In addition to the governing rules under ERISA and the Internal Revenue Code, participant loans provided by retirement plans have long been subject to certain consumer credit rules primarily intended for very different credit arrangements. Just as plans are being relieved of compliance with one such set of rules, however, a new set of requirements may possibly become applicable.  

Regulation Z

The Truth in Lending Act of 1968 (TILA), commonly known as Regulation Z, generally requires a person that regularly extends consumer credit to disclose key terms and costs of those loans to borrowers. Regulation Z applies to open-end (revolving) as well as closed-end credit arrangements. It defines “creditor” broadly to include any person who “regularly” extends “credit” to “consumers” more than 25 times (or more than 5 times, for transactions secured by the consumer’s principal dwelling) in the preceding calendar year; if the numerical standards were not met in the prior year, they are applied to the current calendar year.  

On inspection, retirement plans generally have concluded that, notwithstanding the material differences between (i) loans to their plan participants secured by the participant’s account balance and (ii) commercial credit arrangements, they are subject to Regulation Z if they make more than 25 new participant loans, together with any refinancing of old loans, during either the current or preceding calendar year. Consequently, plan administrators have routinely observed Regulation Z with regard to the determination of the finance charges and annual percentage rate (APR) applicable to plan loans, and in the disclosures and periodic statements provided to the plan participants receiving plan loans.  

On December 18, 2008, the Board of Governors of the Federal Reserve System (the “Fed”), which administers TILA, amended Regulation Z primarily in respect of revolving credit arrangements. Those amendments (published in the January 29, 2009, Federal Register) include new § 226.3(g), which exempts from TILA and Regulation Z an extension of credit in accordance with applicable tax requirements to a participant secured by fully vested funds in the participant’s account under:  

  • An “employer-sponsored retirement plan” qualified under Internal Revenue Code § 401(a);  
  • A § 403(b) annuity; or  
  • A § 457(b) eligible governmental deferred compensation plan.  

The exemption is not limited to plans subject to ERISA. In adopting the exemption, the Fed acknowledged in its preamble (see pages 5262–5263) that plan loans—under which principal and interest repayments are credited back to the participant’s account, and there is no third-party creditor imposing finance charges on consumers—are both very different from commercial revolving credit and are independently subject to ERISA disclosure requirements regarding administrative costs (to the extent applicable).

The exemption, which does not take effect until July 1, 2010, will provide very helpful relief from the burdens and costs of a complex regulatory scheme substantially inapposite to the circumstances of retirement plans.

Red Flag Rules

Just as the Fed is belatedly coming to the sensible conclusion under TILA, the Federal Trade Commission (FTC) may be repeating history under the Fair and Accurate Credit Transactions Act of 2003 (FACTA).  

FACTA requires financial institutions and certain other creditors to develop and implement written “identity theft prevention programs.” The programs must provide for the identification, detection and response to patterns, practices or specific activities—known as “red flags”—that could indicate identity theft. Administration of FACTA is divided among several banking and other regulators, including the FTC.  

In particular, the FTC’s portion of the “Red Flag Rules” applies to certain non-bank entities that are “creditors” offering “consumer accounts” or accounts that “a creditor offers or maintains, primarily for personal, family, or household purposes.”  

  • The FTC Red Flag Rules define a “creditor,” by incorporation from the Equal Credit Opportunity Act (ECOA), to include “any person or entity who regularly extends, renews or continues credit.” There is no independent definition of “regularly” extending credit in either the Red Flag Rules or the ECOA regulations (the Fed’s Regulation B).  
  • In turn, “credit” is defined as “the right granted by a creditor to a debtor to defer payment of debt or to incur debts and defer its payment or to purchase property or services and defer payment therefor.”  
  • “Account” is defined as “a continuing relationship established by a person with a financial institution or creditor to obtain a product or service for personal, family, household or business purposes.” An “account” also includes “an extension of credit, such as the purchase of property or services involving a deferred payment.” Examples of these consumer accounts include those designed to permit multiple payments or transactions, such as credit cards, mortgage loans, automobile loans, margin accounts, cell phone accounts, utility accounts, checking accounts, and savings accounts. The regulation also reaches any “other account that … a creditor offers or maintains for which there is a reasonably foreseeable risk to customers or to the safety and soundness of the … creditor from identity theft, including financial, operational, compliance, reputation, or litigation risks.”  

Click here for our legal alert describing the written identify theft program required of non-bank creditors subject to the FTC’s Red Flag Rules.

The final rules became effective on January 1, 2008, with an original compliance date of November 1, 2008. On October 22, 2008, however, the FTC delayed enforcement of the rule for six months, until May 1, 2009. The FTC stated that the delay would allow the non-bank entities subject to the rule to take appropriate care and consideration in developing and implementing their programs. The FTC noted that some industries and entities within its jurisdiction expressed confusion and uncertainty about their coverage under the rule. These entities indicated that they were not aware that they were undertaking activities that would cause them to fall within FACTA’s definitions of “creditor.” Many entities also noted that because they generally are not required to comply with FTC rules in other contexts, they had not followed or even been aware of the rulemaking, and therefore learned of the requirements of the rule too late to be able to come into compliance by November 1, 2008.

To date, the FTC has not further elaborated the pertinent definitions in its Red Flag Rules, and there is no specific guidance on their potential applicability to retirement plans. As a policy matter, it seems highly doubtful that participant loans—which arise fundamentally in an employment/plan fiduciary relationship rather than a credit relationship—should subject retirement plans to FACTA, or that the burdens and costs of FACTA compliance are justified in these circumstances.

Nevertheless, the FACTA definitions of creditor and consumer accounts are framed in terms similar to the corresponding TILA definitions. Accordingly, to the extent the prevailing understanding under TILA prior to the newly adopted exemption—that participant loans could be within the scope of Regulation Z, depending primarily on whether the plan was “regularly” making or refinancing such loans—carries over to FACTA, retirement plans again may find themselves subject to an unfamiliar set of rules intended for very different circumstances but extended (by omission rather than commission) to plan loans, this time requiring the adoption of written policies and procedures by May 1.