InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Treasury recommends stronger DeFi supervision
On April 6, the U.S. Treasury Department published a report on illicit finance risks in the decentralized finance (DeFi) sector, building upon Treasury’s other risk assessments, and continuing the work outlined in Executive Order 14067, Ensuring Responsible Development of Digital Assets (covered by InfoBytes here).
Written by Treasury’s Office of Terrorist Financing and Financial Crimes, in consultation with numerous federal agencies, the Illicit Finance Risk Assessment of Decentralized Finance is the first report of its kind in the world. The report explained that, while there is no generally accepted definition of DeFi, the term has broadly referred to virtual asset protocols and services that allow for automated peer-to-peer transactions through the use of blockchain technology. Used by a host of illicit actors to transfer and launder funds, the report found that “the most significant current illicit finance risk in this domain is from DeFi services that are not compliant with existing AML/CFT [anti-money laundering and countering the financing of terrorism] obligations.” These obligations include establishing effective AML programs, assessing illicit finance risks, and reporting suspicious activity, the report said.
The report made several recommendations for strengthening AML/CFT supervision and regulation of DeFi services, such as “closing any identified gaps in the [Bank Secrecy Act (BSA)] to the extent that they allow certain DeFi services to fall outside the scope of the BSA’s definition of financial institutions.” The report also recommended, “when relevant,” the “enforcement of virtual asset activities, including DeFi services, to increase compliance by virtual asset firms with BSA obligations,” and suggested continued research and engagement with the private sector on this subject.
In addition, the report pointed to a lack of implementation of international AML/CFT standards by foreign countries, “which enables illicit actors to use DeFi services with impunity in jurisdictions that lack AML/CFT requirements,” and commented that “poor cybersecurity practices by DeFi services, which enable theft and fraud of consumer assets, also present risks for national security, consumers, and the virtual asset industry.” To address these concerns, the report recommended “stepping up engagements with foreign partners to push for stronger implementation of international AML/CFT standards and advocating for improved cybersecurity practices by virtual asset firms to mitigate these vulnerabilities.” The report seeks input from the public sector to inform next steps.
NYDFS, crypto payment company reach AML/cybersecurity settlement
On March 16, NYDFS issued a consent order against a payment service provider for allegedly failing to comply with the state’s virtual currency and cybersecurity regulations. The company was licensed to engage in virtual currency business activity in the state pursuant to 23 NYCRR Part 200. Licensees under Part 200 are required to, among other things, comply with federal and state laws mandating effective controls to guard against money laundering and certain other illegal activities. A 2022 NYDFS examination revealed that, although the company made improvements to address deficiencies within its AML and cybersecurity compliance programs that were identified during a 2018 examination, the programs still required additional improvements to achieve regulatory compliance. NYDFS concluded that the company violated sections of Part 200 by allegedly failing to develop adequate internal policies and controls to maintain compliance with applicable AML laws or to develop procedures to ensure compliance with necessary risk management requirements under applicable OFAC regulations. Furthermore, the company violated the state’s cybersecurity regulation (23 NYCRR Part 500) by failing to conduct periodic cybersecurity risk assessments and failing to timely appoint a designated chief information security officer responsible for overseeing, implementing, and reporting on the company’s cybersecurity program. Under the terms of the consent order, the company agreed to pay a $1 million civil monetary penalty and submit an action plan to NYDFS within 180 days detailing its remediation efforts. The company also agreed to conduct a comprehensive cybersecurity risk assessment within 150 days and to continue to strengthen its controls, policies, and procedures to prevent future violations.
District Court dismisses RESPA claims that servicer failed on QWRs
The U.S. District Court for the Western District of Washington recently ruled on a loan servicer’s motion for summary judgment concerning claims that the servicer violated RESPA when it failed to respond to multiple qualified written requests (QWR) alleging account errors and improperly reported alleged delinquencies to credit reporting agencies (CRAs). Plaintiffs executed a promissory note and deed of trust, and later entered into a Chapter 11 bankruptcy plan to modify the terms of the loan. Plaintiffs sued, asserting violations of RESPA and various state laws, claiming, among other things, that the servicer failed to timely respond to their QWRs, provided false information to CRAs, and failed to adjust the loan to reflect the modified payment schedule from the bankruptcy plan.
The court granted summary judgment in favor of the servicer. On the QWR-related allegations, the court found that, “while the [plaintiffs] say that [the servicer] did not address the issues raised in the QWRs, their brief does not identify a single issue that went unaddressed. . . Their brief does not, for example, point to a request in any QWR that went unanswered in [the servicer’s] corresponding response. Merely providing a laundry list of documents—without specifically identifying how [the servicer’s] responses were incomplete—is insufficient.” The court also found that the plaintiffs failed to show that the servicer’s responses were misleading, confusing, or incorrect. Though the plaintiffs provided a list of statements made by the servicer when responding to the QWRs, plaintiffs failed to explain what exactly was inaccurate or confusing about the servicer’s responses, the court said.
While the court flagged one possible inconsistency in at least one of the servicer’s responses (where the servicer incorrectly stated the monthly principal amount due but corrected the mistake less than a month later), the court determined that “this alone does not suffice under RESPA.”
With respect to plaintiffs’ allegations of false credit reporting, the court concluded that there was no evidence that the servicer submitted negative information about plaintiffs to a CRA, nor did the plaintiffs demonstrate how any such reports hurt their credit or identify whether the reports were filed within RESPA’s 60-day non-reporting period. Under RESPA, a servicer is prohibited from providing certain information regarding “any overdue payment, owed by such borrower and relating to such period or qualified written request, to any consumer reporting agency” during the 60-day period beginning on the date the servicer receives a QWR. The court further noted that the plaintiffs failed to show that they suffered actual damages “flowing from” the alleged RESPA violations, which is a requirement of the statute.
The court granted summary judgment on the RESPA claims in favor of the servicer and remanded the remaining state-law claims to state court.
Treasury awards $1.7 billion in CDFI grants
On April 10, Vice President Kamala Harris and Deputy Secretary of the Treasury Wally Adeyemo announced that the U.S. Treasury Department’s Community Development Financial Institutions (CDFIs) Fund has awarded more than $1.73 billion in grants to 603 CDFIs to help low- and moderate-income communities recover from the Covid-19 pandemic. Financial institutions that received grants through the CDFI Equitable Recovery Program include banks, holding companies, and credit unions, as well as CDFI-designated non-depository loan funds and venture funds. Treasury noted that the recipients of the grants are “mission-driven financial institutions [that] specialize in delivering responsible capital, credit, and financial services to underserved communities.” The CDFI grants “may be used to support lending related to small businesses and microenterprises, community facilities, affordable housing, commercial real estate, and intermediary lending to nonprofits and CDFIs,” Treasury explained, adding that funds may also go towards financial and developmental services to support borrowers, as well as operational support for grant recipients.
HUD extends Covid-19 forbearance through May
On April 7, HUD issued Mortgagee Letter 2023-08, which extends through May 31 the final date for borrowers to request Covid-19 forbearance and home equity conversion mortgage (HECM) extensions. The extension is intended to allow ample time for affected borrowers to submit requests and for mortgagees to offer and process the requests in the event that the presidentially-declared national emergency ends earlier than originally expected. As stated in the letter, HUD determined that providing a short period beyond the expiration of the national emergency will be beneficial to both FHA borrowers and mortgagees. The extension will also align Covid-19 forbearance and HECM extension requests with the monthly billing cycle. The letter stated that no Covid-19 forbearance period may extend beyond November 30.
CFPB sues co-trustees for concealing assets to avoid fine
On April 5, the CFPB filed a complaint against two individuals, both individually and in their roles as co-trustees of two trusts, accusing them of concealing assets to avoid paying a fine owed to the Bureau. In 2015 the Bureau filed an administrative action alleging one of the co-trustees—the former president of a Delaware-based online payday lender (the “individual defendant”)—and the lender violated TILA and EFTA and engaged in unfair or deceptive acts or practices when making short-term loans. (Covered by InfoBytes here.) The Bureau’s administrative order required the payment of more than $38 million in both legal and equitable restitution, along with $7.5 million in civil penalties for the company and $5 million in civil penalties for the individual defendant.
As previously covered by InfoBytes, two different administrative law judges (ALJs) decided the present case years apart, with their recommendations separately appealed to the Bureau’s director. The director upheld the decision by the second ALJ and ordered the lender and the individual defendant to pay the restitution. A district court issued a final order upholding the award, which was appealed on the grounds that the enforcement action violated their due process rights by denying the individual defendant additional discovery concerning the statute of limitations. The lender and the individual defendant recently filed a petition for writ of certiorari challenging the U.S. Court of Appeals for the Tenth Circuit’s affirmation of the CFPB administrative ruling, and asked the U.S. Supreme Court to review whether the high court’s ruling in Lucia v. SEC, which “instructed that an agency must hold a ‘new hearing’ before a new and properly appointed official in order to cure an Appointments Clause violation” (covered by InfoBytes here), meant that a CFPB ALJ could “conduct a cold review of the paper record of the first, tainted hearing, without any additional discovery or new testimony,” or whether the Court intended for the agency to actually conduct a new hearing.
The Bureau claimed in its announcement that to date, the defendants have not complied with the agency’s order, nor have they obtained a stay while their appeal was pending. The defendants have also made no payments to satisfy the judgment, the Bureau said. The complaint alleges that the co-trustee defendants transferred funds to hinder, delay, or defraud the Bureau, in violation of the FDCPA, in order to avoid paying the owed restitution and penalties. Specifically, the complaint alleges that between 2013 and 2015, after becoming aware of the Bureau’s investigation, the individual defendant transferred $12.3 million to his wife through their revocable trusts, for which his wife is the beneficiary. The complaint requests a declaration that the transactions were fraudulent, seeks to recover the value of the transferred assets via liens on the property in partial satisfaction of the Bureau’s judgment against the individual defendant, and seeks a monetary judgment against the wife and her trust for the value of the respective property and/or funds received as a transferee of fraudulent conveyances of the property belonging to the individual defendant.
HUD announces Arkansas disaster relief
On April 5, HUD announced disaster assistance for areas in Arkansas impacted by severe storms and tornadoes on March 31. The disaster assistance follows President Biden’s major disaster declaration on April 2. According to the announcement, HUD is providing immediate foreclosure relief, making FHA mortgage insurance available to disaster victims, and providing information on housing providers, as well as HUD-approved housing counseling agencies, among other measures. Specifically, HUD is providing an automatic 90-day moratorium on foreclosures of FHA-insured home mortgages for covered properties, as well as an automatic 90-day extension for home equity conversion mortgages, effective April 2. It is also making various FHA insurance options available to victims whose homes require repairs or were destroyed. HUD’s Section 203(h) program allows borrowers from participating FHA-approved lenders to obtain 100 percent financing, including closing costs, for homes that require “reconstruction or complete replacement.” HUD’s Section 203(k) loan program enables individuals to finance the repair of their existing homes or to include repair costs in the financing of a home purchase or a refinancing of a home through a single mortgage. HUD is also allowing administrative flexibilities for community planning and development grantees, as well as to public housing agencies and Tribes. Additionally, HUD is advising consumers who believe they have experienced housing discrimination as a result of the disaster to reach out to the agency’s Office of Fair Housing and Equal Opportunity.
FHFA updates GSE equitable housing finance plans
On April 5, FHFA announced updates to Fannie Mae and Freddie Mac’s (GSEs) equitable housing finance plans for 2023. (See plans here and here.) The updates include adjustments to plans first announced last year (covered by InfoBytes here), which faced pushback from several Republican senators who argued that the plans raised “significant legal concerns” and that “no law authorizes FHFA to use a GSE’s assets to pursue affirmative action in housing.” (Covered by InfoBytes here.) The senators also argued that the Biden administration was “conscripting the GSEs as instrumentalities of its progressive racial equity agenda to achieve outcomes it cannot achieve legislatively or even legally.”
According to FHA’s announcement, the updated plans provide the GSEs with a three-year roadmap to address barriers to sustainable housing opportunities. Updates include (i) taking actions to remove barriers faced by Latino renters and homeowners in Fannie Mae’s plan; (ii) an improved focus on ensuring existing borrowers are able to receive fair loss mitigation support and outcomes through monitoring and developing strategies to close gaps; (iii) providing financial capabilities coaching to build credit and savings; (iv) supporting locally-owned modular construction facilities in communities of color; and (v) increasing the reach of GSE special purpose credit programs to support homeownership attainment and housing sustainability in underserved communities.
FDIC issues 2023 Consumer Compliance Supervisory Highlights
On April 5, the FDIC released the March 2023 edition of the Consumer Compliance Supervisory Highlights, which is intended to “enhance transparency regarding the FDIC’s consumer compliance supervisory activities and to provide a high-level overview of consumer compliance issues identified in 2022 through the FDIC’s supervision of state non-member banks and thrifts.” In 2022, the FDIC conducted approximately 1,000 consumer compliance examinations and noted that “[o]verall, supervised institutions demonstrated effective management of their consumer compliance responsibilities.” The agency also initiated 21 formal enforcement actions and 10 informal enforcement actions addressing consumer compliance examination observations and issued civil money penalties totaling $1.3 million against institutions to address violations of the Flood Disaster Protection Act (FDPA), RESPA Section 8, FCRA, and Section 5 of the FTC Act, with an additional $13.6 million in voluntary restitutions to consumers. Additionally, the FDIC referred 12 fair lending matters to the DOJ in 2022. Covered topics include:
- An overview of the most frequently cited violations, with approximately 73 percent of total violations involving TILA, Reg Z, Section 5 of the FTC Act, the FDPA, EFTA, and the Truth in Savings Act, with violations of Section 5 of the FTC (which prohibits unfair or deceptive acts or practices) moving up as a top-five violation.
- An overview of issues found during examinations involving institutions that purchased “trigger leads” but did not provide consumers with a firm offer of credit. Among other things, examiners identified occurrences where representatives failed to comply with FCRA disclosure requirements during sales calls by not communicating, among other things, that an offer of credit was being made.
- Findings where institutions “unilaterally applied excess interest to the servicemember’s principal loan balance without giving the servicemember an option of how to receive the funds”—a violation of the SCRA’s anti-acceleration provision.
- Information on regulatory developments, including recent FDIC actions and efforts to (i) address appraisal bias; (ii) modernize the Community Reinvestment Act; (iii) remind creditors that they may establish special purpose credit programs under ECOA to meet the credit needs of certain classes of persons; (iv) implement a supervisory approach, consistent with the CFPB’s approach, for FDIC-supervised institutions with respect to reporting HMDA data; (v) provide revised information on flood insurance compliance responsibilities; (vi) address occurrences where persons misuse the FDIC’s name or logo, or make false or misleading representations about deposit insurance; (vii) assess crypto-asset-related activities; (viii) adopt revised guidelines for appeals of material supervisory determinations; and (ix) address compliance risks associated with multiple re-presentment of NSF fees.
- A summary of consumer compliance resources available to financial institutions.
- An overview of consumer complaint trends.
National bank fined $98 million by OFAC, Fed for sanctions violations
On March 30, the U.S. Treasury Department’s Office of Foreign Assets (OFAC) announced a $30 million settlement with a national bank to resolve potential civil liabilities stemming from trade insourcing software that the bank and its predecessor bank provided to a foreign European bank between 2008 and 2015. According to OFAC’s web notice, at the direction of a mid-level manager, the predecessor bank customized the software for general use by the European bank, which the predecessor bank “knew or should have known would involve engaging in trade-finance transactions with sanctioned jurisdictions and persons.” The European bank used the software to manage 124 non-OFAC compliant transactions totaling approximately $532 million involving parties in jurisdictions subject at the time of the transactions to sanctions regulations.
OFAC noted that the national bank inherited the trade insourcing relationships when it acquired the predecessor bank, claiming that the national bank “did not identify or stop the European bank’s use of the software platform for trade-finance transactions involving sanctioned jurisdictions and persons for seven years despite potential concerns raised internally” following the acquisition. OFAC also noted, however, that the national bank’s alleged failure to stop the violations “was not a result of a systemic compliance breakdown within the broader [] organization,” which OFAC acknowledged has “a historically strong overall sanctions-compliance program.”
In arriving at the settlement amount, OFAC considered various mitigating factors, including that (i) the majority of the 124 apparent violations related to agriculture, medicine, and telecommunications and therefore may have been eligible for a general or specific license, thus mitigating the harm to sanctions policy objectives; (ii) the legacy business unit at the predecessor bank was relatively small and that there was no indication that senior management either directed or had actual knowledge that the predecessor bank provided the software to the European bank for such purpose; and (iii) upon identifying the alleged violations, the bank promptly terminated the European bank’s access, voluntarily disclosed the matter to OFAC, conducted an extensive internal investigation, produced the results to OFAC, cooperated with OFAC throughout the investigation, agreed to toll the statute of limitations, and took remedial measures.
Concurrently, the Federal Reserve Board issued an order fining the bank holding company in the amount of $67.8 million for allegedly engaging in unsafe or unsound practices related to its oversight of sanctions compliance risks at the national bank. The Fed noted that the national bank “no longer offers the trading platform to foreign banks” and has “strengthened firmwide compliance with OFAC regulations.”