal
The long awaited proposed rule regarding the collection and reporting of small business lending data as required by Section 1071 of the Dodd-Frank Act has finally been released by the Bureau of Consumer Financial Protection (CFPB). Unfortunately, the proposed rule is as broad and onerous as the industry expected it to be as it will be costly to train, implement, and monitor. The proposal would revise Regulation B, which implements the Equal Credit Opportunity Act (ECOA), to require the collection and reporting to CFPB certain data on applications for credit by small businesses. The proposal is substantial; however, below is a brief summary of the proposed rule.
Who Must Collect Data
The first step of analysis for any proposal is to identify whether it will apply to the bank. In this case, the proposal is broad and will very likely apply to all banks in Wisconsin. As proposed, if a bank originates at least 25 credit transactions that are considered “covered credit transactions” to “small businesses” in each of the two preceding years, the proposed rule will apply to the bank. Generally, a “small business” under the proposal is a business that had $5 million or less in gross annual revenue for its preceding fiscal year.
What CFPB has proposed be considered a “covered credit transaction” is a bit trickier an analysis but is generally the same as what is considered an application under the existing Regulation B definition of “application.” The proposed term does; however, exclude reevaluation requests, extension requests, or renewal requests on an existing business credit account, unless the request seeks additional credit amounts; also excluded is an inquiry or prequalification request.
What Data is to be Collected
Next, the data to be collected. Dodd-Frank Act Section 1071 identified certain data that must be collected by CFPB; the law also gave CFPB discretion to collect additional data. CFPB has incorporated all Dodd-Frank Act required data and several discretional data into its proposal. In particular, banks must collect a unique identifier of each application, application date, application method, application recipient, action taken by bank on the application, date action taken, denial reasons, amount applied for, amount originated or approved, and pricing information including interest rate, total origination charges, broker fees, initial annual charges, additional cost for merchant cash advances or other sales-based financing, and prepayment penalties.
Banks must also collect credit type, credit purpose, information related to the applicant’s business such as census tract, NAICS code and gross annual revenue for applicant’s preceding fiscal year, number of applicant’s non-owner workers, applicant’s time in business, and number of applicant’s principal owners.
There is also demographic information about the applicant’s principal owners to collect. These data points include minority- and women-owned business status, and the ethnicity, race, and sex of the applicant’s principal owners. The proposal also requires banks to maintain procedures to collect applicant-provided data at a time and in a manner that is reasonably designed to obtain a response, addresses how banks are to report certain data if data are not obtainable from an applicant, when banks are permitted to rely on statements made by an applicant, when banks must verify applicant’s responses to certain data collected, and when banks may reuse certain data collected in certain circumstances such as when data was collected within the same calendar year as a current covered application and when the bank has no reason to believe the data are inaccurate.
When and How Data Must be Reported
Banks would be required to collect data on a calendar-year basis and report the data to CFPB by June 1 of the following year. CFPB has proposed to provide technical instructions for the submission of data in a Filing Instructions Guide and related materials.
The submitted data is also to be made available to the public on an annual basis. Banks would be required to make the reported data available on their website, or otherwise upon request, or must provide a statement that the bank’s small business lending application register is available on CFPB’s website. Model language for such statement has been proposed by CFPB.
Limit of Certain Bank Personnel’s Access to Certain Data
The proposed rule implements a requirement under Section 1071 that banks limit certain employees’ and officers’ access to certain data. CFPB refers to this as the “firewall.” Pursuant to the proposed rule, an employee or officer of a bank or bank’s affiliate who are involved in making any determination concerning the applicant’s covered application would be prohibited from accessing an applicant’s responses to inquiries that the bank made regarding whether the applicant is a minority- or woman-owned business. Such employees are also restricted from information about an applicant’s ethnicity, race, and sex of the applicant’s principal owners.
There are exceptions to the requirement if it is not feasible to limit such access, as that factor is further set forth in the proposal. If an exception is permissible under the proposal, notice must be given to the application regarding such access. Again, CFPB has created model language for such notice.
Recordkeeping and Enforcement
The proposal establishes certain recordkeeping requirements, including a three year retention period for small business lending application registers. The proposal also includes a requirement to maintain an applicant’s responses to Section 1071 inquiries regarding whether an applicant is a minority- or women-owned business, and responses regarding the ethnicity, race, and sex of the applicant’s principal owners, separate from the rest of the application and accompanying information.
The proposal does include enforcement for violations of the new rules, addresses bona fide errors, and provides for a safe harbor.
Learn More and Get Involved
The proposal and additional information, including a chart of the proposed data collection points, may be viewed at: https://www.consumerfinance.gov/rules-policy/rules-under-development/small-businesslending-data-collection-under-equal-credit-opportunity-act-regulation-b/
WBA will comment on the proposal and will create a template letter for bankers to use in providing their own comments to CFPB regarding the impact the proposal will have on the bank. Comments are due 90 days from publication of the proposed rule in the Federal Register. At time of publication of the article, the proposal had not yet been published. CFPB has proposed mandatory compliance of a final rule be eighteen months after its effective date. WBA Legal is creating a working group to collect data and concerns from Wisconsin’s bankers on the proposal. If you wish to be part of the working group, please contact WBA Legal at wbalegal@wisbank.com.
This article originally ran in the September 2021 edition of the WBA Compliance Journal, to view the entire publication, click here.
The Wisconsin Supreme Court (Court) recently decided two cases to allow the Wisconsin Department of Natural Resources (DNR) to place permit restrictions on large livestock farms and high-capacity wells as a way to protect Wisconsin’s water. The issue in both cases is whether DNR had the authority under Wisconsin law to issue permits with conditions.
In both cases, the Court looked to language used in Sec. 227.10(2m) Wis. Stats. and determined that (1) agencies’ actions under administrative law need be supported by explicit, not specific, statutory or regulatory authority; and (2) that explicit authority can be broad in scope. As a result of the two decisions, DNR was given broader authority than many believed was permissible since enactment of 2011 Wisconsin Act 21 (Act 21) because the agency actions authorized by the Court are not specifically stated in the statute sections in question. The following is a summary of the two cases.
Kinnard Farms
In the first case, Kinnard operates a large, concentrated animal feeding operation (CAFO). Kinnard wanted to expand its dairy operations by building a second site and adding 3,000 dairy cows. The expansion required Kinnard to apply to DNR for reissuance of its Wisconsin Pollutant Discharge Elimination System (WPDES) permit to include both the original site and the proposed expansion. DNR approved the application and reissued Kinnard’s WPDES permit.
Persons (petitioners) living near the CAFO sought review of the reissued WPDES permit because of their proximity to the farm, had private drinking wells, and were concerned the proposed expansion would exacerbate current groundwater contamination issues. The petitioners alleged that the reissued WPDES permit was inadequate because, among other things, it did not set a “maximum number of animal units” or “require monitoring to evaluate impacts to groundwater.”
DNR granted the petitioners a contested case hearing and the matters were referred to an administrative law judge (ALJ). Kinnard filed for summary judgment alleging DNR lacked statutory authority to impose the conditions, citing Act 21. The ALJ denied the motion and conducted a four-day evidentiary hearing during which community members who lived or worked near the CAFO testified about contamination of well water and the impact the contamination had on their businesses, homes, and daily lives. Based upon evidence presented by residents and experts, the ALJ determined that DNR had “clear regulatory authority” to impose the two conditions disputed upon Kinnard’s reissued WPDES permit.
Ultimately the matter was argued to the Court. The issue in the case involved sec. 227.10(2m), Wis. Stats., which dictates that “[n]o agency may implement or enforce any standard, requirement, or threshold…unless that standard, requirement, or threshold is explicitly required or explicitly permitted by statute or by a rule that has been promulgated in accordance with this subchapter.” (emphasis added). The parties disputed the meaning of “explicitly required or explicitly permitted” in the context of DNR imposing conditions upon Kinnard’s reissued WPDES permit.
Kinnard asserted that explicit means specific, and that in the absence of statutory or administrative authority, DNR must first promulgate a rule in order to impose the conditions upon its reissued WPDES permit. The DNR and petitioners counter that such a reading of “explicitly required or explicitly permitted” was too narrow, and that Kinnard had overlooked the explicit, but broad, authority given to DNR in Secs. 283.31(3) – (5) Wis. Stats. to prescribe such conditions.
The Court first looked to dictionary definitions of the term “explicit” and revised Sec. 227.10(2m) in context and determined explicit authority can be broad in scope. The court next examined the text of Secs. 283.31(3) – (5), and related regulations, to determine whether DNR had explicit authority to impose an animal unit maximum and off-site groundwater monitoring conditions upon Kinnard’s reissued WPDES permit. The Court held that while the statute sections do not specifically state an animal unit limit or off-site ground water monitoring, DNR did have explicit authority to prescribe both conditions when it reissues the WPDES permit.
The Court determined that (1) agencies’ actions under administrative law need be supported by explicit, not specific, statutory or regulatory authority; and (2) that explicit authority can be broad in scope.
High-Capacity Wells
In a second case, the Court also reviewed whether Sec. 227.10(2m) Wis. Stats. allowed for DNR to consider the potential environmental effects of proposed high-capacity wells when such consideration is not required under Sec. 281.34(4) Wis. Stats.
For some types of wells, DNR is required to follow a specific process in its environmental review of a well application. For other types of wells, a specific process is not required; however, DNR often still considers the potential environmental impact of a proposed well when considering a well application. Eight well applications in dispute in the case where the type that no specific environmental review was required. DNR did have information that the wells would negatively impact the environment. DNR approved the eight applications knowing of the wells impact having concluded it did not have the authority to consider the proposed wells’ environmental impact.
Clean Wisconsin and the Pleasant Lake Management District (collectively, Clean Wisconsin) appealed DNR’s action arguing DNR’s decision was contrary to the Court’s decision in the Lake Beulah Management District v. DNR (2011 WI 54, 335 Wis. 2d 47, 799 N.W.2d 73) case. In Lake Beulah, the Court held that DNR had the authority and discretion to consider the environmental effects of all proposed high-capacity wells under the public trust doctrine when it determined that a proposed well would harm other waters in Wisconsin.
DNR argued the Lake Beulah court case was no longer good law because Act 21 had since become law and the law limits an agency’s action to only those “explicitly required or explicitly permitted to state or by a rule.” The eight well applications were for the type of wells for which there was no formal environmental review under Sec. 281.34 Wis. Stats. DNR had also relied on a past Attorney General opinion which stated the agency could not rely on the public-trust authority and could not rely upon the Lake Beulah case as that would not withstand the requirements under Wis. Stats. Sec. 227.10(2m) (OAG-01-16).
With respect to the high-capacity well applications, the Court ruled in favor of Clean Wisconsin having determined DNR has explicit authority, based upon its broad public trust authority under Secs. 281.11 and 281.22 Wis. Stats., to determine the environmental impact of high-capacity wells despite the fact that Sec. 281.34 does not specifically state such requirement. The Court’s finding reaffirmed the Court’s Lake Beulah decision despite enactment of Act 21.
Take Away from Cases
The interesting and concerning parts of the decisions is that after the passage of Act 21, many took the revised language of Sec. 227.10(2m) Wis. Stats. to mean that for an agency to act, the action had to be specifically stated or provided for within statutory language or administrative rule. If the action was not within such language, the agency would first have to promulgate a rule or otherwise change statutory language for the agency to take the actions desired.
However, given how the Court has interpreted “explicit” in the two cases, that may not be the case. It is possible that because of the two Court decisions, an agency make act regardless of the action not being stated within statutory language or administrative rule. Instead, it is possible an agency may rely on its broader authority for action.
Financial institutions should keep the decisions of the two Court cases in mind when considering whether an agency has the authority to act in a particular manner. Financial institutions should be cautious that just because an action is not specifically found within statute or rule, the action may still be authorized under a broader, explicit authority. Despite the passage of Act 21, agency action could be broad.
As is often the case, one should read the dissenting opinions of both cases. The dissenting opinions outline the concerns of many regarding how broad an agency may act despite Act 21, despite the fact the agency’s actions were not specifically stated within statute or administrative rule in connection with reissuing an WPDES permit or when approving the type of well applications involved in the high-capacity well case, and despite the Court’s previous decision under Tetra Tech EC Inc. v. Wisconsin Dep’t of Revenue, 2018 WI 75, 373 Wis.2d 2387, 890 N.W.2d. 598. The decisions appear to give back to agencies potentially broad authority.
Conclusion
In both cases, the Court looked to language used in Wis. Stats. Sec. 227.10(2m) and determined that (1) agencies’ actions under administrative law need be supported by explicit, not specific, statutory or regulatory authority; and (2) that explicit authority can be broad in scope. As a result of the two decisions, DNR was given broader authority than many believed was permissible since enactment of Act 21 and Tetra Tech. Financial institutions need be aware of the Court decisions and be cautious that just because an action is not specifically found within statute or rule, the action may still be authorized under an agency’s broader, explicit authority.
Clean Wisconsin et. Al v. Wis. Dep’t of Natural Resources, 2021 WI 71 (Kinnard Farm) decision may be viewed at: https://www.wicourts.gov/sc/opinion/DisplayDocument.pdf?content=pdf&seqNo=386188
Clean Wisconsin and Pleasant Lake Mgmt. Dist. v. Wis. Dep’t of Natural Resources, 2021 WI 72 (High-Capacity Wells) decision may be viewed at: https://www.wicourts.gov/sc/opinion/DisplayDocument.pdf?content=pdf&seqNo=385454
By, Ally Bates
This was the Special Focus section for the May 2020 Compliance Journal, click here to view the entire edition.
Title II, Subpart B of the Coronavirus Aid, Relief, and Economic Security Act (CARES Act) consists of provisions that affect retirement account distributions, charitable contributions, and employer payments on student loans. The following is a summary of the provision affecting retirement accounts.
Several sections of Subpart B effect distributions from retirement accounts including: temporary treatment for coronavirus-related distributions, limited repayment and income tax treatments for qualified individuals, and waivers from required minimum distributions.
Coronavirus-related Distributions
The new law allows for temporary treatment for distributions referred to as “coronavirus-related distributions” (CRDs). For a distribution to be considered a CRD, the distribution need be:
- Made on or after January 1, 2020 and before December 31, 2020; and
- Made to an individual:
- Who is diagnosed with the virus SARS-CoV-2 or with coronavirus disease 2019 (COVID-19) by a test approved by the Centers for Disease Control and Prevention;
- Whose spouse or dependent (as defined in section 152 of the Internal Revenue Code) is diagnosed with such virus or disease by such a test; or
- Who experiences adverse financial consequences as a result of being:
- Quarantined;
- Furloughed or laid off or having work hours reduced due to such virus or disease; or
- Unable to work due to lack of childcare due to such virus or disease, closing or reducing hours of a business owned or operated by the individual due to such virus or disease, or other factors as determined by the Secretary of the Treasury.
CRDs are permitted for up to $100,000 (in the aggregate) from eligible retirement accounts and are not subject to the standard 10% withholding tax penalty that would otherwise apply to a distribution taken before the participant was 59½. Eligible retirement accounts include qualified defined contribution retirement plans, including 401(k), 403(b), 457(b), and IRAs.
The new law does allow for retirement plan administrators to rely upon an employee certification that he/she meets the CARES Act conditions to make a CRD. There is no further detail in the CARES Act regarding what specific certification should be made for reliance there upon.
CRDs will automatically be included as qualified individual taxable income ratably over a 3-taxable year period beginning with the year withdrawn. The participant may voluntarily elect income treatment differently—such as including CRDs as qualified taxable income all in one tax year.
The CARES Act also allows participants to repay CRDs back to eligible retirement plans and IRAs for which they are beneficiaries and for which a rollover contribution of such distributions can be made. The repayment period is three years from date the distribution was received. Repayments will be treated as satisfying general 60-day rollover requirements and will generally require the participant to file an amended tax return.
Loans from Qualified Retirement Plans
Separate from options available for CRDs, the CARES Act increases the amount qualified individuals may borrow from a qualified retirement plan. From the date of enactment until 180 days thereafter, qualified individuals may borrow up to 100% of the individual’s vested account balance or $100,000, whichever is less. This is an increase from current thresholds of 50% and $50,000. A qualified individual is someone that meets the criteria listed in item 2. above. Not all retirement plans allow for participant loans; plan participants should discuss loan options with retirement plan administrators.
In the case of a qualified individual with an outstanding loan from a qualified retirement plan on or after the date of enactment of the CARES Act (March 27, 2020), if the due date for any repayment of the outstanding loan occurs during the period beginning March 27, 2020 and ending December 31, 2020, such due date is delayed for one year. In determining the traditional 5-year period for when a loan from a qualified retirement plan must be repaid, the traditional time period disregards the delayed period.
Waiver of Required Minimum Distribution for 2020
The rules for required minimum distributions (RMDs) for defined contribution plans (such as 403(b) and certain 457(b) accounts) and IRAs have also been impacted by the CARES Act. Under section 2203 of the Act, RMDs are waived for 2020. Due to the changes, an accountholder who was otherwise required to take an RMD in 2020 is no longer required to take the RMD. Additionally, an accountholder who turned 70½ in 2019 but had not yet taken the first RMD by April 1, 2020, is not required to take the first RMD; nor is that accountholder required to take a 2020 RMD.
The RMD changes also impact inherited IRA-holders. If an accountholder inherited an IRA from a person who died before January 1, 2020, the accountholder is not required to take a 2020 RMD. If the accountholder inherited an IRA as a designated beneficiary, the accountholder is generally required have the IRA funds distributed to him/her within a ten-year time period. Under the CARES Act, if the death occurred after December 2019, the ten-year period does not start until 2021—skipping 2020. A non-designated beneficiary (i.e., estate, charity) normally is required to receive the inherited IRA funds over a 5-year period. Under the CARES Act, 2020 is skipped giving the non-designated beneficiary six years to have the IRA funds fully distributed.
A change made by the CARES Act is independent of the Setting Every Community up for Retirement Enhancement Act (SECURE Act). The CARES Act made no changes to the new timing rules of the SECURE Act. Thus, under the SECURE Act, it remains that if an IRA-holder reached 70½ prior to January 1, 2020, or if the IRA-holder is not yet 70½, once the IRA-holder reaches 72 after December 31, 2019, he/she must take an RMD.
Bank Considerations
Given the new distribution flexibilities for retirement accounts, banks should consider whether further tracking of withdrawals should be implemented for distributions made pursuant to the CARES Act. For example, is the bank be able to track the amount of CRDs taken by a qualified individual from an IRA to help ensure the customer did not exceed the $100,000 threshold. Or whether the bank should track CRDs to then anticipate repayments thereof and perhaps monitor both the timing and amount of repayment.
Bank should also consider whether any type of automatic RMD activity need be ceased before an otherwise pre-arranged RMD is disbursed to the customer. Banks should be in contact with those IRA customers in distribution regarding the changes made to RMDs. IRA customers may still decide to voluntarily receive an RMD even though the CARES Act waives the distribution requirement for 2020.
Banks should also become familiar with the frequently asked questions released by the Internal Revenue Service (IRS) regarding the changes made by the CARES Act. In the guidance, IRS references past guidance issued after Hurricane Katrina. It is expected IRS will use the practices implemented in that past disaster in its implementation of the CARES Act changes. IRS needs to issue further guidance for some of the changes made by the CARES Act; banks should keep an eye on the IRS website for that further guidance. The IRS guidance may be viewed at: https://www.irs.gov/newsroom/coronavirus-related-relief-for-retirement-plans-and-iras-questions-and-answers
Conclusion
Title II, Subpart B of CARES Act affect retirement account distributions, charitable contributions, and employer payments on student loans. The changes made to retirement accounts include CRDs, limited repayment and income tax treatments for certain withdrawals made by qualified individuals, and waivers from RMDs for 2020.
Banks should be familiar with guidance issued by the IRS, including a series of frequently asked questions and should consider how the changes may impact IRA operations. Bank should also consider reaching out to IRA customers currently in distribution regarding the opportunity to waive RMDs for 2020.
By, Ally Bates
This was the Special Focus section for the May 2020 Compliance Journal, click here to view the entire edition.
On Tuesday, April 28, 2020, the Board of Governors of the Federal Reserve System (FRB) issued an interim final rule to amend Regulation D to delete the numeric limits on certain kinds of transfers and withdrawals that may be made each month from “savings deposits” (interim final rule or IFR). The interim final rule is effective immediately.
Background
The Federal Reserve Act authorizes FRB to impose reserve requirements on certain types of deposits of depository institutions. Regulation D distinguishes between reservable “transaction accounts” and non-reservable “savings deposits” based on the ease with which the depositor may make transfers or withdrawals from the account. Prior to the interim final rule, Regulation D defined the term “savings deposit” to require, under the terms of the deposit contract or by practice of the depository institution, that the depositor be permitted to make no more than six transfers or withdrawals (in any combination) per calendar month or statement cycle of at least four weeks (six transfer limit).
In January 2019, the Federal Open Market Committee (FOMC) announced its intention to implement monetary policy in an ample reserves regime. Considering that shift, on March 15, 2020, FRB reduced reserve requirement ratios to zero percent effective March 26, 2020, eliminating reserve requirements for all depository institutions. Because of the elimination of reserve requirements on all transaction accounts, the regulatory distinction between reservable “transaction accounts” and non-reservable “savings deposits” is no longer necessary. Thus, FRB issued the IFR to delete the six transfer limit from the definition of “savings deposit.”
Impact of the Change and Considerations for Banks
The IFR allows depository institutions to immediately suspend enforcement of the six transfer limit, but does not require any mandatory changes. Because the six transfer limit was deleted, financial institutions may, but are not required to, permit their customers to make an unlimited number of convenient transfers and withdrawals from their savings deposits.
Many financial institutions have questioned whether the deletion of the six transfer limit is permanent. FRB has stated that, as discussed above, the underlying reason enabling the changes in Regulation D is the FOMC’s choice of monetary policy framework of an ample reserve regime. In such a regime, reserve requirements are not needed. Thus, the distinction made by the transfer limit between reservable and non-reservable accounts is also not necessary. The FOMC’s choice of a monetary policy framework is not a short-term choice. FRB does not have plans to re-impose transfer limits but may make adjustments to the definition of savings accounts in response to comments received on its interim final rule and, in the future, if conditions warrant.
In short, based upon the IFR, and FRB’s clarifying statements above, the deletion of the six transfer limit is indefinite. The interim final rule amends Regulation D with no time limitations. FRB could later re-implement the six transfer limit, but would be required to issue a new rule. As discussed above, FRB currently has no plans to re-implement the six transfer limit.
FRB has answered additional frequently asked questions. Some of the more common questions and answers are provided below:
- May depository institutions continue to report accounts as “savings deposits” on their FR 2900 reports even after they suspend enforcement of the six-transfer limit on those accounts?
Yes. Depository institutions may continue to report these accounts as “savings deposits” on their FR 2900 reports after they suspend enforcement of the six-transfer limit on those accounts. - If a depository institution suspends enforcement of the six-transfer limit on a “savings deposit,” may the depository institution report the account as a “transaction account” rather than as a “savings deposit”?
Yes. If a depository institution suspends enforcement of the six-transfer limit on a “savings deposit,” the depository institution may report that account as a “transaction account” on its FR 2900 reports. A depository institution may instead, if it chooses, continue to report the account as a “savings deposit.” - May depository institutions suspend enforcement of the six-transfer limit on a temporary basis, such as for six months?
Yes. - How did the recent amendments to Reg D impact Reg CC?
Regulation CC provides that an “account” subject to Regulation CC includes accounts described in 12 CFR 204.2(e) (transaction accounts) but excludes accounts described in 12 CFR 204.2(d)(2) (savings deposits). Because Regulation CC continues to exclude accounts described in 12 CFR 204.2(d)(2) from the Reg CC “account” definition, the recent amendments to Regulation D did not result in savings deposits or accounts described in 12 CFR 204.2(d)(2) now being covered by Regulation CC.
In its FAQs, FRB states that the IFR does not specify the manner in which depository institutions that choose to amend their account agreements may do so. Meaning, the IFR, and Regulation D in general, does not require or prescribe how a financial institution must modify its account agreements with respect to the six transaction limitation. However, WBA reminds financial institutions to consider Regulation DD, which implements the Truth in Savings Act.
Regulation DD requires a depository institution to give its consumers 30 calendar days advance notice of any change in a term if the change may reduce the annual percentage yield or adversely affect the consumer. The notice shall include the effective date of the change. If a financial institution decides to remove the six transaction limitation, such a change is positive to the customer and would not require advance notice. Financial institutions might still decide to provide notice of the change from a customer service standpoint, however.
There are other situations that might necessitate advanced notice of a change in terms under Regulation DD. As discussed above, the deletion of the six-month transaction limitation is indefinite. However, financial institutions have the flexibility to choose how to act on that change. Financial institutions could choose to maintain their current policies, procedures, and account agreements, or modify them, and could do so on a temporary basis. For example, a financial institution might decide to permit its customers to make unlimited transactions for a period of six months. At the end of the six-month period, if the financial institution decides to re-implement the six transaction limitation, 30 days advance notice would be required as the change would be adverse to the customer.
Conclusion
FRB’s interim final rule deletes the six transaction limit from Regulation D without further limitation. The amendments are intended to allow depository institution customers more convenient access to their funds and to simplify account administration for depository institutions. The IFR permits, but does not require, depository institutions to suspend enforcement of the six transfer limit. Thus, financial institutions have the flexibility to determine whether, and how, to act upon the deletion of the six transfer limit.
Additional Resources
FRB’s Interim Final Rule
FRB’s Monetary Policy and Reduction of Reserve Requirements
FRB’s FAQ on Reserves
FRB’s FAQ on Savings Deposits
FRB on Reporting Changes
By, Ally Bates
The below article is the Special Focus section of the February 2020 Compliance Journal. The full issue may be viewed by clicking here.
Globally, the London Interbank Offered Rate (LIBOR) is one of the most widely used interest rate benchmarks. However, this benchmark may cease to exist at the end of 2021, necessitating a transition away from LIBOR. This article briefly discusses the reasons why LIBOR may be ending and then concentrates on how financial institutions should prepare for its potential end.
The End of LIBOR
LIBOR is calculated as the average of interest rates that a panel of large London banks report that they would charge other banks to borrow unsecured for a specified period of time. Despite LIBOR’s widespread use as a reference rate by financial institutions, its reliability and sustainability has been called into question in recent years for a number of different reasons.
Concerned that LIBOR was becoming less stable and reliable, the Financial Conduct Authority (FCA), the United Kingdom’s financial regulator, announced that by the end of 2021, it would no longer compel banks to report their interest rates to the LIBOR administrator. The FCA also explained that although it would no longer require banks to submit their rates to the administrator, it would not prohibit banks from continuing to submit their LIBOR data after 2021. LIBOR’s administrator has stated that it will continue to calculate LIBOR as long as at least five banks continue to submit their information. This means that LIBOR may continue to exist after 2021; however, the rate will no longer be representative of the inter-bank interest rate offered and accepted by major financial institutions. There are also fears that this number would be more volatile. This occurrence has been referred to as the “zombie LIBOR.”
The FCA’s announcements have made the future of LIBOR uncertain but clarified the increasing risk associated with continued reliance on LIBOR. With the uncertain future of LIBOR, financial institutions should prepare for the either the retirement or instability of LIBOR.
Transition from LIBOR to SOFR
Based on the potential problems with LIBOR in 2021, market participants and regulators have worked to identify the best alternative reference rate to replace LIBOR and implement plans to transition to that reference rate. The Federal Reserve convened the Alternative Reference Rates Committee (ARRC) to identify a more robust reference rate and to facilitate the transition way from LIBOR. The ARRC is composed of many private-sector entities that have a presence in markets that are impacted by LIBOR. Further, several federal regulators, including the FDIC, the Federal Reserve, the OCC, and the CFPB, serve as non-voting, ex officio members of the ARRC.
In 2017, the ARRC identified the Secured Overnight Financing Rate (SOFR) as its recommended best alternative to LIBOR. SOFR is based on transactions in the U.S. Treasury repurchase market, measuring the cost of borrowing cash overnight collateralized by U.S. Treasury securities in the market. Because of the size and liquidity of the market underlying SOFR, the ARRC believes that the index is more robust and resilient than LIBOR. To support the transition to SOFR, the ARRC has begun implementing steps to help SOFR gain momentum. As a part of this work, in April 2018, the New York Federal Reserve Board began publishing SOFR in conjunction with the Office of Financial Research.
Following the selection of SOFR as its alternative reference rate, the ARRC also published a Paced Transition Plan that outlines specific steps and timelines to promote the adoption of SOFR. These steps focus on updating existing contracts that cite LIBOR as the reference rate and encouraging the issuance of new products that use SOFR. The ARRC has supported the issuance of SOFR-linked products and securities. Recognizing the importance of updating existing contracts that use LIBOR as a reference rate, the ARRC has developed guiding principles for fallback contract language. Following this, the ARRC released recommended fallback contract language for several products including adjustable-rate mortgages and floating-rate notes.
On November 15, 2019, Fannie Mae and Freddie Mac announced their support of the ARRC’s fallback language and their plan to incorporate the recommended language into its uniform notes and other legal documents for ARMs. They also announced their plan to offer new SOFR-based index and ARM products and have now become regular issuers of SOFR-indexed debt. Similarly, on February 5, 2020, Fannie Mae and Freddie Mac announced that they had incorporated the ARRC’s fallback language into their existing standard ARM notes and riders. Further, they announced that, by the end of 2020, they will no longer acquire loans indexed to LIBOR.
Planning for the End
Given either the upcoming end or instability of LIBOR, financial institutions should prepare for 2022. Institutions should use the next two years to comprehensively assess their risks and develop an action plan to mitigate those risks. It might be best to appoint one person to head the financial institution’s strategy and implementation. First, financial institutions should review their existing agreements that use LIBOR as a reference rate. The existing agreements should be divided into those in which a third party is involved, i.e., trust preferred securities or swap agreements, and those in which the financial institution and the other contracting party are the only parties to the transaction (the In-House Contracts).
Any financial institutions that have issued debt securities (such as subordinated debt or trust preferred securities) at the holding company or bank level should check the documentation governing those issuances. Typically, those contracts provide for the substitution of a comparable rate. Financial institutions should confirm the substitution language and also review the procedures for substituting the rate. If the issuance involves an institutional trustee, such as Wilmington Trust Company for many outstanding trust preferred securities, it may be necessary or advisable to contact the institutional trustee far in advance of the LIBOR end to discuss the process of changing rates.
The In-House Contracts should be further subdivided into those whose term ends prior to the end of 2021 and those whose maturity is after 2021. Next, financial institutions should ensure that existing In-House Contracts are able to substitute a comparable rate. Then, the financial institution should determine whether it will substitute a new rate and a new margin and at what point the change will be made. Consideration should be given to the stability of a new rate and a new margin. The decision on a new rate and a new margin may involve several committees and personnel at the financial institution as different considerations of interest rate risk, stability, competition and other factors will influence the ultimate substitute reference rate the financial institution will utilize. Financial institutions should note that the Prime Rate will continue to be available unaffected by the impending demise of LIBOR.
After a decision has been made on the financial institution’s new reference rate, it may be advisable to educate the financial institution’s LIBOR customers on the new rate, especially if it’s a rate that customers may not be familiar with. Although a customer may not have the right to contest the new reference rate, educating the customer may alleviate the customer’s anxiety about the new reference rate.
Finally, the financial institution should determine how the new reference rate will be implemented. The financial institution should consider whether it will draft amendments to existing loan documents to implement the new reference rate or whether it will simply notify the other party to the contract of the new reference rate. Financial institutions should contact their legal counsel for advice on this issue.
The WBA forms distributed through FIPCO currently contain a provision that if the index rate a lender uses with respect to a particular loan becomes unavailable then the lender may substitute a comparable index rate. To alleviate concerns with the zombie LIBOR, FIPCO has created the LIBOR Addendum. This Addendum allows the lender to replace LIBOR if a “Replacement Event” occurs. The Addendum is drafted to define a Replacement Event to include a situation in which LIBOR would continue to exist in a zombie state. The LIBOR Addendum can be used for new loans that use LIBOR as the index rate. The form could also be used for existing loans, but the borrower is required to sign the LIBOR Addendum.
When making new loans using LIBOR that will mature after 2021, financial institutions should ensure that any new contracts allow for an easy transition to a new reference rate. Consideration should be given to using the LIBOR Addendum to In-House Contracts. Additionally, financial institutions should consider incorporating the fallback language adopted by Fannie Mae and Freddie Mac to any residential real estate mortgages using LIBOR intended to be sold on the secondary market.
Taking the steps outlined above will help financial institutions mitigate their risks in the post-LIBOR market.
WBA wishes to thank Atty. Catherine Wiese, Boardman & Clark, llp for providing this article.
By, Ally Bates
The below article is the Special Focus section of the November 2019 Compliance Journal. The full issue may be viewed by clicking here.
The United States Department of Agriculture (USDA) published an interim final rule on October 31, 2019 specifying regulations to produce hemp. The rule is effective October 31, 2019 through November 1, 2021.
Introduction
The rule establishes a Federal program for producers in States that do not have their own USDA-approved plan. The program includes provisions for maintaining information on the land where hemp is produced, testing of THC levels, disposing of plants not meeting certain requirements, and licensing requirements. USDA has also outlined provisions under which States may submit their own plans for approval.
It is WBA’s understanding that the Wisconsin Department of Agriculture, Trade and Consumer Protection (DATCP) will submit a Hemp Program Plan to USDA. However, DATCP will continue under the 2014 Farm Bill provisions, and existing Wisconsin regulation at time of this article’s publication, in 2020. As of November 1, 2019, DATCP has begun its hemp licensing for the 2020 hemp season. At this time, DATCP is is preparing to write rules to align Wisconsin law with the 2018 Farm Bill, and expects to begin the new program under the 2018 Farm Bill, and USDA’s rule, in 2021.
This article discusses the procedural aspects for submission of a State plan to USDA under its interim final rule. It also discusses the Federal program requirements placed upon hemp producers. While these procedures and the program requirements do not directly apply to banks, they will affect how hemp businesses operate in Wisconsin, and thus, bank customers seeking to engage in hemp-related activity. This article presents selected aspects of the interim final rule for banks to better understand what to expect in the coming years and the requirements that may apply to their customers.
Procedural Aspects
From a procedural standpoint, WBA reminds readers that as of publication of this article, much remains to be decided. November 26, 2019 Governor Tony Evers signed 2019 Senate Bill 188 establishing a new hemp program. It requires DATCP to write and submit a plan to USDA for approval. After USDA receives the plan, it will either approve or disapprove the plan no later than 60 calendar days after receipt.
If DATCP proposes a plan and it is rejected by USDA, the interim final rule provides for amended plan procedures. Under those procedures, hemp production continues under the existing plan. For example, production in Wisconsin would continue under current rules while DATCP and USDA work out amendments to the proposed plan. However, if an amended plan is not submitted within one year from the effective date of the rejected new law or regulation, the existing plan is revoked.
Note that as of publication of this article, the current DATCP program under ATCP 22 and 2017 Wisconsin Act 100 is still in effect. As discussed above, DATCP is currently issuing licenses for the 2020 season. If DATCP writes new rules under the new law, WBA will report on what banks need to know about the process.
USDA Plan Requirements
Because hemp production at the time of this article’s publication continues under existing Wisconsin law, and the future rule governing production is unknown, a full discussion of USDA’s rule and the Wisconsin bill would be premature. As such, this article will not discuss the Wisconsin bill which has yet to be signed by the governor. It will discuss USDA’s rule below, but from a conceptual standpoint rather than a full discussion. Note that the requirements as presented below have been edited to help banks understand their broader implications. As such, most technical requirements have been removed. For a full reading of the rule, please refer to the link at the end of this article.
A State plan must meet information collection requirements, to be reported to The Secretary of Agriculture of the United States regarding:
- Contact information for licensed producers;
- A legal description of the land on which the producer will produce hemp including its geospatial location; and
- The status and number of the producer’s license or authorization.
- A State plan must include a procedure for accurate and effective sampling of all hemp produced, requiring the following:
- Samples must be collected within 15 days prior to the anticipated harvest.
- The method used for sampling must be within a level of 95% accuracy, that no more than 1% of the plants in the lot would exceed the acceptable hemp THC level.
- During a scheduled sample collection, the producer or an authorized representative of the producer shall be present at the growing site.
- Representatives of the sampling agency shall be provided with complete and unrestricted access during business hours to all hemp and other cannabis plants, whether growing or harvested, and all land, buildings, and other structures used for the cultivation, handling, and storage of all hemp and other cannabis plants, and all locations listed in the producer license.
- A producer shall not harvest the cannabis crop prior to samples being taken.
- The State plan must include procedures for testing that can accurately identify delta-9 tetrahydrocannabinol content concentration levels to specified levels and meet a specific methodology.
- Any test resulting in higher than acceptable THC levels is considered conclusive evidence that the lot represented by the sample is not in compliance. Lots tested and not certified may not be further handled, processed or enter the stream of commerce and the producer shall ensure the lot is disposed of.
- Samples of hemp plant material from one lot shall not be commingled with hemp plant material from other lots.
- Analytical testing for purposes of detecting the concentration levels of THC shall meet standards that are not presented in this summary.
- The State shall promptly notify USDA by certified mail or electronically of any occurrence of cannabis plants or plant material that do not meet the definition of hemp in this part and attach the records demonstrating the appropriate disposal of all of those plants and materials in the lot from which the representative samples were taken.
- A State plan must include a procedure to comply with certain enforcement procedures.
- A State plan must include a procedure for conducting annual inspections of, at a minimum, a random sample of producers to verify that hemp is not produced in violation of this part.
- A State plan must include a procedure for submitting a monthly report to USDA. All such information must be submitted to the USDA in a format that is compatible with USDA’s information sharing system.
- The State must certify that it has the resources and personnel to carry out the practices and procedures necessary to comply.
- The State plan must include a procedure to share information with USDA.
- The State plan shall require producers to report their hemp crop acreage to the Farm Service Agency.
- The State government shall assign each producer with a license or authorization identifier in a format prescribed by USDA.
- The State government shall require producers to report the total acreage of hemp planted, harvested, and, if applicable, disposed. The State government shall collect this information and report it to USDA.
Final Takeaways
As expected, the rule requires testing, reporting, and monitoring to accurately identify whether hemp samples contain a delta-9 tetrahydrocannabinol (THC) content concentration level that does not exceed the acceptable level. To that extent, hemp is defined as the plant species Cannabis sativa L. and any part of that plant, including the seeds thereof and all derivatives, extracts, cannabinoids, isomers, acids, salts, and salts of isomers, whether growing or not, with a THC concentration of not more than 0.3 percent on a dry weight basis.
Another aspect to note is the rule’s use of the word “producer.” A producer is someone who is licensed or authorized to produce hemp, meaning to grow hemp plants for market, or for cultivation for market, in the United States. The rule does not distinguish between grower, producer, retailer, or any other type of hemp-related business. As such, it will remain important to see what DATCP proposes for categories of regulation in its rule.
Conclusion
While hemp businesses in Wisconsin still operate under DATCP’s current rule at time of this article’s publication, it is important to understand the track Wisconsin is currently on, and what possibilities the future holds, in order to prepare accordingly. WBA will continue to monitor and report on future hemp regulation as it continues to develop.
Click here to view USDA’s interim final rule.
By, Ally Bates