Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On January 16, NYDFS announced a $100,000 settlement with a New York state-registered mortgage loan servicer for allegedly failing to register and maintain two properties as required by the state’s Abandoned Property Relief Act. Under the Act, NYDFS can hold banks and mortgage servicers accountable should they fail to fulfill certain maintenance obligations at vacant and abandoned residential properties (“zombie” properties) securing mortgage loans in their portfolios. NYDFS rejected claims that the servicer was unable to maintain the “zombie” properties due to not receiving authorization from the mortgagee and that the properties were not subject to the requirements of the Act because backdated lien releases extinguished its maintenance obligation. Under the terms of the consent order, the servicer has also agreed to provide confirmation within 30 days to NYDFS that all properties subject to New York’s Vacant and Abandoned Property Law have been sufficiently registered with NYDFS’ registry of vacant and abandoned properties, are maintained properly, and that all quarterly filings for each property have been submitted.
On January 4, NYDFS and the New York Attorney General announced a joint $9 million settlement with a national student loan servicer to resolve allegations that the servicer, among other things, deceived student loan borrowers about their repayment options and steered them into higher-cost repayment plans. According to a press release issued by the Attorney General’s office, the servicer “steered distressed borrowers away from available income-based repayment plans towards other, more expensive options, thus costing them money and increasing their risk of default.” Additionally, the consent order alleges that the servicer misinformed borrowers—including servicemembers—about their repayment options, such as telling borrowers they were not eligible for Public Service Loan Forgiveness plans when they may have qualified after consolidating their loans. Furthermore, the servicer allegedly (i) improperly processed applications for income-based repayment; (ii) allocated underpayment for certain borrowers to maximize late fees; (iii) improperly processed payments; (iv) failed to accurately report information to credit reporting agencies; (v) failed to “properly recalculate monthly payments for servicemembers when adjusting their interest rates under the Servicemembers’ Civil Relief Act”; (vi) charged improper late fees; and (vii) did not provide borrowers notification of their eligibility for a co-signer release.
The servicer, while neither admitting nor denying the findings alleged by NYDFS and the Attorney General, has agreed to pay $8 million in restitution to New York borrowers and a $1 million fine. Moreover, the servicer has agreed to stop servicing private and federal loans—with the exception of Perkins Loans—over the next five years.
On December 18, NYDFS announced a $15 million settlement with an international bank and its New York branch resolving allegations stemming from an investigation into the governance, controls, and corporate culture relating to the bank’s whistleblower program. According to the announcement, NYDFS’ investigation determined that several members of senior management failed to follow or apply the bank’s whistleblower policies and procedures, which allegedly allowed the bank’s CEO to attempt to identify the author(s) of two whistleblowing letters criticizing his and bank’s management’s roles in recruiting and employing a recently hired senior executive. Additionally, the investigation found that, in alleged violation of New York Banking Law, the bank (i) failed to devise and implement effective governance and controls with respect to the whistleblower program; and (ii) failed to submit a report to NYDFS immediately upon discovering misconduct.
NYDFS acknowledged the bank’s substantial cooperation in the investigation, including engaging an outside consultant to perform an independent review of the whistleblowing policies, processes, and controls. Additionally NYDFS stated the bank has already addressed certain deficiencies noted in the Consent Order, including implementing (i) procedures which recognize that concerns raised outside whistleblowing channels may nevertheless constitute whistleblows; (ii) procedures which would avoid escalating a whistleblow to the subject of the concern; and (c) procedures to preserve whistleblower anonymity. In addition to the $15 million penalty, the bank must create a written plan to improve compliance and oversight of the whistleblower program and submit a report to NYDFS that contains all instances of whistleblower complaints since January 2017, attempts to identify whistleblowers, and any reported or sustained instances of whistleblower retaliation.
NYDFS and international bank enter into second supplemental consent order over BSA/AML compliance deficiencies
On November 21, NYDFS and an international bank entered into a second supplemental consent order covering its settlement over alleged deficiencies in the bank’s Bank Secrecy Act/anti-money laundering and Office of Foreign Assets Control (OFAC) compliance program controls. As previously covered by Infobytes, in 2012, the bank agreed to engage an independent on-site monitor for 24 months to evaluate the New York branch’s BSA/AML and OFAC compliance programs and operations and was issued a $340 million civil money penalty. In 2014 NYDFS issued a subsequent consent order outlining the monitor’s findings, including reports of significant failures in the bank’s transaction monitoring. The 2014 order extended the engagement of the monitor for another two years, outlined remedial measures to address continued deficiencies, and required the bank to pay an additional $300 million civil money penalty. In April 2017, NYDFS and the bank entered into the first supplemental consent order to modify the 2012 and 2014 orders, acknowledging the bank made significant improvements in its BSA/AML compliance program but extended the monitor through December 2018 with all the other terms and conditions of the 2012 and 2014 consent orders remaining in full effect.
Now, beginning January 1, 2019, the second supplemental order issued by NYDFS requires the bank to engage an independent consultant, selected by the regulator, for a period of up to one year, with a possible extension of one additional year, to provide guidance for completing remediation called for in the 2012 and 2014 consent orders. In response to the second supplemental order, the bank stated it remained “committed to completing the remaining tasks necessary for that remediation.”
On November 19, the Federal Reserve Board, Office of Foreign Assets Control (OFAC), DOJ, Manhattan District Attorney’s Office, and NYDFS announced that a French bank agreed to pay approximately $1.34 billion in total penalties to resolve federal and state investigations into the bank’s allegedly intentional violation of U.S. sanctions laws and other federal and New York state laws from approximately 2003 to 2013.
The bank entered into a deferred prosecution agreement (DPA) with the U.S. Attorney’s Office for the Southern District of New York to settle charges of conspiring to violate U.S. sanctions against Cuba by “structuring, conducting, and concealing U.S. dollar transactions using the U.S. financial system.” The DPA requires the bank to forfeit more than $717 million. The bank also agreed to “accept responsibility for its conduct by stipulating to the accuracy of an extensive Statement of Facts, pay penalties totaling [$1.34 billion] to federal and state prosecutors and regulators, refrain from all future criminal conduct, and implement remedial measures as required by its regulators.” According to the DOJ, the bank “admitted its willful violations of U.S. sanctions laws—and longtime concealment of those violations—which resulted in billions of dollars of illicit funds flowing through the U.S. financial system.” As factors mitigating the penalty, the DPA acknowledges the bank’s efforts to collect and produce “voluminous evidence located in other countries to the full extent permitted under applicable laws and regulations, and its enhancement of its compliance program and sanctions-related internal controls both before and after it became the subject of a U.S. law enforcement investigation.” Among other factors, the bank’s willingness to enter into the terms of the DPA, outweighed its “failure to self-report all of its violations of [U.S.] sanctions laws in a timely manner.”
The bank also entered into agreements to pay almost $163 million to the New York County District Attorney’s Office, nearly $54 million to OFAC, approximately $81 million to the Federal Reserve Board, and $325 million to NYDFS. Among other things, NYDFS noted that branch employees “responsible for originating USD transactions outside of the U.S. had a minimal understanding of U.S. sanctions laws and regulations as they related to Sudan, Iran, Cuba, North Korea, or other U.S. sanctions targets.”
Separate from the resolution of alleged sanctions violations, NYDFS imposed an additional $95 million penalty to resolve findings that the bank’s New York branch allegedly failed to “implement and maintain an effective Bank Secrecy Act/Anti-Money Laundering Law compliance program and transaction monitoring system.”
According to a bank statement issued the same day, the bank acknowledges and regrets the identified shortcomings, and “has already taken a number of significant steps in recent years and dedicated substantial resources to enhance its sanctions and AML compliance programs.”
On October 25, NYDFS provided a new update to its answers to FAQs relating to 23 NYCRR Part 500, which took effect March 1, 2017, and establishes cybersecurity requirements for banks, insurance companies, and other financial services institutions. The original promulgation of the FAQs was covered in Infobytes, as were the last updates in February, March, and August.
The new update states that when a covered entity uses an independent “Utilization Review” agent (UR agent) who receives nonpublic information, the covered entity should treat the UR agent as a third-party service provider in order to properly assess and address any potential risks to their data and systems. NYDFS emphasizes that covered entities bear the responsibility for these protections.
On October 10, NYDFS entered into a consent order with a United Arab Emirates-based bank and its New York branch to resolve alleged violations of the Bank Secrecy Act (BSA) and Anti-Money Laundering (AML) laws related to the branch’s U.S. dollar clearing operations for foreign customers located in high risk jurisdictions. The alleged violations were discovered during examinations conducted in 2016 by the NYDFS and 2017 by the NYDFS and Federal Reserve Bank of New York. During this time, NYDFS downgraded the bank’s score due to certain alleged deficiencies identified in the branch’s BSA/AML programs and policies designed to ensure compliance with OFAC regulations. According to the consent order, among other things, the branch (i) failed to maintain adequate transaction monitoring and had deficient recordkeeping practices; (iii) “maintained insufficient documentation concerning its dispositions of OFAC alerts and cases”; (iv) failed to substantiate its rationales for waiving specific alerts and cases; and (v) failed to sufficiently oversee the third-party auditor who conducted the branch’s 2017 BSA/AML audit and remedial work evaluation.
The United Arab Emirates-based bank and its New York branch are required to pay a $40 million civil money penalty, and must also engage an independent third party to assist the branch in addressing its BSA/AML compliance deficiencies and develop (i) a BSA/AML compliance program; (ii) a suspicious activity monitoring and reporting program; (iii) a customer due-diligence program; and (iv) a plan to enhance oversight of the branch’s BSA/AML corporate governance and management oversight.
NYDFS issues best practices guidance for state-chartered institutions issuing loans to multi-family residential owners and landlords
On September 25, NYDFS released new guidance to assist regulated, state-chartered institutions when engaging in permissible lending activities involving New York rent-stabilized or rent-regulated multifamily residential buildings. According to the press release, the department received complaints concerning certain owners/landlords of rent-stabilized multifamily residential buildings who allegedly engaged in “inappropriate practices including tenant harassment and unsafe living conditions” and may have obtained loans to purchase or renovate buildings directly or indirectly from regulated institutions. The guidance is intended to ensure that regulated institutions apply best practices, including pre-loan and post-loan due diligence, to prevent the possibility of knowingly or unknowingly facilitating these types of practices. Among other things, pre-loan due diligence best practices include (i) conducting due diligence on property owners, including when the bank’s role is to provide indirect financing to the property owner; (ii) conducting due diligence on properties and property owners, including enhanced diligence on properties with a high number of violations; (iii) ensuring “realistic and sound underwriting terms” for loans involving multifamily residential buildings; and (iv) establishing a debt service coverage ratio subject to documentation based on the specific facts of each loan as well as realistic assumptions, consistent with safe and sound underwriting standards and practices. The best practices for post-loan monitoring should include (i) establishing covenants or procedures to ensure emergency and hazard repairs are completed within six months of a loan’s closing; and (ii) considering the property owner’s level of responsiveness and willingness to address building code violation when factoring future loans to the property owner.
On October 1, NYDFS announced the commencement of the final phase of its initiative to manage the license application and regulation of all non-depository financial institutions operating in the state through the Nationwide Multistate Licensing System and Registry (NMLS). As such, NYDFS now allows financial services companies holding check casher and virtual currency business activity licenses to transition those licenses to NMLS. Additionally, companies applying for new licenses may now submit applications through NMLS. As previously covered in InfoBytes, licensed budget planners, sales finance agencies, money transmitter licensees, and mortgage providers have already made the transition to NMLS.
New York Attorney General issues Virtual Markets Integrity Report, following cryptocurrency integrity initiative
On September 18, the New York Attorney General’s office announced the results of its Virtual Markets Integrity Initiative, a fact-finding inquiry into the policies and practices of platforms used by consumers to trade virtual or “crypto” currencies. As previously covered in InfoBytes, last April questionnaires were sent to 13 virtual asset trading platforms to solicit information on their operations, policies, internal controls, and safeguards to protect consumer assets. The resulting Virtual Markets Integrity Report finds that virtual asset trading platforms vary significantly in the comprehensiveness of their response to the risks facing the virtual markets, and presents three broad areas of concern: (i) the potential for conflicts of interest due to platforms engaging in various overlapping business lines that are not restricted or monitored in the same way as traditional trading environments; (ii) a lack of protection from abusive trading platforms and practices; and (iii) limited protections for customer funds, such as the insufficient availability of insurance for virtual asset losses and platforms that do not conduct any type of independent auditing of virtual assets. According to the report, the Attorney General’s office also referred three platforms to the New York Department of Financial Services for potential violations of the state’s virtual currency regulations.
- Buckley Webcast: Tips for this year’s FHA annual recertification and what the shutdown means
- Jessica L. Pollet to discuss "Your career is impacting your life..." at the Ark Group Women Legal Conference
- Melissa Klimkiewicz to discuss "RESPA-compliant marketing" at NEXT
- Daniel P. Stipano to provide "Update on AML/SAR reporting and enforcement" at an Mortgage Bankers Association webinar
- Daniel P. Stipano to discuss "Dynamic customer due diligence and beneficial ownership from KYC to ongoing CDD and the new rule implementation" at the Puerto Rican Symposium of Anti-Money Laundering
- Jon David D. Langlois to discuss "Successors in interest updates" at the Mortgage Bankers Association National Mortgage Servicing Conference & Expo
- Brandy A. Hood to discuss "Keeping your head above water in flood insurance compliance" at the Mortgage Bankers Association National Mortgage Servicing Conference & Expo
- Melissa Klimkiewicz to discuss "Servicing super session" at the Mortgage Bankers Association National Mortgage Servicing Conference & Expo
- Moorari K. Shah to provide "Regulatory update – California and beyond" at the National Equipment Finance Association Summit
- Daniel P. Stipano to discuss "Lessons learned from ABLV and other major cases involving inadequate compliance oversight" at the ACAMS International AML & Financial Crime Conference
- Daniel P. Stipano to discuss "A year in the life of the CDD final rule: A first anniversary assessment" at the ACAMS International AML & Financial Crime Conference