InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
DFPI orders desist and refrain against investment firm
On November 16, under California Corporations Code § 25532, the California Division of Financial Protection and Innovation (DFPI) issued a desist and refrain order against a securities investment platform for allegedly making false representations and material omissions to investors.
The DFPI alleges the investment platform sold securities in California on its website and the platform referred to them as “certificates.” The platform claimed that the certificates paid investors returns ranging from 2.5 percent to five percent in addition to guaranteed monthly returns. To solicit investors, the platform allegedly engaged in a multi-level marketing (MLM) structure that would have investors influence others to send money. DFPI alleged that the certificates were not qualified under the California Corporate Securities Law. DFPI also alleged that the platform omitted material information to investors, which included (i) falsely representing that the platform was partnered with a particular forex broker; (ii) representing that it was a licensed bank (while omitting that the “license” was granted by a “fictitious regulator”); (iii) using the terms “bank” and “banking” while omitting that it was not authorized to engage in the business of banking in California; (iv) misrepresenting profits and risk of loss; and (v) failing to disclose that its securities were not qualified in California.
DOJ seizes $9 million in crypto from criminal scammers
On November 21, the DOJ seized nearly $9 million in stablecoins from cryptocurrency scammers after the criminals exploited over 70 victims. The DOJ seized stablecoins, a certain crypto asset pegged to a central bank’s currency, tied to the U.S. dollar. The scammers employed a long-con technique called “pig butchering” which is a tactic to build and exploit a victim’s trust over time by creating fake romantic enticements meant to swindle victims into handing over money. The criminals targeted and convinced victims to “make cryptocurrency deposits by fraudulently representing that the victims were making investments with trusted firms and cryptocurrency exchanges.”
The DOJ was able to trace the stolen funds based on the funds’ cryptocurrency addresses as part of a money laundering technique known as “chain hopping… used to ‘layer’ the proceeds of criminal activity into new cryptocurrency ecosystems, all to obfuscate the… ownership of those proceeds.” The DOJ worked with the U.S. Secret Service to trace the victim’s deposits, and it was originally alerted from victim reports made on the FBI’s Internet Crime Complaint Center and the FTC’s Consumer Sentinel Network.
FTC orders prison contractor to fix security exposures after data breach
On November 16, the FTC issued a proposed order against an integrated technology services company finding a violation of Section 5(a) of the Federal Trade Commission Act. According to the order, the company offered various products and services to jails, prisons, and detention facilities. These products and services included means of communication between incarcerated and non-incarcerated individuals, and, among other things, allowed non-incarcerated individuals to deposit funds into the accounts of incarcerated individuals. According to the complaint, and due to the nature of its operations, the company collected individuals’ sensitive personally identifiable information, including names, addresses, passport numbers, driver’s license numbers, Social Security numbers, and financial account information, some of which was exposed as a result of a data breach in August 2020 due to a misconfiguration in the company’s cloud storage environment.
In its decision, the FTC ordered the company to, among other things, (i) implement a comprehensive data security program, including “change management” measures and multifactor authentication; (ii) notify users affected by the data breach, who had not yet received notice, and offer credit monitoring and identity protection products; (iii) inform consumers and facilities within 30 days of future data breaches; and (iv) notify the FTC within 10 days of reporting any security incident to local, state, or federal authorities.
SEC charges crypto firm for failing to register and mitigate risk factors
On November 20, the SEC filed a complaint in the U.S. District Court of the Northern District of California against a crypto trading platform, which allows customers to buy and sell crypto assets through an online market, for allegedly acting as an unregistered securities exchange, broker, dealer, and clearing agency. The SEC is also claimed defendant’s business practices, internal controls, and recordkeeping were inadequate and presented additional risks to consumers, that would also be prohibited had defendant been properly registered with the commission. For instance, the SEC cited practices including commingling billions of dollars of consumers’ cash and crypto assets with defendant’s own crypto assets and cash, which defendant’s 2022 independent auditor identified as “a significant risk of loss."
Director of the SEC’s Division of Enforcement, Gurbir S. Grewal said, “[Defendant’s] choice of unlawful profits over investor protection is one we see far too often in this space, and today we’re both holding [defendant] accountable for its misconduct and sending a message to others to come into compliance.”
The SEC seeks to (i) permanently enjoin defendant from violating Section 5 and section 17A of the Exchange Act; (ii) permanently enjoin defendant from offering or selling securities through crypto asset staking programs; (iii) disgorge defendant’s allegedly illegal gains and pay prejudgment interest; and (iv) impose a civil money penalty.
OCC releases enforcement actions
On November 16, the OCC released a list of recent enforcement actions taken against national banks, federal savings associations, and individuals currently and formerly affiliated with such entities. Included is a cease and desist order against an Indiana bank for allegedly engaging in unsafe or unsound practices, related to corporate governance and enterprise risk management, credit underwriting and administration, liquidity risk management, and interest rate risk management. The order requires the bank to, among other things, (i) provide quarterly reports detailing corrective action and efforts to comply with the order; (ii) develop a written strategic plan; (iii) maintain specified capital ratios; (iv) engage an independent third party to review board and management supervision; (v) submit a written concentration risk management program and a written liquidity risk management program; (vi) adopt a credit underwriting and administration program; (vii) submit and adopt a written adequate allowance for credit losses; and (viii) adopt a written credit derivatives program.
CFPB imposes $15 million penalty on lender for violating 2019 order
On November 15, the CFPB announced a consent order against a Chicago-based small-dollar lender for allegedly violating a 2019 order and by independently violating the CFPA. According to the 2019 consent order, the respondent allegedly withdrew funds from consumers’ bank accounts without permission and failed to honor loan extensions. Specifically, the respondent replaced consumers’ bank account information used to pay for existing loans with separate account information supplied by a “lead generator.” Respondent allegedly debited consumers’ payments through the accounts provided by the lead generator, instead of the consumers’ originally saved payment method. The 2019 order, among other things, (i) barred the respondent from making or initiating electronic fund transfers without valid authorization; (ii) barred the respondent from failing to honor loan extensions; (iii) required the respondent to pay a $3.8 million civil money penalty. In its most recent order, the CFPB alleged that through an investigation of the respondent’s compliance with the 2019 order, the respondent continued the same unauthorized withdrawals and canceled loan extensions. The Bureau also alleged that the respondent failed to disclose that making a partial payment could cancel a loan extension and misrepresent associated fees, and they failed to provide consumers copies of signed authorizations. The respondent also allegedly provided inaccurate due dates, misrepresented skipping payments, and misrepresented loan amounts. The respondent released a statement on the enforcement action, highlighting its cooperation with the CFPB, and internal technical issues.
In the most recent order, the respondent, without admitting nor denying the CFPB’s allegations, agreed to pay a $15 million civil money penalty and refund affected consumers. The respondent also agreed to stop providing certain types of consumer loans for seven years (beginning in 2022) and to reform its executive compensation agreements and policies to ensure that compensation accounts for executives’ compliance with consumer financial protection laws, including the Consent Order. The respondent must conduct an annual compensation review and provide a report of the review to the CFPB.
SEC and DOJ charge two co-CEOs operating a $100 million fraud scheme
On November 9, the SEC and DOJ charged two co-CEOs of a tech investment firm for allegedly directing a $100 million fraud scheme. The two individuals were the founders of a failed Fresno-based technology company and were charged with “conspiring to commit wire fraud and taking more than $100,000,000 from various businesses and individuals” under U.S.C. § 1349. The two founders allegedly misled investors through falsified documents, bank records, auditing reports, and accounting statements.
The DOJ alleges that, as recently as January 2022, “[the two individuals lied] to board members, investors, lenders, and others about [the company’s] finances to obtain investments, loans, and other funding… Much of the money went towards paying payroll, including the [co-CEOs’] $600,000 per year salaries.” Authorities discovered the alleged fraud scheme back in May 2023 when the company failed to make payroll and then terminated all its 900 employees. If convicted, the two founders face a maximum statutory penalty of 20 years in prison each and a $250,000 fine.
DFPI orders deceptive debt collectors to desist and refrain, pay penalties
On October 23, DFPI announced enforcement actions against four debt collectors for engaging in unlicensed debt collection activity, in violation of Debt Collection Licensing Act and unfair, deceptive, or abusive acts or practices, in violation of the California Consumer Financial Protection Law. In its order against two entities, the department alleged that the entities contacted at least one California consumer and made deceptive statements in an attempt to collect a payday loan-related debt, among other things. In its third order against another two entities, DFPI alleged that a consumer was not provided the proper disclosures in a proposed settlement agreement to pay off their debts in a one-time payments. Additionally, DFPI alleged that the entity representatives made a false representation by communicating empty threats of an impending lawsuit.
Under their orders (see here, here, and here), the entities must desist and refrain from engaging in illegal and deceptive practices, including (i) failing to identify as debt collectors; (ii) making false and misleading statements about payment requirements; (iii) threatening unlawful action, such as a lawsuit, because of nonpayment of a debt; (iv) contacting the consumer at a forbidden time of day; (iv) making false claims of pending lawsuits or legal process and the character, amount, or legal status of the debt; (v) failing to provide a “validation notice” ; and (vi) threatening to sue on time-barred debt.
The entities are ordered to pay a combined $87,500 in penalties for each of the illegal and deceptive practices.
FTC and Wisconsin sue auto dealer group for alleged discrimination and illegal fees
The FTC and the State of Wisconsin announced that they filed a complaint in the District Court for the Western District of Wisconsin against an auto dealer group, and its current and former owners, and general manager, alleging that the defendants deceived consumers by tacking hundreds or even thousands of dollars in illegal junk fees onto car prices and discriminated against American Indian customers by charging them higher financing costs and fees relative to similarly situated non-Latino whites.
The complaint also notes the disparity only increased since a change of ownership in 2019. Specifically, the complaint alleges that the defendants regularly charged many of their customers junk fees for “add-on” products or services without their consent, which resulted in additional fees and interest on the customers’ loans. Further, the defendants allegedly discriminated against American Indian customers in the cost of financing by adding more “markup” to their interest rates. This additional markup cost American Indian customers, on average, $401 more compared to non-Latino white customers.
The complaint resulted in two proposed settlements. The proposed settlement with the auto dealer, its current owners, and the general manager requires the company to stop deceiving consumers about whether add-ons are required for a purchase and obtain consumers’ express informed consent before charging them for add-ons. The settlement will also the require the defendants to establish a comprehensive fair lending program that, among other components, will allow consumers to seek outside financing for a purchase and cap the additional interest markup the auto dealer can charge consumers. The current owners and general manager will also be required to pay $1 million to be used to refund affected consumers.
Separately, the former owners agreed to pay $100,000 to be used to refund affected consumers.
CFPB announces civil money penalty against nonbank, alleges EFTA and CFPA violations
On October 17, the CFPB announced an enforcement action against a nonbank international money transfer provider for alleged deceptive practices and illegal consumer waivers. According to the consent order, the company facilitated remittance transfers through its app that required consumers to sign a “remittance services agreement,” which included a clause protecting the company from liability for negligence over $1,000. The Bureau alleged that such waiver violated the Electronic Fund Transfer Act (EFTA) and its implementing Regulation E, including Subpart B, known as the Remittance Transfer Rule, by (i) requiring consumers sign an improper limited liability clause to waive their rights; (ii) failing to provide contact and cancellation information in disclosures, and other required terms; (iii) failing to provide a timely receipt when payment is made for a transfer; (iv) failing to develop and maintain required policies and procedures for error resolution; (v) failing to investigate and determine whether an error occurred, possibly preventing consumers from receiving refunds or other remedies they were entitled to; and (vi) failing to accurately disclose exchange rates and the date of fund availability. The CFPB further alleged that the company’s representations regarding the speed (“instantly” or “within seconds”) and cost (“with no fees”) of its remittance transfers to consumers were inaccurate and constituted violations of CFPA. The order requires the company to pay a $1.5 million civil money penalty and provide an additional $1.5 in consumer redress. The company must also take measures to ensure future compliance.