Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
OFAC sanctions entity and two individuals for tracking weapons to IRGC and facilitating sanctions evasion
On June 12, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) imposed sanctions on a resource trading company and its two Iraqi associates, for trafficking “hundreds of millions of dollars’ worth of weapons” to the Iraq-based Islamic Revolutionary Guard Corps (IRGC) and facilitating access to the Iraqi financial system to evade sanctions.
According to OFAC, the sanctions were issued pursuant to Executive Order 13224, which “provides a means by which to disrupt the financial support network for terrorists and terrorist organizations.” As a result, “all property and interests in property of these targets that are in the United States or in the possession or control of U.S. persons must be blocked and reported to OFAC.” OFAC noted that persons who engage in transactions with the designated individuals and entities may be exposed to sanctions themselves or subject to enforcement action. Moreover, OFAC warned foreign financial institutions that, unless an exemption applies, they may be subject to U.S. sanctions if they knowingly facilitate significant transactions for any of the designed individuals or entities.
On June 11, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced additions to the Specially Designated Nationals List pursuant to Executive Orders (E.O.) 13573 and 13582. OFAC’s additions to the list include 13 entities and three individuals associated with an international network benefiting the Assad regime in Syria. According to OFAC, a Syrian business developer and his associated businesses have “leveraged the atrocities of the Syrian conflict into a profit-generating enterprise.” As a result, “all property and interests in property of these individuals and entities that are in the United States or in the possession or control of U.S. persons must be blocked and reported to OFAC.”
See here for continuing InfoBytes coverage of actions related to Syria.
On June 10, Senators Elizabeth Warren (D-Mass.) and Doug Jones (D-Ala.) wrote to the Federal Reserve Board, the OCC, the FDIC, and the CFPB requesting information regarding the role the regulators can play in ensuring that fintech companies serve consumers on a nondiscriminatory basis. The letter asserts that ,while the fintech business model—using algorithms to underwrite loans, typically without face-to-face interaction with consumers—has “the potential to expand access to financial services for underserved populations,” it also has the potential to lead to discriminatory results. Based on recent reports cited in the letter, the Senators ask the regulators to, among other things, (i) identify what their agency is doing to combat lending discrimination by lenders using algorithmic underwriting; (ii) explain how the agencies’ oversight of fair lending laws extend to the fintech industry; and (iii) describe any analyses conducted on the impact of fintech algorithms on minority borrowers. The letter requests the agencies respond to the inquiries by June 24.
On June 12, the U.S. District Court for the Northern District of Illinois denied an auto financing company’s renewed motion for summary judgment and request for reconsideration, concluding that the company’s calling system falls within the definition of automatic telephone dialing system (autodialer) under the TCPA.
According to the opinion, two separate class actions were filed alleging that the company violated the TCPA when making calls to consumers regarding outstanding auto loans by using an autodailer. In April 2016, the company filed a motion for summary judgment, arguing, among other things, that the calling system it uses does not constitute an autodialer under the TCPA, and moved to stay the proceedings until the D.C. Circuit issued its ruling in a related case, ACA International v. FCC. The court denied the motions but stated that it would “revisit any issues affected by [the ACA International] decision as needed.” In March 2018, the D.C. Circuit issued its ruling in ACA International, concluding that the FCC’s 2015 interpretation of an autodialer was “unreasonably expansive.” (Covered by a Buckley Special Alert here.)
The company then filed the renewed motion for summary judgment and request for reconsideration of the earlier decision. The court denied the motion, concluding that the company’s calling system was an autodialer under the TCPA as a matter of law, because the system automatically dialed numbers from a set customer list. The court applied the logic of the 9th Circuit in Marks v. Crunch San Diego, LLC (covered by InfoBytes here), stating that it was not bound by the FCC’s interpretations of an autodialer based on ACA International, and “[a]s such, ‘only the statutory definition of [autodialer] as set forth by Congress in 1991 remains.’” After reviewing the legislative history of the TCPA, the court determined that “[g]iven Congress’s particular contempt for automated calls and concern for the protection of consumer privacy,” the autodialer definition “includes autodialed calls from a pre-existing list of recipients,” rejecting the company’s argument that an autodialer must have the capacity to generate telephone numbers, not just pull from a preexisting list. Additionally, the court concluded that the system “need not be completely free of all human intervention” to fall under the definition of autodialer.
On June 11, the U.S. Court of Appeals for the 11th Circuit affirmed the dismissal of a RESPA action against a mortgage servicer, concluding that rescheduling a foreclosure sale is not a violation of Regulation X’s prohibition on moving for an order of foreclosure sale after a borrower has submitted a complete loss-mitigation application. According to the opinion, a consumer’s home was the subject of an order of foreclosure, and the mortgage servicer subsequently approved a trial loan-modification plan for a six-month period. The servicer filed a motion to reschedule the foreclosure sale so that the sale would not occur unless the consumer failed to comply with the modification plan during the trial period. The consumer filed suit, alleging that the servicer violated Regulation X––which prohibits loan servicers from moving for an order of foreclosure sale after a borrower has submitted a complete loss-mitigation application––because the servicer rescheduled the foreclosure sale instead of cancelling it. The district court dismissed the action.
On appeal, the 11th Circuit agreed with the district court, concluding that the consumer failed to state a claim for a violation of Regulation X. The appellate court reasoned that Regulation X does not prohibit a servicer from moving to reschedule a foreclosure sale as that motion is not the same as the “order of sale,” a substantive and dispositive motion seeking authorization to conduct a sale at all, as referenced in Regulation X. Moreover, the appellate court argued that the consumer’s interpretation of the prohibition is inconsistent with the consumer protection goals of RESPA because it would disincent loan servicers from offering loss-mitigation options and helping borrowers complete loss-mitigation applications, if a foreclosure sale has already been scheduled. Lastly, the appellate court noted that the motion to reschedule is consistent with the CFPB’s commentary that, “[i]t is already standard industry practice for a servicer to suspend a foreclosure sale during any period where a borrower is making payments pursuant to the terms of a trial loan modification,” rejecting the consumer’s argument that the servicer should have cancelled the sale altogether.
On June 10, the U.S. District Court for the Southern District of California denied a national payday lender’s motion to compel arbitration, agreeing with plaintiffs that the arbitration provision in their loan agreement was unenforceable because it was procedurally and substantively unconscionable. According to the opinion, plaintiffs filed a putative class action suit against the payday lender alleging the lender sells loans with usurious interest rates, which are prohibited under California’s Unfair Competition Law and Consumer Legal Remedies Act. The lender moved to compel arbitration asserting that the consumers’ loan agreements contain prohibitions on class actions in court or in arbitration, require arbitration of any claims arising from a dispute related to the agreement, and disallow consumers from acting as a “private attorney general.”
The court first determined that California law applied. It concluded that, while the lender was headquartered in Kansas, the consumers obtained their loans in California, and California “has a materially greater interest than Kansas in employing its laws to resolve the instant dispute,” based on its “material and fundamental interest in maintaining a pathway to public injunctive relief in unfair competition cases.”
The court then determined that the arbitration provision was procedurally unconscionable because, even though the consumers had a 30-day opt-out window, it required them to waive statutory causes of action “before they knew any such claims existed.” Finally, because the provision contained a waiver of public injunctive relief, the court determined it was substantively unconscionable based on the California Supreme Court decision in McGill v. Citibank, N.A (covered by a Buckley Special Alert here). The court rejected the lender’s arguments that McGill was preempted under the Federal Arbitration Act (FAA), noting a 2015 decision by the U.S. Court of Appeals for the 9th Circuit, “effectively controls” the dispute and the 9th Circuit reasoned that a similar state-law rule against waivers was not preempted by the FAA. Lastly, the court held that the unconscionable public injunctive relief waiver provision was not severable from the entire arbitration provision, because the agreement contained “poison pill” language that would invalidate the entirety of the arbitration provision.
On June 7, the U.S. Court of Appeals for the 6th Circuit affirmed a lower court’s ruling that an agreement between a Texas-based merchant and a payment processor did not require the merchant to pay millions of dollars in damage-control costs related to two card system data breaches. After the data breaches, the payment processor withheld routine payment card transaction proceeds from the merchant, asserting that the merchant was responsible for reimbursing the amount that the issuing banks paid to cardholders affected by the breaches. However, the merchant refused to pay the payment processor, relying on a “consequential damages waiver” contained in the agreement.
The payment processor argued that, under the agreement’s indemnification clause and provision covering third-party fees and charges, the merchant retained liability for assessments passed down from the card brands’ acquiring bank. The district court, however, granted summary judgment to the merchant, finding that the merchant was not liable for the card brands’ assessments. The court further ruled that the payment processor materially breached the agreement when it diverted funds to reimburse itself.
On review, the 6th Circuit agreed with the lower court that the assessments “constituted consequential damages” and that the agreement exempted consequential damages from liability under a “conspicuous limitation” to the indemnification clause. According to the 6th Circuit, the “data breaches, resulting reimbursement to cardholders, and levying of assessments, though natural results” of the merchant’s failure to comply with the Payment Card Industry's Data Security Standards, “did not necessarily follow from it.” In addition, the appellate court agreed with the district court’s holding that third-party fees and charges in the contract refer to routine charges associated with card processing services rather than liability for a data breach. The appellate court also concurred that the payment processor’s decision to withhold routine payment card transactions, constituted a material breach of the agreement.
On June 11, the CFPB announced that its first symposium, regarding the meaning of “abusive acts or practices” under Section 1031 of the Dodd-Frank Act, will be held on June 25. As previously covered by InfoBytes, the CFPB announced a symposia series that will convene to discuss consumer protections in “today’s dynamic financial services marketplace.” The June 25 symposium will be a public forum with two panels of experts discussing unfair, deceptive, or abusive acts and practices (UDAAP). The first panel will be a policy discussion, moderated by Tom Pahl, CFPB’s Policy Associate Director, Research, Markets and Regulation. The second panel will examine how the “abusive” standard has been used in practice in the field and will be moderated by David Bleicken, CFPB Deputy Associate Director, Supervision, Enforcement and Fair Lending.
In addition to the June 25 symposium, the series will have future events discussing behavioral law and economics, small business loan data collection, disparate impact and the Equal Credit Opportunity Act, cost-benefit analysis, and consumer authorized financial data sharing.
On June 12, the FTC announced a settlement under which a software provider agreed to better protect the data it collects, resolving allegations that the company failed to implement reasonable data security measures and exposed personal consumer information obtained from its auto dealer clients in violation of the FTC Act and the Standards for Safeguarding Customer Information Rule, issued pursuant to the Gramm-Leach-Bliley Act.
In its complaint, the FTC alleged the company’s failure to, among other things, (i) implement an organization information security policy; (ii) implement reasonable guidance or training for employees; (iii) use readily available security measures to monitor systems; and (iv) impose reasonable data access controls, resulted in a hacker gaining unauthorized access to the company’s database containing the personal information of approximately 12.5 million consumers. The proposed consent order requires the company to, among other things, implement and maintain a comprehensive information security program designed to protect the personal information it collects, including implementing specific safeguards related to the FTC’s allegations. Additionally, the proposed consent order requires the company to obtain third-party assessments of its information security program every two years and have a senior manager certify compliance with the order every year.
On June 11, the Federal Housing Finance Agency (FHFA) issued its 2018 Report to Congress, which, in part, provides information regarding FHFA's oversight of Fannie Mae and Freddie Mac (the GSEs) and describes FHFA actions as conservator the GSEs.
Most notably, in his letter to Congress introducing the report, FHFA Director Mark Calabria urged Congress to act on housing finance reform, noting that the conservatorship over the GSEs was “established as a short-term measure to address instability” during the financial crisis and now is of “unprecedented duration and scope.” Calabria encouraged Congress to work with the FHFA and the Administration to enact housing finance reform to ensure the GSEs are “well-capitalized, well-regulated, and well-managed to withstand any future downturn in the economy.” Additionally, Calabria requested that Congress provide FHFA with chartering authority similar to that of the OCC to increase competition in the secondary mortgage market. (As previously covered by InfoBytes here and here, Calabria and the Administration have encouraged housing finance reform that would end the GSE conservatorships and increase private sector participation in the mortgage market.) Lastly, Calabria argued for strengthening FHFA’s powers, similar to that of other federal financial safety and soundness regulators, including by granting the agency the authority to oversee third parties that do business with the GSEs, such as nonbank mortgage servicers.
- APPROVED Webcast: Introducing Mogy — APPROVED’s licensing technology solution
- Hank Asbill to discuss "Pay no attention to the man behind the curtain: Addressing prosecutions driven by hidden actors" at the National Association of Criminal Defense Lawyers West Coast White Collar Conference
- Daniel P. Stipano to discuss "Mid-year policy update" at the ACAMS AML Risk Management Conference
- Daniel P. Stipano to discuss "Keep off the grass: Mitigating the risks of banking marijuana-related businesses" at the ACAMS AML Risk Management Conference
- Christopher M. Witeck and Moorari K. Shah to discuss "The latest in vendor management regulations" at a Mortgage Bankers Association webinar
- Buckley Webcast: Hot topics in debt collection — An analysis of recent federal FDCPA litigation
- Jonice Gray Tucker to discuss "How to succeed in law school" at the SEO Law DC Panel Discussions
- Amanda R. Lawrence to discuss "Navigating the challenges of the latest data protection regulations and proven protocols for breach prevention and response" at the ACI National Forum on Consumer Finance Class Actions and Government Enforcement
- Benjamin W. Hutten to discuss "Requirements for banking inherently high-risk relationships" at the Georgia Bankers Association BSA Experience Program
- Brandy A. Hood to discuss "RESPA Section 8/referrals: How do you stay compliant?" at the New England Mortgage Bankers Conference
- Daniel P. Stipano to discuss "Lessons learned from recent enforcement actions and CMPs" at the ACAMS AML & Financial Crime Conference
- Daniel P. Stipano to discuss "Assessing the CDD final rule: A year of transitions" at the ACAMS AML & Financial Crime Conference