Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On October 7, the CFPB and the FTC (collectively, “agencies”) filed an amici curiae brief with the U.S. Court of Appeals for the Second Circuit in an action addressing “whether a person ceases to be an ‘applicant’ under ECOA and its implementing regulation after receiving (or being denied) an extension of credit.” According to the brief, a consumer filed suit against a national bank for allegedly violating ECOA and Regulation B’s adverse-action notice requirement when it closed his line of credit and sent an email acknowledging the closure without including (i) “‘the address of the creditor,’” and (ii) “either a ‘statement of specific reasons for the action taken’ or a disclosure of his ‘right to a statement of specific reasons.’” The district court dismissed the action after adopting the magistrate judge’s Report and Recommendation recommending that the bank’s motion be granted without prejudice to plaintiff, who had leave to brief the court on whether an amended complaint should be permitted.
The agencies disagreed with the district court and filed the amici brief on behalf of the applicant. Specifically, the agencies argue that ECOA’s protections apply to any aspect of a credit transaction, including those who have an existing arrangement with a creditor, noting there is “‘no temporal qualifier in the statute.’” According to the agencies, ECOA has provisions that cover the revocation of credit or the change in credit terms, and therefore, those provisions “would make little sense if ‘applicants’ instead included only those with pending requests for credit.” Moreover, the agencies argue that the district court’s interpretation of “applicant” would “curtail the reach of the statute,” and introduce a large loophole. Lastly, the agencies assert that the legislative history of ECOA supports their interpretation, such as the addition of amendments covering the revocation of credit, and most notably, Regulation B’s definition of “applicant,” which includes those who have received an extension of credit.
Recently, FINRA announced that all in-person arbitration and mediation proceedings will be postponed until January 1, 2021, except in certain specified circumstances. In particular, a proceeding may occur prior to that date: (1) if all parties to the arbitration or mediation agree to proceed in-person and the participants comply with state and local health orders; (2) if a panel orders that the arbitration or mediation take place telephonically or by Zoom; or (3) the parties stipulate that the proceeding may take place telephonically or by Zoom.
On October 12, the California Department of Justice released a third set of proposed modifications to the regulations implementing the California Consumer Privacy Act (CCPA). As previously covered by InfoBytes, on August 14, the regulations went into effect after being approved by the Office of Administrative Law (OAL). Highlights of the proposed modifications include:
- The addition of Section 999.306, subd. (b)(3), which provides illustrative examples of the methods businesses can use to provide the notice of right to opt-out of the sale of personal information through an offline method, when the business collects personal information in the course of interacting with consumers offline. Examples include: posting signage in the area where personal information is collected or providing the notice orally during calls where information is collected;
- The addition of Section 999.315, subd. (h), which provides illustrative examples of right to opt-out methods that are designed with the purpose or have the substantial effect of subverting or impairing a consumer’s choice to opt-out. Examples include: using double negatives or requiring consumers to click through a list of reasons why they should not opt-out before confirming their request;
- Amending Section 999.326, subd. (a), which clarifies what proof a business may require from an authorized agent and consumer when a consumer uses an agent to submit a request to know or a request to delete; and
Comments on the proposed modifications are due on October 28 by 5:00 p.m.
On October 13, the Financial Stability Board (FSB) published a report providing high-level recommendations for the regulation, supervision, and oversight of “global stablecoin” (GSC) arrangements. FSB defines “stablecoins” as a “specific category of crypto-assets which have the potential to enhance the efficiency of the provision of financial services, but may also generate risks to financial stability, particularly if they are adopted at a significant scale.” GSCs are those with multi-jurisdictional reach that “could become systemically important in and across one or many jurisdictions, including as a means of making payments.” The report, Regulation, Supervision, and Oversight of “Global Stablecoin” Arrangements, follows an analysis of financial stability risks raised by GSCs as well as a survey of FSB and non-FSB members’ approaches to stablecoins. Prior to issuing the report, FSB also conducted several outreach meetings with representatives from regulated financial institutions, fintech firms, academia, and the legal field. The October report, which takes into account public feedback received earlier in the year, outlines 10 high-level recommendations that “call for regulation, supervision and oversight that is proportionate to the risks, and stress the value of flexible, efficient, inclusive, and multi-sectoral cross-border cooperation, coordination, and information sharing arrangements among authorities that take into account the evolving nature of GSC arrangements and the risks they may pose over time.” However, the report stresses that because these recommendations primarily address financial stability risks, issues such as anti-money laundering/combating the financing of terrorism, data privacy, cyber security consumer and investor protection, and competition are not covered. These issues, which may present consequences for financial stability if not properly addressed, should be incorporated as part of a comprehensive supervisory, regulatory, and oversight framework, the report states.
Among other things, the report also provides regulatory authorities a guide “of relevant international standards and potential tools to address vulnerabilities arising from GSC activities,” and outlines a timeline of actions that will build a roadmap to ensure “any relevant international standard-setting work is completed.”
On October 13, the CFPB announced a settlement with the Texas-based auto-financing subsidiary of a Japanese automobile manufacturer to resolve allegations that the servicer violated the Consumer Financial Protection Act by engaging in illegal repossession and collection practices. The CFPB alleged that the servicer engaged in unfair and deceptive practices by (i) wrongfully repossessing vehicles even though customers made payments to decrease their delinquency to less than 60 days past due or kept a promise to pay; (ii) limiting the ability of borrowers who pay over the phone to select payment options with significantly lower fees; (iii) making false statements in loan extension agreements, which “created the net impression that consumers could not file for bankruptcy”; and (iv) knowing its repossession agents were charging customers upfront storage fees before returning personal property left inside repossessed cars.
Under the terms of the consent order, the servicer must pay a $4 million civil money penalty, as well as up to $1 million in consumer redress. The servicer must also credit any outstanding fees stemming from the repossession and pay consumers redress for each day it wrongfully held their vehicles. The servicer is also ordered to, among other things, (i) cease using language that creates the impression that customers may not file for bankruptcy; (ii) conduct a quarterly review to identify and remediate any future wrongful repossessions; (iii) adopt policies and procedures to correct its repossession practices; (iv) prohibit its repossession agents from charging fees to get personal property returned; and (v) clearly disclose phone payment fees to consumers.
On October 13, the member nations of the G7 issued a joint statement stressing their commitment to working with the financial services sector to address and mitigate ransomware attacks. The statement highlights the recent increase in ransomware attacks over the last few years and notes that the scale, sophistication, and frequency has intensified as attackers “demand payments primarily in virtual assets to facilitate money laundering.” These ransom payments, the G7 warns, “can incentivize further malicious cyber activity; benefit malign actors and fund illicit activities; and present a risk of money laundering, terrorist financing, and proliferation financing, and other illicit financial activity.” The G7 reminds financial institutions that paying ransom is subject to anti-money laundering/combating the financing of terrorism (AML/CFT) laws and regulations, and warns non-financial services companies that providing certain services, such as money transfers, may subject them to the same obligations. The G7 further urges entities to follow international obligations for reporting ransom payments as suspicious activity and to take measures to prevent sanctions evasions. Moreover, the G7 recommends that entities implement standards set by the Financial Action Task Force to reduce criminals’ access to and use of financial services and digital assets, and emphasizes the importance of implementing effective programs to “hold and exchange information about the originators and beneficiaries of virtual asset transfers.” The G7 plans to share information related to ransomware threats, explore opportunities for coordinated targeted financial sanctions, and encourage a global implementation of AML/CFT obligations on virtual assets and virtual asset service providers.
On October 15, the CFPB announced a proposed settlement with the largest U.S. debt collector and debt buyer and its subsidiaries (collectively, “defendants”), resolving allegations that the defendants violated the terms of a 2015 consent order related to their debt collection practices. As previously covered by InfoBytes, the Bureau filed an action against the defendants in September alleging that they collected more than $300 million from consumers by violating the terms of the 2015 consent order—and again violating the FDCPA and CFPA—by, among other things, (i) filing lawsuits without possessing certain original account-level documentation (OALD) or first providing the required disclosures; (ii) failing to provide debtors with OALD within 30 days of the debtor’s request; (iii) filing lawsuits to collect on time-barred debt; and (iv) failing to disclose that debtors may incur international-transaction fees when making payments to foreign countries, which “effectively den[ied] consumers the opportunity to make informed choices of their preferred payment methods.”
The stipulated final judgment, if entered by the court, would require the defendants to pay nearly $80,000 in consumer redress and a $15 million civil money penalty. Moreover, among other things, the defendants are subject to a five-year extension of certain conduct provisions of the 2015 consent order and must disclose to consumers the potential for international-transaction fees and that the fees can be avoided by using alternative payment methods.
On October 14, the DOJ announced it had entered into a plea agreement with a Brazil-based investment company that owns companies primarily involved in the meat and agricultural business, in which the company agreed to pay a criminal penalty of over $256 million related to violations of the FCPA’s anti-bribery provisions. According to the DOJ, between 2005 and 2017, to execute the bribery scheme in Brazil, the company “conspired with others to violate the FCPA by paying bribes to Brazilian government officials in order to ensure that Brazilian state-owned and state-controlled banks would enter into debt and equity financing transactions with [the company and company]-owned entities, as well as to obtain approval for a merger from a Brazilian state-owned and state-controlled pension fund.” Specifically, between 2005 and 2014, the company paid or promised more than $148 million in bribes to high-level Brazilian government officials, in exchange for receiving hundreds of millions of dollars in financing from a Brazilian state-owned and state-controlled bank. In another instance, the company paid more than $4.6 million in bribes to a high-ranking executive of a Brazilian state-controlled pension fund in exchange for the fund’s approval of a significant merger that benefited the company. The company also paid approximately $25 million in bribes to a high-level Brazilian government official in order to obtain hundreds of millions of dollars of financing from a different Brazilian state-owned and state-controlled bank. Company executives also “used New York-based bank accounts to facilitate the bribery scheme and to make corrupt payments, purchased and transferred a Manhattan apartment as a bribe, and met in the United States to discuss and further aspects of the illegal scheme.”
The announcement noted that the company did not voluntarily disclose the violations but still received partial credit and a 10 percent reduction off the U.S. Sentencing Guidelines fine range for its remediation and cooperation with the DOJ’s investigation. Under the terms of the plea agreement, the company will pay the U.S. approximately $128.2 million of the $256 million criminal penalty. The remaining portion will be offset by $128.2 million in penalties the company will pay pursuant to a resolution with the Brazilian authorities. The company also agreed to continue to cooperate with the DOJ in any ongoing or future criminal investigations, and will enhance its compliance program, and report on the implementation of its enhanced compliance program for a three-year period.
The SEC simultaneously announced a resolution in a related matter with the company, along with a majority-owned subsidiary and two Brazilian nationals who own the company and the subsidiary. According to the SEC, the Brazilian nationals engaged in a bribery scheme to facilitate the subsidiary’s acquisition of a U.S. food corporation. The SEC charged the two companies and individuals with violations of the books and records and internal accounting provisions of the FCPA. Under the terms of the cease and desist order, the subsidiary must pay approximately $27 million in disgorgement and the two Brazilian nationals are required to each pay civil penalties of $550,000. All parties also agreed to self-report on the status of certain remedial measures for a three-year period.
On October 9, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions pursuant to Executive Order 13851 against a Nicaraguan financial institution, as well as two government officials for supporting the Ortega regime, which “continue[s] to undermine Nicaragua’s democracy.” According to OFAC, the financial institution served as a tool for Ortega to “siphon money from  $2.4 billion in oil trusts and credit portfolios…in order to remain in power and pay a network of patronage.” As a result, all property and interests in property of the sanctioned individuals and entities, and any entities owned 50 percent or more by such persons subject to U.S. jurisdiction, are blocked and must be reported to OFAC. U.S. persons are also generally prohibited from entering into transactions with the sanctioned persons.
On October 8, the U.S. Treasury Department announced that the Secretary of the Treasury, in consultation with the Secretary of State, sanctioned 18 major Iranian banks, consistent with E.O. 13902, which identified Iran’s financial sector “as an additional avenue that funds the Iranian government’s malign activities.” E.O. 13902 provides Treasury with the authority to sanction any Iranian financial institution. The sanctioned banks include 16 banks operating in Iran’s financial sector and one bank that is owned or controlled by a sanctioned Iranian bank. In addition, OFAC sanctioned an Iranian military-affiliated bank under Treasury’s counter-proliferation authority pursuant to E.O. 13382. “Today’s action to identify the financial sector and sanction eighteen major Iranian banks reflects our commitment to stop illicit access to U.S. dollars,” Treasury Secretary Steven T. Mnuchin stated. OFAC noted that the sanctions under E.O. 13902 do not affect existing authorizations and exceptions for humanitarian trade (covered by a Buckley Special Alert), “which remain in full force and effect for these seventeen banks.”
As a result, all property and interests in property of the designated entities that are in the U.S. or in the possession or control of U.S. persons must be blocked and reported to OFAC. U.S. persons are also generally prohibited from engaging in transactions with the designated entities. OFAC is providing a 45-day period for non-U.S. persons to wind down non-humanitarian transactions that may become subject to sanctions as a result of the designations. OFAC further warned that “financial institutions and other persons that engage in certain transactions or activities with the sanctioned entities after a 45-day wind-down period may expose themselves to secondary sanctions or be subject to an enforcement action.”
Concurrent with the action, OFAC issued General License L, which outlines transactions and activities involving the sanctioned entities “that are authorized, exempt, or otherwise not prohibited under the Iranian Transactions and Sanctions Regulations.” Additional guidance is also provided in recently issued FAQs.
- H Joshua Kotin to discuss "Being fair, responsible, & profitable" at the QuestSoft Lending Compliance & Risk Management Virtual Conference
- Kathryn L. Ryan to discuss "NMLS mortgage call report – Where’s NMLS 2.0?" at the QuestSoft Lending Compliance & Risk Management Virtual Conference
- Thomas A. Sporkin to discuss "Managing internal investigations and advanced government defense" at the Securities Enforcement Forum
- Jeffrey P. Naimon to discuss "2021 - A new beginning/what's to come" at the QuestSoft Lending Compliance & Risk Management Virtual Conference
- H Joshua Kotin to discuss "Mortgage servicing in a recession: Early intervention, loss mitigation and more" at the NAFCU Virtual Regulatory Compliance Seminar
- Daniel R. Alonso to discuss "Independent monitoring in the United States" at the World Compliance Association Peru Chapter IV International Conference on Compliance and the Fight Against Corruption
- Jonice Gray Tucker to discuss "Cyber security, incident response, crisis management" at the Legal & Diversity Summit
- Jonice Gray Tucker to discuss "The future of fair lending" at the Mortgage Bankers Association Regulatory Compliance Conference
- Michelle L. Rogers to discuss "Major litigation" at the Mortgage Bankers Association Regulatory Compliance Conference
- Kathryn L. Ryan to discuss "Pandemic fallout – Navigating practical operational challenges" at the Mortgage Bankers Association Regulatory Compliance Conference
- Jonice Gray Tucker to discuss "Consumer financial services" at the Practising Law Institute Banking Law Institute
- Daniel P. Stipano to discuss "BSA/AML - Covid impact and regulatory/guidance roundup" at an NAFCU webinar