InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
OFAC designates evasion network supporting Hizballah financier
On April 18, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions, pursuant to Executive Order 13224, as amended, against a “vast international money laundering and sanctions evasion network” comprised of 52 individuals and entities in Lebanon, the United Arab Emirates, South Africa, Angola, Côte d’Ivoire, the Democratic Republic of the Congo, Belgium, the United Kingdom, and Hong Kong. The designated network assisted a Hizballah financier and Specially Designated Global Terrorist (previously sanctioned by OFAC in 2019) in evading U.S. sanctions by facilitating the payment, shipment, and delivery of goods and services, including cash, diamonds, art, and luxury goods, for the benefit of the sanctioned individual who used the funds to finance the Hizballah financier and his lifestyle, OFAC said, explaining that the network used shell companies and fraudulent schemes to disguise the Hizballah financier’s role in the financial transactions. Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson warned in the announcement that “[l]uxury good market participants should be attentive to these potential tactics and schemes, which allow terrorist financiers, money launderers, and sanctions evaders to launder illicit proceeds through the purchase and consignment of luxury goods.” Treasury has issued warnings on money laundering and terrorist financing risks associated with the trade of works of art in a February 2022 report and an October 2020 art advisory (covered by InfoBytes here and here).
As a result of the sanctions, all property and interests in property belonging to the sanctioned persons that are in the U.S. or in the possession or control of U.S. persons are blocked and must be reported to OFAC. “[A]ny entities that are owned, directly or indirectly, 50 percent or more by one or more blocked persons are also blocked.” U.S. persons are also generally prohibited from engaging in any dealings involving the property or interests in property of blocked or designated persons. OFAC warned that “persons that engage in certain transactions with the persons designated today may themselves be exposed to sanctions or subject to an enforcement action.” Additionally, “any foreign financial institution that knowingly facilitates a significant transaction or provides significant financial services for any of the targets designated today pursuant to E.O. 13224, as amended, could be subject to U.S. sanctions.”
The action by Treasury was taken in coordination with the Department of Homeland Security, the Department of State’s Rewards for Justice program, and the United Kingdom. The same day, the DOJ unsealed a nine-count indictment charging the Hizballah financier and eight co-defendants with conspiring to evade terrorism-related sanctions. According to the DOJ, despite being sanctioned and prohibited from engaging in transactions with U.S. persons, the Hizballah financier and the other co-defendants used a complex web of business entities to conduct money laundering transactions involving valuable artwork and diamond-grading services.
DFPI says escrow trust accounts are not stored value under MTA
The California Department of Financial Protection and Innovation recently released a new opinion letter covering aspects of the California Money Transmission Act (MTA) and the Escrow Act related to persons engaging in business as an escrow agency within the state. The redacted opinion letter examines a request from the inquiring company for confirmation that it does not require either an internet escrow agent license or a money transmitter license in the state of California in connection with its proposed business model (details on the model have been omitted). DFPI responded that under the Escrow Law, “it is unlawful for any person to engage in business as an escrow agent within this state except by means of a corporation duly organized for that purpose licensed by the commissioner as an escrow agent.” The definition of an “internet escrow agent,” DFPI explained, was added to Financial Code section 17003, subdivision (b) to mean “any person engaged in the business of receiving escrows for deposit or delivery over the Internet.” DFPI concluded that based on the facts asserted within the request, the inquiring company has not demonstrated that its proposed model is exempt from the Escrow Law.
DFPI further considered whether the inquiring company’s proposed model meets the definition of stored value under the MTA, and whether it qualifies for several exemptions under the statute. DFPI explained that the transactions under consideration are not considered “stored value under the definition in Financial Code section 2003, subdivision (x), because they do not represent a claim against the issuer; rather, the money comes under [the inquiring company’s] possession and control and therefore must be placed in an escrow trust account. “An escrow trust account is not the same as stored value,” DFPI said, adding that since the transaction is not stored value, it is unnecessary to address the remaining arguments regarding the MTA.
North Dakota establishes requirements for residential mortgage servicers
On April 12, the North Dakota governor signed HB 1068, which outlines provisions relating to residential mortgage loan servicers. The Act provides that a person may not engage in residential mortgage loan servicing in the state without being licensed by the commissioner. This applies to servicers, subservicers, or a mortgage servicing rights investor. “A person engages in residential mortgage loan servicing in the state if the borrower resides in North Dakota,” the Act explains. Exempt from licensure are financial institutions, state or federal housing finance agencies, institutions chartered by the farm credit administration, and not-for-profit mortgage servicers. The Act outlines application and fee requirements and specifies financial conditions for applicants and licensees. Large mortgage servicers must also abide by certain corporate governance conditions, including the establishment of a board of directors responsible for oversight and compliance monitoring. These licensees must also obtain external audits and establish risk management programs.
The Act outlines prohibited acts and practices and grants authority to the Department of Financial Institutions to promulgate rules and regulations to enforce the law and power to carry out the provisions, including through orders and injunctions. The commissioner will also oversee the licensure process, including provisions concerning the expiration, renewal, revocation, suspension, and surrender of licenses, and may issue orders suspending and removing residential mortgage loan servicer officers and employees. The commissioner may also conduct investigations and examinations and impose civil money penalties of not more than $100,000 for each occurrence and $1,000 per day for each day that the violation continues after issuance of an order. Licensees may appeal by filing a written notice within 20 days after the assessment of a civil money penalty. The Act is effective August 1.
FTC, DOJ sue payment processor for tech support scams
On April 17, the DOJ filed a complaint on behalf of the FTC against several corporate and individual defendants for violating the FTC Act and the Telemarketing Sales Rule (TSR) by allegedly engaging in credit card laundering for tech support scams. (See also FTC press release here.) According to the complaint, since at least 2016, the defendants—a payment processing company and several of its subsidiaries, along with the company’s CEO and chief strategy officer—worked with telemarketers who made misrepresentations to consumers about the performance and security of their computers through the use of deceptive pop ups in order to sell technical support scams. Defendants’ involvement included assisting and facilitating the illegal sales and laundering the credit card charges through their own merchant accounts (thus giving the scammers access to the U.S. credit card network) where defendants received a commission for each charge. The complaint maintained that the defendants “engaged in this activity even though it and its officers knew or consciously avoided knowing that its tech support clients were engaged in deceptive telemarketing practices.”
The proposed court orders (see here, here, and here) each impose monetary judgments of $16.5 million and (i) prohibit the defendants from engaging in credit card laundering through merchant accounts; (ii) require the defendants to screen and monitor any high-risk clients and take action if clients should charge consumers without authorization or violate the TSR; and (iii) prohibit the defendants from engaging in payment processing or assisting tech support companies that engage in false or unsubstantiated telemarketing or advertising. According to the DOJ’s announcement the defendants will be required to pay a combined total of $650,000 in consumer redress. This payment will result in the suspension of the total monetary judgment of $49.5 million due to the defendants’ inability to pay.
CFPB looks to increase card competition
On April 17, CFPB Director Rohit Chopra said the Bureau is focused on finding ways to increase competition and reduce costs as credit card debt continues to rise and interest rates increase. Chopra discussed a proposal announced in February (comments are due May 3), which would ensure that late fees on credit cards accounts are “reasonable and proportional” to late payments as required under the Credit Card Accountability Responsibility and Disclosure Act of 2009 (covered by InfoBytes here). He also discussed updates made in March to the Bureau’s terms of credit card plans (TCCP) survey and database, which are intended to help consumers comparison shop for credit cards and find the best interest rates and products (covered by InfoBytes here). The refreshed TCCP survey allows issuers to voluntarily submit information about their credit card products and requires the top 25 credit card issuers to provide information on all their credit cards instead of just their most popular products, Chopra explained, stating that the initiative is designed to help smaller credit card issuers reach comparison shoppers and compete with bigger players in the market. Chopra also touched upon other initiatives, such as an ongoing review of the consumer credit card market and an examination focusing on large credit card issuers’ suppression of key data from consumer credit reports.
CFPB denies small-dollar lender’s request to set aside CID
The CFPB recently denied a lender’s request to set aside or modify a civil investigative demand (CID) issued in January related to its short-term and small-dollar lending practices. The lender’s redacted petition asserted that it “is a small business that is barely getting by” and that it has already provided documents and information, as well as corporate testimony from the lender’s CEO/chief compliance officer. Maintaining that the CID is overly broad, unduly burdensome, and contains “many deficiencies,” the lender stated that requests made to the Bureau to withdraw the CID, narrow its focus, or raise specific concerns have not been answered. Rather, the lender claimed it was expected to incur further expenses to comply with requests that “it cannot be expected to make sense of” and that “would almost certainly result in financial ruin.”
In denying the request, the Bureau stated that the lender did not meaningfully engage in the required meet-and-confer process, and informed the lender that, by regulation, it “will not consider a petition to set aside a CID where the petitioner does not first attempt to resolve any objections it has through good-faith negotiation with the Bureau’s investigators.” According to the Bureau, during the meet-and-confer, the lender refused to submit requested information and did not propose any modifications to the CID that would reduce the burden while still ensuring the necessary information would be provided. The Bureau also refuted the lender’s claims that the CID was overly broad, stating that it was seeking information that was “reasonably relevant” to a lawful purpose, i.e. information about its business practices as a short-term and small-dollar lender, employees in possession of relevant information, employee performance metrics, and consumers who took out loans. Obtaining information on the lender’s servicing and collection practices will “shed light on whether the representations it made about the nature and true costs of the loans were deceptive and whether the company improperly induced consumers to renew loans,” the Bureau maintained. The Bureau also disagreed with the assertion that the CID was unduly burdensome, stating that the lender, among other things, failed to establish that complying with the CID would impose excessive financial costs.
The Bureau directed the lender to comply with the CID within 14 days of the order.
DFPI proposes new CCFPL modifications on complaints and inquiries
On April 14, the California Department of Financial Protection and Innovation (DFPI) released a third round of modifications to proposed regulations for implementing and interpreting certain sections of the California Consumer Financial Protection Law (CCFPL) related to consumer complaints and inquiries. DFPI modified the proposed text in December and March (covered by InfoBytes here and here) in response to comments received on the initially proposed text issued last year to implement Section 90008 subdivisions (a) (b), and (d)(2)(D) of the CCFPL (covered by InfoBytes here). Subdivisions (a) and (b) authorize the DFPI to promulgate rules establishing reasonable procedures for covered persons to provide timely responses to consumers and the DFPI concerning consumer complaints and inquiries, whereas subdivision (d)(2)(D) permits covered persons to withhold certain non-public or confidential information when responding to consumer inquiries.
DFPI considered comments on the most recent proposed modifications and is now proposing further additional changes:
- Amended definitions. The proposed modifications change “officer” to “complaint officer” and expand the definition to mean “an individual designated by the covered person with primary authority and responsibility for the effective operation and governance of the complaint process, including the authority and responsibility to monitor the complaint process and resolve complaints.” References to “officer” have been changed to “complaint officer” throughout.
- Complaint processes and procedures. The proposed modifications make clarifying edits to the requirements for annual notices issued to consumers (disclosures must be provided “in a clear and conspicuous manner”), and specify that complaints pertaining solely to entities not involved in the offering or providing of the financial product or service being reported on should not be included in the number of complaints received.
- Inquiry processes and procedures. The proposed modifications clarify that should an inquirer indicate any dissatisfaction “regarding a specific issue or problem” concerning a financial product or service or allege wrongdoing by the covered person or third party, the inquiry should be handled as a complaint.
Comments are due April 29.
FSB: Greater convergence needed in cyber-incident reporting
On April 13, the Financial Stability Board (FSB) released a series of recommendations for achieving “greater convergence” in cyber-incident reporting (CIR). Issued at the request of the G-20, the final report draws from FSB’s body of work on cybersecurity, as well as its engagement with external stakeholders. In order to promote greater convergence in CIR, the report focuses on three components: (i) recommendations for addressing the issues identified as impediments to achieving greater harmonization in cyber incident reporting; (ii) an updated and enhanced cyber lexicon to include new CIR terms and encourage the use of “common language”; and (iii) a common, flexible format for incident reporting exchange (FIRE) that would allow a range of adoption choices and include the most relevant data elements for financial authorities.
The report presents 16 recommendations for addressing issues associated with the collection of cyber incident information from financial institutions, including the importance of establishing clearly defined objectives for incident reporting (and practical measures for sharing such information), aligning CIR regimes on a cross-border/cross-sectoral basis to reduce fragmentation and improve interoperability, and adopting common data requirements and standardized reporting formats. The report observes that financial institutions operating across multiple jurisdictions and sectors often face operational challenges due to the current process of having to report cyber incidents to multiple authorities. FSB states it will continue to work on a concept for a common format for FIRE to enable authorities to collect information from financial institutions in a more consistent manner. “Financial authorities and institutions can choose to adopt these recommendations as appropriate and relevant, consistent with their legal and regulatory framework,” FSB states in the report.
OFAC warns of possible evasion of Russian oil price cap
On April 17, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) issued an alert warning U.S. persons regarding the possible evasion of the price cap set on crude oil of Russian origin, particularly oil exported through the Eastern Siberia Pacific Ocean pipeline and ports on the eastern coast of Russia. OFAC reminded U.S. persons providing covered services that they “are required to reject participating in an evasive transaction or a transaction that violates the price cap determinations” and must report such transactions to OFAC. In the alert, OFAC referenced recently issued guidance on the implementation of the price cap policy for Russian crude oil and petroleum products for additional information (covered by InfoBytes here).
FHFA rule targets GSE eligibility in colonias
On April 12, FHFA published a final rule amending its Enterprise Duty to Serve Underserved Markets regulation. The final rule, which was adopted without change from the proposed rule issued last year (covered by InfoBytes here), allows Fannie Mae and Freddie Mac (GSE) activities in all colonia census tracts to be eligible for Duty to Serve credit. Specifically, the amendment adds a “colonia census tract” definition to serve as a census tract-based proxy for a “colonia” (as generally applied to “unincorporated communities along the U.S.-Mexico border in California, Arizona, New Mexico, and Texas that are characterized by high poverty rates and substandard living conditions”). The final rule also amends the “high-needs rural region” definition by substituting “colonia census tract” for “colonia,” and revises the definition of “rural area” to include all colonia census tracts regardless of their location, in order to make GSE activities in all colonia census tracts eligible for duty to serve credit. The final rule takes effect July 1.