By Anthony M. Freed, Information-Security-Resources.com Financial Editor
Heartland Payment Systems (HPY) announced via email that they have once again attained a PCI compliant status following less than two months of suspension.
Heartland’s removal from the list of compliant payment processors had followed revelations that the company had suffered what may have been the largest data breach of payment card information to date, although details of the incident and similar events at RBS WorldPay (RBS) have not been made available due to ongoing investigations.
PCI DSS is the self-regulatory set of guidelines that the payment card industry and retail merchants use to encourage financial information security best practices throughout the industry.
Heartland’s email:
HEARTLAND PAYMENT SYSTEMS RETURNS TO VISA’S LIST OF PCI DSS VALIDATED SERVICE PROVIDERS
Princeton, N.J. (May 1, 2009) – Following the completion of its annual Payment Card Industry Data Security Standard (PCI DSS) assessment, Heartland Payment Systems has successfully validated its compliance with PCI DSS. As such, Heartland is returning to Visa’s List of PCI DSS Validated Service Providers. According to Visa, Heartland will appear on the list – which can be found at http://www.visa.com/cisp — on Monday, May 4.
Heartland Payment Systems (HPY), one of the largest credit card processors in North America had finally been sanctioned in March of this year for the lapses in their security standards that contributed to the 2008 breach:
On January 20th of this year, Heartland Payment Systems (HPS) publicly disclosed a large-scale compromise involving account data from all card brands. In light of this event, Visa has taken the following actions to help protect the Visa system:
Removal from Visa’s List of Compliant Service Providers – Visa has removed Heartland from its online list of Payment Card Industry Data Security Standard (PCI DSS) compliant service providers. HPS has advised, however, that it is aggressively working on remediation and re-validation of its systems to comply with PCI DSS standards. The company will be relisted once it revalidates its PCI DSS compliance using a Qualified Security Assessor and meets other related compliance conditions.
System Participation – HPS is now in a probationary period, during which it is subject to a number of risk conditions including more stringent security assessments, monitoring and reporting. Subject to these conditions, Heartland will continue to serve as a processor in the Visa system.
Given that the suspension was really in name only, Heartland was allowed to continue business as usual while obtaining re-certification of their PCI compliance, which is something they would have been required to complete regardless of Visa’s (V) actions, as compliance re-certification is required on a yearly basis anyway.
So here we are back a square one, with little improvement in security for an industry that can arguably be considered to be crucial to our national security, as well as our individual financial identities. And the industry itself is no better off, as a weak economy yields meager revenues and ever tighter budgets for the IT Security professionals whose job it is to try to always do more with less.
The future of PCI DSS is at stake, yet the leadership to required to secure its future and the much needed cooperation of all interested parties appears to have been tabled in favor of the status quo.
I again offer my opinion that the biggest threat to PCI DSS does not come from the endless supply of criminal hackers the industry will certainly face in perpetuity, but instead comes from the fractured portrait of an industry in crisis, and its inability to effectively manage itself.
Anthony is a researcher, analyst and freelance writer who worked as a consultant to senior members of product development, secondary, and capital markets from the largest financial institutions in the country during the height of the credit bubble. Anthony’s work is featured by leading Internet publishers including Reuters, The Chicago Sun-Times, Business Week’s Business Exchange, Seeking Alpha, and ML-Implode.
The Author gives permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author and to Information-Security-Resources.com
By Anthony M. Freed, Information-Security-Resources.com Financial Editor
PCI DSS, the self-regulatory set of guidelines that the payment card industry and retail merchants use to encourage financial information security, may well have entered it’s death throes Tuesday, as evidenced by revealing testimony during the House of Representative’s Committee on Homeland Security hearings.
Why the dire prognosis?
Anyone who has been following the cascade of security failures plaguing the payment card industry in the last year, and punctuated by the still-shrouded breaches at RBS WorldPay (RBS) and Heartland Payment systems (HPY), has to acknowledge that there are major problems with security that need to be addressed pronto.
But the greatest threat to the survival of PCI DSS (Payment Card Industry Data Security Standard) may not be the ever-evolving tactics of the criminal hackers intent on a “big score,” but instead the dysfunctional nature of the relationships between the very parties the standards are meant to serve.
The squabbling and finger pointing displayed during the first quarter of 2009 within the industry itself has resulted in nothing less than a public relations nightmare in my opinion, as major card brands, processors, and merchants each seek to deflect responsibility onto the others.
Someone on the sidelines, intently watching the game, would have to wonder what the heck these people are thinking.
First, RBS WorldPay and Heartland maintain that because they had been PCI DSS compliant at some point before their systems were breached, they can essentially shrug off any any culpability for the security lapses, offering only the caveat that they are doing the best they can with what they have.
Almost simultaneously, the PCI Security Standards Council was staunchly asserting that no company that suffers a breach can be considered PCI compliant – regardless of their being listed as in good standing with the council at the time of the breach. From Securosis.com:
Businesses that are compliant with PCI standards have never been breached, says Bob Russo, general manager of the PCI Security Standards Council, or at least he’s never seen such a case. Victims may have attained compliance certification at some point, he says, but none has been in compliance at the time of a breach, he says.
“We’ve never seen anyone who was breached that was PCI compliant,” Phillips says without specifically naming – or excluding — Heartland. “The breaches that we have seen have involved a key area of non-compliance.”
To add to the confusion, Visa issued statements that RBS WorldPay and Heartland had been belatedly removed from the PCI Compliant list, in what has been widely considered to be merely legal maneuvering to effectively shield themselves from culpability while blocking the only alibi the processors have.
“It’s all legal maneuvering by Visa,” says Gartner security analyst Avivah Litan in an interview with ComputerWorld.com. “This is PCI enforcement as usual: They’re making the rules up as they go.”
This was apparently seen as an opportunity by some Heartland competitors to move in on some of Heartland’s clients, with reports of merchants being warned by other processors that they may be violating PCI compliance by continuing to do business with Heartland, and prompting Heartland to respond with threats of lawsuits.
Then, during Tuesday’s Congressional hearings, representatives of the merchant community, long thought to bear the brunt of security protocol “cram-downs” by the issuing brands, threw their hat into the ring in what now amounts to an industry free-for-all. From Forbes.com:
Michael Jones, the chief information officer at the retail company Michael’s, testified that the PCI rules were “expensive to implement, confusing to comply with and ultimately subjective both in their interpretation and their enforcement.”
Now bear in mind, all of these factions are supposed on the same team, and all are supposed to be working in unison to continue the evolution of ever more secure systems to thwart the increasingly resourceful criminal hackers.
Is it any wonder that the future of PCI DSS is in question?
And what could possibly be worse than an entire industry at each others throats in the midst of the biggest security problems they have faced to date?
Well, they could make enough of a brouhaha that they attract the attention of lawmakers, as they have succeeded in doing; lawmakers who have regularly demonstrated their intention of late to force industries of all stripes to cede to their “better judgment.” Also from Forbes.com:
“I’m concerned that as long as the payment card industry is writing the standards, we’ll never see a more secure system,” (Rep. Bennie) Thompson said. “We in Congress must consider whether we can continue to rely on industry-created standards, particularly if they’re inadequate to address the ongoing threat.”
This means that the PCI Security Council, keepers of the PCI DSS flame, have their work cut out for them if they want to remain the chief regulating body for PCI security. Maybe they left these issues to simmer on the back burner for too long, and maybe someone will be looking for a scapegoat.
It’s all uphill now.
During a phone call in early March with Lib de Veyra, VP of emerging technologies at JCB International and recently named Chair of the PCI Security Council, I expressed my concern over the state of relations between the various elements that make up the payment card industry.
I likened the public displays of policy incongruity and the tendency for all interested parties to respond to news of security lapses by rushing to throw each other under the bus, to that of the image of a snake swallowing its own tail.
I expressed concern by offering my opinion that the biggest threat to PCI DSS does not come from the endless supply of criminal hackers the industry will certainly face in perpetuity, but instead comes from the fractured portrait of an industry in crisis, and its inability to effectively manage itself.
That was one long month ago, and opportunity to avert the creation of a new regulatory body to oversee PCI may have already come and gone, which is most unfortunate everyone concerned.
PCI DSS is not broken, but the collective will to make it an effective standard for security just might be.
Anthony is a researcher, analyst and freelance writer who worked as a consultant to senior members of product development, secondary, and capital markets from the largest financial institutions in the country during the height of the credit bubble. Anthony’s work is featured by leading Internet publishers including Reuters, The Chicago Sun-Times, Business Week’s Business Exchange, Seeking Alpha, and ML-Implode.
The Author gives permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author and to Information-Security-Resources.com
Sunday March 22, 2009, Dateline NBCaired a piece called “Inside the Financial Fiasco,” in which Chris Hanson finally takes a break from exposing sexual predators to take a closer look at the current housing mess.
NBC attempts to assign blame for the mortgage meltdown, and also tries to make it seem like they have finally identified the handful people who were the “only ones who knew” what lay in store for the economy when Wall Street embarked on the derivatives end-run that fueled the crisis.
So let’s go down the list of people that are prime candidates in the vicious circle of blame, and what their role where in the making of this fiasco.
Let’s start at the top. Back in the mid ‘90’s, The Government loosened credit guidelines and required lenders to make mortgages available to more to minority buyers.
By doing this, they gave the lenders an open check book to write questionable loans, all the while knowing that they would be able to sell them on the secondary market (Wall Street).
This was the creation of the infamous “Subprime” loans which later morphed into Alt-A and Expanded Approval loans.
Next, let’s look at the Product Managers who wrote the underwriting guidelines for the toxic loans known as SISA’s and NINA’s, which required little or no documentation of income and assets. The SISA loans are highlighted in the Dateline piece.
Do you think that these product managers had no idea that these types of loans may be misused, or did they only see the underlying profit that was possible from billions of dollars of loan fees collected by creating millions of loans that were virtually just ticking time bombs?
Yes, there are some cases where these loans were appropriate, such as for the business owner who had a lot of write offs, or the borrower whose spouse may not have the best of credit, but will nonetheless contribute towards the monthly mortgage payments.
But the types of borrowers who where actually put into these loans were completely unqualified, as mentioned in the NBC piece.
People like Delores Parker Jackson, who took out multiple loans on four condos totaling over $1.3 million with a negative (-$6000) shown on her tax returns.
Mrs. Jackson, who claims to have run a profitable daycare, and says that she is not to blame, but is actually the victim of predatory lending.
REALLY? She took out multiple mortgages on four different properties totaling over a million dollars with a payment of more than $10k a month, and she claims she had no idea that she could not afford the terms. Now she wants to pretend that she is not culpable, and that the mortgage company committed fraud?
Come on, do seem we that stupid?
Thirdly, let’s look at another “innocent” party: The CEO’s of all the banks and mortgage companies.
These people should have overseen the product managers and acted as the final line of defense by looking out for the company’s long term interests by saying “Hey, stop! These loans may be too risky.”
But the CEO’s saw only a “pot of gold” in the form of billions in loan fees, and where slaves to the corporate bottom line.
Do you think that Angelo Mozilo, the former CEO of Countrywide who earned over $400 million during his last five years at the company, had absolutely no idea that SISA and NINA loans with zero money down would backfire?
Chris Hansen attempts to talk to Mr. Mozilo, but to no avail.
Since he quit Countrywide and the mortgage mess started to blow up, Mozilo has been hiding out at his palatial estate in Southern California, ala Howard Hughes. Chris tried to get the guard at Mr. Mozilo’s gate outside his house to let him in, but was turned away.
Also to blame are the former CEO’s at places like Bear Stern’s and Lehman Brothers, who ended up driving their companies into the ground by buying up these toxic securities. And none of these guys saw the writing on the wall?
I think they did, but also saw big dollar signs in the racket, and choose to ignore the hazards.
Next up for their heaping of blame are The Borrowers. I was an LO for 15 yrs, and used Countrywide as a purchaser for many of my loans.
I knew that some of my borrowers were “less than qualified,” but the underwriting said to “make the loan.”
Like when I would be working for a builder, and a borrower would come to me and asked what loan amount they qualified for, my reply often was, “How much can you afford?”
I told them that I could tell them all day how much they can and cannot get approved for, but only they could tell me how much they really afford.
I could tell them on paper or with calculator that you could qualify to pay, but only the borrower could tell me if they could actually maintain that payment.
I cannot tell you how many times I was told by borrowers, “Don’t worry about me affording it. You just write that mortgage.”
This is where I move on to include the next culprit in this mess, The Loan Officers.
How many LO’s wrote loans for people that they knew would end up in foreclosure?
Many borrowers who I turned down for a mortgage would come back to me later to say, “See, I knew I could get approved. Thanks for nothing.”
At the height of the bubble, there were so countless mortgage brokers who were willing to do anything to write a loan and collect a fee.
They would falsify the numbers to make them work if they had to.
In the Dateline piece, they showcase a woman who was employed as a personal trainer, and who claimed to of told the LO at People’s Choice that she only made $1600/mo.
She was approved for a $259k loan.
Even after she was told that the payment would be over $2100/mo, she figured that she would just have her sister move in and help with the payment.
Do you think that the LO at People’s Choice had any idea that she may NOT be able to make the payment on this house? When Chris Hansen looked at the original paperwork, it stated that she made $7300/mo, which surprised the woman.
She claims she never provided that figure to the LO.
How many LO’s committed fraud because the commissions that they were going to make on each loan they closed could be well into the tens-of-thousands of dollars?
Even though my job was commissioned based, I only made loans if I had some degree of certainty that the borrower had both the ability to pay the mortgage payment and that they completely understood why I was giving them a SISA or NINA loan product.
I did not want a former borrower hunting me down in the parking lot some night after work because I put them in a loan that that left them flat broke.
Next in line is a major player, one who no one seems to put much blame on or even mention much, The Appraiser’s. I believe these guys had a huge impact on the housing explosion, and no one seems to want to bring them up.
As the appraisers continued to inflate the values of the properties, the mortgage companies continued to write mortgages to cover the obscene appraisals.
I knew that if a borrower told me that they were short on funds to close, I could call the appraiser and ask him to “bump up” the value of the property a bit, so that I could give the borrower the money cover closing costs.
This was considered a legitimate practice because real estate only increases in value, remember? But in reality, the value of that house did not go up $5k in the 2-3 weeks since they had done the actual appraisal.
I also found out the hard way how much of an “opinion” an appraisal really was.
Prior to working for the builder, I worked for a short time as a mortgage broker. I only did one loan at the place. , and it was for a gentleman who was doing some renovations on his house, but did not have enough money to finish the project.
Less than a year earlier, the value of the house came in at $85k. When he wanted to do another cash-out refinance a year later, but the new appraisal came in again at $85k. So when I went to my boss and told him that I did not have the value to support the loan, he handed me a business card and said, “Call him.”
Two weeks later, I had an appraisal for $115k, enough to cover the loan.
Was there that much movement in the values of the house? Did it really go up $20k in three weeks, or did the new appraiser just want more business?
What do you think? I know when I worked for one of the big mortgage companies and did a ton of refi’s, every time I had to put an initial value of a home on an application (which typically came from the borrower) nine times out of ten, the appraisal came back with the exact same value.
Curious.
Another big part of the mess, the people who were supposed to catch any fraud or mistakes, were The Underwriters.
They were the final check points in the mortgage process, and when they were presented with a SISA loan that showed that a “house cleaner” made $12k/mo, they should have sounded the alarm.
Like the appraisers, the underwriters are merely mentioned in the piece on Dateline.
Ilene Lanacano, who worked for “People’s Choice,” says that when she brought up some of these problems with the questionable loans, she was often overruled by the CEO of the company.
She states that she was often offered “incentives” by loan officers (money, jewelry, even a car) to approve loans. Ilene says that she never took any of these incentives.
She also claimed that there was harassment and intimidation if you did not approve loans, such as flattened tires and physical threats.
Ilene finally left “People’s Choice” for a consulting firm whose business was to analyze the loans to be pooled in Mortgage Backed Securities (MBS’s). When she raised some flags, she ended up getting in trouble by management.
Next, let’s look to good old Wall Street. You would think that one of the supposed guru’s of Wall Street could have seen the possibility that at least some of these loans were destine fail. But they too, only saw the bottom line, and they sold these MBS to everyone: investors, pension funds, municipalities and other countries.
And then there is China, who bought up trillions of dollars in MBS in an attempt to control the US. By owning all these MBS, China has a huge stake in our mortgage meltdown.
They were only briefly mentioned in the “Dateline” piece, and no real repsonsibility was levied on them. If China had not been so greedy, there wouldn’t have such a demand for MBS, which would have cut down the toxic loans being written.
And the Chinese are smart, shouldn’t they have seen some of the signs?
Next ones to heap some blame on are the Bond Rating Agencies, such as Standard and Poors, who was also briefly mentioned in NBC’s piece.
As Dateline explained, they were hired to give credit ratings to these MBS, which are supposed to indicate their level of risk to investors. “AAA” was the highest rating that they could give a security, and 80% of MBS received that top stamp of approval.
They suggested that most MBS would perform well, despite the fact that the agencies did not have any historical data to back the ratings up. Richard Gufliota of S&P, stated that they were so over inundated with securities to rate that most were not examined to the extent that they should have been.
It should also be mentioned that they made their money in volume too. More quantity over quality.
Finally, a lesser acknowledged culprit of this financial fiasco is The Media itself.
If it wasn’t for the greed of the media (TV, Radio and Newsprint), rolling out with advertisement after advertisement for these mortgage companies and their products, borrowers would not have been so encouraged to accept some of these toxic loan.
In years leading up to this mess, there wasn’t a commercial break that did not produce a mortgage ad.
Often advertised were the No Closing Cost, Stated Income, No Income Verified, and so forth.
There wasn’t a Radio host in the nation who didn’t have at least one mortgage company in their back pocket paying them to be their spokesperson.
Did any of them look into the products that they were pitching to their listeners? Nope. I think they just laughed all the way to the bank.
And what is strange about the media’s role, is that I have yet to see anyone try to add them into the equation. Now, all you hear out of radio talk show hosts spewed crap about how everyone else is to blame. None have come forward to say, “Hey, I guess I had a hand in it too.”
All in all, it is going to be a vicious circle of blame.
There is plenty of blame to go around, and I think when it comes down to it, we can sum it all up with one little word: “GREED;” the Greed of the Government, the greed of the Product Managers, the greed of the CEO’s, the greed of the borrowers, the greed of the Loan officers, the greed of the Appraisers, the greed of the Underwriters, the greed of Wall Street, the greed of China, the greed of the Bond Raters, and greed of the media.
The plaint that credit default swap-promulgating AIG (AIG) is contractually obligated to pay out millions in bonuses to the same pitted brass that led the company, the industry, and the entire economy off a cliff is a bunch of horse hooey.
If you are on the management team of a company that lays off workers, can’t pay its bills, leaves shareholders holding nothing, and has to take public bailouts, it’s your damn job to make a deal to restructure that company, or wind it down responsibly.
Your bonus is getting to keep porking up to the paycheck trough while other workers are losing salary, severance, and health care.
New York Times: The payments to A.I.G.’s financial products unit are in addition to $121 million in previously scheduled bonuses for the company’s senior executives and 6,400 employees across the sprawling corporation. Mr. Geithner last week pressured A.I.G. to cut the $9.6 million going to the top 50 executives in half and tie the rest to performance.
The payment of so much money at a company at the heart of the financial collapse that sent the broader economy into a tailspin almost certainly will fuel a popular backlash against the government’s efforts to prop up Wall Street. Past bonuses already have prompted President Obama and Congress to impose tough rules on corporate executive compensation at firms bailed out with taxpayer money.
A.I.G., nearly 80 percent of which is now owned by the government, defended its bonuses, arguing that they were promised last year before the crisis and cannot be legally canceled. In a letter to Mr. Geithner, Edward M. Liddy, the government-appointed chairman of A.I.G., said at least some bonuses were needed to keep the most skilled executives.
I sure would like to see those AIG contracts – I’ll bet I can poke a hole in the specious supposition that the company really, really wants to do the right thing, but its little hands are tied. Since the public bailout of AIG, we all have an ownership interest in where the money is going, and are entitled to ask probing questions.
New York Times: “We cannot attract and retain the best and the brightest talent to lead and staff the A.I.G. businesses — which are now being operated principally on behalf of American taxpayers — if employees believe their compensation is subject to continued and arbitrary adjustment by the U.S. Treasury,” he wrote Mr. Geithner on Saturday.
Still, Mr. Liddy seemed stung by his talk with Mr. Geithner, calling their conversation last Wednesday “a difficult one for me,” and noting that he receives no bonus himself.
“Needless to say, in the current circumstances,” Mr. Liddy wrote, “I do not like these arrangements and find it distasteful and difficult to recommend to you that we must proceed with them.”
I know contracts inside and out, at the real-world, down and dirty level, not the black-box, ivory tower, theoretical stratum that gets adjusted as the tectonic plates of business deals crash into each other.
Although I have chosen not to practice law anymore, I am really good at understanding the terms of these agreements, and evaluating when it would appropriate to reward corporate players for their performance.
And, when it is not.
New York Times: Of all the financial institutions that have been propped up by taxpayer dollars, none has received more money than AIG, and none has infuriated lawmakers (and Ben Bernanke per 60 Minutes) more, with practices that policy makers have called “reckless”
The bonuses will be paid to executives at A.I.G.’s financial products division, the unit that wrote trillions of dollars’ worth of credit-default swaps that protected investors from defaults on bonds which were backed in many cases by subprime mortgages.
The bonus plan covers 400 employees, and the bonuses range from as little as $1,000 to as much as $6.5 million. Seven executives at the financial products unit were entitled to receive more than $3 million in bonuses.
Any attorney who advises that these bonuses are appropriate ought to have his or her head checked.
Base salary, maybe, if not outrageous. No bonus. No severance unless everybody else also received proportionate assistance. Don’t care what the contract says – attack it in bankruptcy or wind down – I saw it many times in the Silicon Valley meltdown.
But the official also said the administration will force A.I.G. to eventually repay the cost of the bonuses to the taxpayers as part of the agreement with the firm, which is being restructured.
AIG’s main business is insurance, but the financial products unit sold hundreds of billions of dollars’ worth of derivatives, the notorious credit-default swaps that nearly toppled the entire company last fall. AIG had set up a special bonus pool for the financial products unit early in 2008, before the company’s near collapse, and when problems stemming from the mortgage crisis were just becoming clear.
There were concerns that some of the best-informed derivatives specialists might leave.the company. AIG then locked in $450 million for the financial products unit, and prepared to pay it in a series of installments to encourage people to stay.
This poignant issue is near and dear to me, as I have shut down management bonuses before, even when I would have received some of that money, and even when I really needed it.
I also have been lucky enough to work with one of the premier corporate governance experts in the country and with a bankruptcy and wind down expert whom I hope will end up on the federal bench.
In the past, I have known both of these gentlemen to express support for my assertion that it is appalling for a destitute company to pay out management and deal bonuses to the team that took the company under.
New York Times: A.I.G.’s main business is insurance, but the financial products unit sold hundreds of billions of dollars’ worth of derivatives, the notorious credit-default swaps that nearly toppled the entire company last fall.
Under a deal reached last week, A.I.G. agreed that the top 50 executives would get half of the $9.6 million they were supposed to get by March 15. The second half of their bonuses would be paid out in two installments in July and in September. To get those payments, Treasury officials said, A.I.G. would have to show that it had made progress toward its goal of selling off business units and repaying the government.
Nice. You just keep holding that moral compass you got there, guys.
Laura is a business consultant and an advocate for information security, consumer protection, long-term shareholder value, and better management decisions. Her specialty is finding and fixing risks and threats to sensitive data. Her experience includes international banking, credit card, and mortgage companies, venture capital portfolio companies, and software and technology providers. She practiced law in Silicon Valley during the tech boom and meltdown, handling corporate governance and information protection.
The Author gives permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author and to Information-Security-Resources.com
By Anthony M. Freed, Information-Security-Resources.com Financial Editor
Heartland Payment Systems (HPY), one of the largest credit card processors in North America, is finally being called to the carpet for the apparent lapses in Payment Card Industry Data Security Standards (PCI DSS) that contributed to the largest data breach of 2008, perhaps even the largest breach ever considering the full extent of the exposure has yet to be determined.
Called to the carpet sort of, anyway; the sanctions and guidance laid out by Visa (V) seem a little lackluster when weighed against the severity and duration of the breach.
Given that Visa is now considered the most likely of several candidates for inclusion in the Dow Industrial Average, taking up slack from soon to be sidelined Citigroup (C) and Bank of America, (BAC) it is not surprising that they do not want to call too much attention to the situation:
On January 20th of this year, Heartland Payment Systems (HPS) publicly disclosed a large-scale compromise involving account data from all card brands. In light of this event, Visa has taken the following actions to help protect the Visa system:
CAMS Alerts – Between January 18th and February 4th Visa issued a series of Compromised Account Management System (CAMS) alerts (US-2009-046-IC) to financial institutions related to this compromise event. Providing this information can help financial institutions act quickly to minimize fraud on exposed card accounts.
It is worth noting here that Visa and MasterCard (MC) reported anomalies to Heartland in late October, about two and a half months before the CAMS alert was issued.
Data breaches in the financial industry always reignite the debate between those who want full and immediate disclosure, and those who would prefer to subdue the news.
A lot seems to depend on your preferred usage of words like “quick” and “help”.
As for the sanctions Visa has prescribed for Heartland, I believe it’s something akin to when Dean Wormer put the Delta House on Double Secret Probation, or at least that’s how it reads:
Removal from Visa’s List of Compliant Service Providers – Visa has removed Heartland from its online list of Payment Card Industry Data Security Standard (PCI DSS) compliant service providers. HPS has advised, however, that it is aggressively working on remediation and re-validation of its systems to comply with PCI DSS standards. The company will be relisted once it revalidates its PCI DSS compliance using a Qualified Security Assessor and meets other related compliance conditions.
System Participation – HPS is now in a probationary period, during which it is subject to a number of risk conditions including more stringent security assessments, monitoring and reporting. Subject to these conditions, Heartland will continue to serve as a processor in the Visa system.
So Heartland is off of Visa’s Christmas card list for 2009, but they still get a fruitcake.
A breach of unknown scope and impact to consumers, participating banks, their shareholders, merchants, the economy in general, the source of multiple class action lawsuits and untold losses for years to come, and the big smack down is that Heartland has to sit in the back of the bus?
Profits over protocols; some actuary must have crunched the numbers, the underwriters drew the bottom line, and the executives decided to mush on. Damn the torpedo (holes).
And Heartland may not be the whole story.
There are multiple access points in the data chain. Heartland may be where the malware disease did its worst damage, but that does not guarantee that Heartland is also the point of infection.
And as far as being PCI DSS compliant, there has been some confusion as to what that exactly means for security assurance.
PCI DSS compliance is only a momentary measure. Think of it along the lines of a kitchen inspector who gives a restaurant the highest rating after inspection, that is no guarantee the cook will wash his hands well next week, or that the mayonnaise will never get left out.
That is why you will hear a CEO of a breached credit card processor plead “But we were PCI DSS compliant” and simultaneously you will hear the PCI council (made up of the major payment card brands American Express (AXP), Discover Financial Services (DFS), JCB International, MasterCard Worldwide and Visa) exclaim that “No PCI compliant processor has ever been breached.”
Both of these statements can not be correct.
Also included in Visa’s belated response to the Heartland breach is a fine to be levied against the participating banks – most of whom rightly consider themselves to be victims of the breach as much as their customers are.
This must be like when the mean Drill Sergeant makes everyone march in the rain because one jerk made a goof. I guess the client banks are supposed to exert peer pressure on Heartland to mend their ways, or something:
Fines – In accordance with Visa Operating Regulations, fines will be assessed to Heartland’s sponsoring banks. Such fines are part of the program Visa uses to assure compliance with system rules. Ongoing compliance with PCI DSS helps keep the system more secure for all participants.
I fail to see the purpose of penalizing banks that send their processing business to Heartland unless it can be shown that the bank somehow contributed to the breach in a material manner, otherwise this is just more fodder for the lawyers in the form of damages to recover through litigation.
Another mystery contained in Visa’s announcement is the requirement that all fraud related to the Heartland breach has to be reported by May 19th. This is ridiculous, as it could be a year or two before all fraud cases can be identified and then substantiated; requiring this to happen in the next two months is unrealistic, if not unreasonable:
Account Data Compromise Recovery – Visa has determined that this event qualifies for the Account Data Compromise Recovery (ADCR) program. Subject to its terms, this program provides issuers the ability to recover a portion of their losses related to accounts that are determined to be the subject of a breach, by assessing acquirers for the ADCR financial liability. An acquirer’s ADCR financial liability is determined based on a percentage of magnetic stripe-read counterfeit fraud and specified operating expense liability amounts. Issuers will have until May 19th to report fraud losses related to this event to Visa. Until this reporting window closes, specific recovery amounts cannot be determined. Visa will provide clients with additional information as it becomes available.
Finally we get to that last paragraph, and I can say there is something there that I actually agree with: The PCI DSS is a decent start. What really needs to be fixed is how PCI DSS is implemented and maintained throughout the data access chain:
This recent compromise underscores the importance of all parties maintaining ongoing compliance with the Payment Card Industry Data Security Standard. These standards continue to serve as a robust and critical foundation to protect cardholder data and, when implemented properly, have proven to be highly effective in preventing and mitigating the impact of data compromises. Compromise events are a reminder of the importance for all parties in the payment system to maintain ongoing vigilance when it comes to protecting cardholder data. Each stakeholder in the Visa system has a critical role in our collective fight against the criminals that perpetuate card fraud.
So in summation, Heartland (and others) may be full of holes, and Visa belatedly recommends business as usual until such time as the holes can be found and filled.
On to the next breach.
Anthony is a researcher, analyst and freelance writer who worked as a consultant to senior members of product development, secondary, and capital markets from the largest financial institutions in the country during the height of the credit bubble. Anthony’s work is featured by leading Internet publishers including Reuters, The Chicago Sun-Times, Business Week’s Business Exchange, Seeking Alpha, and ML-Implode.
The Author gives permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author and to Information-Security-Resources.com
By showing the inside workings of a take over, “60 Minutes” (I think) was trying to put our minds at ease by showing how smoothly it goes.
But this is a bank of only 5 branches, with a total 12,000 deposits worth only $200 million. Not pocket change, but not any where in the same ballpark or even league as a big bank like B of A (BAC) or Chase (C).
In the story, they state that when Indy Mac (IDMCQ) went down it held close to $11 billion. The FDIC levies premiums that they charge banks to insure the deposits, and put the funds into a reserve for such failures.
The FDIC states that there were 25 closings in 2008, but as of the first two months 2009, there have already 1been 6 closings. The FDIC estimates that they will need $65 billion to cover closings over the next five years.
Let’s do the math:
-$65 billion over then next five years = $13 billion per year.
-If HCB is an average bank, don’t think that with five branches is that big = $200 million.
-That means they can handle 65 closings a year of these small banks.
So that being said, what happens if another Indy Mac goes down?
According to Sheila Bair (Chairman of the FDIC) the FDIC will never go broke. It will always be backed by the government.
What does Bair think? That the fed will just print some more money and give to her? That doesn’t sound so good.
Now I have done some investigating of my own: According to this piece, there are three things that the FDIC can do when a bank fails:
-They can close the bank and pay the depositors.
-They can close the bank as it was and run it themselves.
-They can sell the bank (as was the case in the HCB in this story.)
In the story, Heritage was sold to MB Financial (MBF) and things went on as normal they next day (Saturday) after the FDIC take over. The FDIC paid MB $3.5 million dollars to take over Heritage. The FDIC also insures that if any loan by HCB that goes bad in the near future will re-reimbursed up to 80% of the loan loss.
Okay, so this situation seems to have a happy ending.
But let’s say that a bank fails and the FDIC fails to get a suitable buyer, what happens if they don’t want to run it and they close it down.
I brought this question to the attention of my banker at Regions Bank (RF). He informed me that the FDIC has up to TWO years to pay depositors their claim. Yes it is insured, but if you don’t have access to your money for up to two years, what good is it going to do you?
What about the people who live pay check to pay check? Or the seniors that have a limited cash flow and everything they own is in that one bank that went under?
Once I heard this from my banker at Regions, my wife and I decided to diversify in three banks. This way if one goes under and no one buys it, I will have a back up. We also took some cash and put it into our safe.
Why, do you say or wonder? Well, lets to some thinking here:
Who, if anybody, remembers what happened during the depression? Who really lived it? Answer: Seniors.
Who has some of the most assets? Answer: Seniors.
If there is a massive scare and there is a run on the banks, who do you think will be the first to come to the bank and withdraw all of their savings? Answer: Seniors.
And last, how many “average Joe” accounts would it take to equal what one senior couple would have in their account? Answer: I don’t know, but I know it is probably at least 10 to 1, probably close to 20 to 1 or higher.
Keeping the confidence in the people who have the most at stake…seniors. If there is a run on the banks, you can bet that the seniors will be the first ones in line to get their cash.
In the “60 Minutes” piece, they in fact show a senior citizen come in with an empty brief case in order to withdraw all his money. Nothing in this story examines how seniors can make or break this mess with run on the banks.
I have never been involved with a bank that was being taken over, but I am sure it is not as nice as the way they show it in this piece.
Heritage had been in business for 45 yrs and probably didn’t take some of the most risky loans such as the Chases (JPM), B of A’s and Well’s (WFC), but they get bailed out where these small banks seem to be just kicked to wayside.
One other thing that is brought up is when Pelley brings to the attention of Bair about what would happen if a big bank goes under and why they get bailed out and the small banks don’t, she suggests that we need to legislate the size of the big banks.
Make it so that they cannot exceed a certain limit to insure the fact that they cannot get too big and fail.
Bair says that the FDIC can and will not fail, what will happen if a Chase or B of A goes under. I think that the FDIC would have a hard time handling one of those.
They won’t be able to just “print money” to clean up the mess without creating another snowball effect on the value of the dollar, let alone the consumer confidence. That is something that Pelley should have investigated instead of how nice it was when this little five branch bank failed.
The euphemism “deleveraging” defines this crisis. A person or bank reduces debt by selling an asset. Deleveraging advances. If there is no asset, and no cash on hand, however, debt must still be reduced. A write-off is taken.
Deleveraging actually re-leverages the asset seller as bad investments destroy good capital. Thus deleveraging is the opposite of its name in a crash. Many write-offs pushes deleveraging into a bankruptcy. A new euphemism is used: “Nationalization”. The state seizes a bankrupt bank. What do you do with a bankrupt bank?
That is the question of the day.
A loan officer qualifying a purchaser for a new mortgage reviews the income of the borrower. He then determines an affordable level of debt. “You can go out and buy a property worth X,” the loan officer says.
If we are to judge the validity of bank assets like mortgage debt, then Gross Domestic Product (GDP) may be a reliable starting place. GDP is suggestive of a nation’s buying power and comparable to income for an individual. GDP broadly defines reasonable debt levels.
Review a history of the ratios of household debt-to-GDP and bank-sector debt-to-GDP. Shrill alarm bells ring out loud. It’s hard to hear anything else. This macroeconomic picture inspires fear. “It cannot possibly be that bad,” one thinks.
If 1980 is a base year, and we hypothesize debt levels at that time were affordable and smart, and that we should return to them, then they suggest the excess of debt which households owe today equals $7 trillion (of a total of $14 trillion).
That’s terrible and unworkable. It is also modest compared to the financial sector. The excess of financial debt is $14 trillion (of a total of $16 trillion) (see graph 1: “US Private Sector Debt”).
Rosetta Stone: Huge increases in debt may be the key issue driving the financial crisis
Meditating on this excess leverage reminds one of watching from the 2nd floor window of your suburban home as a nuclear bomb detonates in the city center. That is where your office is / was. You are still alive, but for how long? One thing we know: You will not be going to work tomorrow.
These gargantuan numbers paint with a very broad brush. All excess debt is not un-payable. Still, while the numbers appear to be impossibly large, they should not be dismissed simply because reason tells us they are impossible. Reason did not guide debt creation.
Set aside for a moment the argument about what is the right level of debt for all banks and all households. Let’s run a fire drill, and assume in 1980 we had it right. Assume GDP is a valid starting place to determine our ability to pay debt. And then assume $7 trillion of household debt and $14 trillion of financial debt is un-payable. All of it is a write off in this scenario. How do we erase this value-less pestilence?
If an individual could sell his house to end a debt burden, he would. If a bank could sell a loan asset to pay down a debt, it would. Unfortunately, if an asset doesn’t cover a bill, they can’t sell unless they admit a loss. The would-be seller waits and hopes and turns to zombie. That’s the difference between a boom and a bust. Selling doesn’t help enough in a bust.
My guess is our deleveraging requires a bankruptcy filing, but not for one homeowner or one bank, but systemically, for many or all money center banks, and for a huge subset of households; maybe something like one of five households. If indeed we have to do this, we should get this work done quickly.
The question is: What is the smart way to start and immediately finish bankruptcy?
The right way forward is simple: Enact Plan Orange.
Convert senior debt holders of commercial banks en masse into equity, and give them control of the banks. Zero the old equity and preferred shares. And employ a highflying kicker: Reduce mortgage debt for any homeowner to at most 80% of the present value of a home (see graph “Plan Orange”).
These actions radically fortify banks and homeowners. They are valid for all countries with excess debt in households and banks, which includes at least Ireland, Spain, and England. A coordinated enactment among nations may bring stable confidence to the markets.
The mortgage plan, which the graph estimates reduces consumer debt by $5 trillion in the United States, accomplishes many things. It’s primary virtue is reawakening a huge number of consumers; the group which accounts for 70% of our economic activity.
The impact would dwarf the recent stimulus package, making it a Mini-Me in comparison. With it we destroy negative equity, unfair loans, and foreclosures. Mortgage investments mutate in an instant from bad to good. The owners of mortgage investments, including banks and insurance companies, may be free again to lend, or they are far less undead.
If you believe time is money, this plan is dirt-cheap medicine. It employs massive simplicity to achieve maximum speed. Should we take such an action, we may even unleash a boom from this terrible crisis. We need the boom to pay off the massive new debts which our government must shoulder as part of this plan.
The first step is the most difficult. We must admit a debt which cannot be repaid is not a debt. We must realize our bubble is superior among bubbles. It is different this time – in the breadth of its magnitude.
Credit spread the bubble here, there and everywhere. Therefore it is a double or triple or an infinite bubble. Wherever borrowed money could purchase a major asset class, contamination permeates that asset class. And the debt used to purchase it is a mirage. Thus double bubble or bankruptcy squared. You choose the name.
Does anyone believe residential real estate and mortgages are the end of our calamity?
Who can predict losses in commercial real estate, leveraged buy outs, and credit cards? What performance in those classes should we anticipate if unemployment hits 12% and GDP contracts 9%? Those are the numbers we have to plan for, while at the same time we elide $21 trillion of extraneous debt.
Let’s review the economic conditions under which the debtor will struggle to repay the obligations. If we are in a severe banking crisis, history says our unemployment of 4.9% in January 2008 will peak at 12% (it is 7.6% as of January 2009) (3. The Aftermath of Financial Crisis).
Gross Domestic Product will fall by 9% from its high; a radical drop compared to consensus estimates. Property values will fall 35%. We can only hope it will stop there for us. Stocks will fall 56% — a number easily believed.
OMINOUS OMNISCIENCE: The best research describing the affect of a bank crisis predicts difficulties far more serious than consensus forecasts by economists and analysts
These terrible things will happen at the same time we must pay the monthly interest expense on a huge possibly excess debt of $21 trillion between households and financial firms. My hypothesis: There’s no way we can make it.
Some of the excess debt is a write-off. But how much of it is excess?
We actually don’t need to answer that question now. What we need is debt destruction and capital creation. We need bankruptcy. Erase un-payable debts the old fashioned way. Take out the old owners. Install the debt holders as owners. Reorient the economy from debt to equity.
Since an un-payable debt is a write-off, and since financial-debt-to-GDP ratios are EIGHT times higher than in 1980, the right question for our banks is not how much their equity is worth. The equity is dead and gone. The right question is: Will bondholders, converted to equity, be destroyed just as their predecessors must be?
Given the excess of leverage, they will likely zero out as well. Even if all bank debt for money-center banks is converted to equity, state-sponsored capital injections will likely be enormous. For Fannie and Freddie, there is no such thing as disposable debt holders. Our credit worthiness depends upon us honoring their debts. All their losses go straight to Uncle Sam.
The losses will be mammoth.
Generally what we need is to build a bon fire and burn to the ground ten or 20 or 30 years of manic lending. Debt must be welshed on in numerous trillions. Alan Greenspan recently approved of bankruptcy for money-center banks (nationalization), but said bond holders of seized banks require a guarantee (4).
The view from the tundra does not support this guarantee. Would Mr. Greenspan support his own position if the banks’ bond holders would be wiped two or three or five times by write offs? Bond investors are adults, and money-center-bank creditors invested poorly. The IMF and Goldman Sachs both predict greater than $2 trillion of loan losses for US-based assets (5). What if the losses are twice that?
Our speed-test ratios of debt-to-GDP hypothesize excess debt of $21 trillion for banks and households as one group. What if the $2 trillion figure is short by half? If banks do convert their debt to equity, and the banks end up stronger than they appear, the new equity holders aka the former bond holders will be paid back by the value of their stock. They can get their money back if there is any money to pay them back with.
We must dramatically reorient a debt-centered boom into an equity-heavy recovery. Start by paying down all mortgages to a reasonable level. Convert bank debt to equity. The bank debt alone represents almost a trillion dollars of new capital for the four majors and more than doubles the equity account (6). We will have begun reducing a vast part of the grotesque imbalances in broad ratios of debt-to-GDP. If adequate capital is our goal, why do we ignore this remedy?
Pumping Up: The money-center banks can radically increase their capacity to withstand losses and to lend if debt holders are converted to equity owners
If new state injections of capital are necessary, and if old injections need to be re-categorized, they should resemble senior debt, which neatly solves the question of government management by giving it to someone else. Since post-orange banks have huge capital accounts and no bad residential mortgages on the books, they have breathing room to make money.
Next up are monstrosities in commercial real estate, buyouts, and credit cards. We must anticipate unprecedented write-downs in these categories. And we must devise the same instant-bankruptcy mechanisms for these assets as is suggested here for mortgages.
Regulators must expand their thinking. They must move beyond their scientist-like role as lender-of-last-resort. They have handled this well, but science is easy. Now they have to do the art work. This will require that they wear different hats which are at first uncomfortable. They are the bankruptcy prosecutor-judge-and-jury of-last-resort and parent-with-checkbook-open of-last-resort.
While they adapt to those roles, we put the lending rules back together again. Make the rules real and make them stick. Regulate leverage for banks as borrowers. Regulate leverage for banks as lenders. It’s a great cure all for our ugly failures.
We don’t have time to play around.
Review the devastating early effects of our crisis. Global equity markets had fallen $21 trillion last year at the market low (7). Fifty million people worldwide are now expected to lose their job (8). How many mouths are now unfed, when even before the disaster 100,000 people starved to death every day (9)? When these innocent bystanders enter our calculus the dictates of moral hazard grow false quickly, and the regulation of leverage now can bar repetition of our most serious errors.
Until the next time.
Poor Souls: The U.S. economy guides the world’s economy
Our decisions make life better or worse for all. Roughly 100,000 people die every day from starvation
Untold masses and markets all over the world depend upon us. We can’t be guided by the hurt feelings of stock and bond holders. We need a bright rebound. We need radical courage, great ambition, and intelligence. Plan Orange has it.
A zombie is a person, bank, or country, which pretends a vast array of un-payable debt has substance.
We are not a zombie country.
We need to get to work, and a radical move into equity will make this possible. We have nothing to fear but debt itself. Just take aim at this ugly beast debt.
Kill it dead with bankruptcy. Write off the debt and burn it to the ground. Good things follow.
1. GDP-to-Debt in major sectors. See graph labeled “US Private Sector Debt”.
2. “Plan Orange” graph.
3. Bank crisis statistics. See “The Aftermath of Financial Crisis”. Dec 19, 2008. Carmen Reinhart & Kenneth Rogoff.
4. Greenspan on bank bondholders: “You would have to be very careful about imposing any loss on senior creditors of any bank taken under government control because it could impact the senior debt of all other banks,” he said. “This is a credit crisis and it is essential to preserve an anchor for the financing of the system. That anchor is the senior debt.” Financial Times. 2/18/09. “Greenspan Backs Bank Nationalization”.
5. Credit-loss projections. IMF & Goldman Sachs. “The fund said that credit losses from bad assets originating in the US would be $2,200bn (€1,662bn, £1,537bn), a sharp increase from its previous $1,400bn estimate.” Financial Times, 1/28/09, “IMF Slashes 2009 Growth Forecasts”. “Analysts at Goldman Sachs were the latest to jack up estimates of potential U.S. loan losses. In a report released late Tuesday night, Goldman economists estimated that losses from delinquent U.S. residential mortgages alone would hit $1.1 trillion as home prices sink, up from an earlier estimate of $780 billion. Add in losses from commercial real estate, credit cards, auto debt and business debt and Goldman’s loan loss estimate hit $2.1 trillion.” Wall Street Journal 1/15/09 “Banks Loan Losses Could Reach $2 Trillion.
6. Long-term debt and equity at money center banks (2007 annual report of BA, Chase, Citi, Wells).
7. $21 trillion lost in equities: “When equities bottomed on 21 November 2008, the MSCI World index had fallen 55 per cent since 31 October 2007. This worked out at a global loss of $21 trillion, or $ 21,000 for every individual in the developed world.” TimesOnline. 2/11/09. “Global Stock Market Losses Total $21 Trillion”.
8. 50 million jobs lost: “Worldwide job losses from the recession that started in the United States in December 2007 could hit a staggering 50 million by the end of 2009, according to the International Labor Organization, a United Nations agency. The slowdown has already claimed 3.6 million American jobs.” New York Times. 2/15/09. “Job Losses Pose a Threat to Stability Nationwide”.
9. 100,000 die of starvation every day: “In 2006, more than 36 million died of hunger or diseases due to deficiencies in micronutrients”[8]. Wikipedia: Entry under Malnutrition. World Health Organization.
The AIG Bailout: It is not about regulation and de-regulation, as Washington lawmakers would like you to believe. It is also not about the inability to control derivative transactions, as self-styled experts are claiming on your television sets.
In fact, if the facts are closely scrutinized, the alarm bells are all ringing the wrong jagged tune.
What we are facing today is the complete lack of comprehension of the very nexus which triggered the most remarkable phase of capital accumulation following the Second World War.
The post-WW II universe was shaped entirely by a capital accumulation process which guaranteed huge surpluses for the United States, Western Europe and Japan, and which was inherently the cause of sustained poverty throughout the developing world.
In the late-1990s, however, the capital equilibrium began shifting; production-cost arbitrage and outsourcing began directing cash to countries like China and India.
But western economies confronted that equilibrium shift by continuing to create huge debt-based wealth, mainly through fundamentally flawed asset valuations, through unrealistic credit ratings and through rampant speculation.
Today, the capacity of large segments of American corporations and consumers to service debt is almost negligible.
Valuations did not lead to cash flows and profits. Credit ratings failed to fully comprehend impairments in business models. And, as if to drive the inevitable final nail in the debt coffin, the risk insurance sector, without which the modern-day capital enterprise is a non-starter, is now destined to walk away from the wealth bubble in a matter of a few short weeks and months.
The nexus of capital, debt and insurance (and militarism, for that matter) is currently in crisis mode.
American International Group (AIG), for example, will need more than US$150 billion as cash margin for its credit default swap contracts to offset the downgrades in its own credit ratings; other risk reinsurance entities, including European majors, are expected to emerge from the woodwork with serious counterparty deficits within this month.
Banks like Washington Mutual (WAMUQ) and Wachovia (WB), as other examples, are still not disclosing the foreclosure-to-sale risk inside their property portfolios.
Elite Wall Street institutions, like Citibank (C) and Morgan Stanley (MS). are reported to be undertaking, as a matter of top priority, worst-case revaluations of all American and foreign assets appearing on their balance sheets.
The evidence is overwhelming: this crisis is like no other in American history. It is not a question of a loss of confidence but that there are no grounds for confidence at all.
As long as the global economy created genuine capital surpluses in the American capitalist structure, valuations were a non-issue, since ongoing and increasing demand for assets invariably generates its own momentum in terms of perceptions of value and future value. And exceptionally high debt levels are not considered prohibitive in the face of valuations being proven, repeatedly, at points of liquidation.
But the unique combination of industrial growth and impoverishment in the emerging markets has rapidly eroded the foundations of the post-WW II capital accumulation process. Cash demand for American assets, as a consequence, has dried up, and debt can no longer underpin over-valuations.
So exactly what credit quality was AIG insuring?
Surely, the underlying nexus propping up the global capitalist economy did not lend itself to actuarial mathematics. Nor did the hopelessly inadequate property valuations, often provided by unqualified appraisers on American main streets, support any credible asset definitions.
By all accounts, default swap prices were predicated on the mere belief that any potential degradation of American assets was both manageable and, at worst, a cyclical phenomenon.
To offer a simplistic explanation, a credit default swap provider is required to make immediate cash reserve provisions in the event that the credit rating (issued and updated by the established credit rating agencies) of the provider is downgraded; quite clearly, the bigger the downgrade, the bigger the cash reserve requirement.
Therefore, in view of the fact that Standard & Poors, Moodys and Fitch have all lowered AIG credit ratings during the last few hours, the American financial system is due for a significant shake-up this week. Similar credit events will then follow in Europe and Japan.
The less said about the impact on the third world, the better.
Rakesh Saxena is a pricing and risk analysis specialist in insurance and derivative products and has extensive deal making in the emerging economies. He can be reached at derivatives@shaw.ca. Home URL: http://www.quoteplatform.com
Lockheed Martin (LMT) may see their stock rebound after being pummeled last week by news the Obama administration was weighing its options in regard to a controversial program to replace the current fleet of Presidential helicopters, commonly referred to as “Marine One.”
What’s the good news? Well, there isn’t any.
There were revelations this weekend that a defense contractor staff member had used a P2P file sharing program on their company computer, which also happened to contain much there is to know about the President’s iconic helicopter.
The information had made its way as far as an ISP address in Tehran, Iran:
ISR News — A Pittsburgh-area company that monitors peer-to-peer networks accessed with file-sharing software like LimeWire and Napster says it has identified a potentially serious security breach involving Marine One and an IP address in Tehran, Iran.
The company found a file detailing the helicopter’s blueprints and avionics package, which it then traced to its original source, TiversaCEO Bob Boback told NBC affiliate WPXI, which reported the story Saturday.
It literally baffles the mind: Billions of dollars are spent on physical and information security every year, and it can be trumped by one bonehead maneuver, by one little lapse in judgment.
That is a tremendous amount of resources and effort committed to security just to have it undermined by the whim of one non-malicious individual, and it underscores the precariousness of even the most secure of systems.
The final bill for this breach may be hard to figure, as this could influence a decision by the Obama administration to continue funding for a Bush initiative to replace the current presidential helicopter fleet:
New York Times — A six-year-old project to build state-of-the-art presidential helicopters has bogged down in a contracting quagmire that will challenge Mr. Obama’s desire to rein in military contracting expenses. The price tag has nearly doubled, production has fallen years behind schedule and much of the program has been frozen until the new administration figures out what to do about it.
Equipped to deflect missile attacks and capable of waging war from the air, the new VH-71 helicopters would fly farther, faster and more safely than the current decades-old craft. But each improvement pushes up the cost. The program’s original $6.1 billion contract has ballooned to $11.2 billion, and the Pentagon notified Congress last month that it was so far over budget that the law required a review. The Obama administration now must determine if the project is essential to national security and if there are alternatives that would cost less.
Now it is up to defense and security experts to decide exactly what threat this exposed information may have.
“If the office of the presidency is vulnerable, then the country is vulnerable,” said Representative Joe Sestak of Pennsylvania, a Democrat and a retired Navy vice admiral. “However, the nation is crying for accountability, from Wall Street to Congress to Iraq.”
Any way this is sliced, it looks as though those in favor of putting an end to the VH-71 program may have a more difficult time making their case after this breach, and iit could bena boon for Lockheed Martin and their British and Italian partners who would provide much of the design.
The program had been criticized as nothing more than a political bone thrown to the UK and Italy as a gratuity for their support for Bush’s War in Iraq.
As the program’s tab ballooned to over $12 billion dollars – about twice the initial bid for the project – and the economy began to fail, support for the program declined sharply:
New York Times — Asked about it in last year’s campaign, Mr. Obama promised to “take a close look” at the program, adding that it was “a lot of money, even in Washington.” The White House had no comment last week, but Geoff Morrell, the Pentagon press secretary, said Defense Secretary Robert M. Gates was rethinking the VH-71 and other projects that were “having execution problems.”
“We’re prepared to make some hard choices,” Mr. Morrell said.
Which brings us back to a point I have been trying to hammer away at this year, that information security breaches have far reaching fiscal and national security repercussions, and they are not getting enough attention of the right kind, or from the right people.
Our team has been predicting that 2009 will be the year that InfoSec moves to the forefront of the economic crisis, and with Homeland Security implications.
This latest security breach further highlights the fact that the failure to secure information is the next major shareholder derivative, director and officer liability, regulatory, consumer product safety, and class-action issue to impact our economy.
(Kudos to the Tiversa team who uncovered the breach through their hard work and dedication – Great Job!)
Author’s Disclosure: No Holdings
Anthony is a researcher, analyst and freelance writer who worked as a consultant to senior members of product development, secondary, and capital markets from the largest financial institutions in the country during the height of the credit bubble. Anthony’s work is featured by leading Internet publishers including Reuters, The Chicago Sun-Times, Business Week’s Business Exchange, Seeking Alpha, and ML-Implode.
The Author gives permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author and to Information-Security-Resources.com
Expenses associated with rising loan losses and declining asset values overwhelmed revenues in the fourth quarter of 2008, producing a net loss of $26.2 billion at insured commercial banks and savings institutions. This is the first time since the fourth quarter of 1990 that the industry has posted an aggregate net loss for a quarter. The ?0.77 percent quarterly return on assets (ROA) is the worst since the ?1.10 percent in the second quarter of 1987. A year ago, the industry reported $575 million in profits and an ROA of 0.02 percent. High expenses for loan-loss provisions, sizable losses in trading accounts, and large writedowns of goodwill and other assets all contributed to the industry’s net loss. A few very large losses were reported during the quarter-four institutions accounted for half of the total industry loss-but earnings problems were widespread. Almost one out of every three institutions (32 percent) reported a net loss in the fourth quarter. Only 36 percent of institutions reported year-over-year increases in quarterly earnings, and only 34 percent reported higher quarterly ROAs.
Insured banks and thrifts set aside $69.3 billion in provisions for loan and lease losses during the fourth quarter, more than twice the $32.1 billion that they set aside in the fourth quarter of 2007. Loss provisions represented 50.2 percent of the industry’s net operating revenue (net interest income plus total noninterest income), the highest proportion since the second quarter of 1987 when provisions absorbed 53.2 percent of net operating revenue. As in the fourth quarter of 2007, a few institutions reported unusually large trading losses, while others took substantial charges for impairment of goodwill. Trading activities produced a $9.2 billion net loss in the quarter, compared to a loss of $11.2 billion a year earlier. These are the only two quarters in the past 25 years in which trading revenues have been negative. Goodwill impairment charges and other intangible asset expenses rose to $15.8 billion, from $11.5 billion in the fourth quarter of 2007. Other negative earnings factors included a $6.0-billion (12.8-percent) year-over-year decline in noninterest income, and $8.1 billion in realized losses on securities and other assets in the quarter, more than twice the $3.7 billion in losses realized a year earlier. The reduction in noninterest income was driven by declines in servicing income (down $3.1 billion from a year earlier) and securitization income (down $2.6 billion, or 52.3 percent).
Net income for all of 2008 was $16.1 billion, a decline of $83.9 billion (83.9 percent) from the $100 billion the industry earned in 2007. This is the lowest annual earnings total since 1990, when the industry earned $11.3 billion. The ROA for the year was 0.12 percent, the lowest since 1987, when the industry reported a net loss. Almost one in four institutions (23.4 percent) was unprofitable in 2008, and almost two out of every three institutions (62.5 percent) reported lower full-year earnings than in 2007. Loss provisions totaled $174.3 billion in 2008, an increase of $105.1 billion (151.9 percent) compared to 2007. Total noninterest income was $25.5 billion (10.9 percent) lower as a result of the industry’s first-ever full-year trading loss ($1.8 billion), a $5.8-billion (27.4-percent) decline in securitization income, and a $6.8-billion negative swing in proceeds from sales of loans, foreclosed properties, and other assets. As low as the full-year earnings total was, it could easily have been worse. If the effect of failures and purchase accounting for mergers that occurred during the year is excluded from reported results, the industry would have posted a net loss in 20081. The magnitude of many year-over-year income and expense comparisons is muted by the impact of these structural changes and their accounting treatments.
Net loan and lease charge-offs totaled $37.9 billion in the fourth quarter, an increase of $21.6 billion (132.2 percent) from the fourth quarter of 2007. The annualized quarterly net charge-off rate was 1.91 percent, equaling the highest level in the 25 years that institutions have reported quarterly net charge-offs (the only other time the charge-off rate reached this level was in the fourth quarter of 1989). The year-over-year increase in quarterly net charge-offs was led by real estate construction and development loans (up $6.1 billion, or 448.1 percent), closed-end 1-4 family residential mortgage loans (up $4.6 billion, or 206.1 percent), commercial and industrial (C&I) loans (up $3.0 billion, or 97.3 percent), and credit cards (up $2.5 billion, or 60.1 percent). Charge-offs in all major loan categories increased from a year ago. Real estate loans accounted for almost two-thirds of the total increase in charge-offs (64.7 percent).
Total reserves increased by $16.5 billion (10.5 percent) in the fourth quarter. Insured institutions added $31.5 billion more in loss provisions to reserves than they took out in charge-offs, but the impact of purchase accounting from a few large mergers in the quarter limited the overall growth in industry reserves2. The growth in reserves, coupled with a decline in industry loan balances, caused the industry’s ratio of reserves to total loans to increase during the quarter from 1.96 percent to 2.20 percent, a 14-year high. However, the increase in reserves did not keep pace with the sharp rise in noncurrent loans, and the industry’s ratio of reserves to noncurrent loans fell from 83.9 percent to 75.0 percent. This is the lowest level for the “coverage ratio” since the third quarter of 1992.
Total assets of insured institutions increased by $250.7 billion (1.8 percent) in the fourth quarter. The growth was driven by a $341.7-billion (194.3-percent) increase in balances with Federal Reserve banks. While 1,069 banks reported increases in reserve balances during the quarter, five banks accounted for more that half of the entire industry increase. Net loans and leases fell by $130.6 billion (1.7 percent), as several large institutions restructured their loan portfolios. Three large banks accounted for all of the decline in the industry’s loans during the fourth quarter; most institutions grew their loan balances in the quarter. Almost two-thirds of all institutions (64.2 percent) reported increases in their loans and leases, while only about half as many institutions (2,894 institutions, or 34.8 percent of all reporters) had declines in their loan portfolios.
The number of FDIC-insured commercial banks and savings institutions reporting financial results fell to 8,305 at the end of 2008, down from 8,384 at the end of the third quarter. The net decline of 79 institutions was the largest since the first quarter of 2002. Fifteen new institutions were chartered in the fourth quarter, the smallest number in any quarter since the third quarter of 1994. Seventy-eight insured institutions were absorbed into other institutions through mergers, and 12 institutions failed during the quarter (five other institutions received FDIC assistance in the quarter). For all of 2008, there were 98 new charters, 292 mergers, 25 failures and 5 assistance transactions. This is the largest number of failed and assisted institutions in a year since 1993, when there were 50. At year-end, 252 insured institutions with combined assets of $159 billion were on the FDIC’s “Problem List.” These totals are up from 171 institutions with $116 billion in assets at the end of the third quarter, and 76 institutions with $22 billion in assets at the end of 2007.
During Heartland Payment Systems (HPY) quarterly Earnings conference call, CFO and President Robert Baldwin revealed that Heartland is indeed under SEC investigation, though the details of exactly why they are being investigated have not been released.
Company President and Chief Financial Officer Robert Baldwin Jr. disclosed the investigations during Heartland’s quarterly conference call with investigators (sic) Tuesday, saying that the SEC had launched an informal inquiry into the company and that there is also a related investigation by the Department of Justice. The U.S. Department of the Treasury’s Office of the Comptroller of the Currency (OCC), which regulates national banks and their service providers, has launched an inquiry, as has the FTC, he said.
Reached Wednesday, a Heartland spokesman could not say why the SEC was investigating the company.
However, the investigation may relate to stock trades made by Heartland Chairman and CEO Robert Carr after Visa notified Heartland of suspicious activity on Oct. 28, 2008. According to insider trade filings, Carr sold just under US$8 million worth of stock between Oct. 29 and the day the breach was disclosed. Heartland’s stock was trading in the $15-to-$20 range for most of these transactions, but it dropped following the breach disclosure. It closed Wednesday at $5.49.
This is trenchant to my January 29 analysis about the possibility that knowledge of the 2008 information breach may have influenced stock trades by Heartland CEO Robert O. Carr. The article prompted an email response direct to me from Heartland representatives in which they categorically denied any illicit trading activity on the part of Carr:
At the time of this announcement, Mr. Carr was not under any trading restrictions pursuant to the company’s insider trading policy and was not in possession of any material non-public information concerning the company. Under this 10b5-1 plan, programmed sales of company stock were made on Mr. Carr’s behalf, and he had no discretion regarding the timing or other aspects of those sales.
Although he was not required to do so, Mr. Carr terminated his 10b5-1 when the company confirmed the security breach it disclosed in the company’s press release of January 20, 2009. As has been reported, Heartland first learned of a potential problem from the card associations on October 28th of last year, well after the announcement of this 10b5-1 plan. Heartland categorically denies that Mr. Carr was aware of a potential security breach at the time he adopted his trading plan.
As CEO of the sixth largest payment card processor, I would hope that Carr would at times possess some non-public information on the company he built, but that is a topic for a different discussion on the overall CEO performance levels and our failing economy.
Here is the time line of the breach and Carr’s trades so far:
May 14, 2008: Breach reported to have began May 20, 2008 Carr Makes first stock sale of the year, 2695 shares August (first week), 2008: CEO Robert Carr’s 10b5-1 is proposed August 8, 2008: Board approves 10b5-1 plan August 8 – August 14, 2008: Carr makes six separate sales of stocks totalling 60,000 shares August 19, 2008: Breach reported to have ended August 28, 2008: Carr sells 80,000 shares September 3, 2008: Carr sells 80,000 shares September 17, 2008: Carr sells 80,000 shares October 15, 2008: Carr sells 80,000 shares October 28, 2008: Visa and MasterCard notify Heartland of problems; Carr sells 80,000 shares November 6, 2008: Carr sells 80,000 shares November 20, 2008: Carr sells 80,000 shares December 11, 2008: Carr sells 80,000 shares December 26, 2008: Carr sells 42,900 shares January 7, 2009: Carr sells 80,000 shares January 12, 2009: Carr suspends his 10b5-1 stock selling plan January 20, 2009: Breach Announced Sources: (http://www.secform4.com/insider-trading/1144354.htm) (http://www.2008breach.com/)
Revelations that the SEC is investigating the stock trades comes on top of class action lawsuits spurred by the breach, as well as a steady decline in stock price.
Heartland has also been hit with a class-action lawsuit relating to the breach, which was publicly disclosed on Jan. 20. “We may, in the future, be subjected to other governmental inquiries and investigations,” Baldwin said during the call. “We intend to vigorously defend any claims asserted against us.”
An unofficial transcript of Heartland’s call can be found here.
The Heartland breach, which has now affected more than 500 banks across the country, leaving an untold number of consumers at risk of financial identity theft and Heartland stakeholders with a loss exceeding 50% in about one month’s time.
There is also another “undisclosed” breach which we are hearing about. The breach itself has already been confirmed by Visa, and it is possible the breach will exceed Heartland in size.
Our team has been predicting that 2009 will be the year that InfoSec moves to the forefront of the economic crisis with Homeland Security implications. We believe the somewhat obscure issue will be as familiar to the American public as the notorious subprime and pay option ARMs have in the last year or two.
Much like the meltdown of the mortgage industry, the revelations of lax governance in the handling of sensitive and private data will likely shock the public and the business community alike, and those revelations are bound to come all too painfully slow, especially for shareholders.
The data loss debacle at Heartland highlights the fact that the failure to secure information is the next major shareholder derivative, director and officer liability, regulatory, consumer product safety, and class-action issue to impact our economy.
Anthony is a researcher, analyst and freelance writer who worked as a consultant to senior members of product development, secondary, and capital markets from the largest financial institutions in the country during the height of the credit bubble. Anthony’s work is featured by leading Internet publishers including Reuters, The Chicago Sun-Times, Business Week’s Business Exchange, Seeking Alpha, and ML-Implode.
The Author gives permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author and to Information-Security-Resources.com
Most men have wives. Studies have shown married men to be happier than single men. They live longer, commit fewer crimes, and are more likely on average to actively raise their children than single men.
Likewise married women are measurably happier than single women on average, and children do better when raised by two married parents, so it’s safe to say that marriage overall does society more good than harm.
Yet despite the many benefits of marriage and family values, we simply do not talk about a man’s right to a wife. In a world without slavery, a right to a wife makes no sense at all; one could state with certainty that there is obviously no such thing.
It is less obvious but equally true that there’s no such thing as an absolute right to health care. You can have a right to be left alone, a right to speak your mind, a right to pray to your own god in your own language, but you can’t have a right which requires that another human being go to school for 24 years and then treat you for free.
You might want free health care, you might need free health care, we as a society probably ought to provide some level of free health care to everyone, but no one can claim free health care as an inalienable right, for the simple reason that it requires the services of others who have not been born under a symmetrical obligation.
The notion of restricting the concept of human rights only to natural rights that don’t require the services of others is perhaps the biggest reason why the approach taken by Jefferson in the American Declaration of Independence has had so much more traction and political acceptance than the broader unrestricted case for entitlement proclaimed in the UN’s still unenforced Universal Declaration of Human Rights.
Some rights are arguable; some are clear.
But no right is as fundamental as the right to exist. The right to life is the most clear-cut, basic right, and murder is the clearest right violation. It’s clear, that is, as long as you are talking about human beings. Extend it to fetuses, animals, or countries, and the right to exist becomes highly controversial, dependent on various details, and anything but clear-cut.
Supporters of abortion rights have long been angered by the wide adoption of the term “pro-life” to describe opposition to abortion. The notion that the right to life should be extended to fetuses and should override the mother’s right to make choices concerning her body is a controversial one. Framing it into a term like “pro-life” is an old attempt to influence the narrative by linking the prohibition of abortions with the most fundamental right of all. Getting to name your own controversial position is half the battle.
A widely adopted name is a crucial fulcrum in forming the perception of truth.
A similarly unreasonable extension of the right to life is made by using the concept to refer to countries. Who can oppose Israel’s right to exist if the term implies respecting the right to life of Israel’s Jewish inhabitants?
The usage is particularly insidious because it implies a simple numerical aggregation: the right of Israel to exist sounds like the combined right to life of all Israelis, which is clearly even more fundamental than the right to life of any one individual.
Given that Israel was created largely as a response to a relatively recent, deliberate, and partly successful attempt to murder every Jew in the world, it is particularly easy to associate Israel’s right to exist with that fundamental right to life, and to hold people who deny it in great contempt. But is it in fact a reasonable association?
Taking a closer look at the language, the right to exist of a certain country is a very different thing than the right to life of its inhabitants. Specifically, Israel’s right to exist refers to the right of the nation to call itself “Israel”, and by implication to consider itself a Jewish state. And that unfortunate framework demands that all others, particularly the large and growing Arab population of both Israel proper as well as of its occupied territories, also consider the nation they live in to be a Jewish state.
Arabs may have some substantial rights in Israel. In some ways their lives may be better than those of people in neighboring countries. But living in an officially Jewish state, no Arab child can grow up with the full dignity and pride of citizenship.
Even with anti-discrimination laws on the books, and amendments to the constitution ensuring that we are in fact one nation with liberty and justice for all, it took a black president for many African Americans to begin to feel equal in the United States.
Imagine how blacks and Latinos would have felt if the US was re-named to a word with the historic meaning of “White nation under God”, and they were asked to affirm its right to exist as a White and Christian State?
The framers of the American constitution had it right: The concept of the nation-state formed along ethnic lines got us out of the middle ages, but has long since outlived its usefulness.
The world is evolving away from ethnic divisions and towards equality and human rights, naturally selecting post-ethnic open-access societies, and rewarding them with prosperity. Meanwhile the same long term global evolution is slowly but surely presenting Nazi Germany and her lesser cousins, in places like Rwanda, Cambodia, and Darfur, with the ultimate future of the Tyrannosaurus Rex.
But by responding to genocide with a Jewish state, the Zionists have inadvertently surrendered their humanist ideals to survivalist realpolitik. In forming their core political philosophy as an antithesis to Hitler’s rhetoric, they have extended the damage done to them by fascism.
A more progressive, post-ethnic response would have been to create a refuge for all victims of attempted genocide, and to include all existing residents as equal citizens of this refuge-state.
Unfortunately the path of division was taken instead, resulting in 60 years of bloodshed, recriminations, and deepening desperation.
Pragmatists inside and outside of the region continue to shout for a separate but equal two-state solution. But history shows that the two ethnically divided states will never be equal, and that in the long term, states based on ethnic division will become extinct.
Only a single, pluralistic, inclusive, post-ethnic Israeli-Palestinian state will have an absolute right to exist.
And when an era of justice and equality for all comes to the region at last, ending thousands of years of pogroms and crusades, Barack Obama’s inaugural words will ring as true in the Middle East as they do now in America:
“For we know that our patchwork heritage is a strength, not a weakness. We are a nation of Christians and Muslims, Jews and Hindus – and non-believers. We are shaped by every language and culture, drawn from every end of this Earth; and because we have tasted the bitter swill of civil war and segregation, and emerged from that dark chapter stronger and more united, we cannot help but believe that the old hatreds shall someday pass; that the lines of tribe shall soon dissolve; that as the world grows smaller, our common humanity shall reveal itself; and that America must play its role in ushering in a new era of peace.”
Semyon Dukach is an angel investor, high tech entrepreneur, and former president of the MIT Blackjack Team.
If your institution has been affected in the Heartland breach and you are not on this list, please send an email to editor@bankinfosecurity.com. Include your name, email, and a phone number where you may be contacted for verification.
Acadian Federal Credit Union, Fort Kent, ME
Access National Bank, Reston, VA
Achieva Credit Union, Largo, FL
Adams Bank & Trust, Grant, NE (15)
Alabama State Employees Credit Union, Montgomery, AL (4,097)
Alaska USA Federal Credit Union, Anchorage, AK (70,000)
Alerus Financial, Grand Forks, ND
Alpine Bank, Aspen, CO (3,500)
Alva State Bank, Alva, OK
Amarillo National Bank, Amarillo, TX (5,000)
Amboy Bank, Old Bridge, NJ
American Bank, Waco, TX (1,000)
American Exchange Bank, Elmwood, NE
American Bank Montana, Bozeman, MT
American National Bank, Oakland Park, FL
American National Bank, Denver, CO (2,500)
American National Bank and Trust Co., Danville, VA
American Riviera Bank, Santa Barbara, CA
American State Bank of Grygla, Grygla, MN
American West Bank, Spokane, WA
Apple Creek Banking Co., Apple Creek, OH
Apple Valley Bank, Cheshire, CT (100)
Arizona State Credit Union, Phoenix, AZ
Arkansas County Bank, Stuttgart, AR
Arvest Bank, Mountain Home, AR
Association of Vermont Credit Unions, VT (6,000)
Baker Boyer Bank, Walla Walla, WA
BancFirst, Oklahoma City, OK
Bangor Federal Credit Union, Bangor, ME (3,000)
Bangor Savings Bank, Bangor, ME (18,000)
Bank of America, St. Louis, MO
Bank of Bridger, Bridger, MT (80)
Bank of Broken Bow, Broken Bow, NE
Bank of Cape Cod, Hyannis, MA
The Bank of Edwardsville, Edwardsville, IL
The Bank of Elk River, Elk River, MN (6,000) The Bank of Fayetteville, Fayetteville AR
The Bank of Guam, Territory of Guam
Bank of Jackson Hole, Jackson Hole, WY
Bank of Lee’s Summit, Lee’s Summit, MO
Bank of the Panhandle, Guymon, OK
The Bank of the Pacific (3,000)
Bank of Monticello, Monticello, MO
Bank of Oklahoma, Tulsa, OK
Bank of the Ozarks, Little Rock, AR
Bank of Utah, Ogden, UT (245)
Bank of Westminster, Westminster SC
The Bank of Zachary, Zachary, LA (1,200)
Bank Plus, Graettinger, IA
BankTrust, Mobile, AL
Banterra Bank, Mt. Vernon, IL
Bay Bank, Theodore, AL
Bay Vanguard FSB, Baltimore, MD
BBVA Compass, Birmingham, AL
Beacon Credit Union, Wabash, IN (4,500)(See what Beacon told their members about the Heartland Breach)
Bellwether Community Credit Union, Manchester, NH
Berkshire Bank, Pittsfield, MA
Bermuda Bank, Bermuda
Best of Iowa Community Credit Union, Hiawatha, IA
Big Horn Federal Savings Bank, Greybull, WY (650)
Big Sky Western Bank, Bozeman, MT
Black River Country Bank, Black River Falls, WI (300)
Braham Bank, Braham, MN
Bremer Bank, St. Paul, MN (See what Bremer Bank told its customers about the Heartland breach) (7,800)
Brighton Bank, Salt Lake City, UT
The Brunswick State Bank, Brunswick NE
Butterfield Bank, Bermuda
Calhoun County Bank, Hampton, AR
California Community Credit Union, Sacramento, CA
Canadian Tire Financial Services, Niagara, Ontario, Canada (15,000)
Canandaigua National Bank, Canandaigua, NY (7,993)
Cape Cod Cooperative Bank, Cape Cod, MA (3,600)
Capital Communications Federal Credit Union, Albany, NY
Capitol Federal, Topeka, KS (14,000)
Carson National Bank, Auburn, NE
Central Bank, Arlington, MA
Central National Bank, Enid, OK
The Central National Bank and Trust Company of Enid, Enid OK, (1600)
Central Savings Bank, Sault Ste. Marie, MI (300)
Century Bank and Trust, Milledgeville, GA
Century Bank FSB, Sarasota, FL (2,200)
Century Bank of Kentucky, Lawrenceburg, KY (1,000)
Charleroi Federal Savings Bank, Charleroi, PA
Charles River Bank, Medway, MA
The Charlotte Fire Department Credit Union, Charlotte, NC
Charter Oak Bank, Napa, CA
Chase Bank, Utah
Chocolate Bayou Community FCU, Alvin, TX (2500)
Citigroup Inc., New York, NY
The Citizens Bank of Winfield, Winfield, AL
Citizens Bank Corvallis, OR
The Citizens Bank of Swainsboro, Swainsboro, GA
The Citizens Bank of Weston, Weston, WV (550)
Citizens National Bank of Park Rapids, Park Rapids, MN
Citizens State Bank of Clayton, La Crosse & Onalaska, WI
Citizens State Bank, New Baltimore, MI
Citizens State Bank, Perry, FL (400)
Citizens State Bank of Roseau, Roseau, MN (700)
Citizens State Bank of Loyal, Loyal, WI
Citizens Trust Bank, Atlanta, GA (1,000)
Citizens & Northern Corporation, Wellsboro, PA
Clay County Savings Bank, Liberty, MO (900)
Coloramo Federal Credit Union, Grand Junction, CO
Columbia Bank, Lake City FL
Columbia River Bank, The Dalles, OR
Columbus Community Bank, Columbus, GA (50)
Comerica Bank, Springfield, OH
Communication Federal Credit Union, Oklahoma City, OK (6,700)
Commercial & Savings Bank, Millersburg, OH
Community Bank, Alva, OK
Community Bank of Broward, Weston, FL
Community Bank of The Red River Valley, Grand Forks, ND
Community First Bank, New Iberia, LA
Community First National Bank of Mountain Home, Mountain Home, AR
Community One, Asheboro, NC
Community Savings Bank, Edgewood, IA (1,000)
Community Spirit Bank, Red Bay, AL
Concorde Bank, Blomkest, MN
Consumers Credit Union, Kalamazoo, MI
Cooperative Extension Service Federal Credit Union, Little Rock, AR
Coronado First Bank, Coronado, CA
Core First Bank, Topeka, KS
Countybank, Greenwood, SC (3,000)
Credit Union 1, Rantoul, IL
Credit Union 1 of Kansas, Topeka, KS
Credit Union 1, Fairbanks, AK (8,256)
CU Community Credit Union, Springfield, MO (16)
Cumberland County Federal Credit Union, Falmouth ME
Cumberland Security Bank, Pulaski, KY
Custer Federal, Broken Bow, NE
CWV Tel Federal Credit Union, Clarksburg, WV
Dairy State Bank, Rice Lake, WI (1,500)
Davison State Bank, Davison, MI
Dearborn Village Community Credit Union, Dearborn, MI
Dedham Savings, Dedham MA
Denali Alaskan Federal Credit Union, Anchorage, AK (10,300):
Denali State Bank, Fairbanks AK (1,000)
The Dewey State Bank, Dewey, IL (150)
Dime Bank, Norwich, CT
Dollar Bank, Pittsburgh, PA
Dupaco Community Credit Union, Dubuque, IA
DuTrac Community Credit Union, Dubuque, IA
EarthMover Credit Union, Oswego, IL (600)
East Dubuque Savings Bank, Dubuque, IA
East Wisconsin Savings Bank of Kaukauna, WI (600)
Eastern Maine Medical Center Federal Credit Union, Bangor, ME
Eastman Credit Union, Kingsport, TN
Elevations Credit Union, Denver, CO (35,000)
The Elkhart State Bank, Elkhart, TX (500)
Elliott Federal Credit Union, Jeanette, PA (100)
El Paso Employees Federal Credit Union, El Paso, TX (1,000)
Emporia State Federal Credit Union, Emporia, KS
Employees Credit Union, Dallas, TX
Emprise Bank, Wichita, KS
Enrichment Federal Credit Union, Oak Ridge, TN
Enterprise Bank of Florida, Palm Beach Gardens, FL
Enterprise Bank, Lowell, MA (3,000)
EPB Employees Credit Union, Chattanooga, TN, (300)
ESB Financial, Emporia, KS
Evansville Federal Credit Union, Evansville, IN
Extraco Banks, Killeen, TX (9,000)
F&A Federal Credit Union, Monterey Park, CA
Fairmont Federal Credit Union, Fairmont, WV
Family Community Credit Union, Charles City, IA
Family First Federal Credit Union, Orem, UT (3,600)
Farmers & Merchants Bank, Waterloo, AL
Farmers and Merchants Bank, Stuttgart, AR
Farmers & Merchants State Bank, Archbold, OH
Farmers National Bank, Lebanon, KY (500)
Farmers National Bank, Emlenton, PA (5,000)
Farmers State Bank of Ohio, West Salem, OH
Farmers State Bank, West Bend, IA
Farmers Trust & Savings Bank, Spencer, IA (725)
Fidelity National Bank, West Memphis, AR (1,463)
Fifth Third Bank, Cincinnati, OH
The First, A National Banking Association, Hattiesburg, MS
First & Farmers National Bank, Pulaski, KY
First American Bank, Elk Grove Village, IL
First Bank, Azle, TX (3,000)
First Bank & Trust, Brookings, SD
First Bank Blue Earth, Blue Earth, MN
First Bank of Delaware, Wilmington, DE
First Bankers Trust Company, Quincy, IL
1st Bank, Evanston, WY
First Bank Montana, Lewistown, MT
First Bank and Trust of East Texas, Lufkin, TX
First Century Bank, Claiborne County, TN
First Chatham Bank, Savannah, GA
First Cheyenne Federal Credit Union, Cheyenne, WY (500)
First Citizens National Bank, Charles City, IA
First Community National Bank, Steelville, MO
First County Federal Credit Union, Muncie, IN
First Dakota National Bank, Yankton, SD
First Enterprise Bank, Oklahoma City, OK
First Federal, Port Angeles, WA (3000)
First Federal Bank, Harrison, AR
First Federal Bank, Dickson, TN (5,057)
First Federal Bank of Florida, Lake City, FL
First Federal Savings Bank, Rochester, IN (3,500)
First Federal Savings Bank of Iowa, Fort Dodge, IA
First Financial Bank NA, Terre Haute, IN
First Financial Credit Union, Albuquerque, NM
1st Financial Federal Credit Union, St. Louis, MO (6,000)
1st Gateway Credit Union, Clinton, IA
First Lincoln Federal Credit Union, Lincoln, NE (259)
First Mid-Illinois Bank & Trust, Matoon, IL
First National Bank Alaska, Anchorage, AK
First National Bank of Central Texas, Waco, TX
First National Bank & Trust, Syracuse, NE (300)
First National Bank, Bastrop, TX (1,800)
First National Bank of Burleson, Burleson, TX
First National Bank of Monterey, Monterey, IN
First National Bank of Colorado, Ft. Collins, CO
First National Bank, Carmi, IL
First National Bank of Farragut-Shenandoah, IA (60)
First National Bank of Hutchinson, KS (1,000)
First National Bank Pratt, Pratt, KS
First National Bank, Seiling, OK
First National Bank of Crystal Falls, Crystal Falls, MI
First National Bank, Spearman TX
1st Pacific Bank of California, San Diego CA
First Security Bank, Missoula, MT
First Security Bank & Trust, Charles City, IA (1,400)
1st Source Bank, South Bend, IN
First State Bank of Illinois, Carthage, IL
First State Bank, Nora Springs, IA
First State Bank, Russellville, AR (1,500)
First State Bank of Kansas City, KS (400)
First State Bank of Scottsbluff, Scottsbluff, NE (200)
First State Bank, Union City, TN (9,300)
First State Community Bank, Farmington, MO
First Tech Credit Union, Portland, OR
FirstTrust Bank, Philadelphia, PA (3,000)
Five Points Bank, Hastings, NE (200)
Fleetwood Bank, Fleetwood, PA
Florence Savings Bank, Florence MA
Forcht Bank, Kentucky (8,500)
Forest Park National Bank & Trust Co., Forest Park, IL (500)
Four Corners Community Bank, Farmington, NM
Franciscan Skemp Credit Union, La Crosse, WI
Fraternal Order of Police Credit Union, Tulsa, OK (600)
Freedom Credit Union, Springfield, MA (2,400)
Fresno County Federal Credit Union, Fresno, CA
FSG Bank, Chattanooga, TN
Fullerton Community Bank, Fullerton, CA (78)
Fulton Bank, Lancaster, PA
Galveston Government Employees Credit Union, LaMarque, TX
Gate City Bank, Fargo, ND
Gateway Bank of Central Florida, Ocala, FL
GCS Federal Credit Union, Pontoon Beach, IL
GECU, El Paso, TX (25,000)
Georgetown Savings Bank, Georgetown, MA
GFA Federal Credit Union, Gardner, MA
Glacier Bank, Kalispell, MT
The Gordon Bank, Gordon, GA (300)
Great Lakes Credit Union, Great Lakes, IL
Great Southern Bank, Springfield, MO
Greater Nevada Credit Union, Carson City, NV
Greater Rome Bank, Rome, GA
Guaranty Bond Bank, Mt. Pleasant, TX
Guaranty Bank and Trust, Denver, CO
Gulf Coast Community Bank, Pensacola, FL
Happy State Bank and Trust, Happy, TX (2,000)
Hawaii Pacific Federal Credit Union, Honolulu, HI
Healthcare Employees FCU, Princeton, NJ (452)
Health Facilities Federal Credit Union, Florence, SC (3,500)
HealthFirst Federal Credit Union, Waterville, ME (261)
Heartland Bank, St. Louis, MO
Heritage Bank, Hastings, NE (50)
Heritage Bank of Nevada, Reno, NV
Heritage South Credit Union., Sylacauga, AL (600)
Heritage Valley Federal Credit Union, York County, PA
Home Federal Bank, Treasure Valley, ID (1,800)
Huntington Bank, Ashland, OH
Huntingdon Valley Bank, Warminster, PA
Huron Community Bank, East Tawas, MI
Hyperion Bank, Philadelphia, PA
IberiaBank, Lafayette, LA
Idadiv Credit Union, Nampa, ID
Independent Bank, Ionia, MI
Indiana State University Federal Credit Union, Terre Haute, IN (1,300)
Indiana University Credit Union, Bloomington, IN
Industrial Credit Union of Whatcom County, Bellingham, WA
Innovations Federal Credit Union, Bay County, FL (400 cards)
Integra Bank, Evansville, IN
International Bank of Commerce, Laredo, TX
INterra Credit Union, Goshen IN
Iowa State Bank, Ruthven, IA
Iowa State Bank and Trust Company, Fairfield, IA
Iowa State Savings Bank, Knoxville, IA
Iowa Trust and Savings Bank, Emmetsburg, IA (700)
Jeanne D’Arc Credit Union, Lowell, MA (500)
Jefferson Bank, Dallas, TX, (200)
Johnson Bank, Racine, WI
Kellogg Company Employee Federal Credit Union, Omaha, NE
Kennebec Savings Bank, Augusta, ME (1,500)
Kennebunk Saving Bank, ME (7,000)
Killbuck Savings Bank, Killbuck, OH
Kinecta Federal Credit Union, Manhattan Beach, CA
Kootenay Savings, Trail, British Columbia, Canada
La Loma FCU, Loma Linda, CA (300)
Lake Country Community Bank, Morristown MN (245);
Landmark Credit Union, New Berlin, WI
Lassen County Federal Credit Union, Susanville, CA (600);
Laurens State Bank, Emmetsburg, IA;
Legence Bank, Evansville, IN;
Liberty Bank, Cheshire, CT;
Liberty Bank, South San Francisco, CA;
Lutheran Credit Union, Brea, CA
Machias Savings Bank, Machias, ME
Maple City Savings Bank, FSB, Hornell, NY
Marine Bank and Trust, Carthage, IL
Marlborough Savings Bank, Marlborough, MA
Mascoma Savings Bank, White River Junction, VT
mBank, Manistique, MI
McCone County Federal Credit Union, Circle, MT
Members Choice Credit Union, Houston, TX
Mercer County State Bank, Sandy Lake, PA (2,516)
Merchants & Southern Bank, Gainesville, FL
Mercy Family Credit Union, Mason City, IA
Merrill Bank, Bangor, ME (156)
Metro North Federal Credit Union, Waterford, MI
Michigan Catholic Credit Union, Troy, MI
Mid America Bank & Trust Co., Rolla, MO (200)
MidFirst Bank, Tulsa, OK
Mid-Oregon Credit Union, (4,000)
Minnwest Bank, Redwood Falls, MN
Mission Bank, Bakersfield, CA
M&I Bank
M & T Bank, Buffalo, NY
Monad Federal Credit Union, Pasco, WA
Monroe Bank & Trust, Monroe, MI
MountainCrest Credit Union, Arlington, WA
Mountain West Bank, Couer d’Alene, ID
Mt. McKinley Bank, Fairbanks, AK
Municipal Employees Credit Union Oklahoma City, OK
Mutual Bank, Muncie, IN (8,000)
NAFT Federal Credit Union, Pharr, TX (250)
Nantahala Bank And Trust Company, Franklin, NC
NAS JRB Credit Union, New Orleans, LA
National Bank of Delaware County, Delaware County, NY
NBC Oklahoma, Oklahoma City, OK
Nebraska Land National Bank, NE (150)
Nebraska State Bank, Broken Bow, NE
Newburyport Five Cents Savings Bank, Newburyport, MA
NIH Federal Credit Union, Rockville, MD
Norfolk Municipal Employees Federal Credit Union, Norfolk, VA
North Alabama Educators Credit Union, Huntsville, AL
North American Savings Bank, Kansas City, MO
North Country Savings Bank, Canton, NY
North Iowa Community Credit Union, Mason City, IA
North Star Community Credit Union, Maddock, ND
North Valley Bank, Redding, CA (11,000)
Northeast Family Federal Credit Union, Manchester, CT
Northern Indiana Federal Credit Union, Merrillville IN (600)
Notre Dame Credit Union, South Bend, IN (2,000)
Oak Valley Community Bank, Oakdale, CA
O Bee Credit Union, Tumwater, WA (See what O Bee told its members: http://www.obee.com/)
Ohio Valley Community Credit Union, Clarington, OH (690)
Ohio University Credit Union, Athens, OH (8,500)
Oklahoma Central Credit Union, Tulsa, OK
Old National Bank, Mt. Vernon, IL
Old National Bank, Evansville, IN
Old West Federal Credit Union, John Day, OR (1,000)
OptumHealthBank, Salt Lake City, UT
Oregon Territory Federal Credit Union, Salem, OR
P&S Credit Union, Salt Lake City, UT
Pacific Western Bank PacWest Bancorp, San Diego, CA
PALCO Federal Credit Union, Muncy, PA (1,214)
Parsons Federal Credit Union, Pasadena, CA
Patriots Bank, Kansas City, MO
Patterson State Bank, Patterson, LA
Pentagon Federal Credit Union, Alexandria, VA
PeoplesChoice Credit Union, Saco, ME. (500)
Peoples National Bank, Mt. Vernon, IL (2,927)
Peoples State Bank, Wyalusing, PA
People’s State Bank in Wausau, WI
Piedmont Credit Union, Danville, VA (15)
Pine Bluff National Bank, Pine Bluff, AR
Pinnacle Bank, NE
Pinnacle Bank of South Carolina, Greenville, SC
Pinnacle Federal Credit Union, Edison, NJ
Pioneer Credit Union, Green Bay, WI
The Pittsfield Cooperative Bank, Pittsfield, MA
Planters & Citizens Bank, Camilla, GA (340)
Platte Valley National Bank, Scottsbluff, NE (388)
Poplar Bluff Federal Credit Union, Poplar Bluff, MO (998)
Port Alliance Federal Credit Union, Norfolk, VA (700)
Prairie Federal Credit Union, Minot, ND
Premier Bank, Dubuque, IA
Prosperan Bank, Oakdale, MN
Provident Bank, Baltimore, MD
Public Service Credit Union, Denver, CO
Pulaski Bank, Little Rock, AR
Rainier Pacific Bank, Tacoma, WA (5,700)
Redding Bank of Commerce, Redding, CA (4,000)
Regions Financial Corp., Birmingham, AL
Republic Bank, Louisville, KY
The RiverBank, Osceola, WI
Rivermark Credit Union, Portland, OR
River Valley Credit Union, Miamisburg, OH
Rockville Bank, Rockville, CT
Rocky Mountain Law Enforcement Federal Credit Union, Denver, CO
Rosedale Federal Savings & Loan Association, Baltimore, MD
RTP Federal Credit Union, Durham, NC
SAFE Credit Union, North Highlands, CA
Sanford Institution for Savings, Sanford, ME
San Mateo Credit Union, Redwood City, CA (10,000)
Savings Bank of Danbury, Danbury, CT
Sawyer Savings, Saugerties, NY
Schertz Bank & Trust, Schertz, TX (600)
Schools First FCU, Orange County, CA
School Systems Federal Credit Union, Troy NY
Security Federal Savings Bank, Logansport, IN
Security Service FCU, San Antonio, TX
Select Employees Credit Union, Sterling, IL (100)
SESLOC Federal Credit Union, San Luis Obispo, CA
Shelby Savings Bank, Center, TX (600)
Shell New Orleans Federal Credit Union, New Orleans, LA (1,800)
Shore Community Bank, Toms River, NJ (283)
Show Me Credit Union, Mexico, MO
Silver Lake Bank, Topeka, KS (900)
Simmons First National Corp., Pine Bluff, AR
Southern Missouri Bank of Marshfield, Marshfield, MO
South Central Credit Union, Jackson, MI (650)
South City Bank, Vestavia Hills, AL
SouthFirst Bank, Sylacauga, AL
Southside Credit Union, San Antonio, TX (775)
Sovereign Bank, Northeast U.S.
Spirit Bank, Belmont, MS
Spokane Media Federal Credit Union, Spokane, WA (330)
St. Agnes Employees FCU, Baltimore, MD (550)
Star Financial Bank, Fort Wayne, IN
State Bank of Countryside, Countryside, IL
State Bank of Chandler, Chandler, MN
The State Bank, Fenton, MI
The State Bank, La Junta, CO (2075)
State Bank of Texas, Irving, TX
State Employee’s Credit Union (SECU), Raleigh, NC (60,000)
State Highway District #5 Credit Union, Yakima, WA (268)
The Stephenson National Bank & Trust, Marinette, WI (884)
Sterling Savings Bank, Spokane, WA
St. Mary’s Bank, Manchester, NH (4,300)
The Stock Exchange Bank, Woodward, OK
Stockman Bank, Billings, MT
Summit Federal Credit Union, Rochester, NY (500 cards)
Sundown State Bank, Denver City, TX
Sun West Bank, Las Vegas, NV
Superior Bank, Birmingham, AL
Surrey Bank & Trust, Mount Airy, NC
Susquehanna Bank, Lancaster, PA
TD Bank, Portland, ME
TD Bank North, Portland, ME
TelComm Credit Union, Springfield, MO
Telesis Community Credit Union, Chatsworth, CA, (2,360)
Texas Bank & Trust, Longview, TX
TierOne Banks, Broken Bow, NE
Timberland Bank, Hoquiam, WA
Tinker Federal Credit Union, Enid, OK
Topeka City Employees Credit Union, Topeka, KS (190)
TPS Credit Union, Toledo, OH (900)
Town & Country Bank, Ravenna, NE
Tobacco Valley Teachers Federal Credit Union, Enfield, CT
Total Community Credit Union, Taylor, MI
Town and Country Credit Union, Minot, ND
Trinity Bank, Dothan, AL (152)
Triangle Credit Union, Nashua, NH
TrustCo Bank Corp., Glenville, NY
Trustmark Bank, Jackson, MS (75,000)
Tucson Federal Credit Union, Tucson, AZ
Tulsa Teachers Credit Union, Tulsa, OK
The Twin Star Credit Union, Olympia, WA
Two Rivers Bank, Blair, NE (1,000)
Ulster Savings Bank, Kingston, NY (2,300)
United Bank of El Paso, El Paso, TX (250)
United Mississippi Bank, MS (200)
Union Bank of California, San Francisco, CA
Union State Bank, Arkansas City, KS
United Credit Union, Mexico, MO
Union State Bank, Winfield, KS
United Heritage Credit Union, Austin, TX
United Savings Credit Union, Fargo-Moorehead, ND, (450)
United Southern Bank, Umatilla FL (1,500)
University of Wisconsin-Oshkosh Credit Union, Oshkosh, WI
US New Mexico Federal Credit Union, Albuquerque, NM
USAA Federal Savings Bank, San Antonio, TX
U.S. Bank, St. Louis, MO
UT-MUO Federal Credit Union, Toledo, OH (410)
Valley Bank of Helena, Helena, MT
Valley Bank & Trust, Gering, NE (16).
Valley National Bank, Wayne, NJ (20,013)
Valley View Bank, Kansas City, MO
Virginia Bank & Trust, Danville, VA
Warren Federal Credit Union, Cheyenne, MT (1,400)
The Warrington Bank, Pensacola, FL
Washington State Employees Credit Union, Olympia, WA (4,000)
Waterford Bank, NA, Toledo, OH
Wells Fargo, Utah
Wells Federal Bank, Wells, MN (160)
WESC Federal Credit Union, Casper, WY (140)
Westar Federal Credit Union, Camillus, NY
West Branch Valley FCU, Williamsport, PA (432)
West Iowa Bank, West Bend, IA
West Michigan Community Bank, Grandville, MI
Westbound Bank, Katy, TX
Western Illinois Credit Union, Macomb, IL
Western Security Bank, Billings, MT
WestSide Bank, Hiram, GA
WGE Federal Credit Union, Muncie, IN
White Earth Reservation Federal Credit Union, Mahnomen, MN
Wright-Patt Credit Union, Dayton, OH (17,200)
Advocates of an open Government and transparent allocation of taxpayer funds celebrated the news late Friday afternoon (2-20-09) that the U.S. District court has moved to enforce a Freedom of Information Act (FOIA) request to release more details about exactly how TARP bailout funds have been and are being used.
The TARP was passed in early October, 2008, in an effort to stem the damage to the nation’s financial industry incurred during a decade of lax risk-abatement that pervaded the banking culture after the legislative emasculation of the Glass-Steagall Act.
FOX Business sued Treasury on Dec. 18 over failure to provide information on the bailout funds or respond to FBN’s expedited requests filed under the FOIA.The initial request, filed on Nov. 25, sought actual data on the use of the bailout funds for American International Group (AIG) and the Bank of New York Mellon (BK), and an additional request, filed on Dec. 1, sought similar data on the bailout funds for Citigroup (C).
FBN asked the Treasury Department to identify, among other issues, the troubled assets purchased, any collateral extended, and any restrictions placed on these financial institutions for their participation in this program.
The Treasury Department – along with the other banking regulators like the FDIC, OTS, and the Federal Reserve – are notoriously secretive concerning the data they collect and their subsequent analysis of the viability of any particular institution, preferring to operate instead behind closed doors.
This tendency often leaves investors in the dark, which generally tends to work in the banks’ favor. Regulators would argue that they are not in the business of moving markets, and that some data may be misinterpreted and inadvertently cause a run on funds at named institutions, evidenced by Schumer’s now infamous disclosure of details that may have led to the collapse of Indy Mac Bank in 2008.
That argument may have held some water until the TARP bailout effectively made the U.S. taxpayer a shareholder in any number of as yet identified institutions, and the owner of any assortment of exotic financial instruments which have proved toxic to Global capital markets.
Judge Richard J. Holwell of the U.S. District Court for the Southern District of New York said in a decision Friday that the government is directed to comply with FOX Business’s request under the FOIA “within 30 days and to produce a Vaughn index with 45 days.”That means Treasury must comply with FOX Business’s request by Monday, March 23, and must produce a Vaughn index by Monday, April 6.
The Treasury will have the chance to withhold some documents and information they deem too sensitive, but now have to provide an itemized “Vaughn index” of which documents and information have been redacted, and for exactly what reason.
“A Vaughn Index must: (1) identify each document withheld; (2) state the statutory exemption claimed; and (3) explain how disclosure would damage the interests protected by the claimed exemption.”
This may open the door to further FOIA challenges to release the remaining information if the Treasury fails to convince the courts that their vetting of information was reasonable.
I don’t think Treasury has realized that they are not the only ones who have new powers and responsibilities in the implementation of this historic bailout – the courts have yet to weigh-in on much of this, including who is ultimately going to be held responsible for the mess that is the economy, even if it is still taxpayers who have to foot the bill to clean it all up.
My guess is that the courts feel very differently about full disclosure than does the insider Wall Street elite who regulate themselves from Washington D.C. in seeming perpetuity.
Frank Rich of the New York Times wrote a good op-ed piece called What We Don’t Know Will Hurt Us, which helps further the argument that it is time to get to bottom of exactly what is going on with our economy, and why their seems to be so little consequence for the perpetrators of so much devastation.
Americans are right to wonder why there has been scant punishment for the management and boards of bailed-out banks that recklessly sliced and diced all this debt into worthless gambling chips. They are also right to wonder why there is still little transparency in how TARP funds have been spent by these teetering institutions. If a CNBC commentator can stir up a populist dust storm by ranting that Obama’s new mortgage program (priced at $75 billion to $275 billion) is “promoting bad behavior,” imagine the tornado that would greet an even bigger bank bailout on top of the $700 billion already down the TARP drain.
Remember, the fundamental point of the TARP bailout is to funnel incredible amounts of taxpayer money – debt, actually – to the very institutions and people who are responsible for driving the markets off the cliff in the first place.
And they got paid handsomely for doing it.
It is time for our nation’s financial machine to drop the self-righteous arrogance they have cloaked themselves in for too long, for all of those paper-pushing money lords to release their false sense of entitlement, relinquish their ill-gotten wealth from the last 10 years, and to return to their proper place in the economic landscape as facilitators of capital creation, not the creators of capital.
Accountability in the largest disbursement of public funds in history is not only a good idea, it is essential to our democracy, as is ending the revolving door between corporate boardrooms and the regulatory offices of our government.
The Fox Business FOIA request and the court’s decision to release more information should serve as a warning to the Wall Street good ol’ boys that their orgy of omnipotence is truly over, and that the era of accountability is in.
We have always recognised that banks have to be trustworthy for the system of money to be able to function at all. This is because the banks completely control everything that happens, or can happen to money – how reliable it is and how freely it moves from person to person.
Every time money moves from one person to another, it creates something useful and valuable: real wealth of some sort and employment, enabling workers to use their wages to eat and house themselves.
Millions of people Worldwide are now losing their jobs, their houses and their wages enabling them to eat and survive. Homelessness and starvation is being forced on them, not because they do not want to work; on the contrary, they are pretty desperate to work. Very few people like to be idle.
The only reason these people’s lives are being wantonly destroyed is because the people and organisations in charge of maintaining the reliability and integrity of money have completely wrecked it, wrecked the whole delicate system of trading, rolling back civilisation to poverty and primitive barter as that fragile symbol of trust – money – is destroyed and debased by the very people we all trusted to cherish it on our behalf.
These people are the banks.
Money itself is simply a symbol of trust. It has no other value than to allow one person in possession of some money to pass it on to another person in exchange for something that does have real value – a loaf of bread, or something else that’s really useful, like a house to live in.
Our system of money is now in complete shambolic meltdown because nobody can trust it; it has become unreliable.
Why ?
Because it has become unreliable, individuals and businesses are unable to be certain there will be an adequate flow of money for them to continue to function. Business cannot function without reliable flows of money purchasing it’s products from which it then pays it’s workers, who are then enabled to eat and pay their mortgage.
Money was originally ‘invented’ by banks as merely a trusted symbol of exchange to replace the clumsy idea of barter. They have been in control of it ever since. It is important to be an honest person when handling money as there is always a temptation to find an excuse to keep some or all of it for yourself.
Dishonesty has always been around to some extent, and there have always been people whose job it is to handle money not belonging to them, who have stolen some.
Because theft is so damaging and disruptive, society has always sought to achieve a high degree of honest morality in all public dealings of any kind. Without it, all civilisation crumbles into anarchy, chaos and brutality. Dictatorships, violence, famine and death have always been the consequence throughout history.
In recent times the banks have invented excuse after excuse to construct more and more reasons to take some of our money we entrusted to them for themselves.
Some examples of this, and there are many, might be the quaint idea of inventing something called the penalty charge. This can range from a charge of millions to a business, or a small amount to an individual who fails to precisely control even the pettiest detail of his finances.
This results in banks looking for excuses to ‘justify’ a penalty charge and their artfully constructed self-righteous, twisted, logic then turns their honest customer into an enemy with whom the bank battles with and often then irretrievably harms by wrecking every aspect of that person’s finances.
Every time this little bit of dishonest, fraudulent dealing occurs in some tiny little corner of the financial system, a small amount of trust is destroyed and ripples out far beyond that bank and the customer it is stealing from, magnified beyond recognition as it touches huge numbers of other people.
A good example of the cumulative effect of this is the ‘sub-prime’ mortgage. This is a farce. An artificial construction by banks designed to milk outrageous amounts of money from people unable to defend themselves from what amounts to blatant fraud in a form the law describes as ‘conversion’.
Conversion is simply when you unlawfully ’convert’ property rightfully owned by another to your own use in such a devious manner it cannot be legally seen as obvious common theft because it is disguised. Sounds familiar in your dealing with banks ?
The banks deliberately set out to create this type of mortgage because it is more profitable than the old fashioned type based on honest trust and fair dealing which no longer provided enough profits to fuel the bank’s rapacious greed.
This is how it is done.
A perfectly respectable, reliable, person has an ordinary mortgage with an old fashioned building society – one of those ‘high street’ lenders. That person’s life may be disrupted by common events. It may be divorce, sickness, temporary unemployment, for example.
Nothing that would normally destroy people’s financial lives to the extent of being unable to have enough money to keep the roof over their head and feed themselves. Disruption of this sort normally happens to a huge proportion of the population.
What does a modern bank do when such a person become a few months in arrears with their mortgage ? Why, it first of all makes it more difficult for that person to recover their financial stability as the bank imposes arbitrary ‘penalty’ charges which are designed to rapidly mount up into thousands of pounds.
It then ‘black lists’ the unfortunate individual by notifying the credit agencies that they are financially unreliable. This is used as an excuse by any other financial organisation to make life even more impossible for that person by pushing them further and further into uncontrollable debt by using the excuse to milk them of more money by penalising them financially at every possible opportunity; using sanctimonious self-righteousness to blame the unfortunate individual they are manipulating for what the banks are actually doing themselves.
So, someone who may have a loan for only half the value of their house and be only as few as three months in arrears will have re-possession proceedings brought against them by the the bank. They are threatened with eviction and homelessness, with the inevitable consequences of forced unemployment, family breakup, increased debt and even illness.
The bank evicts them, and the house may remain empty so long it loses value as it deteriorates. Or it is likely to be sold at a considerable loss. That former homeowner is now blacklisted as too uncreditworthy to be lent money again by the ordinary high street mortgage lenders.
Curiously, that same bank just happens to wholly or partially own another company which also lends money for buying houses. But this one only lends to people with ‘impaired’ credit. The same sort of people who have just been refused an ordinary, standard mortgage.
People are also refused standard mortgages for infinitely more trivial reasons. They may have a county court judgement of just a few pounds against them. It may be such a frivolously brought claim they may have chosen to simply contemptuously ignore it.
But such a thing and a myriad other excuses are used by the banks to push people into the more profitable ’sub-prime’ mortgage lending arena with one of those subsidiary companies the banks own.
Or they are pushed into this rapacious ‘sub-prime’ lending market by all sorts of other restrictions manufactured by lenders.
A common one is the borrower not earning enough money to afford the ‘high street lender’s loan. Funny how that doesn’t stop the same financial organisation lending the money to the same ‘unreliable’ , ‘uncreditworthy’ person at higher rates of interest and with huge penalties imposed by another partly or even wholly owned lending business subsidiary to the one that refused the fairer loan !
Now the banks have manipulated someone into a position where the banks can produce an excuse to charge more for a mortgage – much more.
Enticed by a low starting rate of interest that escalates after a while to often as much as double monthly repayments and with penalty charges of thousands of pounds if the borrower has to terminate the mortgage in a year or two, the borrower has nowhere to turn.
All the banks collude to stop him obtaining an honest loan costing less. The banks want their extra profits ! And here is a mug who can’t complain and has nowhere to turn to and the banks know it. Don’t they just.
They have carefully manipulated their affairs by jointly creating this stranglehold over money by pooling their resources and their information to enable them to work together to create this extra profitable ‘sub-prime’ lending market. Pretty much exactly the same techniques used by the door to door rip off loan shark illegally charging annual percentage rates of thousands of per cent to impoverished workers.
It is exactly the same process at work. Fraud, theft, manipulation, threats, fear. These immoral sub-prime lenders have much in common with criminal door to door loan sharks and other thieves. Their victims are caught like flies in spiders webs. There is no escape.
But wait. It doesn’t just end there does it ? Having established this wicked system of modern banking that provides such huge profits to the banks, they wanted more. Greed is good they seemed to think. Yes, that’s what they said. Greed is good !
So they started using the same ludicrous types of manipulation on each other as lending between banks escalated beyond reason or comprehension to prop up the fragile system of deceit the banks were busy creating.
The banking system seemed to become more and more like a giant ‘Ponzi’ scheme where banks borrowed money from other banks to repay their own debts before it was discovered they had no money left at all to meet their obligations, because they had lent the lot as they forced increasingly large amounts of loans onto a gullible population who simply couldn’t understand what was going on.
All people could see was the value of houses increasing to levels of un-affordability where everyone was forced to borrow gigantic amounts of money just to have a home to live in.
But, like all ‘Ponzi’ or pyramid selling schemes based on fraud, the banking system was becoming more and more fragile. It was so riddled with double dealing, fraud, dishonesty and mistrust, banks became too fearful of even each other’s reliability to lend to each other anymore. The banks had successfully created a system based on deceit, mistrust and lies which had also spread into the whole wider community of individuals and business.
The Global banking system went into meltdown as money disappeared into the banks from wherever they could grasp it. The biggest con trick of all was persuading Governments ‘to bail them out’ by giving huge amounts of money – hundred of billions of pounds to stop them going bust and then even more of our money disappearing into oblivion.
The banks kept it for themselves where it is actually useless. Money is only useful and only performs it’s function when it keeps moving from person to person. The banks stopped the World money supply from moving.
So, in the same way the banks are the places where money is created to make trade and commerce become possible, so it is that money is destroyed and is now completely vanishing from existence by the banks being able to reverse the process.
That is exactly what the banks have done. It is the biggest fraud in history.
Looking for someone to blame other than themselves, the banks immediately blamed the ‘sub-prime’ borrowers.
The banks claimed it was all their fault because they were unreliable individuals who couldn’t afford to keep up the payments on the loans they should never have had in the first place; mainly because they were too poor to be able to afford them.
All those very bad borrowers had misled the poor innocent banks into lending them money. It was all their fault, the banks said. But they weren’t too poor for the banks to take their money, were they ?
The banks are liars. Sub-prime was deliberately created by the banks as a means to make more money and take advantage of people. and the banks in their breathtaking greed were too stupid to know when to stop, so they still haven’t stopped.
They are still foreclosing on homeowners even if there is loads of equity remaining in the property. Business loans are forcibly being demanded to be prematurely repaid to the banks and further new loans are rare and generally mostly unavailable.
So, the result is World-wide economic meltdown and poverty and misery of all sorts. Word wide trade and commerce is being destroyed by banks being irresponsible, greedy, and nasty.
Thank you very much, the banks.
PSSSST
Consider this.
A little clue it cannot be sub-prime lenders responsible for the gigantic sums of money disappearing into oblivion is simply that the amounts of money now vanishing into a black hole is apparently reaching into trillions -many trillions. It is a sum my calculator cannot understand or even cope with. So I haven’t much hope of understanding it either. Nor have you.
Let’s do some maths. If the average house price is £200 000 and the loan to buy it is 100 per cent, then one million sub-prime borrowers failing to pay a single penny of that back, ever, means a total loss to the banks of 200 000 million pounds or 200 billion pounds.
Of course this calculation is a complete fiction, because usually the banks re-possess the homes and get all their money back and then some. Sometimes, just sometimes, the banks will not be able to sell the homes for the full amount of the loan and there will be a loss. But the banks still won’t lose that money without pursuing the former homeowner for years to recover anything still owed from their wages.
The banks will not be suffering much in the way of loss from re-possessions and I imagine any losses are more than compensated by profit. So where might this loss they all whinge about be ? Search me ! Perhaps they might like to tell us ?
Here is a slightly more realistic calculation which tells another part of the story. The Council of Mortgage Lenders here in the UK say that each re-possessed house costs £35 000 to repossess. So each bad sub-prime mortgage loan is costing £35 000 and not actually the full value of the property at all.
Even that figure is misleading because it, apparently, is what the CML say the cost is, but they carefully bend the truth by omitting to mention that whole cost is usually born only by the borrower and never by the lender, unless the sale price of the property falls below the value of the loan; something almost unheard of here in the UK in normal circumstances.
But, assuming there is that cost of £35 000, and not arguing about who bears it, multiplying it by one million feckless sub-prime borrowers having their homes repossessed makes a total figure of 35 thousand million or just thirty five billion pounds,
Do you recall the hundreds of billions, even trillions of pounds forthcoming recently from Governments to subsidise the banks ? Seems to be a bit of a discrepancy here somewhere, don’t you think ?
Figures of annual repossessions in the UK were running at about 50 000 homes a year until a few months ago. Nothing like that fictional figure of one million used above. So what does fifty thousand repossessions look like costing at the official Council of Mortgage Lenders figure of £35 000 ?
Why, that comes down to only one thousand, seven hundred and fifty million pounds or 1.75 billion pounds; virtually all of which is borne by the borrower and is not a loss to the lender at all.
Frankly, I doubt if lenders even lose ten per cent of that and that would reduce the figure of apparent loss to just one hundred and seventy five million. Tiny, miniature, compared with the eye watering losses the banks are complaining about and the Governments are pumping into the banks to keep them from going broke.
As America has about five times the population of the UK you might, roughly, multiply that figure by five to get an approximate figure for the USA. At 1.75 billion it’s nothing like the losses banks are claiming sub -prime mortgages have cost them, is it ?
That’s thousands of millions, or hundreds of billions, even trillions, remember ?
The inescapable conclusion is someone is not telling the truth ! I wonder who that could be ?
I think it might be the banks.
I was always told that people who didn’t tell the truth were called liars.
If the banks are lying, and it looks like they are, then how can they be trusted to be in charge of the money supply ?
Nicholas Windrum is a thinker and writer living somewhere in the UK…
Reports are surfacing that there has been another major information security breach at a credit card payment processor, though the company has not yet been identified.
The breach news comes less than one month after Heartland Payment Systems announced they had suffered what is likely to be the biggest PCI breach to date, possibly bigger than the TJMAX breach.
Heartland (HPY) is the sixth largest payment processor in the nation.
There had been indications in early Heartland reports that the FBI was pursuing suspects who may be part of a larger criminal conspiracy targeting multiple companies, but there are no reports yet as to whether this latest breach is part of that investigation, or whether the revelations at Heartland led to this breach being uncovered.
From DataLossDB.org on the breach at the unknown company:Banks around the country are reportedly receiving warnings, and perhaps even new lists of cards to replace. This is apparently regarding another credit card processor, unrelated to Heartland Payment Systems, having a significant breach.
OSF has received multiple tips from multiple sources, and has spoken with the good people over at bankinfosecurity.com who have confirmed they too are hearing the exact same thing. From what we’ve heard, this second breach is significant in scale, but we have not as of yet been told who the processor is.
Also, speaking of BankInfoSecurity.com, they’ve released an article about three people being arrested for allegedly using credit cards from the Heartland Breach. And also, their list grows of institutions affected by the Heartland incident (they maintain a much more comprehensive list than we did). Hats off!
Our team has been predicting that 2009 will be the year that InfoSec moves to the forefront of the economic crisis. We believe the somewhat obscure issue will be as familiar to the American public as the notorious subprime and pay option ARMs have in the last year or two.
Much like the meltdown of the mortgage industry, the revelations of lax governance in the handling of sensitive and private data will likely shock the public and the business community alike, and those revelations are bound to come all too painfully slow, especially for shareholders.
The data loss debacle at Heartland highlights the fact that the failure to secure information is the next major shareholder derivative, director and officer liability, regulatory, consumer product safety, and class-action issue to impact our economy.
Nearly one month after going public, few details of the Heartland breach have been released, and many questions remain regarding a long chain of events that include both the breach and also an aggressive executive 10b5-1 stock selling plan adopted in early August of last year, the same month the breach is now reported to have ended, but still five months before the breach was announced publicly.
Heartland Payment Systems stock price has been flat-lined since losing half of it’s value shortly after the January 20, 2009 breach announcement. A report form komonews.com gravely illustrates that this is more than a security issue, it is a commercial viability issue:
Heartland says it has closed the security hole that allowed criminals to infiltrate their systems, but the matter is far from settled. The company will likely have to pay big penalties to banks to reimburse the cost of issuing new cards, and analysts say the intrusion could even threaten the company’s survival if the big card brands decide to cut off Heartland from connecting to their networks.
One big payment processor, CardSystemsSolutions, went under after a 2005 data breach in which 40 million credit card accounts were compromised and the big card brands stopped doing business with CardSystems. Representatives for Visa Inc. and MasterCard Inc. declined to comment.
“According to a MasterCard alert, this sniffer program stole card numbers and expiration dates from credit and debit cards processed by Heartland from May 14, 2008, through Aug. 19, 2008, as the information entered Heartland’s payment switch,”
Here is what we know of the Heartland timeline thus far, which is not much, but it does beg for a more thorough explanation by company officials for no other reason than several important things happened in a relatively short period of time, and that alone should be reason enough:
May 14, 2008: Breach reported to have began
May 20, 2008 Carr Makes first stock sale of the year, 2695 shares
August (first week), 2008: CEO Robert Carr’s 10b5-1 is proposed
August 8, 2008: Board approves 10b5-1 plan
August 8 – August 14, 2008: Carr makes six separate sales of stocks totalling 60,000 shares
August 19, 2008: Breach reported to have ended
August 28, 2008: Carr sells 80,000 shares
September 3, 2008: Carr sells 80,000 shares
September 17, 2008: Carr sells 80,000 shares
October 15, 2008: Carr sells 80,000 shares
October 28, 2008: Visa and MasterCard notify Heartland of problems; Carr sells 80,000 shares
November 6, 2008: Carr sells 80,000 shares
November 20, 2008: Carr sells 80,000 shares
December 11, 2008: Carr sells 80,000 shares
December 26, 2008: Carr sells 42,900 shares
January 7, 2009: Carr sells 80,000 shares
January ??, 2009: Carr suspends his 10b5-1 stock selling plan
January 20, 2009: Breach Announced
In an email I received from Heartland’s representatives, they state that there is no relationship whatsoever between the breach and Carr’s stock sales:
At the time of this announcement, Mr. Carr was not under any trading restrictions pursuant to the company’s insider trading policy and was not in possession of any material non-public information concerning the company. Under this 10b5-1 plan, programmed sales of company stock were made on Mr. Carr’s behalf, and he had no discretion regarding the timing or other aspects of those sales.
Although he was not required to do so, Mr. Carr terminated his 10b5-1 when the company confirmed the security breach it disclosed in the company’s press release of January 20, 2009. As has been reported, Heartland first learned of a potential problem from the card associations on October 28th of last year, well after the announcement of this 10b5-1 plan. Heartland categorically denies that Mr. Carr was aware of a potential security breach at the time he adopted his trading plan.
I can see no reason not to take them at their word, but I also urge Heartland officials to release more information to clear up the issue, such as the documentation that Heartland’s Systems and IT departments keep to show compliance with requirements for sensitive data protection. Hard copy confirmation that no one at Heartland was aware of any major security problems prior to October 28, 2008 would put any questions to rest with more finality than a corporate press release or an email.
Something to look forward to is the conference call with Carr now scheduled to take place in the last week of February. The agenda state the call will discuss Q4-2008 earnings, but it seems almost certain they will address the breach then, and hopefully will provide more details regarding an eventful August 2008.
Chairman & Chief Executive Officer Robert Carr and President & Chief Financial Officer Robert Baldwin will host a conference call beginning at 8:30 AM Eastern Time, Tuesday, February 24, 2009, to discuss fourth quarter and fiscal year end 2008 results and conduct a question and answer session.
Heartland Payment Systems invites all interested parties to listen to its conference call broadcast through a webcast on the Company?s website. To access the call, please visit the Investor Relations portion of the Company?s website at: http://www.heartlandpaymentsystems.com. The webcast will be archived on the Company?s website within two hours of the live call and will remain available through Friday, May 22, 2009.
You may also participate by calling (800) 559-6679 and providing the operator with Pin Number 81829786
The SEC does require disclosure by company leadership of known threats to share price, so we should expect that more will be revealed during the call – unless the investigation would prevent the release of such information, in that case we would probably at least get some statements to that effect.
Either way it seems that much will be revealed in the call.
As for the latest breach, let’s hope it is not a record breaker and that no fraud cases are the result. Be vigilant about checking your own credit card statements and report any suspicious activity immediately. Then just keep your fingers crossed that we can effectively put the information security genie back in the bottle before the next breach is not just a financial security matter, but a national security event as well.
Anthony is a researcher, analyst and freelance writer who worked as a consultant to senior members of product development, secondary, and capital markets from the largest financial institutions in the country during the height of the credit bubble. Anthony’s work is featured by leading Internet publishers including Reuters, The Chicago Sun-Times, Business Week’s Business Exchange, Seeking Alpha, and ML-Implode.
The Author gives permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author and to Information-Security-Resources.com.
The problem with putting your head in the sand is that you cannot see or hear. No sense gets in. Maybe this is a bright idea given the sad things we see today? Yet you need to see and hear during a time of unrest and danger.
We are in that time now. Don’t lie to yourself that we are not in a time which may prove perilous. It has been perilous very recently and it may be again very soon. I stack up newspapers I don’t get too right away and occasionally race through maybe a week of them in an hour. I cherry pick the best stories.
One commentator I trust deeply is James B. Stewart at the Wall Street Journal. He writes the “SmartMoney” column. Mr. Stewart lives up to that name. Money managers as a group generously deserve our contempt and derision. Yet Mr. Stewart is an effective money manager and a great teacher and coach. You will make money and beat the index funds if you listen to him.
Last November he made the following observation of massive new government investment in the banking sector:
“These (injections of capital to the banking and financial system) should be good investments, since so much of the crisis is psychological, and values will rebound when confidence is restored.” (How Obama Can Fix the Economy, November 12th, 2008, Wall Street Journal).
I hope the paper didn’t make your doorstep that day.
Mr. Stewart could not have been more wrong. This crisis is not driven by a psychological dread like the fear of death or ex-girlfriends. This crisis is driven by very real facts which correctly induce fear. Even paranoids have enemies, and even the great American banks can bankrupt themselves. When they do they can take the whole world tumbling down. The world is tumbling.
Mr. Stewart’s prescience reminded me exactly of Kenneth Griffin, CEO of Citadel Investment Group. Mr. Griffin is a great king of the hedge fund world. He is also now a fantastically big loser who made a ton of money for himself prior to losing an absolutely unthinkable amount of money for other people. Will he pay a dime back from his personal kitty to help his clients crawl slowly to zero lost (forget gains for now)? Why should he have anything and take away so much from others?
“The idea that the largest banks in the world would simultaneously fail, need government support, government guarantees, and/or government intervention to survive was not in my range of realistic scenarios,” said Mr. Griffin (Citadel Under Siege, Fortune Magazine. Dec. 9, 2008).
How do you read this sentence? Is he saying our catastrophe was impossible to see? Or did he simply fail to have basic tests in place? I know for a fact it’s the latter. He apparently thinks it’s not true. I assure you it was not difficult to foresee. He was dead wrong before the fact and he is dead wrong afterwards.
My modest proposal: Claw back the personal income of failed hedge fund managers until the claw takes as much as they have lost others. It would be a life-long sentence. And use this special tax to replenish the charities ripped off by Bernard Madoff. It’s a garnishment. And it’s progressive tax policy.
Ignorance Eternally Recurs
Mr. Griffin need not have looked far to attain reasonable intelligence ahead of his catastrophic losses. The most basic research produces great results in this crisis. What is striking about our financial crisis is not how complex it is, but how simple are its largest influences. The primary touchstone by which we should have warned ourselves of the past and by which we should guesstimate the future is hidden in plain sight.
Review the April Fool’s Day 2008 Balance Sheet of the American Economy (Unmanageable Loss. Manageable Catastrophe. New Mortgage News, April 1, 2008). It predicts systemic bank failures. That means that it predicts that many banks will fail. This work depended upon approximately three minutes of study and calculation. It has been right in every respect — except that what was then a wild prediction of losses now seems petite, thin and malnourished.
At the time the guess was $2 trillion of mortgage losses. Now the guess is $5 trillion. Five is more than two. The five trillion is now a wild number, but I have walked this way before. Logic is my guide. The madness of crowds I will leave as your option. As you may rightly imagine, with a trillion here and a trillion there, pretty soon we are talking about real money. The money lost is very real now, as is our national bankruptcy. We need to file, but we can’t find a good attorney.
So what should you be watching? What should you be doing? How can you do well from this information?
Practical Matters: Your Money
First, remember cash is king. Keep your savings in cash. Deviate from this suggestion only with trepidation. Pause here. Decide. Act. Better to be safe. Remember a 2% return last year made you 30% or 40% smarter than your competition investing in stocks. Right now equity investments are unknowable because the world is too wildly in flux. Stay far away for now, even if you are smart enough to be one of those people who puts a little more in all the time.
Debt investments are bizarre today. Many carry explicit government guarantees. Only a fool would bet against Bill Gross at Pimco. He is simply following the advice of the US Treasury and the Fed. He believes there are some fantastic investments right now. Check the article link for his advice. (What Bill Gross is Buying, January 6th, 2009, Forbes). His philosophy is that the United States government will not back out of its word guaranteeing private-sector debts.
Go with Bill if you need to get pumped up.
If at all possible, don’t buy real estate – unless you hit the seller very hard on price and anticipate values will fall 20% from today’s market values. Or unless you are in love with the property, and the love will last more than five years. If you own real estate and you need to move in the next two or three years, then try to sell now. Prices are falling at a rapid sprint pace. Don’t depend upon prayers that this will all stop.
In every way we have to rationally judge property values, the news is bad. Fully 11 of 20 major metro areas in the United States had record annual declines in the year ended Dec. 1, 2008 (Home Prices Fall At Record Pace, January 27, 2009, CNNMoney.com). That includes Chicago for my Chicago readers: Down 12.5% in a year and down 16% from peak values in September 2006. This is the most recent data available.
Don’t buy real estate: The best research on bank crises says property values will continue to fall until summer 2011. We have two more years of decline left — if we use past experience as our estimator.
Sell real estate: If you are waiting for prices to improve, you may have to wait five or ten years. Assume the price of your home will fall 25% from its value today. Then make the decision of whether or not you should sell today: Do you want to own your home in two years when it is worth 25% less than it is worth today? Remember: To know this crisis, look at the value of homes and don’t take your eye off the ball. To know this crisis, look at what will happen to the value of mortgages and don’t take your eye off the ball.
And then say to yourself:
“What will happen in a world where residential mortgages in the United States — the largest single financial market in the world — what will happen should that market experience massive unthinkable losses that will bankrupt most major financial institutions in the United States?”
Depression Redux
I cannot have knowledge of the feeling one experienced upon entering the Great Depression. I do know that this reversal feels gargantuan. There are still many mighty pretenders to the throne who appear to be solvent and who may soon find themselves fools and mass creators of poverty. The obvious cases now are Chase (JPM) and Wells Fargo (WFC).
Why Chase and Wells? They both originated huge and aggressive second mortgage portfolios during the boom and they are now holding enormous investments in the most defective and ugly form of residential home mortgage. Godspeed, I say. Death will find you. Perhaps soon.
Wells holds $84 billion and Chase holds $94 billion of second mortgages (Oppenheimer & Co (OPPAX), September 2008). Almost 40% at Wells are in California. Both second mortgages and California are disasters.
Do you remember what to keep your eye on (property values & mortgages, property values & mortgages, property values & mortgages)? If Wells goes down, they apparently will pull down one of the kings a bit too. Warren Buffett reportedly owns 290 million share of Wells Fargo and has supposedly lost $6 billion there. I find it hard to believe this risk was not hedged.
At least the managers of Chase and Wells are just singing, dancing and clapping their hands after having created a portfolio over many years of hard work. They can’t just walk from this paper with a trade. Mr. Griffin, the hedge-fund manager, has a more difficult charge to answer. For a better understanding of Mr. Griffin, refer to any of the bylaws of Groucho’s Investment Club.
Membership Has Its Rewards
Grouchorefused to join any club which would allow him in. He knew there would be nobody good at the club if there were types like himself allowed to join. So too any person with the personality to raise money for management is the personality which cannot manage money. How much more proof do we need? Let me count the ways for you. What follows is just a short list from the encyclopedia.
Mr. Madoff had the special touch for $50 billion. A lot of great companies could be made from $50 billion. An entrepreneur is the opposite of a money manger. They like to do things without asking for help from others. They could easily build heaven and earth with $50 billion.
Mr. Madoff’s money management results we will never apparently know. Early reports indicate there was no trading at all. He was busy shuffling the deck. Think of him as the Vermouth trader. He mixes up your savings into a martini, and then gently mouths the word “Vermouth” to keep the mix dry. This is the special insight he brought to the “Equity Hedge” category.
No better than he are active money managers in the massive mutual fund world who take one or two percent off the top every year when definitive proof demonstrates that less than one percent know what they are doing (The Prescient Are Few, July 13, 2008, New York Times).
We should give active mutual fund managers credit for returning whatever principal they don’t lose. It’s not a full Madoff. Yet in every other respect, their work is as fraudulent as his. If you fear God, don’t send your children into this field. It’s deeply unfair to a gullible investing public that active managers of mutual funds legally extract fees that they do not earn. Given their consistent non-performance, the investment warnings should blare in unambiguous language their history of failure.
Believe me when I tell you this: Their failure is very successful. A true warning would say: “Our only purpose is to collect fees. We cannot beat the performance of computer-generated index funds. We wish we could. We will give it the college try, but it will not work. We apologize in advance. Thank you for your investment. We appreciate your kindness.”
While the frauds of our world are hard to keep track of just about now, it does not mean they cannot be discovered. The active money managers are the ponzi’s extraordinaire. To those who love fraud: Your hats off to them.
The Albino Jumps for Jack
A fascinating study by Riskdata shows a simple test of the reported returns of the Madoff funds were so preposterous that the fraud was obvious and apparent (Risk Test Study of Madoff Claims, January 21, 2009, Financial Times).
Banks and regulators had to spend almost no time or money to get their man. Mr. Madoff was an albino doing jumping jacks in the nude. And Mr. Madoff was an albino to the financial press as well. Funny they would not dream of their failure as a demand for their regulation. They are in the business of information and analysis, but you will not see any sad confessions from this profession. Yet they too let Madoff go with their ignorance.
I would like to suggest a way to end this hypocrisy.
My proposal for press regulation would be consistent with logical consequences, and with the demands they are making of others. It’s a very workable plan. I think we should make them write an after-school punishment note once a month. It must be hand-written. The note will say: “I will look at both sides of the story.” They must send the note to the United States Department of Justice: Office of Journalistic Integrity.
If enacted, the free-market element in the newsroom would explode beyond expectations. There would be outrage by such massive intrusion. If we raised the penalty to writing out the punishment sentence 50 times every month, then press coverage would evolve to skew Ron Paul to the left wing.
Then we just throw in the Mickey Mouse trap.
We give them 101 different sets of rules for the after-school punishment note based upon geographic location and bureacraticwhim (I estimate the number of different legal regimes which mortgage originators comply with in the United States is equal to 101. I am not kidding.). Then they would all quit their jobs, join the border militia, take pictures of themselves carrying assault rifles, and repeatedly blow up the home of William Ayers. We would all be much safer. This plan is budget neutral.
In any case, on the whole, the ignorance and prejudice of the media throughout this crisis has been breathtaking. Their funny faddish attempts to make this all a result of deregulation and derivatives and Republicans is such a back-breaking ideological fantasy. It’s also enjoyable because it proves their dishonesty. They are now like all of us. They are fraudsters too. The poor poor precious dears are swimming in the same ocean with the rest of us. They are adapting perfectly to the salt water.
Star Biz Reporter Flunks Econ 101
My favorite illustration is Roger Lowenstein, the star business reporter of the New York Times. His little ditty on the financial crisis faults regulation and leverage and derivatives. He is outraged by all of this in the case of AIG (AIG) (Regulator in Chief, September 26, 2008, New York Times).
Yet he is forgetful about the wild glamorous sex-party of regulatory failure and infinite leverage and massive derivate exposure and major political muscle and world-leading mortgage assets at the Gatsby homes called Fannie Mae and Freddie Mac. It smells here like a Democratic-party activist.
The property depression and mortgage defaults don’t really merit any mention to Mr. Lowenstein. Monopoly as well is apparently not an appropriate subject for regulation. One assumes the pages were torn out of his Econ 101 textbook.
My opinion is that the heart and sole of some of the best questions about our financial crisis center upon this simple inquiry: Did we have good reason to support a monopoly in mortgage loans? You may not know that that question is among the most interesting. The reason you don’t know: The bias and ignorance of those who report the news to you. Facts may intrude. Funny how Mr. Lowenstein even likes the fate of our commercial banks in the crisis. They are safely under the guard of stricter regulation, he said.
“As highly leveraged investment banks, derivatives traders and unregulated hedge funds were pummeled, regulated institutions like banks were relatively stable,” said Mr. Lowenstein.
Only true if the world is cleansed of Citi (C), Wachovia (WB), and Washington Mutual (WAMUQ). They may have other brothers dying very soon. I called in for a correction on this, but the line was busy. One wonders if the reporters remember that their fallacy is splashed forever across the front pages for all of the world to see?
It’s only not funny when you remember that through the work of the press we will understand the nature of our failure. We will try to soften the next spectacular crash. We need great intelligence to reverse this one. Facts precede understanding.
Mr. Lowenstein’s malpractice deserves special condemnation because every Tom, Dick and Bozo in the financial press will think Mr. Lowenstein knows what he is talking about. They have followed his lead or picked it up in the Kool-Aid. The word “monopoly” has been banned from the financial press. This is similar to the disappearance of early top lieutenants of Mao in famous pictures when his hair was thicker. Hair was very important to Mao.
It’s a special responsibility reporters have. When our economy stops working, the children all over the world are starving more. The paper from derivatives contracts is not choking those children. It is something unphysical.
Fraudulent Theme
Let’s look at the catalogue of stupidity and deceit. Let’s remember the fallen nature of each of us. Just here in this letter we have Mr. Madoff depriving his own people and all of their charities. He has stolen the work and suffering of thousands of lives whose great sacrifices and generosity are made empty. He should be executed.
We have mutual fund managers who bounce right along with a success ratio of less than 1% versus the returns of computer-generated portfolios. Yet they are legally collecting unearned fees all the way to the bank. That includes the money making they are taking from nice little old ladies who trust in the world and the people in it. It is insensible that this is not criminal behavior.
Then we have Wells and Chase pretending to be solvent. Do their equity investors know? What about the nice little old ladies who invest in banks because they are safe? Weren’t enough ruined by Fannie Mae (FNM), Freddie Mac (FRE), Wachovia, Washington Mutual, Countrywide (CFC), Citi?
There is Citadel Investment Group. Mr. Griffin may be a Forbes 400 entrant. Yet his clients are also 50% less wealthy after last year. What a weird hedge: These money managers promise positive returns in any market.
By the way, my correspondent: You are the smart ones giving them all of your money. You are a member in good standing of Groucho’s Investment Club. Your number should already have been mailed to you. I hope you will enjoy the privileges of membership. Groucho would be happy to meet you when he stops by. Good luck to you. In the case of Mr. Stewart, the SmartMoney columnist, you have a safe haven and don’t need luck. He can get past his error and win. His principles allow for error. There is light there.
In all the other cases, what a sad sad story we must tell about ourselves.
Quite neatly we are divided into two groups, but not of equal size. There is first the big group. All of them are dumb. And then the smaller group. They are selfish enough to cheat the dumb. Cheating is their intelligence. That’s a good summary of history. Write that down. Then sit back and ask yourself: What makes the world turn? What is it like to touch the sun?
What is the name of my father’s father’s father? Why don’t I know his name? How can that be possible that he is unknown? Is he so worthless so soon? It is true that God is mysterious. It is true we are undeserving of what He has given us. How pathetic have we become that we don’t even know that?
No regulation can ban stupidity. No law can stop all deceivers. And the build up and mixture of stupidity and deception requires periodic explosions. We need reminders of our true selves. Our new world should begin with old truths. We are dumb predators. We are not inspiring. We are known most truthfully by our sins. We are reliable in sin.
Only a fool thinks we are a few changes away from perfection. The dangerous fool believes we are mostly changeable from our lowly selves. The roaring nincompoop thinks these things do not apply to themselves. We would all do well to look up “confession” and acquainstourselves with the primative cultures who used its office.
Why would they do such a thing?
Let me guess. You don’t know the answer. You don’t know why confession is necessary.
Here is the answer. In the olden days all persons knew they were of small importance in comparison to God. They realized they were unworthy of the gifts which they had been given. They knew that without God they were lost and of little use. All realized that they had an obligation to be better than themselves.
You are a simpler personality. You don’t know you are lost. I don’t know what that makes you exactly, but I wouldn’t send any letters home about it.
We cannot start our recovery until we have completed our bankruptcy. Go ahead now and do the denial, anger, bargaining, and depression. Open the window and scream. Then put the fate of the world ahead of the obvious reasons we shouldn’t do this. Yes, we will reward a carnival of bad behavior and make people believe they can get away with it. Should we chose massive global depression instead?
Then ask yourself: Is it possible our property market can deteriorate by 40% and no systemic bankruptcy follows? Is the bubble’s very definition homeowners taking on debt they cannot afford — to buy houses priced for a Ponzi flip? Where is that bad debt going to go?
Bankruptcy invalidates debt which cannot be paid. At present, we may have $5 trillion of mortgage debt which needs de-validation because it is un-payable (see graphic). It’s a big job. If true, then the United States Treasury must issue a check to cover the bill.
Thus will our un-payable mortgage debt go away. We will live happily ever after. To work hard. To pay off this huge new debt. And pledge against borrowing recklessly to purchase homes.
The primary beneficiary of this plan, in addition to individual homeowners, is our bankrupt banks. They are now incapacitated, and our economy cannot thrive without their lending. They will live again after their $5 trillion dollar death sentence is commuted. Present leadership need not be retained. My suggestion is tar & feathers for them.
Plan Orange: The Graphic End of the Financial Crisis. Plan Orange pays down the mortgage debt of all property owners in the United States to 80% of the value of their home today. The purpose is twofold. The plan pays down mortgage debt to make it more affordable and to bring it current. It also strengthens all banks who own mortgages. The bill for Plan Orange may be as high as $5 trillion. This graph attempts to estimate the amount of negative equity nationwide in the United States by the end of the year. Negative equity measures the amount by which a mortgage balance exceeds a property’s value. The graph exaggerates the problem, but may make it easier to understand. The graph on the right side depicts the total of all mortgage balances on residential properties in June 2006 and at the end of this year (12/09). The graph on the left side depicts property values in June 2006 and then a 40% loss by the end of this year. Determining the total amount of negative equity helps define the amount of mortgage loans which will not be repaid. The value described as (A) is both the estimate of negative equity in December 2009 and the estimate of payments under Plan Orange to reduce mortgage balances.
So let’s issue a check from Treasury to individual homeowners to erase all uncollectible mortgage debt; or actually issue a check payable to the mortgage creditor for the benefit of the mortgage debtor. It’s a rapid-fire bankruptcy. It’s an instant recapitalization of banks. It’s a sharp turn of our economic ship away from the massive icebergs which our Titanic property market now advances toward full steam ahead.
General Bankruptcy: Will Murder Crisis,Wants The Job
► Smartly injects a massive stimulus – approximately five times the stimulus of the present Obama-administration proposal — in the space of a single month.
► Destroys negative equity.
► Rewrites all unfair loans.
► Eliminates all foreclosures.
► Starts and completes bankruptcy for perhaps 25 million homeowners in the space of a month.
► Instantly transforms mortgage investments from bad to good.
► Instantly strengthens the financial standing of major holders of mortgage assets; the banks and insurance companies who provide loans to all businesses and consumers.
► Ends the threat of massive derivatives-contract events which would have been triggered by defaulting mortgage investments.
“But that lingering risk of (bank) insolvency means that the state needs to be ready to take yet more action. One option is to keep intervening as events unfold. The other (choice) is to shock the markets out of their mistrust by using public money to create a floor to the market, either in housing or in asset-backed securities.” The Economist. March 22, 2008.“Wall Street’s Crisis.”
Should we take such an action, we will unleash a boom from this terrible crisis. We need the boom now to pay off the massive new debts which our government must shoulder. Should we fail to take such an action, we must anticipate a continued deterioration in debt and equity markets. They will fall here, there and everywhere. Only shorts will be smart.
It is true that the graph of Plan Orange is crude. The numbers it depicts are wild guesses. Yet crude and limited as the picture may be, and given that the numbers are just a very rough estimate, the picture’s validity may be a significant. mistake of much greater import is to fail to estimate the total overhang of mortgage debts which are now “unsecured” debts.
I have not seen a single good estimate of this number. My apologies in advance for those reporters who have tried to determine this number as I am unaware of your work. To the rest of the pool of business reporters I say that your ignorance is best measured by your failure to estimate this crucial number.
Reporting on the financial crisis without knowing the volume of “unsecured” mortgage debt is adopting the strategy of blindness to make your way through the most troubling economic event of our lifetime. Edward Pinto, former chief credit risk officer at Fannie Mae, has just estimated negative equity by 12/31/09 as $1 trillion. He also finds no overall negative equity today. (Edward Pinto, January, 16, 2009, How Serious is the Mortgage Problem That Will Confront President Obama). I radically disagree with this estimate
The graph may be rough, but Plan Orange is a true picture of our financial crisis. It is the best starting point to guess what amount of “unsecured” mortgage debt we are going to encounter. And it provides a true, swift, and smart plan for how we may best end the crisis.
Plan Orange Volunteers For Job, Promises Ruthless Execution.
The unfolding drama has two primary players. They are property values and mortgage debts. As property values fall, the worth of mortgage investments fall. As the value of mortgage investments fall, the solvency of banks falls.
Then they wither and die.
That is the phase the banks are in now. I can’t imagine any of our major banks can survive our property catastrophe without massive new injections of capital. Plan Orange estimates property values will fall 40% from their peak value by the end of this year. We were down 23% two months ago from the high in summer 2006 (S&P/Case-Shiller Home Price Indices, 20-city Composite, December 30,2008, Home Price Declines Worsen as We Enter the Fourth Quarter of 2008).
The plan then wildly assumes 40% of mortgage debts will lose all value because of the fall in home values. Why? For one, you have to start somewhere in this guessing game, and a wild guess of $1 of equity destruction creating about 60 cents of debt destruction has at least the appearance of reason. It mimics our actual nationwide debt-to-equity ratio of 50%. If you measured the value of all mortgages at the market peak they would equal approximately 50% of the value of all residential real estate.
One other note to set the fearful into a wild stampeding retreat to the hinterlands: The obvious error in the Plan Orange graph is that equity to begin with is actually much lower than 50% on the properties which are going to default. In any case, stay with the assumption and use the loss of $8 trillion of equity and $5 trillion of mortgage debt as a big picture rule-of-thumb to define our crisis. To those with better information I would deeply appreciate your assistance in better defining these crucial numbers.
Before things went bad, the buyer of a home took out a mortgage to buy a home. The logic of that business decision has now become meaningless if the mortgage no longer buys a home. And for many it doesn’t.
“First, there must be a credible programme for what Americans call “deleveraging”. The US cannot afford years of painful debt reduction in the private sector – a process that has still barely begun. The alternative is forced writedowns of bad assets in the financial sector and either more fiscal recapitalisation or debt-for-equity swaps. It (deleveraging) also means the mass bankruptcy of insolvent households and forced writedowns of mortgages.” Financial Times. Martin Wolf. January 13, 2009. Why Obama’s plan is still inadequate and incomplete.
What happens if five or ten years or 15 years of payments on a mortgage create no wealth for the payer? What if the payments were impossible when the payer believed they would create wealth, but now they create nothing? Does the prospect of no wealth create the desire for impossible effort?
Then ask yourself this question: “When does a debt I am paying become too great if, after I have paid it, I receive nothing but a good credit report and the satisfaction of having met my promise to repay a debt?” It would be safest to say that this family-business decision will not follow the principles of Mother Theresa, unless of course she had a Robin Hood thing.
Look at the simple math. It is one thing to pay religiously on a $10,000 credit card to maintain your credit report. It is another question entirely if the bill is $200,000, the house is worth $120,000 (the value of a $200,000 house after a 40% value loss), and the payments last for 30 years. The obvious rational choice is to send the keys to the bank and let them have it.
Default. Allow the bank to take ownership.
When this happens and the bank finishes foreclosure, the bank sells to a private party for perhaps $80,000. The bank has lost $120,000 ($200,000 mortgage minus $80,000 sale price). This drama has and is and will repeat on a massive scale never seen before in our country. It is not alarmist to say we must expect an Armageddon of foreclosures.
Mr. Pinto, the previously referred to former Chief Credit Officer at Fannie Mae, has just estimated this week that one in six mortgages will go into foreclosure in the next four years; a total of nine million mortgages of a total national pool of 57 million mortgages (Edward Pinto, January, 16, 2009, How Serious is the Mortgage Problem That Will Confront President Obama). How would foreclosure filings increase should negative equity approach the $5 trillion mark by year end (as I have estimated). Or what if we hit $5 trillion of negative equity in 2010 or 2011? Versus Mr. Pinto’s estimate of $1 trillion of negative equity resulting in foreclosures of one in six homes?
We have never seen before a loss in values comparable to the one we are experiencing today. We are far worse already than the depression — if you count the loss as a percentage of the peak value (Carmen Reinhart & Kenneth Rogoff, Dec. 19,2008, page 5, The Aftermath of Financial Crisis). Their study of 21 bank crises suggest we have three more years of declining property values to get to the end of our property depression.
Plan Orange offers a simple solution to this problem.
For our $120,000 home with the $200,000 mortgage, Plan Orange says: Have the US Treasury pay down the balance of the mortgage to $96,000 (80% of the present appraised value is $96,000). If we use this payoff scheme en masse, we would eliminate foreclosures, negative equity, bank failures, derivative default events, and maybe even arrest the fall in property values.
Is it possible Plan Orange solves every significant problem in the property and mortgage world, and in a few other worlds as well?
Capital Invades the Crisis. Confidence Wins.
The plan may be a true solution to an impossible problem, yet it has one decidedly serious drawback: It costs $5 trillion dollars (according to the wild guestimate graph). I was relieved the other day to see World War II cost $17 trillion. That makes Plan Orange a bargain basement offer. Now I know that a $5 trillion cost makes the plan ridiculous. Unfortunately, the loss in property values is also ridiculous.
Do we have to do something ridiculous to get out of this ridiculous crisis we are in? It is not ridiculous to believe we must use a ridiculous option to kill a ridiculously massive catastrophe. Whatever the actual cost, if we ignore this grave issue, soon we will see pictures of ourselves and they will show our eyes are like dull tiny cue balls. And we will all go by the same name — Zombie. And the world will follow us into oblivion. And stay there.
They can’t stop its progress. Only we can.
A stimulus package dominates the news of the Obama administration plans. It is irrelevant to the issue of falling property values, disappearing mortgages, and bankrupt banks. It is useless in addressing the major crisis issues. Sorry. it’s off the point.
Recent chatter favoring a bad-bank to hold bad loans is a welcome sign that the faction called “economists” are gaining preponderant influence versus the “tea-ceremony” faction. A bad-asset bank, however, has no capacity to arrest property-price destruction or to deleverage zombie consumers in mortgage debt far over their heads.
A bad-asset bank only solves one of four major problems in the Vietnam nexus of non-performing assets / bank recapitalization / homeowner default / property-value destruction. Plan Orange attacks all of these problems. Which is better: One or four?
The time is right for massive intervention. Plan Orange guides our way forward well. It works in all property bubble countries. A coordinated announcement would create enormous confidence in markets worldwide. Bust can be broken into boom.
A bright future is much closer than we have imagined. Courage, ambition, and intelligence are the keys. They are widely available here. Open your eyes to danger and get ready to fight the good fight.
By Anthony M. Freed, Information-Security-Resources.com Financial Editor
On Friday January 30, representatives of Heartland Payment Systems (HPY) contacted me via email regarding my recent article which had asked some tough questions regarding the timing and nature of multiple large stock sales during the months leading up the revelation that the company was the victim of a security breach.
The company’s prompt attention in addressing these questions is appreciated. From Heartland’s Representatives:
In August 2008, Mr. Carr put in place a 10b5-1 plan to sell Heartland stock. The company publicly announced this plan by press release on August 8th, 2008, stating:
Mr. Carr and Robert Baldwin, President and Chief Financial Officer, have adopted prearranged trading plans to sell a portion of their company stock over time as part of their individual long-term tax planning, asset diversification, and liquidity strategy. Following the completion of trades contemplated under the plan, both Carr and Baldwin will continue to hold a substantial ownership interest in Heartland Payment Systems. Included in Carr’s holdings are 2,375,000 shares acquired through options exercised in the first quarter of 2006, none of which were used to satisfy the tax obligations incurred at the time the options were exercised. The stock trading plans were adopted in accordance with Rule 10b5-1 under the Securities and Exchange Act of 1934, as amended, as well as the Company’s policies with respect to sales of shares held by insiders. Under the Carr plan, a maximum one million shares can be sold over the next year, corresponding to the number of new performance-based options granted to Carr by the Board of Directors. Under the Baldwin plan, a maximum 78,180 shares can be sold, representing his options that expire in January 2009.
At the time of this announcement, Mr. Carr was not under any trading restrictions pursuant to the company’s insider trading policy and was not in possession of any material non-public information concerning the company. Under this 10b5-1 plan, programmed sales of company stock were made on Mr. Carr’s behalf, and he had no discretion regarding the timing or other aspects of those sales.
Although he was not required to do so, Mr. Carr terminated his 10b5-1 when the company confirmed the security breach it disclosed in the company’s press release of January 20, 2009. As has been reported, Heartland first learned of a potential problem from the card associations on October 28th of last year, well after the announcement of this 10b5-1 plan. Heartland categorically denies that Mr. Carr was aware of a potential security breach at the time he adopted his trading plan.
These are important issues to stakeholders, and legitimate questions to ask. I appreciate Heartland’s concern, and I will continue to follow the story as it unfolds.
Anthony is a researcher, analyst and freelance writer who worked as a consultant to senior members of product development, secondary, and capital markets from the largest financial institutions in the country during the height of the credit bubble. Anthony’s work is featured by leading Internet publishers including Reuters, The Chicago Sun-Times, Business Week’s Business Exchange, Seeking Alpha, and ML-Implode.
The Author gives permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author andInformation-Security-Resources.com
ByAnthony M. Freed, Information-Security-Resources.com Financial Editor
Heartland Payment Systems (HPY) and Federal investigators have released more details about the technical nature of the massive financial data breach made public last week, but have refused to pinpoint the exact date that Heartland first became aware there may have been a problem with their network security.
The date they settle on may well be the difference between market serendipity and an SEC investigation for insider trading, as an examination of stock sales made by Heartland CEO Robert O. Carr in the second half of 2008 raises some serious questions about just who knew what and when in the latest version of the worst-ever information security breach which has now spawned a class action lawsuit.
Federal investigators and the Secret Service have apparently traced the Heartland data breach to sources outside of North America, with some reports indicating Eastern Europe as being the most likely origin of the unauthorized access.
The principles and methods used by the perpetrator(s) have been uncovered, with evidence that is somewhat contradictory in nature, some of which is suspected of being nothing more than red haring planted by the hacker(s) to throw investigators off their trail.
The sniffer malware that surreptitiously siphoned tons of payment card data from card processor Heartland Payment Systems hid in an unallocated portion of a server’s disk. The malware, which was ultimately detected courtesy of a trail of temp files, was hidden so well that it eluded two different teams of forensic investigators brought in to find it after fraud alerts went off at both Visa (V) and MasterCard (US:MA) according to Heartland CFO Robert Baldwin.
“A significant portion of the sophistication of the attack was in the cloaking,” Baldwin said.
Another consultant-who also wanted his name left out-said the ability to write directly to specific disk sectors is frightening. “Somehow, these guys went directly to the base level of the machine (to an area) that was not part of the file table for the disk,” he said. “Somehow, they got around the operating system. That’s a scary mother in and of itself.”
Other industry brains were less impressed. One nationally recognized and certified information security expert who I corresponded with Wednesday evening regarding the breach indicated that the hackers exploited a system weakness that should have been well known to Heartland, for which protocols issued several years ago.
From my email conversation:
“This was an ‘I told you so’ moment for me. I know exactly which part of the process got hit. It was the un-encrypted Point-to-Point connection which occurs between the Host Security Module (HSM) and the Application Security Module (ASM).
“But that means that they had to have had a hole in their firewall to insert the sniffer into unallocated disk space. “
“Now Heartland is crying poor me, and the making it sound like they are heroes by claiming that they are going to ‘develop’ end to end encryption. They should have been using the ISO Banking Security Standards which were promulgated in 2004/2005. They should be expected to uphold the standard.”
It looks as if the techies have already dissected the mechanics of this modern day cyber-cat-burglar, but ten days later we still have no clear idea of how long the sensitive data was exposed or when Carr and other Heartland executives first had an indication that something was not as it should be.
Heartland CFO Robert) Baldwin also added more details to the sketchy timeframes that have been revealed thus far about the attacks, specifying that Heartland was contacted by Visa and MasterCard “in very late October,” possibly October 28.
Given that authorities are conducting an investigation, it is understandable that many details will not be released until after an arrest is made, but given the nature of the details that have and have not been revealed, one has to wonder who all is actually under investigation here.
Usually in an on-going criminal investigation, details are withheld from the press and public for many different reasons, but generally it is the mechanistic details of the crime, and often all the press has to report on is the headline and a timestamp.
Oddly enough it is the those details of the crime that have been trickling out that one would not expect – including the suspects possible location – but yet the generalities are being obscured, like what was stolen when did they steal it?
The answer to the latter of the two questions is of particular issue.
If Heartland personnel, and particularly Bob Carr, had absolutely no indication that something was awry with their processing system security until they were alerted by Visa and MasterCard at the end of October, then there is no problem.
Under this scenario, according to the chart above, Carr just happened to be in the middle of a major sell off of Heartland stock unlike any he has ever undertaken before when he found out “late in the fall” about the existence of problems.
It could simply be the case that Carr just happen to decide to sell 80,000 shares of Heartland stock for roughly $1.6 Million a pop on nine separate occasions about every other week in the four month period leading up to the announcement of the breach. These uncharacteristically large and more than frequent liquidations just happen to have occurred while the company was in the middle of an expensive acquisition and expansion of services push, all of course while the credit markets were in total dysfunction.
If on the other hand, company communiqué and records reveal that Heartland knew of possible anomalies in the processing security at the end of August instead of at the end of October, then we have a whole other scenario to apply the data to.
Under this hypothetical situation, Heartland may have discovered problems prior to end of August and may have known it was something serious simply because no one could figure it out. According to the official company statements, this was a difficult intrusion to detect, one that was missed more than once.
The initial internal conclusion was that “it looked most likely that it would be in a certain segment of our processing platform,” said Baldwin, adding that Heartland does not want to identify what that segment was. The company hired a forensic investigation team to come in and focus solely on that one area, an effort that ultimately proved fruitless. “We found issues in a large segment of our processing environment. The one that looked like the most promising turned out to be clean,” he said.
That second team “was nearing conclusion” and was about to make the same assessment the first team did: clean bill of health. But one of the last things that external, qualified risk assessor did was to try and match various temp files with their associated application. When some orphans-.tmp files that couldn’t be matched to any application or the OS-were turned over to Heartland’s internal IT group, they also couldn’t explain them, saying that it was “not in a format we use,” Baldwin said. More investigation ultimately concluded that those temp files were the byproduct of malware, and more searching eventually located the files in the unallocated portions of server disk drives.
So, continuing with the hypothetical scenario, Heartland would have had inside personnel looking for the problem when they get a call of Visa and MasterCard with the friendly heads-up. Heartland could have just not acknowledged the problem until their business partners forced them to.
The end of August is of interest because this is when Carr began to sell of large blocks of stock about every other week, and this was a significantly different trading pattern than Carr had engaged in previously.
If documentation turns up that indicates Heartland knew of serious problems with their network security prior to August 28th, these huge and rapid sell-offs by Carr may look more than suspect to the SEC.
I can not see the strategic value of withholding an accurate timeline of what exactly the company and Carr knew, and when exactly they knew it. But, if it turns out that everything is kosher here and all is as Heartland has indicated so far – which is very little – then I guess I just don’t understand Carr’s trading strategy over the last half of 2008 and how it related to his goals as a CEO for the growth an performance of his company.
They seem to be at odds, but that is no crime, just ask anyone who shorts their own company from time to time. It just needs to be cleared up. Not to worry though, as this is nothing that a solid and well documented timeline won’t be able to take care of (hint hint).
Meanwhile, Heartland’s stock (HPY) bounced back a little Wednesday, but is still trading at nearly half of it’s value prior to the breach announcement.
The data loss debacle at Heartland highlights the fact that the failure to secure information is a growing national security threat, and will be the next major shareholder derivative, director and officer liability, regulatory, consumer product safety, and class-action issue to impact our economy.
ByAnthony M. Freed, Information-Security-Resources.com Financial Editor. Anthony is a researcher, analyst and freelance writer who worked as a consultant to senior members of product development, secondary, and capital markets from the largest financial institutions in the country during the height of the credit bubble. Anthony’s work is featured by leading Internet publishers including Reuters, The Chicago Sun-Times, Business Week’s Business Exchange, Seeking Alpha, and ML-Implode.
The Author gives permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author andInformation-Security-Resources.com
Posted by Anthony M. Freed 
Your Mortgage or Your Life... 