Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On April 15, U.S. regulators announced settlements totaling $1.3 billion with several banking units of a German-headquartered financial institution to resolve allegations by the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC), the DOJ, the Federal Reserve Board, the New York Department of Financial Services (NYDFS), and the New York County District Attorney’s Office of apparent violations of multiple sanctions programs, including those related to Burma, Cuba, Iran, Libya, Sudan, and Syria. According to OFAC’s announcement, between January 2007 and December 2011, the institution’s banking units in Germany, Austria, and Italy processed thousands of payments through U.S. financial institutions on behalf of sanctioned entities “in a manner that did not disclose underlying sanctioned persons or countries to U.S. financial institutions which were acting as financial intermediaries.”
According to the roughly $611 million combined settlement agreements (see here, here, and here), OFAC considered various aggravating factors, and noted, among other things, that the institution’s banking units failed to sufficiently enforce policies addressing OFAC sanctions concerns or restrict the processing of transactions in U.S. dollars involving persons or countries subject to sanctions programs administered by OFAC. Additionally, OFAC asserted that the Austrian banking unit claimed on several occasions that OFAC’s sanctions programs “were not legally binding or relevant to [the bank].” OFAC further stated that while the banking units failed to voluntarily self-disclose the alleged violations, they have each agreed to implement and maintain compliance commitments to minimize the risk of the recurrence of the alleged conduct.
The approximate $611 million penalty will be deemed satisfied by the banking units’ payments to other U.S. regulators, which includes an almost $317 million forfeiture and roughly $468 million fine to the DOJ, $158 million fine to the Federal Reserve, and $405 million fine to the NYDFS.
On April 10, NYDFS announced that it denied a company’s applications to engage in virtual currency business and money transmission activity in New York due to the company’s alleged deficiencies in BSA/AML and Office of Foreign Assets Control (OFAC) compliance requirements, capital requirements, and token and product launches. According to the denial letter, the company applied for a virtual currency business activity license in August 2015, and had been operating under NYDFS’ virtual currency “safe harbor” ever since. Additionally, in July 2018, the company applied to engage in money transmission activity with the state. According to NYDFS, the state’s licensing law requires an applicant to demonstrate the ability to comply with the provisions of the licensing requirements, including “implementing an effective BSA/AML/OFAC compliance program as well as other measures to protect customers and the integrity of the virtual currency markets.” Based on NYDFS’ four-week on-site review of the company’s operations, NYDFS concluded, among other things, that the company’s BSA/AML/OFAC compliance program lacked (i) adequate internal policies, procedures and controls; (ii) a qualified, effective compliance officer; (iii) adequate employee training; (iv) adequate independent program testing; and (v) adequate customer due diligence. The company is required to immediately cease operating in New York State and doing business with New York residents and has 60 days to wind down or transfer its positions and transactions.
On March 31, the New York governor announced the passage of the state’s FY 2020 Budget, which includes an amendment (known as “Article 14-A” or “the Act”) to the state’s banking law with respect to the licensing of private student loan servicers. Article 14-A requires student loan servicers to be licensed by the New York Department of Financial Services (NYDFS) in order to service student loans owned by residents of New York. The licensing provisions do not apply to the servicers of federal student loans—defined as, “(a) any student loan issued pursuant William D. Ford Federal Direct Loan Program; (b) any student loan issued pursuant to the Federal Family Education Loan Program, which was purchased by the government of the United States pursuant to the federal Ensuring Continued Access to Student Loans Act and is presently owned by government of the United States; and (c) any other student loan issued pursuant to a federal program that is identified by the superintendent as a ‘federal student loan’ in a regulation”—as the Act treats federal servicers as though they are a licensed student loan servicer. Banking organizations, foreign banking organizations, national banks, federal savings associations, federal credit unions, or any bank or credit union organized under the laws of any other state, are also considered exempt from the new state licensing requirements.
In addition to the licensing requirements, Article 14-A also prohibits any student loan servicer—including those exempt from licensing requirements or deemed automatically licensed—from, among other things, (i) engaging in any unfair, deceptive, or predatory act or practice with regard to the servicing of student loans, including making any material misrepresentations about loan terms; (ii) misapplying payments to the balance of any student loan; (iii) providing inaccurate information to a consumer credit reporting agency; and (iv) making false representations or failing to respond to communications from NYDFS within fifteen calendar days. Article 14-A requires student loan servicers (not including exempt organizations) to accurately report a borrower’s payment performance to at least one credit reporting agency if the organization regularly reports information to a credit reporting agency. Additionally, the Act specifies that a student loan servicer shall inquire on how a borrower would like nonconforming payments to be applied and continue that application until the borrower provides different directions. Article 14-A also outlines examination and recordkeeping requirements and allows for the NYDFS Superintendent to penalize servicers the greater of (i) up to $10,000 for each offense; (ii) a multiple of two times the violation’s aggregate damages; or (iii) a multiple of two times the violation’s aggregate economic gain. Article 14-A takes effect 180 days after becoming law.
On April 9, U.S. and U.K regulators announced that a London-based global financial institution would pay $1.1 billion to settle allegations by the DOJ, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC), the Federal Reserve Board, the New York Department of Financial Services (NYDFS), the Manhattan District Attorney, and the U.K.’s Financial Conduct Authority (FCA) for allegedly violating multiple sanctions programs, including those related to Burma, Cuba, Iran, Sudan, and Syria. According to the OFAC announcement, from June 2009 until May 2014, the institution processed thousands of transactions involving persons or countries subject to sanctions programs administered by OFAC, but the majority of the actions at issue concern Iran-related accounts maintained by the institution’s Dubai branches. OFAC alleged the Dubai branches processed transactions through the institution’s New York branches on behalf of customers that were physically located or ordinarily resident in Iran.
According to the $639 million settlement agreement, OFAC noted, among other things, that the institution “acted with reckless disregard and failed to exercise a minimal degree of caution or care” with respect to the actions at issue. Moreover, OFAC alleged that the institution had actual knowledge or reason to know its compliance program was “inadequate to manage the [the institution]’s risk.” OFAC considered numerous mitigating factors, including that the institution’s substantial cooperation throughout the investigation and its undertaking of remedial efforts to avoid similar violations from occurring in the future.
The $639 million penalty will be deemed satisfied by the institution’s payments to other U.S. regulators, which includes, $240 million forfeiture and $480 million fine to the DOJ, $164 million fine to the Federal Reserve, and $180 million fine to the NYDFS. The institution also settled with the FCA for $133 million. The settlement illustrates the risks to foreign financial institutions associated with compliance lapses when processing transactions through the U.S. financial system.
On January 31, NYDFS issued Supplement No. 2 to Insurance Circular Letter No. 1 (2003), which provides guidance to the title insurance industry following a January 15 unanimous decision by the Appellate Division of the New York State Supreme Court to uphold Insurance Regulation 208. The Appellate Division’s decision vacated the majority of a trial court order annulling Regulation 208, which limits title insurers’ ability to offer inducements to obtain business. (See previous InfoBytes coverage here.)
The NYDFS supplement highlighted three critical holdings from the Appellate Division’s decision. First, the court upheld Regulation 208’s ban on inducements for future title insurance business, recognizing that NYDFS had found that lavish gifts were routinely offered to intermediaries such as lawyers in anticipation of receiving business. Second, the appellate court held that Insurance Law § 6409(d), which prohibits a commission, rebate, fee, or “other consideration or valuable thing,” is not limited to a prohibition on quid pro quo exchanges for specific business. Third, the court annulled Regulation 208’s ban on certain closer fees and fees for ancillary searches.
NYDFS’ cybersecurity FAQs provide process for covered entities that no longer qualify for exemptions
On February 2, NYDFS updated its answers to FAQs regarding 23 NYCRR Part 500, which established cybersecurity requirements for banks, insurance companies, and other financial services institutions. (See here for previous InfoBytes coverage on updates to the FAQs.) Among other things, the update outlines the procedures covered entities must follow if the entity ceases to qualify for exemptions under Section 500.19. Covered entities who no longer qualify for an exemption will have 180 days from the end of their most recent fiscal year to comply with all applicable requirements of 23 NYCRR Part 500. NYDFS further notes that covered entities may be required to periodically refile their exemptions to ensure qualification.
Linda Lacewell, New York Governor Andrew Cuomo’s nominee to replace outgoing Superintendent Maria Vullo as superintendent of NYDFS, is now listed on the department’s website as the acting superintendent. Ms. Lacewell—who previously served as chief of staff and counselor to the governor and served as both a state and federal prosecutor—built and implemented the state’s first system for ethics, risk and compliance in agencies and authorities, and has a history in ethics and law enforcement matters. According to published reports, Acting Superintendent Lacewell assumed her role on February 4.
On January 31, NYDFS issued a reminder for regulated entities that the final deadline for implementing NYDFS’s cybersecurity regulation ends March 1. Under the new regulation, banks, insurance companies, mortgage companies, money transmitters, licensed lenders and other financial services institutions regulated by NYDFS are required to implement a cybersecurity program to protect consumer data. The last step in the implementation timeline requires covered entities that use third-party providers to put in place policies and procedures ensuring the security of information systems and nonpublic information accessible to, or held by, such third parties. NYDFS also reminded regulated entities that the deadline to file their second certification of compliance via NYDFS’ cybersecurity portal is February 15.
Previously InfoBytes coverage on NYDFS’ cybersecurity regulation are available here.
On January 29, NYDFS announced a $40 million settlement with a London-based financial services company to resolve allegations the bank engaged in unsafe and unsound practices in its foreign exchange (FX) trading business. According to the consent order, the company did not implement and maintain sufficient controls to identify illegal tactics used by traders to maximize profits or minimize losses at the expense of the company’s customers, competitors, and the market as a whole. Among other things, the order states that between 2007 and 2013 the company’s FX traders (i) improperly coordinated trading through a chat room; (ii) improperly shared confidential consumer information; and (iii) engaged in “deliberate underfills” of consumer accounts. In addition to the fine, the company is required to improve its internal controls and programs to comply with applicable New York State and federal laws and regulations, submit a written plan to improve its compliance risk management program, and provide an enhanced written internal audit program. NYDFS acknowledged the company’s full cooperation with the investigation, in addition to taking disciplinary action against those identified as engaging in the misconduct.
On January 16, NYDFS announced a $100,000 settlement with a New York state-registered mortgage loan servicer for allegedly failing to register and maintain two properties as required by the state’s Abandoned Property Relief Act. Under the Act, NYDFS can hold banks and mortgage servicers accountable should they fail to fulfill certain maintenance obligations at vacant and abandoned residential properties (“zombie” properties) securing mortgage loans in their portfolios. NYDFS rejected claims that the servicer was unable to maintain the “zombie” properties due to not receiving authorization from the mortgagee and that the properties were not subject to the requirements of the Act because backdated lien releases extinguished its maintenance obligation. Under the terms of the consent order, the servicer has also agreed to provide confirmation within 30 days to NYDFS that all properties subject to New York’s Vacant and Abandoned Property Law have been sufficiently registered with NYDFS’ registry of vacant and abandoned properties, are maintained properly, and that all quarterly filings for each property have been submitted.
- Moorari K. Shah to discuss "State regulatory and disclosures" at the Equipment Leasing and Finance Association Legal Forum
- Daniel P. Stipano to discuss "The state of the BSA 2019: What’s working, what’s not, and how to improve it" at the West Coast Anti Money-Laundering Forum
- Buckley Webcast: The future of the Community Reinvestment Act
- Hank Asbill to discuss "Creative character evidence in criminal and civil trials" at the Litigation Counsel of America Spring Conference & Celebration of Fellows
- Buckley Webcast: Amendments to the CFPB's proposed debt collection
- Brandy A. Hood to discuss "Flood NFIP in the age of extreme weather events" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Michelle L. Rogers to discuss "UDAAP compliance" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Kathryn L. Ryan to discuss "Major state law developments" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Jonice Gray Tucker to discuss "Leveraging big data responsibly" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Kathryn L. Ryan to discuss "State examination/enforcement trends" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Benjamin K. Olson to discuss "LO compensation" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- APPROVED Webcast: State and SAFE Act licensing requirements for banks
- John C. Redding to discuss "TCPA compliance in the era of mobile" at the Auto Finance Risk Summit
- Buckley Webcast: The next consumer litigation frontier? Assessing the consumer privacy litigation and enforcement landscape in 2019 and beyond
- Buckley Webcast: Data breach litigation and biometric legislation
- Buckley Webcast: Trends in e-discovery technology and case law
- Hank Asbill to discuss "Pay no attention to the man behind the curtain: Addressing prosecutions driven by hidden actors" at the National Association of Criminal Defense Lawyers West Coast White Collar Conference
- Daniel P. Stipano to discuss "Keep off the grass: Mitigating the risks of banking marijuana-related businesses" at the ACAMS AML Risk Management Conference
- Daniel P. Stipano to discuss "Mid-year policy update" at the ACAMS AML Risk Management Conference
- Benjamin W. Hutten to discuss "Requirements for banking inherently high-risk relationships" at the Georgia Bankers Association BSA Experience Program
- Douglas F. Gansler to discuss "Role of state AGs in consumer protection" at a George Mason University Law & Economics Center symposium