The bill creates a new statutory framework for suspected financial abuse of elders and dependent adults. It attaches legal duties and reporting channels to persons who, in the course of providing financial services, see or review transactions or documents that give rise to a reasonable belief of financial abuse.
The measure matters because it pulls banks, credit unions, and their employees into California’s elder‑abuse detection system and layers operational requirements — reporting timelines, federal notice obligations, a narrowly circumscribed civil penalty regime, and a new ability to refuse a power of attorney — onto institutions that already operate under other federal and state reporting regimes.
At a Glance
What It Does
The bill requires officers and employees of depository institutions and credit unions who have direct contact with, or who review or approve, an elder’s or dependent adult’s financial documents or transactions to make an immediate report by telephone or a confidential internet tool when they observe or reasonably suspect financial abuse. If reported by phone, a written report must follow within two working days; the bill also requires notice to the FBI’s Internet Crime Complaint Center within two working days. Financial institutions must provide annual training and, when suspected abuse is discovered within 48 hours of a transaction, give immediate client notice and encourage complaint submission within 24–48 hours. It authorizes refusing to honor a power of attorney when a report is made and creates civil penalties against the employer institution for failures to report.
Who It Affects
Depository institutions and credit unions (and their ‘institution‑affiliated parties’), their officers and employees who touch or review elder/dependent-adult accounts, attorneys‑in‑fact named in powers of attorney, Adult Protective Services, local law enforcement, long‑term care ombudspersons, and federal entities that receive incident notices such as the FBI and FTC.
Why It Matters
The bill integrates routine financial workflows into elder‑abuse detection, creating new compliance, training, and reporting obligations for institutions that already answer to bank regulators and anti‑money‑laundering rules. Practically, it means more cases will land with APS and federal partners, but institutions will need policies that balance timely reporting with customer privacy, POA disputes, and overlapping federal reporting duties.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
The bill defines who counts as a mandated reporter in the financial sector and what a covered financial institution is by cross‑reference to federal definitions for depository institutions, institution‑affiliated parties, and credit unions. The reporting trigger is tied to work activities: an employee who has direct contact with an elder or dependent adult, or who reviews or approves that person’s financial documents or transactions, must act when they observe, know of, or reasonably suspect conduct that, based on their training and the facts available to them, suggests financial abuse.
On mechanics, the bill sets a near‑term reporting regimen: reporters must make an immediate report by telephone or via a confidential internet reporting tool (the statute references existing Section 15658 tools). If the initial report is by phone, the institution must follow up with a written or internet submission within two working days to local Adult Protective Services or local law enforcement.
Separately, the bill requires a report to the FBI’s Internet Crime Complaint Center (IC3) within two working days; that particular requirement is carved out as not subject to the civil‑penalty regime in the bill. The bill also accommodates team reporting (one member may submit a joint report by agreement) and requires reports to the local ombudsperson or law enforcement if the elder resides in a long‑term‑care facility.The statute sets the standard for “suspected financial abuse” as what would lead an individual with similar training or experience, on the same facts, to form a reasonable belief.
It expressly says a bare allegation alone does not trigger the duty where the reporter lacks corroborating or independent evidence and, in the exercise of professional judgment, reasonably believes no abuse occurred; reporters are not required to investigate accusations beyond assessing the information before them. Reports made by financial‑institution staff are protected by the litigation privilege (Civil Code §47(b)).Enforcement is directed at the employer financial institution rather than individual employees: failure to report can produce a civil penalty up to $1,000, or up to $5,000 for willful failures, payable by the institution to the party bringing the action.
However, only the Attorney General, a district attorney, or a county counsel may bring that civil action; private plaintiffs cannot. The bill also clarifies it does not change other civil liabilities or remedies under existing law.On powers of attorney, the bill permits a mandated reporter to refuse to honor a probate‑code power of attorney with respect to an attorney‑in‑fact if the reporter makes a report that the principal may be subject to financial abuse by that attorney‑in‑fact.
That refusal is limited: the power remains enforceable for other attorney‑in‑fact designees about whom no report has been made. Finally, institutions must provide annual training on escalation and reporting to local and federal authorities (the text names FBI IC3 and the FTC) and, where suspected abuse is discovered within 48 hours of a transaction, immediately share reporting‑mechanism information with the client and encourage filing of complaints within 24–48 hours.
The Five Things You Need to Know
Mandated reporters must make an immediate telephone or confidential internet report when they observe or reasonably suspect financial abuse tied to transactions or documents they review or approve.
If the initial report is by telephone, a written or internet report to local Adult Protective Services or local law enforcement must be filed within two working days.
The bill requires a separate notice to the FBI’s Internet Crime Complaint Center (IC3) within two working days; failure to comply with that IC3 notice is explicitly excluded from the bill’s civil‑penalty scheme.
Civil penalties for failure to report are payable by the employer financial institution: up to $1,000 for nonwillful failures and up to $5,000 if the failure is willful; only the AG, a district attorney, or a county counsel may sue to recover the penalty.
A mandated reporter may refuse to honor a named attorney‑in‑fact’s power of attorney (under Probate Division 4.5) if the reporter submits a report alleging possible financial abuse by that attorney‑in‑fact; the refusal does not affect other co‑agents not subject to a report.
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
Who counts as a mandated reporter in the financial sector
This paragraph defines mandated reporters, limited to officers and employees of financial institutions. The practical effect is to attach statutory reporting duties to personnel working inside banks and credit unions rather than to all persons who might encounter elders. Institutions must therefore identify which roles have reporting obligations and update HR, compliance, and supervisory policies accordingly.
Definition of 'financial institution'
The bill imports federal statutory references: depository institutions under the FDIC Act, institution‑affiliated parties, and federal or state credit unions under the Federal Credit Union Act. That choice ties the California definition to the scope used by federal regulators and means a range of bank employees and certain affiliated actors are covered; it also creates potential read‑across questions where state and federal definitions diverge.
Reporting triggers, channels, and timelines (including FBI notice)
Reportable conduct is limited to incidents that are directly related to a transaction or matter within the reporter’s employment scope, or reasonable suspicions formed from documents/reviews. The bill mandates immediate reporting by telephone or a confidential internet tool; telephone reports must be followed by a written or internet report within two working days. It also requires notice to the FBI IC3 within two working days and expressly removes IC3 noncompliance from the bill’s civil‑penalty provisions, signaling a policy preference for federal notice even if later enforcement of that element differs.
Team reporting and long‑term care residents
The statute lets multiple mandated reporters coordinate: one member may file a single report by mutual agreement, with others responsible to file if the designated reporter fails to do so. For elders in long‑term care facilities, the report goes to the local ombudsperson or law enforcement — a procedural deviation intended to route facility‑resident cases to ombuds programs that specialize in LTC complaints.
When suspicion is sufficient and the non‑investigation rule
The bill sets an objective reasonable‑belief standard: suspected abuse exists when a similarly trained person, on the same facts, would reasonably believe abuse occurred. It clarifies that uncorroborated accusations alone do not trigger a reporting duty if the reporter, in professional judgment, reasonably believes abuse did not occur — and it absolves reporters of any duty to investigate allegations beyond assessing the information available to them.
Civil penalties and enforcement limitations
Failure to report can generate a civil penalty payable by the financial institution: up to $1,000 ordinarily and up to $5,000 for willful failures. Only the Attorney General, a district attorney, or a county counsel may bring an action to recover the penalty, and multiple actions for the same violation are barred. The provision targets institutional accountability while limiting private causes of action.
Litigation privilege and power‑of‑attorney refusal authority
Reports made under this section receive protection under Civil Code §47(b), shielding reporters from certain litigation risks. The bill also authorizes mandated reporters to refuse to honor a power of attorney with respect to a particular attorney‑in‑fact when they make a report alleging that the principal may be the victim of financial abuse by that attorney‑in‑fact; the power remains valid for other agents not subject to a report, which creates a narrowly targeted tool to halt suspected abuse without automatically voiding an entire POA.
Training and client notification after recent transactions
Financial institutions must provide annual training to mandated reporters on internal escalation and reporting paths, including federal options like FBI IC3 and the FTC. When suspected abuse is identified within 48 hours of a transaction, institutions must immediately share information on reporting mechanisms with the client and encourage complaint filing within 24–48 hours. The bill makes clear that violations of the IC3 notice requirement and the client‑notification sentence are not subject to the civil penalty regime set out elsewhere.
This bill is one of many.
Codify tracks hundreds of bills on Finance across all five countries.
Explore Finance in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- Elders and dependent adults — earlier detection and additional channels (bank reporting and federal notice) increase the chance of stopping fraudulent transfers and recovering assets.
- Adult Protective Services and local law enforcement — they receive more actionable leads from institutions that directly see or approve suspect transactions.
- Long‑term care ombudspersons — the statute supplies an explicit reporting path when residents in facilities are involved, improving case referrals for a population at high risk.
- Federal investigative bodies (FBI, FTC) — mandatory IC3/FTC notice provides more data on schemes and cyber‑enabled financial crimes affecting vulnerable adults.
Who Bears the Cost
- Financial institutions — must invest in annual training, update escalation and reporting workflows, implement secure internet reporting tools or integration with state tools, and absorb potential civil penalties for reporting failures.
- Front‑line employees (tellers, branch staff, reviewers) — face a legal duty to report that may pit customer relationships and privacy against statutory obligations, and they must exercise professional judgment without conducting investigations.
- Attorneys‑in‑fact and agents under powers of attorney — may face temporary refusals to act and interrupted access to funds when a report is filed, even before any finding of abuse.
- Local prosecutors and county counsel — charged with exclusive civil enforcement of penalties, they may see an increase in cases and need to prioritize limited enforcement resources.
Key Issues
The Core Tension
The central tension is between protecting vulnerable elders through early, institution‑based reporting and the operational, privacy, and consumer‑service costs of pulling financial staff into a mandatory‑reporting regime: early intervention can stop theft, but it also risks false positives, frozen accounts, and strained customer relationships — and it imposes new compliance burdens on institutions that already operate under overlapping federal rules.
The bill threads a difficult line between early intervention and disruption. Requiring immediate reports and a separate federal IC3 notice pushes institutions to escalate quickly, but rapid escalation increases the risk of false positives that can freeze legitimate transactions, damage customer trust, and provoke litigation from aggrieved agents or account holders.
The statute tries to limit unnecessary reporting by excluding bare allegations and by referencing a reasonable‑belief standard, but the operational distinction between a professional judgment call and an actionable suspicion is thin in front‑line financial contexts.
The measure sits alongside existing federal obligations (for example, Bank Secrecy Act suspicious‑activity reports) and private contractual duties; the bill does not reconcile these regimes. Institutions will have to design procedures to avoid duplicate or conflicting filings, manage privacy and data‑sharing risks when reporting to state and federal entities, and determine how internal holds or POA refusals interact with fiduciary and customer‑service obligations.
The requirement that only public prosecutors may seek civil penalties cuts down on private suits but concentrates enforcement responsibility in agencies that may lack the bandwidth to pursue every violation; conversely, capped penalties and limited private enforcement may reduce deterrence for larger institutions unless regulators or prosecutors prioritize cases.
Finally, several phrases are open to interpretation in ways that will matter in implementation: what counts as “direct contact” versus incidental interaction, how narrowly to read “reviews or approves” in digital back‑office workflows, and what training content satisfies the annual requirement. Regulators and institutions will need clear guidance, model policies, and possibly technical integration with state reporting tools to make the law workable without producing an avalanche of low‑value reports.
Try it yourself.
Ask a question in plain English, or pick a topic below. Results in seconds.