InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FTC, DOJ sue payment processor for tech support scams
On April 17, the DOJ filed a complaint on behalf of the FTC against several corporate and individual defendants for violating the FTC Act and the Telemarketing Sales Rule (TSR) by allegedly engaging in credit card laundering for tech support scams. (See also FTC press release here.) According to the complaint, since at least 2016, the defendants—a payment processing company and several of its subsidiaries, along with the company’s CEO and chief strategy officer—worked with telemarketers who made misrepresentations to consumers about the performance and security of their computers through the use of deceptive pop ups in order to sell technical support scams. Defendants’ involvement included assisting and facilitating the illegal sales and laundering the credit card charges through their own merchant accounts (thus giving the scammers access to the U.S. credit card network) where defendants received a commission for each charge. The complaint maintained that the defendants “engaged in this activity even though it and its officers knew or consciously avoided knowing that its tech support clients were engaged in deceptive telemarketing practices.”
The proposed court orders (see here, here, and here) each impose monetary judgments of $16.5 million and (i) prohibit the defendants from engaging in credit card laundering through merchant accounts; (ii) require the defendants to screen and monitor any high-risk clients and take action if clients should charge consumers without authorization or violate the TSR; and (iii) prohibit the defendants from engaging in payment processing or assisting tech support companies that engage in false or unsubstantiated telemarketing or advertising. According to the DOJ’s announcement the defendants will be required to pay a combined total of $650,000 in consumer redress. This payment will result in the suspension of the total monetary judgment of $49.5 million due to the defendants’ inability to pay.
CFPB looks to increase card competition
On April 17, CFPB Director Rohit Chopra said the Bureau is focused on finding ways to increase competition and reduce costs as credit card debt continues to rise and interest rates increase. Chopra discussed a proposal announced in February (comments are due May 3), which would ensure that late fees on credit cards accounts are “reasonable and proportional” to late payments as required under the Credit Card Accountability Responsibility and Disclosure Act of 2009 (covered by InfoBytes here). He also discussed updates made in March to the Bureau’s terms of credit card plans (TCCP) survey and database, which are intended to help consumers comparison shop for credit cards and find the best interest rates and products (covered by InfoBytes here). The refreshed TCCP survey allows issuers to voluntarily submit information about their credit card products and requires the top 25 credit card issuers to provide information on all their credit cards instead of just their most popular products, Chopra explained, stating that the initiative is designed to help smaller credit card issuers reach comparison shoppers and compete with bigger players in the market. Chopra also touched upon other initiatives, such as an ongoing review of the consumer credit card market and an examination focusing on large credit card issuers’ suppression of key data from consumer credit reports.
CFPB denies small-dollar lender’s request to set aside CID
The CFPB recently denied a lender’s request to set aside or modify a civil investigative demand (CID) issued in January related to its short-term and small-dollar lending practices. The lender’s redacted petition asserted that it “is a small business that is barely getting by” and that it has already provided documents and information, as well as corporate testimony from the lender’s CEO/chief compliance officer. Maintaining that the CID is overly broad, unduly burdensome, and contains “many deficiencies,” the lender stated that requests made to the Bureau to withdraw the CID, narrow its focus, or raise specific concerns have not been answered. Rather, the lender claimed it was expected to incur further expenses to comply with requests that “it cannot be expected to make sense of” and that “would almost certainly result in financial ruin.”
In denying the request, the Bureau stated that the lender did not meaningfully engage in the required meet-and-confer process, and informed the lender that, by regulation, it “will not consider a petition to set aside a CID where the petitioner does not first attempt to resolve any objections it has through good-faith negotiation with the Bureau’s investigators.” According to the Bureau, during the meet-and-confer, the lender refused to submit requested information and did not propose any modifications to the CID that would reduce the burden while still ensuring the necessary information would be provided. The Bureau also refuted the lender’s claims that the CID was overly broad, stating that it was seeking information that was “reasonably relevant” to a lawful purpose, i.e. information about its business practices as a short-term and small-dollar lender, employees in possession of relevant information, employee performance metrics, and consumers who took out loans. Obtaining information on the lender’s servicing and collection practices will “shed light on whether the representations it made about the nature and true costs of the loans were deceptive and whether the company improperly induced consumers to renew loans,” the Bureau maintained. The Bureau also disagreed with the assertion that the CID was unduly burdensome, stating that the lender, among other things, failed to establish that complying with the CID would impose excessive financial costs.
The Bureau directed the lender to comply with the CID within 14 days of the order.
DFPI proposes new CCFPL modifications on complaints and inquiries
On April 14, the California Department of Financial Protection and Innovation (DFPI) released a third round of modifications to proposed regulations for implementing and interpreting certain sections of the California Consumer Financial Protection Law (CCFPL) related to consumer complaints and inquiries. DFPI modified the proposed text in December and March (covered by InfoBytes here and here) in response to comments received on the initially proposed text issued last year to implement Section 90008 subdivisions (a) (b), and (d)(2)(D) of the CCFPL (covered by InfoBytes here). Subdivisions (a) and (b) authorize the DFPI to promulgate rules establishing reasonable procedures for covered persons to provide timely responses to consumers and the DFPI concerning consumer complaints and inquiries, whereas subdivision (d)(2)(D) permits covered persons to withhold certain non-public or confidential information when responding to consumer inquiries.
DFPI considered comments on the most recent proposed modifications and is now proposing further additional changes:
- Amended definitions. The proposed modifications change “officer” to “complaint officer” and expand the definition to mean “an individual designated by the covered person with primary authority and responsibility for the effective operation and governance of the complaint process, including the authority and responsibility to monitor the complaint process and resolve complaints.” References to “officer” have been changed to “complaint officer” throughout.
- Complaint processes and procedures. The proposed modifications make clarifying edits to the requirements for annual notices issued to consumers (disclosures must be provided “in a clear and conspicuous manner”), and specify that complaints pertaining solely to entities not involved in the offering or providing of the financial product or service being reported on should not be included in the number of complaints received.
- Inquiry processes and procedures. The proposed modifications clarify that should an inquirer indicate any dissatisfaction “regarding a specific issue or problem” concerning a financial product or service or allege wrongdoing by the covered person or third party, the inquiry should be handled as a complaint.
Comments are due April 29.
FSB: Greater convergence needed in cyber-incident reporting
On April 13, the Financial Stability Board (FSB) released a series of recommendations for achieving “greater convergence” in cyber-incident reporting (CIR). Issued at the request of the G-20, the final report draws from FSB’s body of work on cybersecurity, as well as its engagement with external stakeholders. In order to promote greater convergence in CIR, the report focuses on three components: (i) recommendations for addressing the issues identified as impediments to achieving greater harmonization in cyber incident reporting; (ii) an updated and enhanced cyber lexicon to include new CIR terms and encourage the use of “common language”; and (iii) a common, flexible format for incident reporting exchange (FIRE) that would allow a range of adoption choices and include the most relevant data elements for financial authorities.
The report presents 16 recommendations for addressing issues associated with the collection of cyber incident information from financial institutions, including the importance of establishing clearly defined objectives for incident reporting (and practical measures for sharing such information), aligning CIR regimes on a cross-border/cross-sectoral basis to reduce fragmentation and improve interoperability, and adopting common data requirements and standardized reporting formats. The report observes that financial institutions operating across multiple jurisdictions and sectors often face operational challenges due to the current process of having to report cyber incidents to multiple authorities. FSB states it will continue to work on a concept for a common format for FIRE to enable authorities to collect information from financial institutions in a more consistent manner. “Financial authorities and institutions can choose to adopt these recommendations as appropriate and relevant, consistent with their legal and regulatory framework,” FSB states in the report.
OFAC warns of possible evasion of Russian oil price cap
On April 17, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) issued an alert warning U.S. persons regarding the possible evasion of the price cap set on crude oil of Russian origin, particularly oil exported through the Eastern Siberia Pacific Ocean pipeline and ports on the eastern coast of Russia. OFAC reminded U.S. persons providing covered services that they “are required to reject participating in an evasive transaction or a transaction that violates the price cap determinations” and must report such transactions to OFAC. In the alert, OFAC referenced recently issued guidance on the implementation of the price cap policy for Russian crude oil and petroleum products for additional information (covered by InfoBytes here).
FHFA rule targets GSE eligibility in colonias
On April 12, FHFA published a final rule amending its Enterprise Duty to Serve Underserved Markets regulation. The final rule, which was adopted without change from the proposed rule issued last year (covered by InfoBytes here), allows Fannie Mae and Freddie Mac (GSE) activities in all colonia census tracts to be eligible for Duty to Serve credit. Specifically, the amendment adds a “colonia census tract” definition to serve as a census tract-based proxy for a “colonia” (as generally applied to “unincorporated communities along the U.S.-Mexico border in California, Arizona, New Mexico, and Texas that are characterized by high poverty rates and substandard living conditions”). The final rule also amends the “high-needs rural region” definition by substituting “colonia census tract” for “colonia,” and revises the definition of “rural area” to include all colonia census tracts regardless of their location, in order to make GSE activities in all colonia census tracts eligible for duty to serve credit. The final rule takes effect July 1.
FFIEC releases 2023 HMDA reporting guide
On April 13, the OCC issued Bulletin 2023-10 announcing the Federal Financial Institutions Examinations Council’s issuance of the 2023 edition of the revised “A Guide to HMDA Reporting: Getting It Right!” The guide focuses on HMDA data submissions due March 1, 2024, and includes requirements and instructions for reporting and disclosing data for institutions and transactions covered by Regulation C. The guide also reflects a technical amendment to the 2020 HMDA Rule to adjust the loan volume thresholds (which took effect January 1) for reporting HMDA data on closed-end mortgage loans. As previously covered by InfoBytes, the CFPB issued the technical amendment last December to establish that the threshold for reporting data about closed-end mortgage loans is 25 mortgage loans in each of the two preceding calendar years, the threshold established by the 2015 HMDA Rule.
FDIC announces California and Tennessee disaster relief
On April 13, the FDIC issued FIL-15-2023 to provide regulatory relief to financial institutions and help facilitate recovery in areas of California affected by severe winter storms, straight-line winds, flooding, landslides, and mudslides that began February 21 and continue to affect the region. The FDIC acknowledged the unusual circumstances faced by affected institutions and encouraged those institutions to work with impacted borrowers to, among other things: (i) extend repayment terms; (ii) restructure existing loans; or (iii) ease terms for new loans, provided the measures are done “in a manner consistent with sound banking practices.” Additionally, the FDIC noted that institutions “may receive favorable Community Reinvestment Act consideration for community development loans, investments, and services in support of disaster recovery.” The FDIC will also consider regulatory relief from certain filing and publishing requirements and instructs institutions to contact the San Francisco Regional Office for consideration. The same day, the FDIC issued FIL-16-2023 to provide similar regulatory relief to financial institutions and help facilitate recovery in areas of Tennessee affected by severe storms, straight-line winds, and tornadoes between March 31 and April 1.
NYDFS to impose supervision fees on virtual currency licensees
On April 17, NYDFS announced the adoption of a final regulation establishing how certain licensed virtual currency businesses will be assessed for supervision and examination costs. Under 23 NYCRR Part 102, licensed virtual currency companies holding a Bitlicense will be assessed for their supervisory costs, similar to other licensees regulated by the Department. Last year, NYDFS first proposed a provision in the state budget authorizing the Department to collect supervisory costs from virtual currency businesses licensed pursuant to the Financial Services Law in order to add talent to its virtual currency regulatory team. (Covered by InfoBytes here.) NYDFS explained that the regulation will only apply to licensed virtual currency businesses and that the fees will only cover the costs and expenses associated with the Department’s oversight of a licensee’s virtual currency business activities. A licensee’s total annual assessment fee will be the sum of its supervisory component and its regulatory component, as defined in the regulation, and will be billed five times per fiscal year, once per quarter and a final true-up at the end of the fiscal year. The background to the final regulation notes that to the extent that a person holds multiple licenses to engage in virtual currency business activities, or concurrently acts as a money transmitter, such person will be billed separately for each license, adding that “[p]ersons who engage in virtual currency business activities as a limited purpose trust company or a banking organization will continue to be assessed under 23 NYCRR Part 101.” The final regulation takes effect upon publication of the Notice of Adoption in the New York State Register.