Compliance risk management: what financial institutions need to know about reporting elder financial exploitation

Elder financial exploitation1 is becoming an increasingly important risk management area for financial institutions. This risk is exacerbated by the fact that many institutions have inadequate compliance programs dedicated to detecting and reporting elder financial abuse. Existing compliance efforts are also complicated by the various state and federal laws applicable to financial institutions, their officers, and employees. In addition to navigating the legal landscape applicable to the reporting of financial abuse, the potential reputational risk facing financial institutions—and the cost of noncompliance—is high. With the Consumer Financial Protection Bureau’s (“CFPB”) increased focus on the role financial institutions can play in detecting and preventing abuse, elder financial exploitation is poised to become a major consumer law issue. This article provides an overview of some of the state and federal legal issues applicable to financial institutions and their employees.2 It is intended to serve as a guide for institutions to review their existing compliance efforts in this important and rapidly expanding area of state and federal oversight.

I.  State Law Reporting Requirements

All fifty states have laws regarding the reporting of elder abuse, including financial abuse.3 There are significant differences among state laws, including a roughly uniform split between mandatory versus permissive reporting regimes. State laws also differ regarding: (i) the definition of elder financial exploitation, abuse, neglect, and/or other defined terms; (ii) the group of protected individuals; (iii) which persons and/or entities are required or explicitly permitted to report; and (iv) the state of mind trigger regarding when a report is required or permitted. The laws also vary on the required elements of a report, the timing for filing a report, and immunity from civil or criminal liability for making a report.

For financial institutions operating within a single state, understanding the reporting regime of that state is  crucial. There is significant gray area, however, for national banks and other financial institutions operating across state lines or on a nationwide basis. Some states may require a financial institution to report the potential abuse of a person residing in the state, regardless of the location of the financial institution’s headquarters.4 Even where these state laws may be preempted for federally- chartered institutions, such institutions still need to be aware of the significant potential for reputational risk in the event an incident of elder abuse goes unreported and/or unresolved. Other states permit financial institutions and/or employees to report abuse and provide a liability shield for

doing so.5 In addition to understanding financial institution reporting requirements, it is critical that financial institution employees be aware of the scope of reporting requirements falling inside and outside the scope of their employment.

When is a financial institution required to report elder financial exploitation?

Approximately half of states in the U.S. require financial institutions and/or their employees to report cases of elder financial abuse. California, for example, has one of the most comprehensive state statutes regarding the reporting of elder financial abuse. California specifies that all officers and employees of financial institutions6 are “mandated reporters” who are required to report financial abuse.7  In particular, the California law specifies:

Any mandated reporter of suspected financial abuse of an elder or dependent adult8 who has direct contact with the elder or dependent adult or who reviews or approves the elder or dependent adult’s financial documents, records, or transactions, in connection with providing financial services with respect to an elder or dependent adult, and who, within the scope of his or her employment or professional practice, has observed or has knowledge of an incident, that is directly related to the transaction or matter that is within that scope of employment or professional practice, that reasonably appears to be financial abuse, or who reasonably suspects that abuse, based solely on the information before him or her at the time of reviewing or approving the document, record, or transaction in the case of mandated reporters who do not have direct contact with the elder or dependent adult, shall report the known or suspected instance of financial abuse….9

This broad requirement is further expanded by the state law definition of “suspected financial abuse of an elder or dependent adult,” which occurs when a mandated reporter “observes or has knowledge of behavior or unusual circumstances or transactions, or a pattern of behavior or unusual circumstances or transactions, that would lead an individual with like training or experience, based on the same facts, to form a reasonable belief that an elder or dependent adult is the victim of financial abuse.”10 Under California law, the obligation to report elder financial abuse not only extends to a bank teller who directly interacts with an elder, but also to a loan officer who approves a loan application, and potentially other employees who review a pattern of transactions that would indicate to a reasonable person the possibility of elder financial abuse.

California law provides a concrete example of the challenges financial institutions face in identifying the scope of state law reporting requirements. Given that many other states have imposed similar reporting requirements, but with widely varying details and emphases, it is evident that structuring an effective compliance program may be particularly challenging.

When is a financial institution permitted to report elder financial exploitation?

Generally, every state permits a person who has knowledge or suspicion of elder abuse to report it to the proper and/or designated authorities. While some states (e.g., Washington, discussed below) explicitly enumerate financial institutions and/or their employees as permitted reporters, other states have broad statutes permitting “any person” to make a report.11

2

An example of a permissive reporting regime is the Washington state statute, which provides that “permissive reporters,” defined to include any employee of a financial institution,12 may make a report where there is “reasonable cause to believe that a vulnerable adult13 is being or has been abandoned, abused, financially exploited, or neglected.”14 Any person making such a report is immune from liability resulting from the report.15

Forty-nine states16 provide immunity from civil and criminal liability for good faith reporting. This immunity may be crucial in helping financial institutions decide when to make a permissive report. While all states permit reporting and offer a liability shield for doing so, a secondary question is when should financial institutions report elder financial exploitation? Where the law does not specify, it is up to the institution to decide; however, notwithstanding any moral implications, it is crucial to understand the circumstances where a report should be made, the implications under federal privacy laws, and the reputational risk an institution may face for not making a report.

II.         Other Legal Considerations for Financial Institutions

Gramm-Leach-Bliley Act (“GLBA”) Privacy Concerns17

In September 2013, eight federal agencies (the “Agencies”)18 jointly issued Interagency Guidance on Privacy Laws and Reporting Financial Abuse of Older Adults (the “Interagency Guidance”), recognizing that “[f]inancial institutions can play a key role in preventing and detecting elder financial exploitation.”19 The Interagency Guidance clarified a previously gray area for many financial institutions, explaining that “reporting suspected financial abuse of older adults to appropriate local, state, or federal agencies does not, in general, violate the privacy provisions of the GLBA or its implementing regulations.”20

Furthermore, the Interagency Guidance enumerates the exceptions to the GLBA notice and opt-out requirements that may apply in cases of elder financial exploitation. Specifically, financial institutions may share nonpublic personal information for the following purposes:

• To comply with federal, state, or local laws, rules, and other applicable legal requirements;

• To respond to properly authorized civil, criminal, or regulator investigation, or subpoena or summons;

• To protect against or prevent actual or potential fraud, unauthorized transactions, claims, or other liability;

• For disclosure to law enforcement agencies (to the extent specifically permitted or required under other provisions of law and in accordance with RFPA);

• For   disclosure   with   the   consumer’s   consent   or   consent   of   the   consumer’s   legal representative.21

Additionally, signs of elder financial abuse may trigger the filing of a Suspicious Activity Report.22

Community Reinvestment Act (“CRA”)

In 2001, a letter jointly issued by the Federal Deposit Insurance Corporation, the Office of Thrift Supervision, and the California Department of Financial Institutions addressed the role financial institutions play in supporting financial literacy programs and the opportunity for financial institutions to gain CRA credit for supporting programs related to elder financial abuse.23   The purpose of the

3

program discussed in the letter was to: (i) develop a videotape-based training program to help educate financial institution personnel about detecting and reporting financial abuse of the elderly; and (ii) undertake a consumer awareness outreach campaign to educate senior citizens about protecting themselves against financial abuse.24

The interagency letter clarified that “financial institution investments in, as well as grants and in-kind donations to, organizations… that provide financial literacy and consumer educational programs to low- and moderate- income individuals, would be considered ‘qualified investments’ for purposes of the Investment Test of the Community Reinvestment Act regulations.”25 Though not specifically addressed in the letter, there is also the possibility that financial institutions could gain CRA credit for support of financial literacy programs related to elder financial abuse under the CRA Service Test, as well as the Community Development Test applicable to limited-purpose banks.

III.      Regulatory and Industry Updates

CFPB Activities

Elder financial exploitation is poised to become a hot topic in consumer protection, as evidenced by the CFPB’s increased activity and focus in the area. The CFPB has created an Office of Older Americans, which has undertaken various initiatives geared toward education and prevention of elder financial abuse. To date, its initiatives include:

• Developing guides for family members and others with legal authority to handle money for older relatives or friends, but who may not have formal training. The guides will help people understand proper record keeping, good frameworks for investing, and other basics of managing a vulnerable adult’s money. They also will help people recognize and respond to financial exploitation.

• Producing a guide for people who operate group living centers dedicated to serving older adults, such as nursing homes or assisted living facilities. The CFPB is also establishing partnerships with organizations to help distribute this information.

• Partnering with the FDIC to create Money Smart for Older Adults, a community education and training program for older adults and for caregivers.

• Coordinating with stakeholders in several states to create and sustain multi-disciplinary older American protection networks.

• Developing strategies to communicate that the Gramm-Leach-Bliley Act generally does not prohibit companies from reporting suspected elder financial exploitation.26

IV.        Action Items for Financial Institutions

Given the broad and divergent state law requirements applicable to financial institutions and their employees, the increasingly active regulatory landscape regarding elder financial exploitation, and a rapidly expanding senior citizen population, financial institutions should review their existing compliance programs and consider the following steps:

• Review state elder financial abuse reporting and related laws that may be applicable to their operations (note this may include states where the financial institution is headquartered or doing business).

4

• Review, revise, and develop robust compliance procedures for employee and/or financial institution reporting in both mandatory and permissive reporting jurisdictions, considering both the legal and reputational risk the institution may face for inadequate reporting.

• Implement employee training programs and/or update existing employee training programs to include a module on identifying and reporting elder financial abuse.

• Review existing customer demographics to identify areas of higher  risk  (e.g.,  trust operations) and consider whether special procedures should be developed and tailored to address such areas of increased risk.

• Consider developing specialized programs and procedures to assist customers at potential risk for elder financial abuse.

• Understand examiners’  expectations  regarding  compliance  programs,  policies,  and procedures addressing elder financial abuse, and consider designating an officer with responsibility for monitoring the firm’s activities in this area.

• Consider the opportunity to gain CRA credit for developing or providing support to financial literacy programs geared toward detecting and preventing elder financial abuse.

• Stay up to date on state and federal legal and regulatory developments, and review CFPB activities regarding elder abuse as well as additional guidance issued by the Agencies and key states.