Maryland Legal Alert for Financial Services

Maryland has enacted the Vulnerable Adult Banking Protection Act (SB 753 / HB 1008), a new statutory framework intended to help financial institutions respond to suspected financial exploitation involving vulnerable adults, including senior citizens. The Act defines a vulnerable adult as an individual lacking the physical or mental capacity to provide for the adult’s daily needs.

The Act authorizes a financial institution to delay or deny a disbursement from an account of a vulnerable adult (or an account on which the vulnerable adult is a beneficiary) if the financial institution believes the disbursement may result in financial exploitation of that vulnerable adult. This authority extends even when an agent acting under a Power of Attorney (POA) directs a disbursement. If the financial institution suspects that an agent is engaging in financial exploitation, the institution is not required to follow the agent’s instructions and may take protective measures to safeguard the vulnerable adult’s assets. 

An institution that delays or denies a disbursement from an account under this Act must: (1) send a written notice to all parties authorized to transact business on the account (excluding the individual suspected of financial exploitation) explaining the rationale for the delay or denial; and (2) notify the appropriate adult protective services program. A financial institution acting in good faith and exercising reasonable care shall have immunity from any administrative or civil liability arising from actions taken under this Act. 

Financial institutions should consider taking steps now to implement the Act's permissions and requirements, including:

• Reviewing internal policies governing when disbursements may be delayed or denied in suspected exploitation scenarios;
• Updating procedures for providing financial records to appropriate entities when required; 
• Confirming that core processing systems can support time-sensitive holds, notes, and audit trails consistent with the institution's legal position.

The Act becomes effective October 1, 2026.

Practice Pointer: Financial institutions should also use the time before the effective date to align training, escalation protocols, and documentation standards with the Act’s notice and reporting expectations. This includes establishing clear criteria for identifying suspected exploitation and excluding the suspected exploiter from account communications where appropriate. Establishing a consistent decision-making record can help reduce operational risk and support the institution’s ability to rely on the Act’s good-faith protections. 

For more information concerning this topic, please contact Peri L. Schuster. 

Contact Peri L. Schuster | 410-576-4005