Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On September 14, the SEC announced a settlement with an alternative data provider and one of the company’s co-founders (collectively, "respondents") resolving allegations that the company violated antifraud provisions by engaging in deceptive practices and making material misrepresentations regarding alternative data. According to the order, the respondents understood that companies would share their confidential app performance data if they promised not to disclose it to third parties. As a result, the respondents assured companies that their data would be aggregated and anonymized before being used by a statistical model to generate estimates of app performance. However, the respondents, between 2014 and mid-2018, utilized non-aggregated and non-anonymized data to alter its model-generated estimates to make them more valuable to sell to trading firms. The SEC alleged that the respondents violated provisions of the Exchange Act, such as Section 10(b) and Rule 10b-5 thereunder, because their misrepresentations and other deceptive practices misled subscribers regarding how the company’s intelligence estimates were calculated. The order, to which the respondents consented, imposes civil money penalties of $300,000 and $10 million. The order also provides that the company must cease and desist from committing or causing any future violations of the Exchange Act, and prohibits the co-founder from serving as an officer or director of a public company for three years.
On September 13, the U.S. District Court for the Northern District of Illinois reimposed a more than $5 million restitution award in an action dating back to 2018, this time under Section 19 of the FTC Act. The court originally granted the FTC’s motion for summary judgment against a credit monitoring service and its sole owner in an action filed under Section 13(b) of the FTC Act, after concluding that no reasonable jury would find that the defendants’ scheme of using false rental property ads to solicit consumer enrollment in credit monitoring services without their knowledge could occur without engaging in unfair or deceptive practices (covered by InfoBytes here). However, as previously covered by InfoBytes, in 2019, the U.S. Court of Appeals for the Seventh Circuit held that Section 13(b) does not grant the FTC authority to order restitution—a position that the U.S. Supreme Court ultimately agreed with when issuing its decision in AMG Capital Management, LLC v. FTC (which unanimously held that Section 13(b) of the FTC Act “does not authorize the Commission to seek, or a court to award, equitable monetary relief such as restitution or disgorgement”—covered by InfoBytes here).
In its current ruling, the court agreed to reimpose the damages under the Restore Online Shopper Confidence Act (ROSCA) and Section 19. The court noted that because ROSCA incorporates all the enforcement tools of the FTC Act, the FTC could seek remedies using Section 19 of the FTC Act instead of relying on Section 18. Further, the court noted that the FTC indicated that the FTC may seek remedies under Section 19 when it brought the action under Section 5(a) of ROSCA, which the court ultimately agreed was correct. “The FTC has the better of this dispute,” the court wrote, adding, among other things, that “the court is unmoved by [the defendant’s] claims of unfair prejudice. Aside from the particular route to an award of restitution, nothing will materially change. The FTC seeks the same remedy, for the same reasons, and for the same victims under section 5(a) via section 19 as it did under section 13(b).”
On September 10, the OCC, Federal Reserve Board, and FDIC extended the comment period on the regulators’ proposed interagency guidance designed to aid banking organizations in managing risks related to third-party relationships, including relationships with fintech-focused entities. The deadline has been extended to October 18 and interested parties may submit comments until the deadline.
As previously covered by InfoBytes, the proposed guidance addresses key components of risk management, such as (i) planning, due diligence and third-party selection; (ii) contract negotiation; (iii) oversight and accountability; (iv) ongoing monitoring; and (v) termination. Coupled with the release of a Federal Reserve Board paper describing community bank and fintech partnerships, as well as interagency guidance to help community banks evaluate fintech relationships (covered by InfoBytes here), the federal bank regulators are demonstrating continued and increased focus on third-party risk management issues.
On September 14, the U.S. Treasury Department and FHFA announced the suspension of certain requirements that were added on January 14 to the Preferred Stock Purchase Agreements (PSPAs) between Treasury and Fannie Mae and Freddie Mac (collectively, “GSEs”). According to the announcement, “FHFA will continue to measure, manage, and monitor the financial and operational risks of the Enterprises to ensure that they operate in a safe and sound manner and consistent with the public interest.” In addition, during the suspension, the FHFA will review the requirements and consider other revisions, and notes that the suspensions “do not affect the [GSEs] ability to build or retain capital.”
On September 8, the FDIC updated its brokered deposits FAQs by adding an FAQ to illustrate an example of when a broker is “proposing deposit allocations” under the “matchmaking” definition. According to the FAQ, if an individual identifies at which banks to place the funds of individual customers of a broker dealer as part of a broker dealer sweep program, the person is “proposing deposit allocations” for purposes of the “matchmaking” definition. The new FAQ explains that this is true even if the broker dealer determines the group of banks, or the order of banks, at which the person can propose placing individual depositor's funds or the maximum amount that can be placed at each bank. In addition, the guidance explains that a person that is “proposing deposit allocations” at, or between, more than one bank, also satisfies the other criteria in the matchmaking definition.
The FDIC also provided a public list of all entities that have submitted public notices for the primary purpose exception as of August 31, 2021. Of the two exceptions that require notice filing, the majority of the filers so far claimed an exception based on “enabling transactions” business relationships whereby 100 percent of depositors’ funds that an agent or nominee places, or assists in placing, at depository institutions are placed into transactional accounts that do not pay any fees, interest, or other remuneration to the depositor.
On September 14, the FTC voted 3-2, at the recommendation of the Bureau of Consumer Protection and Bureau of Competition, to approve a series of resolutions intended to streamline consumer protection and competition investigations in core FTC-priority areas over the next decade. At the recommendation of the Bureaus, the FTC authorized eight new compulsory process resolutions, which authorize the use of civil investigative demands and subpoenas when investigating the following areas: (i) acts or practices affecting U.S. servicemember and veterans; (ii) acts or practices affecting children under 18; (iii) algorithmic and biometric bias; (iv) deceptive and manipulative online conduct, including matters related to tech support scams, payment processing, marketing of goods and services, and user interface manipulation; (v) repair restrictions; (vi) intellectual property abuse; (vii) common directors and officers and common ownership; and (viii) monopolization offenses. According to the FTC, adopting these resolutions will enhance and streamline the ability of FTC investigators and prosecutors to obtain evidence in critical investigations relating to potential violations of the FTC Act. FTC Commissioner Rohit Chopra issued a statement following the vote, commenting that the adoption “will improve the agency’s ability to order documents and data in investigations and fills a notable gap in the Commission’s long list of enforcement authorizations developed over many years.”
On September 9, the Federal Reserve Board published a paper describing the landscape of community banks and fintech partnerships. The paper, Community Bank Access to Innovation through Partnerships, is not guidance but is intended to promote and support “responsible innovation” through access and understanding to financial technology, as well as appropriate third-party risk management and compliance guardrails. The paper follows interagency guidance released last month by the Fed, OCC, and FDIC, which addressed several key due diligence topics for community banks considering relationships with prospective fintech companies, as well as interagency proposed guidance on third party risk management—signals of the regulators’ continued and increased focus on third-party relationships. (Covered by InfoBytes here and here.) The paper provides anecdotal observations shared with the Fed by outreach participants and discusses the benefits and risks of different broad partnership types (operational technology partnerships, customer-oriented partnerships, and front-end fintech partnerships), and key considerations for engaging in such partnerships. According to the report, outreach participants presented a general belief that “fintech partnerships were most effective when three elements were present: a commitment to innovation across the community bank; alignment of priorities and objectives of the community bank and its fintech partner; and a thoughtful approach to establishing technical connections between key parties, including the bank, fintech, and the bank’s core services provider.”
On September 13, the FDIC issued FIL-65-2021 to provide regulatory relief to financial institutions and help facilitate recovery in areas of North Carolina affected by remnants of Tropical Storm Fred. The FDIC acknowledged the unusual circumstances faced by institutions in affected areas, and suggested institutions take certain steps to meet the needs of their communities and keep the FDIC informed of business impacts. These steps include (i) working with borrowers to adjust or alter loan terms in a safe and sound manner; (ii) identifying potential community development activities to revitalize or stabilize the disaster area (which the FDIC noted may receive favorable CRA consideration); (iii) monitoring potentially impacted municipal securities and loans; (iv) notifying the FDIC of delays in meeting filing and publishing requirements, or in the event temporary banking facilities are needed; and (v) processing consumer requests under Regulation Z for a waiver or modification of the three-day rescission period for dwelling-secured loans in the event of a “bona fide personal financial emergency.”
On September 14, the CFPB issued an e-mail announcement reminding entities of a 2018 Supervisory Policy Statement regarding the existing flexibility some laws and regulations provide for supervised entities to assist with community and consumer recovery in the wake of major disasters and emergencies. Consumer resources for disasters are available from the CFPB here.
On September 13, President Biden nominated Alvaro Bedoya for Commissioner of the FTC. Bedoya would replace FTC Commissioner Rohit Chopra, who was nominated as the permanent director of the CFPB (covered by InfoBytes here). Chopra currently awaits a Senate confirmation vote on his nomination to serve as the Bureau’s director.
Bedoya, a Georgetown University visiting professor of law, also founded the law school’s Center on Privacy & Technology. According to the administration’s announcement, Bedoya previously “co-led a coalition that successfully pressed an Internet giant to drop ads for online payday loans” and served as the first chief counsel to the Senate Judiciary Subcommittee on Privacy, Technology and the Law. FTC Chair Lina M. Khan issued a statement following Bedoya’s nomination praising his “expertise on surveillance and data security.”
Additionally, Biden announced several CFTC Commissioner nominees: Kristin Johnson, Christy Goldsmith Romero, and Rostin Behnam, who currently serves as the agency’s acting chairman and has been nominated to be the permanent CFTC Chair. Behnam’s priorities include safeguarding customer protections, climate-related financial market risk, and diversity, equity, and inclusion in the financial markets.
- Buckley Webcast: Best practices for incident-response planning in a dangerous and regulated world
- Jonice Gray Tucker to discuss “Government investigations, and compliance 2021 trends” at the Corporate Counsel Women of Color Career Strategies Conference
- APPROVED Webcast: California debt collection license requirement: Overview and analysis
- Max Bonici to discuss “BSA/AML trends: What to expect with the implementation of the AML Act of 2020” at the American Bar Association Banking Law Fall Meeting
- Jeffrey P. Naimon to discuss “Regulators are gearing up: Are you ready?” at HousingWire Annual
- Amanda R. Lawrence and Elizabeth E. McGinn discuss “U.S. state privacy legislation – Are you compliant?” at the Privacy+Security Forum
- H Joshua Kotin to discuss “Modifications and exiting forbearance” at the National Association of Federal Credit Unions Regulatory Compliance Seminar
- Jonice Gray Tucker to discuss “Fintech trends” at the BIHC Network Elevating Black Excellence Regional Summit
- Jeffrey P. Naimon to discuss "Truth in lending” at the American Bar Association National Institute on Consumer Financial Services Basics
- John R. Coleman and Amanda R. Lawrence to discuss “Consumer financial services government enforcement actions – The CFPB and beyond” at the Government Investigations & Civil Litigation Institute Annual Meeting
- Jonice Gray Tucker to discuss "Consumer financial services" at the Practising Law Institute Banking Law Institute
- Jonice Gray Tucker to discuss “Regulators always ring twice: Responding to a government request” at ALM Legalweek