## In the process of taking over financials and getting myself authorized ## to manage things on Mom's behalf, I've learned a bit more about what ## various legal documents can or cannot confer. On a bit of a whim I ## decided to write up some stuff about "phase 1" of this, where "phase 2" ## after passing has not happened yet, along with some research on how modern ## online and EFT payments work. A core point to this exchange is that good ## preparation in advance is going to save a ton of frantic work later. Date: Tue, 04 Oct 2022 12:22:45 -0500 To: [the end-of-life discussion list] Subject: DPoA, TTEE, ACH, EFT, m-o-u-s-e... So as I work through various instutional hurdles I figure maybe it's worth noting for the benefit of folks on the list who haven't wrestled with it yet ... and somewhat related to what Andy was noting, a durable power of attorney has certain limits. I also get into some fun finance stuff here. A key thing I'm being super glad of is how back in 2017 when my Dad passed, we made me a full co-trustee of the legal trust entity/instrument. What we never did was inform the various financial resources of this fact, because they don't have the necessary clairvoyance to realize that you updated a legal document mostly outside their scope. TL;DR, a power-of-attorney is only a starting point, not a master-key. So, for that matter, are letters-testamentary. So a simple PoA can support setting up some level of access to assets while the owner is still alive, and it's up to each institution how they want to handle it or even grant access at all. You still have to start more or less from ground zero with each financial house to authorized to specific resources. The co-trustee status is a bit more powerful, allowing me to basically become an exact equivalent account-holder with Mom, like my Dad was before. Once an institution takes their copies of that and has their legal people bless it and we go through a couple more hoops, I am a full co-signer on some key accounts I need to pay her stuff from. Being successor/beneficiary *and* co-trustee going into it, puts everything covered thereunder safely outside of probate. Without established co-TR, there could still be a break between PoA and granted letters-testamentary access that can freeze things up for an annoyingly long time. Co-trustee [often written TTEE] has a higher likelihood of bypassing the need for "medallion" signature guarantees on paper forms, or even notarization ... which for someone in nursing care who would have much difficulty getting out to a bank to get that done, is useful for me to operate mostly independently on the changes. For one or two things, I was able to get a non-witnessed signature from Mom but the first one was barely recognizable. As her dexterity returned, the scrawl started to look more normal. But having a copy of both the PoA and the co-trustee documents [an "amendment", plus my formal acceptance] on file is effectively her signature-by-proxy for that purpose. One financial house came up with a pair of interesting workarounds: first, their "add a trustee" form required medallion, but their "new account" form did not. So *they* came up with a hack: open an entirely new account, and fund it from the old one with direct holding-for-holding transfer. The second hurdle was authenticating release from the old account, and it turned out that Mom had been enrolled in their "voice verification" thing so getting her to authenticate and answer the yes/no question would suffice. This is a new-ish science that a lot of places are using, because voiceprint technology is much more accessible, and (so far) gives a fairly certain identity confirmation. [Yes, there are people working to spoof that, and more people working on defeating the spoofery, and it's the same ol' rat-race.] So I pulled another little hack to make it work: forwarded her house phone [on record at the institution] to the room phone in the nursing center, and scheduled the call. The institution called and got her, worked out the authorization, and then it completed. Again, each institution's requirements vary, both for authorizing access in general, and for what they want for setting up online, which is the other front I've been working on. Most will want a mobile phone reference even if they didn't have one before, and then send text codes to it to bang back into the website. Some can do voice-calls to a non-SMS landline to speak the code. One place demanded that I set up *four* "security questions", where of course the answers should have nothing to do with reality -- they're just unique passwords with arbitrary trigger text, so anyone still using their real MMN is out of touch with that reality. [example: your elementary school: lugnut] The IRS has this online service now called EFTPS, which is a payment portal. You link it directly to a bank account with routing/account number, and when you trigger stuff like quarterly tax payments they just suck the money right out of there. Not a particularly warm fuzzy feeling, but I figured they had my relevant R/A numbers anyways from previous checks so whatever. Having experience with this, and it does make tax stuff a lot easier, it was one of the first things I set Mom up with too -- since when I arrived last time, she had an outstanding quarterly that needed paying anyway. As soon as I was authorized on her regular ol' bank account, EFTPS got linked and out it went. Most institutions are now using the "micropayment" method for setting up what are called "external transfer" relationships, that flow via ACH between banks and other houses. If you haven't played with this, it's kind of cool, and seems reasonably solid. You link to a routing/account at another place, and a few days later, the source institution sends a couple of tiny amounts to that target account -- less than a dollar total, but very specific amounts of cents, as "verification" transactions. Then they pull it all back a while later. My job is then to log into that target institution, get the amounts from the transaction log, and bang those back into the authentication form on the source. If it all matches, the link is established, and then the external target [or source, I believe it's bidirectional for "spew" or "suck"] comes up in the from/to menus for transfers. This strays only a bit from actual EoL issues, but having a lot of this in place before the, uh, "second phase" activity really helps with the whole ongoing elder-care thing when they are just generally tired of financials. A little review told me that Mom had been having a little trouble balancing the checkbook since about 2019, so it was time to take over and put stuff online and automate as much as possible. This would have been so far beyond her computer savvy; she was under strict orders to never do financials online anyway, and she knew to never even try. For me, it's a small forest of very specific dedicated browser "profiles" set up to deal with each website's set of quirks, all bundled up and put away in encrypted storage when I'm not actually working with it. It never touches the regular sketchy-russian-porn browsing environment, and the vast majority of people have no idea how easy it is to separate all that functionality with a little file-juggling. _H* ## ## This next response is from someone who *has* been through executorship. ## Date: Tue, 4 Oct 2022 22:49:15 -0400 From: [another list correspondent] Subject: Re: [EoL] DPoA, TTEE, ACH, EFT, m-o-u-s-e... Lots of very good advice below, the big ones that I took from this are (see inline): : ... What we : never did was inform the various financial resources of this fact, Always tell financial institutions of changes in legal documents. That why they can tell you what they require before you are in a crisis. : Without established co-TR, there could still be a break between PoA and : granted letters-testamentary access that can freeze things up Anywhere from weeks to months (from direct experience). : One place demanded that I set up *four* "security questions", where of : course the answers should have nothing to do with reality --... I keep them in a secure place along with passwords. I am also likely to use the same response to all the questions from one institution. Favorite Vacation: sex, Favorite Sport: sex, High School: sex, etc. : ... trigger stuff like quarterly tax payments they just suck the money : right out of there. Not a particularly warm fuzzy feeling, but I figured : they had my relevant R/A numbers anyways from previous checks so whatever. Since the transactions are highly traceable, I figure they are worth trusting. Worst case I have to dispute a transfer. We have been doing direct transfers for a couple different vendors (in exchange for discounts, since they get their $$$ a day or so sooner) and have had zero issues. : Most institutions are now using the "micropayment" method Effectively, they are using the micro-transfers to verify account info. Kind of a clever way of doing it. When I linked our credit union banking accounts with my e*trade account I had to do this. : It never touches the regular sketchy-russian-porn browsing environment, Huh, is the Russian porn better than the US porn? :-) ## Date: Wed, 05 Oct 2022 05:54:44 -0500 To: [end-of-life list] Subject: Re: [EoL] DPoA, TTEE, ACH, EFT, m-o-u-s-e... Shortly after sending all that, I went to look at something called Plaid, which had been offered by one house as an alternative to "manual" bank linking for EFT. While I don't really trust handing credentials to some random third party, for the purposes Plaid is trying to accomplish it looks fairly legit and accredited, they tokenize where they can, and they have a lot of good educational info on their site and links to other good resources about ACH. https://plaid.com/resources/ach/what-is-ach/ https://plaid.com/resources/ach/how-does-an-ach-transfer-work/ https://www.dwolla.com/resources/ach-101-connect-business-economy/ https://gocardless.com/en-us/guides/ach/ach-authorization-forms/ Dwolla even has a sandbox where you can play with their APIs and build your own applications. Hmm, banking-by-grubby-shell-script?? What's kind of amazing is that it largely seems to get done without any crypto based authentication or proof, just various checks and balances and good accountability. I would guess that the most significant gating factor to participating is access to the network in the first place, plus a strong expectation that everyone will play nice. Would that the public internet had grown up under the same accepted guidelines! It *was* kind of like that in the earliest days, but then commercial greed took over and left all us old pharts wondering "who let all these idiots onto OUR internet". Speaking of scripts, as all this financial hair started to ramp up I already had the beginnings of a shell-driven "password manager" for easy lookup of various creds out of encrypted blobs, and it can even load the paste-buffer for the site I'm about to log into so I never have to see passwords. Now, it's got selectable data repositories, so I can point to one for my stuff and one for Mom's stuff. They will eventually merge, I expect. A check is basically a one-time ACH authorization anyway, but fewer and fewer institutions like having to handle them. For a place that I haven't set up on or linked yet, I had Mom write a check to herself yesterday -- the common trick to deposit money from one bank to another. She had actually never heard of that, any time she had to do something like that she did it over the phone. And I can see from her reactions and questions that she *really* never wants to touch this stuff again. _H*