Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On January 23, the OCC issued a notice of charges against five former senior executives for allegedly failing to adequately ensure a national bank’s incentive compensation plans regarding sales practices operated in accordance with bank policy. (See previous InfoBytes coverage here.) The relief sought by the OCC against these individuals could include a lifetime prohibition from participating in the banking industry, a personal cease and desist order, and/or civil money penalties. Under federal law, the individuals may request a hearing to challenge the allegations and relief sought by the OCC. The same day, the OCC also announced settlements with the bank’s former chairman/CEO, its former chief administrative officer and director of corporate human resources, and its former chief risk officer for their alleged roles in the bank’s sales practices misconduct. According to the OCC, the actions serve to, among other things, reinforce the agency’s expectations that management and employees of regulated entities comply with applicable laws and regulations.
On January 21, the OCC assessed a nearly $18 million civil money penalty against a national bank lender for alleged violations of the Flood Disaster Protection Act (FDPA). According to the OCC, the bank allegedly maintained FDPA policies and procedures which allowed the bank’s third-party servicer to extend the 45-day period after notification to the borrower that the flood insurance did not adequately cover the collateral. The OCC alleged that this resulted in the “untimely force placement of flood insurance” on loans secured by buildings or mobile homes located in special flood hazard areas. The bank agreed to pay the penalty without admitting or denying any wrongdoing.
On January 17, the FTC announced it had reached settlements with a number of defendants alleged to have operated “an unlawful credit repair scam that has deceived consumers across the country.” According to the FTC’s complaint, the defendants purportedly made false representations to consumers regarding their abilities to improve credit scores, falsely promised to remove any negative entries on the consumers’ credit reports, illegally collected upfront fees from consumers before the services were fully performed, and used threats and coercion to intimidate consumers from disputing charges. The FTC alleged these misleading statements and illegal actions violated TILA, the FTC Act, the Telemarketing Act, and the Credit Repair Organizations Act, among other things. Additionally, the FTC claimed that the defendants “routinely engage in electronic fund transfers from consumers’ bank accounts without obtaining proper authorization, and use remotely created checks to pay for credit repair services they have offered through a telemarketing campaign, in violation of the TSR.” The defendants, without admitting or denying the allegations, agreed to settlements that ban the defendants from offering credit repair services through “advertising, marketing, promoting, offering for sale, or selling,” impose a total monetary penalty of nearly $14 million, and require several defendants to turn over the contents of bank and merchant accounts as well as investment and cryptocurrency accounts. See the settlements here, here, and here.
On January 16, Democratic members of the House Financial Services Committee sent a letter to the Government Accountability Office (GAO) inquiring about the benefits and drawbacks of using alternative data in mortgage lending, as well as the federal government’s role in overseeing the use of alternative data credit reporting agencies (CRAs) and lenders. The letter notes that while alternative data can be useful in helping lenders identify creditworthy potential borrowers who cannot be scored by CRAs through traditional measures, questions remain about how the use of alternative data may affect compliance with fair lending laws, including the Equal Credit Opportunity Act and Fair Housing Act. “While some alternative data, such as rental payment history, may provide an objective measure of creditworthiness, others might enable discrimination on the basis of a protected class, or infringe upon consumer privacy,” the letter cautions. The letter asks GAO to study the use of alternative data in expanding access to credit, with a particular focus on mortgage credit, and poses the following questions:
- How have different entities used alternative data to expand access to mortgage credit? Specifically, can alternative data determine consumer creditworthiness and whether a consumer is able to repay a mortgage? Additionally, are there certain alternative data sources that are better at predicting creditworthiness or some that are more likely to raise concerns about correlations with discriminatory factors? Furthermore, what federal activity has there been in this space?
- What are the potential benefits and risks associated with using alternative data and financial technology for access to mortgage credit, and are there variations in these benefits and risks across different groups, including minorities and younger borrowers?
- What potential risks does alternative data pose to fair lending compliance, and are the regulatory and enforcement agencies that govern the credit-granting system equipped to manage and prepare for an increased use of alternative data in mortgage lending?
- How do the benefits and trade-offs of other options for expanding access to mortgage credit compare to the use of alternative data in credit scoring?
On January 16, the OCC released a list of recent enforcement actions taken against national banks, federal savings associations, and individuals currently and formerly affiliated with such entities. The new enforcement actions include formal agreements, prohibition orders, and terminations of existing enforcement actions against individuals and banks. Included among the actions is a formal agreement issued against an Illinois-based bank on December 18 for alleged unsafe or unsound practices relating to, among other things, consumer compliance. The agreement requires the bank to (i) establish a compliance committee to monitor the bank’s progress in complying with the agreement’s provisions; (ii) report such progress to the bank’s board on a quarterly basis; and (iii) implement a written consumer compliance program. This program must also include a policies and procedures manual that covers all consumer protection laws, rules, and regulations to which the bank should adhere, an independent audit program, and training of bank personnel in the consumer protection laws, rules, and regulations as appropriate.
On January 16, the FDIC and the OCC announced (FDIC FIL-3-2020, OCC Bulletin 2020-5) the issuance of a joint statement on risk management of current heightened cybersecurity risks. The statement reminds supervised financial institutions to maintain preventative controls and update and test incident response and business continuity plans. It also sets out best practices in these areas for supervised financial institutions.
The bulletin lists six “key controls” including:
- Response, resilience and recovery capabilities. Maintain system backups and segment data to prevent spread of malicious activity across the network and to increase recovery capabilities. Incident and business resilience plans should set out cyber attack response and business continuity procedures and a data backup program should be set up and regularly tested. Cyber insurance coverage may further mitigate cyber risk exposure.
- Identity and access management. Implement identity and access management controls to combat phishing attacks and prevent theft of login credentials. Incorporate risk-based authentication, limit user permissions, and continually monitor user accounts.
- Network configuration and system hardening. Configure networks with appropriate security settings that are regularly updated. Update anti-malware and routinely test network technology for vulnerabilities.
- Employee training. Provide continuous training to keep cybersecurity program employees abreast of new cyber threats and evolving social engineering tactics.
- Security tools and monitoring. Maintain competent cybersecurity staff or service providers to monitor for the most current “threat and vulnerability information,” regularly review audit logs, and establish and test ability to “detect and respond to attacks.”
- Data protection. Encrypt “sensitive and critical data,” which should also be accurately classified to ensure ease in identification.
On December 23, 2019, the New York Department of Financial Services issued an “Industry Letter” requesting that each NYDFS-regulated institution submit the institution’s plan for addressing the transition away from Libor-based credit, derivative, and securities exposures. The NYDFS letter has spurred additional focus by financial institutions in the issue, and not only by those regulated by NYDFS. This Client Alert summarizes the current state of play in Libor transition, and outlines some key considerations for developing a Libor transition plan.
* * *
Click here to read the full special alert.
If you have any Libor-related questions please contact a Buckley attorney with whom you have worked in the past.
On January 10, the FTC announced that it entered into two settlement agreements: one with a call center and two individuals, and one with an additional individual (together, “the settling defendants”) that it claims made illegal robocalls to consumers as part of a cruise line’s telemarketing operation allegedly aimed at marketing free cruise packages to consumers. According to the two settlements (see here and here), the settling defendants “participated in unfair acts or practices in violation of . . . the FTC Act, and the FTC’s Telemarketing Sales Rule [(TSR)]” by “(a) placing telemarketing calls to consumers that delivered prerecorded messages; (b) placing telemarketing calls to consumers whose telephone numbers were on the National Do Not Call Registry; and (c) transmitting inaccurate caller ID numbers and names with their telemarketing calls.” The defendants are permanently banned from making telemarketing robocalls, and have been levied judgments totaling $7.8 million, all but $2,500 of which has been suspended due to the defendants’ inability to pay.
Also on January 10, the FTC filed a complaint in the U.S. District Court for the Middle District of Florida against the remaining six defendants allegedly involved in the telemarketing operation, for violations of the FTC Act and TSR based on the same actions alleged against the settling defendants.
On December 26, the CFPB denied a petition by a student loan relief company to modify or set aside a civil investigative demand (CID) issued by the Bureau last October. According to the company’s petition, the CID requested information as part of an investigation into the company’s promotion of student loan debt relief programs. As previously covered by InfoBytes, stipulated orders were entered against the company by the FTC and the Minnesota attorney general for violations of TILA and the assisting and facilitating provision of the Telemarketing Sales Rule, which resulted in the company being permanently banned from engaging in transactions involving debt relief products and services or making misrepresentations regarding financial products and services. In its petition, the company argued that the CFPB’s requests were duplicative of the FTC’s earlier investigation. The company also argued that the documents and materials sought in the CID were overly burdensome and the time frame to respond was too short. Furthermore, the company stated that until the U.S. Supreme Court issues a decision in Seila Law v. CFPB on whether the Bureau’s structure violates the Constitution’s separation of powers under Article II, the CID should either be withdrawn or stayed because of the uncertainty surrounding the Bureau’s ability to proceed with enforcement actions.
The Bureau denied the petition, arguing that “the administrative CID petition process is not the proper forum for raising and deciding constitutional challenges to provisions of the Bureau’s statute.” The Bureau also noted that the company failed to show that it engaged with Bureau staff on ways to alleviate undue burden, such as proposing modifications to the substance of the requests, and that even though the Bureau proposed an extension to the CID deadline, the company did not seek such an extension.
On January 13, fifteen Democratic Senators, led by Senators Catherine Cortez Masto (D-NV) and Sherrod Brown (D-OH) sent a letter to the Inspector General of the Federal Reserve Board calling for an investigation into the CFPB’s restitution penalties levied against companies accused of wrongdoing. The Senators claim that the Bureau’s restitution approach “creates a perverse incentive for companies to violate the law by allowing them to retain all or nearly all of the funds they illegally obtain from consumers.” The letter asks the Inspector General to investigate four recent settlements to examine how the Bureau determines restitution awards and whether the applied standard for restitution differs from the standard applied by courts and in prior CFPB settlements.
Included among the examples of actions for which consumers were provided limited to zero restitution is a recent settlement with a debt collector accused of engaging in improper debt collection tactics. As previously covered by InfoBytes, the company agreed to pay $36,878 in redress to harmed consumers, limiting the restitution to “only those consumers who affirmatively ‘complained about a false threat or misrepresentation’” by the company, the Senators wrote. Specifically, the Senators seek to determine the number of consumers who may have been excluded from the settlement because they did not affirmatively complain about the company’s behavior. A second example highlights an action taken against a group of payday lenders that allegedly, among other things, misrepresented to consumers an obligation to repay loan amounts that were voided because the loan violated state licensing or usury laws. (Previously covered by InfoBytes here.) According to the Senators, the settlement “dropped the requests for restitution and other relief for victimized consumers.” The letter also references a report released last October by the House Financial Services Committee (covered by InfoBytes here) following an investigation into these particular settlements, in which the Bureau responded “that it did not seek restitution in these cases because it could not determine ‘with certainty’ which consumers had been harmed or the amount of the harm.”
- Andrew W. Schilling to moderate "Expectations of in-house counsel from their law firm partners" at the ACI's 7th Annual Advanced Forum on False Claims and Qui Tam
- Sasha Leonhardt to discuss "Cybersecurity basics for compliance staff" at a NAFCU webinar
- Buckley Webcast: Tips for navigating changes to the FHA recertification process
- Daniel P. Stipano to discuss "A 20/20 view on 2020’s legislative and regulatory outlook" at the ACAMS Anti-Financial Crime and Public Policy Conference
- Kari K. Hall and Michelle L. Rogers to discuss "Overdrafts and regulatory trends" at the CLE Alabama Banking Law Update
- Kathryn L. Ryan to discuss "Industry open forum session on NMLS usage" at the NMLS Annual Conference & Training
- Kathryn L. Ryan to discuss "Regulating innovative consumer lending products" at the NMLS Annual Conference & Training
- Daniel P. Stipano to moderate "Washington update" at the 17th Puerto Rican Symposium of Anti Money Laundering 2020 conference
- Melissa Klimkiewicz to discuss "Private flood insurance updates" at the MBA's Servicing Solutions Conference & Expo 2020
- APPROVED Checkpoint Webcast: CFL overview
- Sasha Leonhardt to discuss "MLA & SCRA" on a NAFCU webinar
- Daniel P. Stipano to discuss "Pathway of the SARs: Tracking trajectories of suspicious activity reports from alerts to prosecution" at the ACAMS moneylaundering.com 25th Annual International AML & Financial Crime Conference
- Daniel P. Stipano to discuss "Which bud’s for you? A deep-dive into evolving marijuana laws" at the ACAMS moneylaundering.com 25th Annual International AML & Financial Crime Conference