Elder financial exploitation has been called “the crime of the 21st Century.” ((See Consumer Fin. Prot. Bureau, Recommendations and Report for Financial Institutions on Preventing and Responding to Elder Financial Exploitation 2 (2016).)) The Consumer Financial Protection Bureau (CFPB) defines elder financial exploitation as the “illegal or improper use of an older person’s funds, property or assets.” ((Id. at 8.)) It is a serious issue with severe consequences for older Americans, as valuations of annual losses range from $2.9 billion to $36.48 billion depending on the estimate of unreported cases. ((Id.)) Estimates on the number of victims range from one hundred thousand to one million per year. ((See Financial Abuse Costs Elders More than $2.6 Billion Annually, according to MetLife Mature Market Institute Study, Though Four in Five Cases are Not Reported, MetLife (Mar. 17, 2009), https://www.metlife.com/about-us/newsroom/2009/march/financial-abuse-costs-elders-more-than–2-6-billion-annually–ac/.)) Financial exploitation takes many forms, including:
- Fraud (coupon, telemarketing, mail)
- Repair and contracting scams
- False/fraudulent advice from loan officers, stock brokers, insurance salespersons, accountants, and bank officials
- Abuse of powers of attorney and guardianship
- Identify theft
- Internet “phishing”
- Medicare and Medicaid fraud ((Id.))
Older people are especially attractive targets due to a combination of their accumulated assets and their vulnerability to cognitive decline, isolation, physical disability, and other issues common to older people. ((See CFPB, supra note 1, at 9.)) Elder financial exploitation is a devastating problem with severe consequences felt by a vulnerable community and their family members. Banks and credit unions are the first line of defense to stop elder financial exploitation.
To address the problem, the CFPB issued advisory guidelines for banks and credit unions. The advisory provides several options, including training management and staff, utilizing monitoring technology, filing suspicious activity reports, and offering age-friendly services such as enabling older account holders to consent to information sharing with trusted third parties. ((Id. at 4.)) This post will focus on the legality of sharing information with trusted third parties and review the policies and procedures implemented by financial institutions to prevent elder financial exploitation.
One potential solution is for banks to share account information with trusted third parties when the bank suspects exploitation. This option will be discussed later, but we must first examine the conditions under which banks are legally permitted to disclose such information. Banks must carefully navigate the legal landscape to ensure compliance with financial privacy rules and regulations. Privacy of financial information and bank disclosure of account information is regulated by the Gramm Leach Bliley Act (GLBA) and Regulation P: Privacy of Consumer Financial Information (Regulation P). Under the GLBA and Regulation P, a bank is authorized to share nonpublic personal information with a third party “with the consent or at the direction of the consumer.” ((Gramm-Leach-Bliley Act, 15 U.S.C. § 6802(e)(2) (2018).)) Regulation P, created under the GLBA, uses the same language as the GLBA, but adds that a consumer may revoke the consent or direction. ((See 12 C.F.R. § 1016.15(a)(1).)) Thus, based on the text of the GLBA and Regulation P, a bank is permitted to disclose nonpublic personal information to a designated trusted contact if the consumer consents to such disclosure. With the legal authorization, the CFPB expressly encourages financial institutions to establish procedures enabling older consumers to consent to sharing account information with a trusted third-party contact.
The CFPB Report recommends that banks offer account holders the opportunity to consent to disclosure of account information to trusted third parties when the financial institution suspects financial exploitation. ((See CFPB, supra note 1, at 44.)) To ensure compliance with the GLBA and Regulation P, banks should establish a procedure offering consumers the opportunity to consent to share account information with designated third parties under circumstances in which the institution suspects financial exploitation. ((Id. at 45.)) One of those procedures, recommended by the CFPB, is that financial institutions should develop a consent form in plain language to enhance consumer understanding of the issue. The consent form should be thoroughly explained at the account opening stage, or periodically after account opening, to ensure consumer understanding. ((Id.)) Adopting a clear consent form alongside a clear explanation by a bank representative will assure compliance with the GLBA and Regulation P, and it will enhance understanding by older consumers.
The bank’s job is not over at that point. With an executed designated third-party consent form, a bank representative can notify the trusted third party when the financial institution reasonably suspects financial exploitation has occurred or been attempted. ((Id. at 44.)) This places a duty on bank representatives to be diligent in understanding how to detect the signs of elder financial exploitation. Large withdrawals for suspect reasons, late-night ATM withdrawals, questionable behavior of power of attorney holders, new caregiver or friends of older persons, and other signs should alert bank representatives to take appropriate action and alert the trusted third-party contact. ((See, 5 Signs of Elder Financial Abuse, Caregiver Stress (Apr. 5, 2017), https://www.caregiverstress.com/geriatric-professional-resources/professional-development/5-signs-of-elder-financial-abuse/.)) Banks are legally permitted to share account information with a third-party trusted contact in compliance with the GLBA and Regulation P. ((See 15 U.S.C. § 6802(e)(2) (2018).)) In fact, the CFPB explicitly recommends that financial institutions should offer a trusted contact option and offers specific guidelines to prevent financial elder exploitation. ((See CFPB, supra note 1, at 44-46.))
Despite the recommendations advanced by the CFPB on adding a trusted third-party contact, only one bank has implemented that policy. TD Bank was named the “best bank for seniors” for allowing customers to say in advance that the bank may share information with a trusted contact when it suspects exploitation. ((See Megan Leonhardt, This is the Best Bank for Seniors Now, Time (Jan. 29, 2018), http://time.com/money/5104020/best-bank-seniors-2018/.)) TD Bank also waives monthly fees and provides excellent customer-service to older customers. ((Id.)) It is alarming, however, that TD Bank is the only known bank that allows sharing information with a trusted contact. TD Bank is primarily based on the East Coast, meaning that many older consumers are unable to bank with them. ((Id.)) So why are banks hesitant to offer a trusted contact option despite the explicit recommendation by the CFPB?
One explanation may be that the trusted contacts, who are usually family members or close friends, are the problem. Banks may hesitate to allow a trusted contact designation because that person may be the usual suspect they worry about. Family members and caregivers tend to financially exploit their elderly relatives or friends more often than strangers. ((See MetLife, supra note 4.)) Family members are typically dependent upon the elders and feel a sense of entitlement for the money of their parents. ((Id.)) However, this is not always the case and trusted contacts can still play an important role in preventing exploitation. Banks should allow the older account holder to designate multiple trusted contacts if they prefer in order to avoid abuse from one third party contact. In addition, banks should not allow the client to select their power of attorney as the trusted contact.
Offering a trusted contact option could impose additional costs in the form of liability while providing minimal monetary benefit because of marketing limitations. It is unclear how banks will make money by offering a trusted contact option. Current account holders who choose to add the trusted contact option may be appreciative and more likely to maintain their relationship with the bank due to the positive customer service experience. However, it appears unlikely that banks will attract new customers simply by offering a trusted contact option. In the absence of a monetary incentive and requirement by a federal regulatory scheme, banks are left to act virtuously only if they choose.
Banks and credit unions may be reluctant to offer a trusted contact option because of liability concerns. Financial institutions are already under obligations to report fraud and unauthorized transactions under the GLBA and Regulation P, so they may be cautious about accepting additional liability. Consider the following scenario:
Albert, an older person, opens a checking account with Big Bank, Inc., and designates his daughter, Brenda, as his trusted contact. One night, Albert makes a late-night ATM withdrawal at a local branch. One of the bank’s representatives notices the unusual transaction but decides not to contact Brenda. As it turns out, the late-night ATM withdrawal was perpetuated through a financial exploitation scheme that could have been stopped if the bank representative had notified Brenda. Albert and Brenda decide to sue Big Bank, Inc. for failing to notify Brenda with a trusted contact agreement in place.
This is a tough position for the bank in this scenario. Financial institutions must navigate this issue carefully to avoid liability concerns, such as adding liability disclaimers (discussed below).
In February 2017, the Securities Exchange Commission (SEC) approved the adoption of new FINRA Rule 2165: Financial Exploitation of Specified Adults and passed amendments to FINRA Rule 4512: Customer Account Information. ((See Oversight, FINRA, http://www.finra.org/industry/oversight (last visited Oct. 12, 2018).)) Among other requirements, the rules require financial service members to make reasonable efforts to obtain the name and contact information for a trusted contact person. According to its website, FINRA “provides the first line of oversight for broker-dealers and the first line of defense for investors.” ((Id.)) Similar to the banking industry, the securities and trading industry has rampant financial elder exploitation. The SEC passed new rules to counteract exploitation. Unlike the banking industry, however, the SEC rules have more influence over broker-dealers and most firms have adopted trusted contact policies and drafted trusted contact forms. Banks and credit unions can use similar language in trusted contact forms to avoid potential liability. Below is part of the trusted contact form from T. Rowe Price:
A Trusted Contact person(s) must be 18 years of age. T. Rowe Price suggests that the Trusted Contact be someone not already authorized to transact business on the account. In addition, T. Rowe Price suggests that I advise the Trusted Contact person(s) that I provided the below information to T. Rowe Price and asks that I keep Trusted Contact person(s) updated. I understand that there is no requirement that T. Rowe Price contact my Trusted Contact person(s) and that I may withdraw a Trusted Contact at any time online through Account Access, by telephone or in writing. By signing below, I hold T. Rowe Price harmless if T. Rowe Price either acts, or fails to act, based upon T. Rowe Price’s best judgment. ((Trusted Contact Form, T. Rowe Price (Aug. 2018), https://individual.troweprice.com/Retail/Shared/PDFs/trustedcontact.pdf.))
The agreement language addresses a few issues that apply equally in the banking industry. First, T. Rowe price suggests that the trusted contact be someone not authorized to transact business on the account, such as the power of attorney. This is important because of the prevalence of financial exploitation from family members and friends discussed above. Second, T. Rowe Price disclaims any liability. The form establishes that T. Rowe Price is not legally required to contact the trusted contact person. Rather, broker-dealers must act based upon their “best judgment” and will not be held liable. Banks and credit unions can and should adopt similar language in their trusted contact forms.
Elder financial exploitation is a serious problem with devastating results for many older consumers. The CFPB has made several recommendations to prevent, or at least reduce the instances of, elder exploitation. One of those recommendations is for banks to offer a trusted contact option for older consumers, similar to the recent SEC FINRA rules on financial exploitation. Despite the legal permission and encouragement by the CFPB, banks have been reluctant to offer a trusted contact option. Financial institutions may hesitate to allow a trusted contact designation because that person may be the usual suspect of financial exploitation, as most known cases are perpetuated by family members or friends. Another explanation is the additional liability assumed by banks. With limited financial upside, banks do not have a strong incentive to take on additional liability for cases in which a bank representative fails to notify the trusted contact despite the existence of a trusted contact agreement. As the FINRA example of T. Rowe Price shows, however, these liability concerns can be assuaged with clear contractual language. Elder financial exploitation, or “the crime of the 21st Century,” cannot be ignored by financial institutions. ((See CFPB, supra note 1, at 2.)) The potential obstacles of liability and concerns about empowering offenders are not insurmountable, and banks should offer carefully considered trusted contact options to reduce elder financial exploitation.