Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On January 12, the U.S. District Court for the Northern District of California dismissed one of plaintiffs’ causes of action and concluded that only two of the 67 public statements the plaintiffs identified in support of their securities fraud causes of action against a large bank and its former CEO (defendants) related to the defendants “collateral protection insurance (CPI) … practices for auto loan customers” were actionable. The plaintiffs alleged that while, in July 2016, the defendants learned of irregularities with respect to the CPI and, by September 2016, discontinued the program, the defendants did not disclose information on the CPI program’s issues until July 2017, after which time, the defendants’ stock price dropped. The plaintiffs then filed suit based on 67 public statements made by the defendants prior to that time, which the plaintiffs alleged the defendants knew were “false or misleading” and resulted in the bank’s stockholders losing money.
Upon review, the court found that 65 of the 67 public statements, on which the plaintiffs’ causes of action were based were not actionable. The two statements that the court found may support the plaintiffs’ causes of action were those made by the defendants when they were specifically asked whether they knew about “potential misconduct outside of the already disclosed improper retail banking sales practices” and, each time, “failed to disclose the CPI issue….” With respect to the two statements, the court found that the plaintiffs had “met [their] burden under the PSLRA (private securities litigation reform act)” to show a “strong inference that the defendant acted with the required state of mind,” and that the plaintiffs “adequately pleaded loss causation.” According to the opinion, the defendants did not challenge the plaintiffs’ contentions about the two alleged misstatements’ connection to the purchase or sale of the defendants’ securities, or that the plaintiffs relied on the misstatements or omissions and experienced economic losses as a result.
On January 10, the FTC announced that it entered into two settlement agreements: one with a call center and two individuals, and one with an additional individual (together, “the settling defendants”) that it claims made illegal robocalls to consumers as part of a cruise line’s telemarketing operation allegedly aimed at marketing free cruise packages to consumers. According to the two settlements (see here and here), the settling defendants “participated in unfair acts or practices in violation of . . . the FTC Act, and the FTC’s Telemarketing Sales Rule [(TSR)]” by “(a) placing telemarketing calls to consumers that delivered prerecorded messages; (b) placing telemarketing calls to consumers whose telephone numbers were on the National Do Not Call Registry; and (c) transmitting inaccurate caller ID numbers and names with their telemarketing calls.” The defendants are permanently banned from making telemarketing robocalls, and have been levied judgments totaling $7.8 million, all but $2,500 of which has been suspended due to the defendants’ inability to pay.
Also on January 10, the FTC filed a complaint in the U.S. District Court for the Middle District of Florida against the remaining six defendants allegedly involved in the telemarketing operation, for violations of the FTC Act and TSR based on the same actions alleged against the settling defendants.
On January 14, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced it was imposing sanctions on a North Korean trading corporation and a China-based North Korean lodging facility for facilitating North Korea’s practice of sending laborers abroad. According to OFAC, North Korea’s continued practice of exporting North Koreans as illicit laborers is an ongoing attempt to undermine and evade United Nations Security Council Resolutions. The designated companies’ exportation of workers on behalf of the country, OFAC stated, has generated revenue for the North Korean government or the Workers’ Party of Korea. As a result of the sanctions, “all property and interests in property of these targets that are in the United States or in the possession or control of U.S. persons must be blocked and reported to OFAC.” OFAC noted that its regulations “generally prohibit” U.S. persons from participating in transactions with the designated persons, and warned foreign financial institutions that if they knowingly facilitate significant transactions for any of the designated individuals, they may be subject to U.S. secondary sanctions.
On January 13, Washington state lawmakers announced two bills designed to strengthen consumer access and control over personal data and regulate the use of facial recognition technology. Highlights of SB 6281, the Washington Privacy Act, include the following:
- Applicability. SB 6281 will apply to legal entities that conduct business or produce products or services that are targeted to Washington consumers that also (i) control or process personal data for at least 100,000 consumers; or (ii) derive more than 50 percent of gross revenue from the sale of personal data, in addition to processing or controlling the personal data of at least 25,000 consumers. Exempt from SB 6281, among others, are state and local governments, municipal corporations, certain protected health information, personal data governed by state and federal regulations, and employment records.
- Consumer rights. Consumers will be able to exercise the following concerning their personal data: access; correction; deletion; data portability; and opt-out rights, including the right to opt out of the processing of personal data for targeted advertising and the sale of personal data.
- Controller responsibilities. Controllers required to comply with SB 6281 will be responsible for (i) transparency; (ii) limiting the collection of data to what is required and relevant for a specified purpose; (iii) ensuring data is not processed for reasons incompatible with a specified purpose; (iv) securing personal data from unauthorized access; (v) prohibiting processing that violates state or federal laws prohibiting unlawful discrimination against consumers; (vi) obtaining consumer consent in order to process sensitive data; and (vii) ensuring contracts and agreements do not contain provisions that waive or limit a consumer’s rights. Controllers must also conduct data protection assessments for all processing activities that involve personal data, and conduct additional assessments each time a processing change occurs that “materially increases the risk to consumers.”
- State attorney general. SB 6821 does not create a private right of action for individuals to sue if there is an alleged violation. However, the AG will be permitted to bring actions and impose penalties of no more than $7,500 per violation. The AG will also be required to submit a report evaluating the liability and enforcement provisions of SB 6281 by 2022 along with any recommendations for change.
- Information sharing. SB 6281 will allow the state governor to enter into agreements with British Columbia, California, and Oregon, which will allow personal data to be shared for joint research initiatives.
- Facial Recognition. SB 6281 will establish limits on the commercial use of facial recognition services. Among other things, the bill will require third-party testing on all services prior to deployment for accuracy and unfair performance, conspicuous notice when a service is deployed in a public space, and will require companies to receive consumer consent prior to enrolling an image in a service used in a public space.
The second bill, SB 6280, will more specifically govern the use of facial recognition services by state and local government agencies, and, among other things, outlines provisions for the use of facial recognition services when identifying victims of crime, stipulates restrictions concerning ongoing surveillance, and requires agencies to produce an annual report containing a compliance assessment.
As previously covered by InfoBytes, last year, New York introduced proposed legislation (see S 5642) that seeks to regulate the storage, use, disclosure, and sale of consumer personal data by entities that conduct business in New York state or produce products or services that are intentionally targeted to residents of New York state. Provisions included in the measures introduced by New York and Washington state differ from those contained in the California Consumer Privacy Act (CCPA), which took effect January 1. (Previous InfoBytes coverage on the CCPA is available here.)
On January 13, the New Jersey governor signed S 2998, which amends the state’s collateral protection insurance (CPI) disclosure requirements. The amendments provide that when CPI is required and provided by the creditor, the creditor must disclose to the consumer debtors that they will be responsible for interest on the CPI cost “at the same rate that is applied pursuant to [the debtor’s] credit agreement.” The creditor must also provide a “good faith estimate” of what the CPI coverage will cost the debtor. Additionally, the creditor must instruct the debtors how to provide evidence of the required insurance, so that in those instances where the debtor obtains CPI, the creditor-purchased CPI can be cancelled and the costs and interest fees can be recovered. The amendments take effect on April 12.
On December 26, the CFPB denied a petition by a student loan relief company to modify or set aside a civil investigative demand (CID) issued by the Bureau last October. According to the company’s petition, the CID requested information as part of an investigation into the company’s promotion of student loan debt relief programs. As previously covered by InfoBytes, stipulated orders were entered against the company by the FTC and the Minnesota attorney general for violations of TILA and the assisting and facilitating provision of the Telemarketing Sales Rule, which resulted in the company being permanently banned from engaging in transactions involving debt relief products and services or making misrepresentations regarding financial products and services. In its petition, the company argued that the CFPB’s requests were duplicative of the FTC’s earlier investigation. The company also argued that the documents and materials sought in the CID were overly burdensome and the time frame to respond was too short. Furthermore, the company stated that until the U.S. Supreme Court issues a decision in Seila Law v. CFPB on whether the Bureau’s structure violates the Constitution’s separation of powers under Article II, the CID should either be withdrawn or stayed because of the uncertainty surrounding the Bureau’s ability to proceed with enforcement actions.
The Bureau denied the petition, arguing that “the administrative CID petition process is not the proper forum for raising and deciding constitutional challenges to provisions of the Bureau’s statute.” The Bureau also noted that the company failed to show that it engaged with Bureau staff on ways to alleviate undue burden, such as proposing modifications to the substance of the requests, and that even though the Bureau proposed an extension to the CID deadline, the company did not seek such an extension.
Senate Democrats ask Inspector General to investigate how the Bureau determines restitution penalties
On January 13, fifteen Democratic Senators, led by Senators Catherine Cortez Masto (D-NV) and Sherrod Brown (D-OH) sent a letter to the Inspector General of the Federal Reserve Board calling for an investigation into the CFPB’s restitution penalties levied against companies accused of wrongdoing. The Senators claim that the Bureau’s restitution approach “creates a perverse incentive for companies to violate the law by allowing them to retain all or nearly all of the funds they illegally obtain from consumers.” The letter asks the Inspector General to investigate four recent settlements to examine how the Bureau determines restitution awards and whether the applied standard for restitution differs from the standard applied by courts and in prior CFPB settlements.
Included among the examples of actions for which consumers were provided limited to zero restitution is a recent settlement with a debt collector accused of engaging in improper debt collection tactics. As previously covered by InfoBytes, the company agreed to pay $36,878 in redress to harmed consumers, limiting the restitution to “only those consumers who affirmatively ‘complained about a false threat or misrepresentation’” by the company, the Senators wrote. Specifically, the Senators seek to determine the number of consumers who may have been excluded from the settlement because they did not affirmatively complain about the company’s behavior. A second example highlights an action taken against a group of payday lenders that allegedly, among other things, misrepresented to consumers an obligation to repay loan amounts that were voided because the loan violated state licensing or usury laws. (Previously covered by InfoBytes here.) According to the Senators, the settlement “dropped the requests for restitution and other relief for victimized consumers.” The letter also references a report released last October by the House Financial Services Committee (covered by InfoBytes here) following an investigation into these particular settlements, in which the Bureau responded “that it did not seek restitution in these cases because it could not determine ‘with certainty’ which consumers had been harmed or the amount of the harm.”
On January 10, the U.S. Supreme Court announced it had granted a petition for a writ of certiorari filed by the U.S. government in Barr v. American Association of Political Consultants Inc.—a Telephone Consumer Protection Act (TCPA) case concerning an exemption that allows debt collectors to use an autodialer to contact individuals on their cell phones without obtaining prior consent to do so when collecting debts guaranteed by the federal government. As previously covered by InfoBytes, the 4th Circuit agreed with the plaintiffs (a group of several political consultants) that the government-debt exemption contravenes the First Amendment’s Free Speech Clause, and found that the challenged exemption was a content-based restriction on free speech that did not hold up to strict scrutiny review. “Under the debt-collection exemption, the relationship between the federal government and the debtor is only relevant to the subject matter of the call. In other words, the debt-collection exemption applies to a phone call made to the debtor because the call is about the debt, not because of any relationship between the federal government and the debtor,” the appellate court opined. However, the panel sided with the FCC to sever the debt collection exemption from the automated call ban instead of rendering the entire ban unconstitutional, as requested by the plaintiffs. “First and foremost, the explicit directives of the Supreme Court and Congress strongly support a severance of the debt-collection exemption from the automated call ban,” the panel stated. “Furthermore, the ban can operate effectively in the absence of the debt-collection exemption, which is clearly an outlier among the statutory exemptions.” The petitioners—Attorney General William Barr and the FCC—now ask the Court to review whether the government-debt exception to the TCPA’s automated-call restriction is a violation of the First Amendment.
On January 10, President Trump issued a new Executive Order, “Imposing Sanctions with Respect to Additional Sectors of Iran,” while OFAC took action by designating eight Iranian officials, 17 Iranian entities, three China-and-Seychelles-based entities, and a vessel in response to recent military action taken by Iran against U.S. military interests. Specifically, E.O. 13902 imposes penalties on foreign financial institutions that knowingly do business with or on behalf of the designated Iranian entities and individuals. According to the E.O., the purpose of the sanctions is to deny revenue to the government of Iran that may be used to further the development of nuclear weapons.
On January 7, the SEC’s Office of Compliance Inspections and Examinations (OCIE) announced the release of its 2020 Examination Priorities. The annual release of exam priorities provides transparency into the risk-based examination process and lists areas that pose current and potential risks to investors. OCIE’s 2020 examination priorities include:
- Retail investors, including seniors and those saving for retirement. OCIE places particular emphasis on disclosures and recommendations provided to investors.
- Information security. In addition to cybersecurity, top areas of focus include: risk management, vendor management, online and mobile account access controls, data loss prevention, appropriate training, and incident response.
- Fintech and innovation, digital assets and electronic investment advice. OCIE notes that the rapid pace of technology development, as well as new uses of alternative data, presents new risks and will focus attention on the effectiveness of compliance programs.
- Investment advisers, investment companies, broker-dealers, and municipal advisers. Risk-based exams will continue for each of these types of entities, with an emphasis on new registered investment advisers (RIA) and RIAs that have not been examined. Other themes in exams of these entities include board oversight, trading practices, advice to investors, RIA activities, disclosures of conflicts of interest, and fiduciary obligations.
- Anti-money laundering. Importance will be placed on beneficial ownership, customer identification and due diligence, and policies and procedures to identify suspicious activity.
- Market infrastructure. Particular attention will be directed to clearing agencies, national securities exchanges and alternative trading systems, and transfer agents.
- FINRA and MSRB. OCIE exams will emphasize regulatory programs, exams of broker-dealers and municipal advisers, as well as policies, procedures and controls.
- Jonice Gray Tucker to discuss "Trends in regulatory enforcement" at the ABA Banking Law Committee Meeting
- Jonice Gray Tucker to discuss "Fair access to credit in today’s innovative environment" at the ABA Banking Law Committee Meeting
- Andrew W. Schilling to moderate "Expectations of in-house counsel from their law firm partners" at the ACI's 7th Annual Advanced Forum on False Claims and Qui Tam
- Buckley Webcast: Tips for navigating changes to the FHA recertification process
- Daniel P. Stipano to discuss "A 20/20 view on 2020’s legislative and regulatory outlook" at the ACAMS Anti-Financial Crime and Public Policy Conference
- Kathryn L. Ryan to discuss "Industry open forum session on NMLS usage" at the NMLS Annual Conference & Training
- Kathryn L. Ryan to discuss "Regulating innovative consumer lending products" at the NMLS Annual Conference & Training
- Daniel P. Stipano to moderate "Washington update" at the 17th Puerto Rican Symposium of Anti Money Laundering 2020 conference
- APPROVED Checkpoint Webcast: CFL overview
- Daniel P. Stipano to discuss "Pathway of the SARs: Tracking trajectories of suspicious activity reports from alerts to prosecution" at the ACAMS moneylaundering.com 25th Annual International AML & Financial Crime Conference
- Daniel P. Stipano to discuss "Which bud’s for you? A deep-dive into evolving marijuana laws" at the ACAMS moneylaundering.com 25th Annual International AML & Financial Crime Conference