From SAFE to SAFER: What's New in the SAFER Banking Act?

This week a group of Senators introduced the SAFER Banking Act - a new version of the previous SAFE Banking Act. The legislation aims to improve access to financial services for cannabis businesses by creating safe harbors for financial institutions and payment processors. While marijuana is legal in many states in some form, the fact that it is still illegal at the federal level has led to some hesitancy from banks, credit unions, and payments processors to serve cannabis businesses.

The SAFE Banking Act has passed the House seven times but never gained much traction in the Senate. Now we have a new version in the Senate, which will go to a markup in the Senate Banking Committee on Wednesday of next week.

So what's changed in the new version? Let's take a look at some of the key changes:

The Big Change

Section 10 - Requirements for Deposit Accounts

Section 10 has been the hangup for why the bill has not moved in the Senate, so there have been some very notable changes to this section to get more people to the table.

New section: Sense of Congress

Section 10 now opens with a two-page "Sense of Congress" section, which states Congress' overall view of the role of banking regulators and financial institutions. Congress believes that banking regulators should ensure safety and soundness and that financial institutions should evaluate risk, identify customers, protect against fraud and suspicious activity. In serving their communities, financial institutions should take a risk-based approach at the individual customer level, and each institution should choose whether the services they provide fit within their risk profile.

Conditions for Termination

The old SAFE Banking Act set up a structure where if a regulator either (a) requested or ordered an FI to close an account, or (b) restricted or discouraged an FI from opening an account or group of accounts, the regulator had to determine the FI was engaging in unsafe or unsound practices or was violating a rule, law or regulation. They also could not shut down activity based primarily on reputation risk - they had to have a different reason.

The new SAFER Banking Act makes a few tweaks to this structure.

First, it now only addresses an FI closing an account or terminating a relationship. It does not cover a regulator preventing the opening of an account or group of accounts.

Second, it says that if a regulator makes an FI close an account, they have to have a "valid reason." Valid reason has some of the same definition - unsafe or unsound practices or a violation of a law or rule. It also adds some valid reasons - enforcement actions, BSA violations, any activity that could lead to a document of resolution or supervisory recommendation, or if the agency "has another reason, determined to be valid by the agency."

If you're following along, you read that right: if a regulator wants to make you close an account, they must have a valid reason. But the definition of the agency's "valid reason" includes when the agency has another reason they've determined to be valid. Not sure that's much of a guardrail? The main guardrail is that the agency can't make this decision based primarily on reputation risk.

Treatment of National Security Threats

There's a few changes to this section. The old version gave regulators shutdown account powers if they believed an account to be a national security threat. The new SAFER Act changes that standard from "believes" to "has reason to believe" an account is a security risk. The new bill also expanded the examples of security risks to include businesses supporting transnational criminal organizations, drug trafficking organizations, money laundering organizations, or any other criminal activity.

Notices

The requirements for notice the regulator must give the FI and the notice the FI must give their customer are mostly unchanged.

There is some additional language on what information can't be shared with a customer about why their account is being closed in certain cases. Under the old SAFE Act, if the account was being closed because it was a security risk or if giving the customer notice would interfere with a criminal investigation, neither the regulator nor the FI was allowed to tell the customer why their account was being terminated.

Under the new SAFER Act, neither the FI nor the regulator can tell the customer the reason for the closure if (a) Federal law enforcement advises them not to, or (b) they know or should know that a criminal prosecution or investigation is pending. They are also now required to consult with Federal law enforcement about whether a notice and reason is required.

Additionally, an FI cannot disclose the reason for termination if doing so would disclose the existence of a SAR or reveal confidential supervisory information, or if disclosing would violate a rule, law, regulation, enforcement action, or other order.

Agencies Reporting on Account Terminations

The SAFE Act required banking regulators to issue to Congress an annual report showing how many accounts they made FIs close and the legal authority for doing so. That requirement remains in the new SAFER Act, but now has the additional requirement that before the agency submits the report, they have to make it available to their Inspector General for an internal review. The Inspector General shall also report on this review to Congress.

New Reports on Increasing Account Access

The SAFER Act requires additional reports that are brand new to this version of the bill. First, it requires that within 2 years of enactment, regulators "shall collectively promulgate rules or guidance to increase access to deposit accounts for businesses and consumers." This guidance will include standards for entering into and maintaining consumer relationships, increasing access to deposit accounts in certain communities, using innovative technologies to increase deposit account access, and "features of a deposit account that are responsive to the needs of an unbanked business or consumer."

The SAFER Act also calls for the FDIC to conduct a biennial survey on the efforts of depository institutions to provide greater access to deposit accounts to small and medium-sized businesses.

I find these report and study requirements to be a very interesting part of the legislation because they a) were not included in the original bill, and b) are largely unrelated to marijuana businesses. What it has a lot to do with is the "credit union mission," namely serving the underserved and increasing access to financial services in our communities.

Rule of Construction

To avoid any ambiguity, the SAFER Act makes it clear that nothing in this bill infringes on a regulator's power to identify and discuss supervisory findings and BSA/AML risks or deficiencies.

A Medium Change

Section 3 - Safe Harbor for Depository Institutions

The original SAFE Banking Act stated that a federal banking regulator may not "prohibit, penalize, or otherwise discourage a depository institution from providing financial services" to a state-sanctioned marijuana business. The SAFER Banking Act removes "otherwise discourage" from that language. It now says a federal banking regulator may not "prohibit a depository institution from providing, or penalize a depository institution for providing, financial services" to a state-sanctioned marijuana business.

So “discouraging” is back on the table for the regulators. You can imagine why they made this change - this was the most vague/open to interpretation of the three actions. This change is made twice in Section 3.

Minor Changes

Section 5b and 9a - Protections for Federal Reserve Banks and Federal Home Loan Banks

The original SAFE Banking Act provided a safe harbor for a non-depository lender that makes a "federally backed" mortgage loan in Section 5(b). It references section 9(a) for the definition of a federally backed mortgage loan. The SAFER Banking Act applies this same protection to a "covered" mortgage loan. It also references section 9(a)

This is a terminology change with an expanded definition. Section 9(a) of the bill defines this terms in both versions of the bill. In the SAFER Act, there is one new element to the definition: covered mortgages now include a mortgage loan that is "acquired or purchased by a Federal Home Loan Bank or pledged as collateral for an advance from a Federal Home Loan Bank."

Section 7 - Guidance and Examination Procedures

The original SAFE Banking Act gave the FFIEC 180 days to develop uniform guidance and examination procedures for depository institutions. The SAFER Banking Act gives them an extra 6 months - FFIEC now has 1 year to develop these procedures.

Section 8c - Federal Banking Regulators' Hemp Banking Guidance

The original SAFE Banking Act gave regulators 90 days to update guidance on providing financial services to hemp businesses. The SAFER Banking Act gives them an extra 90 days - they now have 180 days to update this guidance.

Section 11 - Annual Access to Financial Services Report

This section requires regulators to report to Congress annually with information and data on the availability of financial services to business owned by veterans, women and minorities. In the SAFE Act this section was called "Annual Diversity and Inclusion Report." In the SAFER Act, two changes are made. First, it adds Tribal community-owned businesses to the report. Second, it re-titles this section the "Annual Access to Financial Services Report." Presumably, removing "Diversity and Inclusion" from the title could make it less polarizing. This title change is also applied to Section 12, which is now titled "GAO Study on Barriers to Marketplace Entry."

What happens now?

The bill heads to markup in the Senate Banking Committee on Wednesday of next week. We'll be watching if any amendments are allowed and if any Senators who have previously been opposed are supportive of this new version.