Meetings
Transcript: Select text below to play or share a clip
[Michael Marcotte (Chair)]: Good morning, everyone. This is the Vermont House Committee on Commerce and Economic Development. It is Friday, 02/13/2026, 10:30 in the morning. We're just returning from the floor, and we have our legislative counsel with us, Maria Royal. She is going to walk us through language on vicious transaction activity bill that we were talking about. She drafted. This is the first time we had a chance to take a look at the language without working with bank people on this. Maria, take it away.
[Maria Royal, Legislative Counsel]: Okay, great. Yes, Maria Royal with Legislative Counsel. And let me just share my screen. The document is posted. As you can see, it's just a standalone document. It's being considered as a possible amendment to H. Three eighty five at the moment. And I'll just say that the original language came from the Vermont Bankers Association, its model that they had worked on. So we took that and revised it a little bit more, and we will walk through that now. So first is the findings and intent section. So this creates a new subchapter in title eight. Chapter 200 is a chapter in title eight that has all of the kind of consumer protections, privacy that pertains to banking, financial institutions. So this is just another category of consumer protections in that chapter. So in terms of the findings, a covered entity, and that's defined, essentially banks and credit unions. A covered entity has a duty imposed by law and contract to conduct customer directed transactions in a timely manner and in accordance with the customer's instructions. Two, customers are increasingly being induced to authorize transactions that are not in their best interests. And then the intent section, the intent of the general assembly to ensure customers have ready access to their funds and to provide a covered entity with the tools and protections to intervene in a customer directed transaction when the covered entity reasonably believes the transaction presents potential significant risk of harm to the customer. And then a clarification, it is not the intent of the general assembly to impose a duty on the covered entity to contravene the valid instructions of a customer, and nothing in this chapter creates such a duty. So trying to balance those competing interests. So as I mentioned, there are two definitions. So the first one is of account, and it basically lists all the different types of accounts. Customer might, have assets. And then, two associated third party will go through the this. But just so you know, it comes up in the context of if a bank feels it might be important to contact an associated third party who might have a relationship with the customer. If it seems appropriate, then the bank could potentially do that. But we'll we'll look at the standards there. But just so you know who could be an associated third party for that purpose, a parent, spouse, adult child, sibling, or other family member of a customer whom a covered entity reasonably believes is closely associated with the customer an individual the customer has authorized to be contacted by the last covered entity, a co owner, additional authorized signatory or beneficiary on a customer's account, or an agent for the customer under a power of attorney or D, a licensed attorney, trustee, conservator, guardian, or other fiduciary selected by a court or governmental agency to manage some or all of the financial affairs of the customer. So then, the definition, as I mentioned, of covered entity, bank, trust company, or savings institution, and then that's just a cross reference to the general definition of financial institution. So it covers all financial institutions in Vermont, all traditional banks, essentially, or a credit union. And then it further goes on to specify that the term also includes the subsidiaries and affiliates that provide financial services for such entity, as well as the directors, officers, employees, or agents of such entity?
[Michael Marcotte (Chair)]: This wouldn't cover money transmitter, Julie.
[Maria Royal, Legislative Counsel]: It's just the traditional banks, credit unions. Definition of customer for purposes of the subchapter means any person who establishes, maintains, or is a beneficiary of an account with a covered entity, including any person who owns, controls, or has a present or contingent legal or beneficial interest in funds held in the account, whether acting directly or through an agency fiduciary or representative. And then a definition of financial exploitation means a, the wrongful or unauthorized taking, withholding, appropriation, transfer, expenditure, or use of a customer's money, assets, or property, or any act or omission by a person, including by a fiduciary or other representative of the customer, whether acting under a power of attorney, guardianship, conservatorship, trust, or similar authority that (Roman numeral one, Romans fifteen) obtains or attempts to obtain control over the customer's money, assets or property through deception, intimidation, coercion or undue influence for the purpose or effect of depriving customer of the ownership, use, benefit, or possession of the customer's money, assets, or property, or converts or misuses the customer's money, assets, or property so as to deprive the customer of the ownership, use, benefit, or possession of the customer's money, assets, or property. So then we get to section ten eight zero three on page four, and this is the real substance of the bill authorizing the covered entities to take protective action. So subsection A, if a covered entity reasonably believes that a customer is or has been the victim of financial exploitation or attempted financial exploitation, and such belief is based on information either individually observed or received from a state, local, or law enforcement agency, the covered entity may take one or more of the following measures to protect a customer's account.
[Michael Marcotte (Chair)]: Yeah. Yep. I know that's this is really narrow, but just wondering if it would make sense that we also include any of the people that are the associated third party. Because right now it's really narrow on the bank. But what if a child sibling or someone else calls the bank and said, this is what's going on. Would would that be
[Maria Royal, Legislative Counsel]: I think that might be captured here. It might so if a bank has a belief based on information either individually observed or received from an entity or yeah. I mean, you could say or a third party or, you know, you could expand that.
[Michael Marcotte (Chair)]: So if they receive information because I I don't want
[Maria Royal, Legislative Counsel]: anyone to be able
[Michael Marcotte (Chair)]: to anyone is anyone calling and saying, trying to put a hold on somebody,
[Unidentified Committee Member (possibly from Rutland)]: Michael? That's actually a that's a really good point because it based on that reading, can open that up.
[Maria Royal, Legislative Counsel]: So in terms of the actions, one, delay or refuse one or more transactions with or involving the customer. Two, delay or refuse to permit the withdrawal or disbursement of funds contained in the customer's account. Prevent a change in ownership of the customer's account. Four, prevent a transfer of funds from the customer's account to an account owned wholly or partially by another person. Five, refuse to comply with instructions given to the covered entity by an agent or person acting for or with an agent under a power of attorney signed or purported to have been signed by the customer. Or six, prevent or change the designation of the beneficiaries to receive any property benefit or contract rights for the customer. So those are all the possible actions that a covered entity could take. And then subsection further specifies that a covered entity is not required to take protective action under this section with regard to a customer's account, but may use its sole discretion to determine whether taking such action is warranted based on the information available to it at the time. And then subsection C, the authority to delay a transaction under this section expires at the earlier of fifteen business days after the date on which the covered entity initiated the delay when the covered entity is satisfied within its sole discretion that the transaction will not likely result in financial exploitation or upon a court order directing the release of funds. So the earlier of any of those three events. And then subdivision two is, allows for a continuation of, time if needed. So unless otherwise directed by a court order, the covered entity may extend the duration of the delay for up to an additional fifteen days based on a reasonable belief that the financial exploitation or attempted financial exploitation of the customer may continue. And then subsection d is these are essentially protections for a covered entity to ensure that they are not breaching or violating their requirements for processing checks, depositing funds under the universal under the UCC uniform code commercial code. Sorry. This has been a while. The UCC and other federal law, but we'll we'll get to those in a moment. So, again, just kind of specifying the authority of the bank consistent with other state and federal law requirements. So any refusal, delay, or other protective action taken by a covered entity in good faith under this section to prevent the financial exploitation of a customer shall not constitute wrongful dishonor under section and that's a site a particular section under the UCC. And I think that section has to do with just so you know. Bank liability for wrongful dishonor, so not depositing funds or releasing funds in a timely manner. Sorry, Herb, what did you say? Did you say that? Or was there something else? Did you just look that up?
[Herb Olson (Member)]: I'm just trying No, I'm not looking it up. I'm just trying to remember the chapter in the UCC, negotiable insurance, maybe.
[Maria Royal, Legislative Counsel]: Maybe. And you know what? It's so and so I'm very infrequently in the UCC, but there are numerous provisions that pertain to banking transactions, the processing and so forth. And as you know, the UCC is adopted in most states, so obviously, banks do business across state lines, so there's some uniformity on how they interact with each other and with customers. And same thing with respect to the in subdivision two, constitute reasonable grounds under the federal check clearing for the twenty first Century Act, the Expedited Funds Availability Act, and related regulations without imposing a duty to review every deposit or check individually. So in other words, if the bank does impose a delay and look more thoroughly, it doesn't mean that it has to do that in every single instance. So just, again, trying to be very specific about the parameters of the bank's obligations. And then three, not constitute a violation of, again, a site to the UCC regarding fund transfers between banks or related fund transfer laws, and any delayed payment order is deemed received only when the hold is removed and the covered entity submits the order for processing.
[Unidentified Committee Member (possibly from Rutland)]: So the way that I see this process, somebody walks into the bank, they want to withdraw like a thousand dollars so that they can transfer it over to the coin.
[Michael Marcotte (Chair)]: That's The
[Unidentified Committee Member (possibly from Rutland)]: kiosk, but the bank realizes, hey, this is kind of sketchy. They can hold that transaction for fifteen days. And at that point, there's nothing that they're doing on their end because they, are they able to file a police report or because I mean holding it for fifteen days is really great, but there's no hinge and I like the fact that we're indemnifying the bank, right? No matter what happens Yes.
[Maria Royal, Legislative Counsel]: They're following these procedures and acting in good faith. So in terms of what they might do, they might if they can find an associate third party, somebody that they can check-in with, That would unless they can talk to the customer directly. Otherwise, they might reach out to somebody who could verify or better understand. Regarding third party.
[Unidentified Committee Member (possibly from Rutland)]: If they were to reach out to a third party, would they be crossing any privacy lines? And should we allow an exception because that would be, sorry, I'm losing my voice. I'm just wondering if that could put that in danger, because it
[Michael Marcotte (Chair)]: think that's private information.
[Maria Royal, Legislative Counsel]: Absolutely. No, I think that's a great point and really important to think through. And so let's read through the next section. And there are some parameters around that. But you're right. It's a tricky situation because you don't want to divulge private information. So with respect to notifications to associated third parties, a covered entity may notify an associated third party, if any, if it reasonably believes that the financial exploitation or attempted financial exploitation of a customer is or has occurred and such disclosure is in the best interest of the customer. A covered entity may choose not to notify an associated third party if it reasonably believes that the third party is, was, or may be engaged in the financial exploitation or attempted financial exploitation of the customer. C, a covered entity shall limit disclosures to an associated third party to only information necessary to convey its suspicion that the customer was or may be the victim or intended victim of financial exploitation. And then finally, d, any disclosure by a covered entity pursuant to this section is exempt from the financial privacy protections in another subchapter of this chapter, and to the extent permitted by federal law under the Graham Leach Bliley Act, perhaps those laws may be amended. So those are the state federal privacy protections. It's a policy choice about whether you think standards in here are sufficient to protect customers.
[Michael Marcotte (Chair)]: Just wondering if we shouldn't have some language in there that tells a financial institution when someone opens their account that this is disclosed to them, when they open the account so that it's known, the customer knows that it I meant some kind of event. Something that they want to do that looks suspicious that the bank has the ability to do this? I don't know.
[Maria Royal, Legislative Counsel]: That's probably a great question for the bankers to answer. If I remember correctly, there was some conversation about designating a trusted person. Right. Right? There might have been some issues with that. So think that's a great topic to maybe follow-up on. And then the next section concerns just immunity for the covered entities. When they are carrying out protective actions authorized by this subchapter, a covered entity shall be protected from civil, criminal and administrative liability for any act or omission within the scope of its duties and authorized by this subchapter, provided the act or omission is in good faith and does not amount to gross negligence or willful misconduct. And the construction is just how it's basically I I think it would these laws would be interpreted liberally, but because they're remedial and protective in nature, but this is just direction to the court or anybody interpreting the provisions. This subchapter shall be liberally construed to encourage covered entities to take reasonable protective actions to prevent the financial exploitation of their customers. Doesn't change the law, but to the extent there might be any ambiguity, yeah, the agencies and the courts would lean in favor of what is the most protective, consistent with the purpose of this chapter. It's
[Michael Marcotte (Chair)]: This is the requirement for all financial institutions that are named in there. Okay. Do we have the authority to do that with a federally chartered bank or credit bureau?
[Maria Royal, Legislative Counsel]: I believe so. I'll I will check with the bankers, but I I didn't hear otherwise. And the definition that refers to the definition of financial institution includes heavily chartered bank, but I will confirm, make sure.
[Michael Marcotte (Chair)]: Yeah, it's fine. We're getting the patch crisp. We're getting on some of these questions. Any other questions for Maria? Maria, thank you. You're welcome.
[Unidentified Committee Member]: Actually, Mike, I do have one if I may. Back at the bottom of page four in the part of the going on to the top page five where it lists the actions. There any standards of documentation that the covered institution would need to meet? I'm sure some of it would be self protection. But do do we enumerate any of that in this act?
[Maria Royal, Legislative Counsel]: In other words, how they would document?
[Unidentified Committee Member]: Yeah. There's a basis for making the decision and what action they took.
[Maria Royal, Legislative Counsel]: There's nothing required, so you could add that if you wanna have a way of keeping track. That also might help the regulators understand how frequently this happens.
[Michael Marcotte (Chair)]: You know, a good data point for us to understand prevalent this is. Other questions? Maria, thank you. If you'd like to join us now or Sure. Okay. Okay.
[Chris, Vermont Bankers Association]: Good morning. For the record, Christie, Vermont Bankers Association. Thank you for the opportunity to testify. First, I wanna thank Maria for the great work that she did in taking the language and putting it into a Vermont context,
[Unidentified Committee Member (possibly from Rutland)]: if you will,
[Chris, Vermont Bankers Association]: to representative Cooper and other folks over at DFR for working on this. So I think it's somewhat self explanatory. It might be best just to try and answer your questions that some that you've raised and maybe others. One of the key factors in this is that it's a may versus a shall. So it is discretionary based on the circumstances that are presenting themselves to us, which is important. The question about making folks aware of this, I'd like to explore what the account opening what the opening of an account agreement looks like, and maybe it makes sense to put it in there. That may be an opportunity. The trusted third party is one that's, again, discretionary because not all banks are there in their thinking about wanting to put in place a process for a trusted third party. That person is gonna be identified for the bank. And the reason why some of the banks aren't all there is because what processes do you have in place to keep that updated, etcetera. But the information would only be shared with that trusted third party that's been identified and that the customer, if you will, signs off on. That one of the challenges with that is the trusted third party could be the perpetrator, so you gotta kinda weigh those circumstances. The question of information sharing, Rutland, I'm trying to take your example. The way we envision this is, you show up. You wanna take $10,000 out of your account. That is, by current regulations, a suspicious activity, and we are required by federal law to file file suspicious activity reports and and create a paper trail, if you will, that is in our files and often goes to another agency, because that is an unusual transaction. The fifteen days is, in my words, nobody else's, a cooling off period. And it allows us to work with you, communicate with you, not in that moment, because in that moment, it could be a level of anxiety. You could also, as has happened, have a phone open in your pocket with people listening. So we want to kind of get away from that. And that's where the fifteen days allows us to do it. It goes from the frontline teller to the branch manager to the security officer. And one of the things that we've got in Vermont, and I'm sure it exists in other states, is a network of bank and credit union security officers with local, state, and federal law enforcement. So there have been many occasions where a bank will notify secret service or FBI. And sometimes that's done because it's a pattern of activity that they're seeing out there. But, also, you get some situations where the customer's just not listening to you or doesn't wanna listen to you. So you bring in that person who's got that, if you will, higher authority or title that, oh my god. Secret service is talking to me. Maybe it is a scam. So that's why and that's how we envision the fifteen days. And we think that can work really well. But ultimately, at the end, it's their money, and it's gonna go back to them. So or they've got an an ability to do what they want. But I think this creates, in my mind, a very, very strong tool for our banks in Vermont. It is every bank. It is every credit union based on the definition. We would not wanna segment out folks, and we're anxious to see how this can play out in the market because we understand in other states it's been a useful tool. How you decide to move it forward is up to you. We'll have conversations about that later on today, but we hope there is a path forward, stand alone or otherwise, that this language can take. I'm happy to answer. Are there any other questions? Is there any concern about a situation where a teller, maybe it falls through the cracks, and they think it's legit. Turns out it's not. And now that teller is on the hook because she allowed a or he allowed a fraudulent transaction to go through. Yeah. So any concerns around that? I mean, we would have those concerns today because and and that's why it is incumbent upon us in what our banks do on a routine basis is the training of our frontline workers to ensure that they know, one, what the internal processes are, but two, what's the evolution in the market related to fraud and scams. So is it possible something falls through the cracks? Yep. And that would be a legitimate reason why a customer could come back and raise an issue with the institution. But we try and minimize as much as possible with the training and updating of of information that we provide to our frontline folks.
[Unidentified Committee Member]: What about that question I asked earlier about documenting these things here? Amended minimum amount of information you would want to see. I think it would be excuse me protective of
[Chris, Vermont Bankers Association]: your institution. Right. The in my mind, the documentation is already occurring because we have certain regulations through our federal regs and requirements that say we have to either create the suspicious activity reports. There are currency transaction reports that we have to notice unusual activity. All of those reports are kept in the files, and then when the examiners come in, they will look at those reports. So it isn't it isn't that we're so we're creating that documentation, and it is available to our bank regulators, could they take that and take notice from it? What's been happening out there or the impact of this? Yes. Over time, they could.
[Michael Marcotte (Chair)]: We so, I think I'd like to see the data after how many people were saved for fraud, fraudulent activity. And would that be would we be able to gather that information from the reports that are being generated now? Excuse me.
[Chris, Vermont Bankers Association]: Currency transaction reports, yes. Suspicious activity reports goes into a giant black hole that we never see quite candidly because it's with financial crimes enforcement network. You're also gonna run-in well, are you running into this? Trying to think of how you compel a nationally chartered bank to provide information. State chartered. Sure. I would not have a problem with language in there that would require us as an association to come back to you within some defined period of time. I think we gotta let it mature and report back to you. And then Michael would be, we'll go survey all of our members, and we will provide you that data in an aggregate format so that you have a sense of whether this is really working or not or if we need to tweak it or do whatever. I don't have a problem accepting that responsibility. I
[Jonathan Cooper (Member)]: was just I was looking through the report from the committee that worked on this over the summer. Yes. There were two things in there that I wanna make sure are in here and I wanna make sure work with you. One of them was notifying DFR when this happens, and then they would be the repository of all the information and it would take a load off your association and it would include anybody who isn't in your association to get that information. So that might be a little bit broader.
[Michael Marcotte (Chair)]: I don't
[Jonathan Cooper (Member)]: know if that So notifying them, I don't know how much I don't want to create more paperwork, but I also want to ensure that we're including being inclusive of all information that's happening across the state. So if you could noodle on that for
[Maria Royal, Legislative Counsel]: a little bit, because that was
[Jonathan Cooper (Member)]: in their report that they would prefer, they would recommend that they are notified. And the other thing was that it's only a hold on this amount of money, but that the customer still has hold. Correct. And I want to make sure that that might be a Maria question, but that's written in there very clear. Yeah. If
[Chris, Vermont Bankers Association]: it's not, absolutely, it should be clear. We have no interest in holding up your account for anything but what is perceived to be suspicious.
[Jonathan Cooper (Member)]: And I think that's part of the notification to the customer. Right? This is
[Michael Marcotte (Chair)]: Yep.
[Chris, Vermont Bankers Association]: Yeah. I'll I'll also see what for the other states who have enacted this, how their banks have conveyed it to the consumer. But I yeah. I I'll look at that, but I'm thinking that the account opening documents, that's a a natural area to look at that.
[Michael Marcotte (Chair)]: Yeah. I think it's we pay. We have we have the authority. Right. Right. Yeah. Just develop a paragraph. We might have the authority. Yep. Yep.
[Jonathan Cooper (Member)]: We have a recent experience in my family where we thought it was understood that money was being transferred to make a purchase in a car stopped working. My story in car problems.
[Unidentified Committee Member]: But
[Jonathan Cooper (Member)]: it ended up being a bank check that took more time, right? That was being made, you know, it was one of those things. And so then a money order was being written in that same amount from the same lending. So it could have felt like it was a suspicious transaction. And I, you know, I'm curious in that two large amounts of money to the same place, one didn't get there, but it should But there was a real time limited issue. And I wanna make sure that that's not going to get swept up. You know, it's just like one of those weird things that I want to make laws around as weird things and Right? Like, so is that the kind of thing that in training would be?
[Chris, Vermont Bankers Association]: Yeah. Well, I think that's the type of thing that, yes, in training, but more importantly, as part of the conversation with you as you're standing there doing the transaction. People go in and get bank checks all the time. I did it the other day for my wife for laser surgery and took money out in a bank check-in her name so she could deposit it in her account and then get the surgery. So it happens all the time, and that's where I'm envisioning because we're going to obviously have to do training just on this alone and make folks aware of the new tools. I think that's part of the conversation with you as a customer.
[Unidentified Committee Member]: To that point, I think as we were describing Edye's comments about like, is there are we clear enough when in line 20 on page five, we're saying, without imposing a duty to review every deposit or check individually, I wasn't sure there's any other time that we're being clear about it being just one thing and not every act every bit of activity in the account. Is that else we do you I mean,
[Chris, Vermont Bankers Association]: is that I'm I'm fine if we work with legislature council to make sure it is absolutely clear that it's only that transaction that we're talking about. I don't wanna impair the rest of the account, or we don't want. I should say we don't. The rest
[Michael Marcotte (Chair)]: Any other questions for Chris? Okay. Great. Thank you. Thanks, Chris. Thank you for your work on them. Thank you. Thank you for you as well. So fix those those areas and back to it. So I think there's no other questions for Maria or Chris. We're on at 11:30 with our next presenters. So if we take a twenty minute break, be back here promptly at 11:30, then we can hear from.