Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • Broker-dealer settles AML allegations with FINRA

    Financial Crimes

    On February 12, FINRA settled allegations with a Florida-based broker-dealer for failing to implement reasonable procedures requiring escalation of potentially suspicious trading activity. Closely following the SEC and DFPI’s recent enforcement action (covered by InfoBytes here), the company, without admitting or denying the allegations, agreed to pay a $700,000 fine to settle claims regarding its failure to effectively implement anti-money laundering (AML) programs. FINRA claimed that the company did not adequately equip its analysts to review and address trading alerts related to suspicious activities by customers, which could total up to 100 alerts per trading day. Additionally, the company allegedly lacked proper written procedures in connection with the acceptance and resale of low-priced securities as required to comply with Section 5 of the Securities Act of 1933 in violation of FINRA Rules. FINRA also noted that, despite being aware that improvements to the AML program were necessary as early as 2016, the company did not fully implement recommended improvements until March 2022. In issuing the fine, FINRA highlighted that the company was fined for similar AML violations back in 2011 and emphasized instances where the company’s analysts failed to escalate suspicious activity to the AML department in a timely manner, leading to regulatory inquiries and subpoenas regarding certain customers’ practices.

    Financial Crimes Broker-Dealer FINRA Anti-Money Laundering Enforcement

  • SEC to expand “dealer” definition after adoption of two rules

    Securities

    On February 6, the SEC announced its adoption of rules expanding application of the Securities Exchange Act of 1934 (the Exchange Act) to require market participants that “take on significant liquidity-providing roles” to register with the SEC as “dealers” under Sections 15(a) or 15C. In the introduction to the final rule, the SEC explained that “advancements in electronic trading across securities markets” have led to new market participants playing a larger role in market activity that was traditionally supplied by dealers. Additionally, as noted in the SEC’s Fact Sheet, the rules require such market participants to become members of a self-regulatory organization (SRO) and comply with federal laws. The SEC’s rule changes address the phrase “as part of a regular business” in sections 3(a)(5) and 3(a)(44) of the Exchange Act such that market participants that “take on significant liquidity-providing roles” are included in the statutory definition of “dealer” and “government securities dealer.” However, the final rules will exclude any person that has total assets of less than $50 million, or investment companies registered under the Investment Company Act of 1940, central banks, sovereign entities, and international financial institutions. The final rules will go into effect 60 days following Federal Register publication, and the compliance date will be one year after the effective date of the final rules.

    Securities Broker-Dealer Securities Exchange Act Securities Exchange Commission

  • SEC, DFPI charge unregistered crypto platform

    Securities

    On February 7, the SEC and DFPI announced charges against a Florida-based crypto platform, for failing to register the offer and sale of a crypto lending product that allowed U.S. investors to deposit or purchase crypto assets into an account in exchange for promised interest payments.  

    The SEC found that crypto asset accounts with the “interest feature” were offered and sold by the company as securities in the form of investment contracts but failed to register its offer and sale as required by law. Despite voluntarily halting the offering of the interest feature in 2022, the company agreed to pay a $1.5 million penalty to settle the SEC's charges. The SEC also noted that the company announced its intention to terminate all crypto-related products and services in the U.S. on February 22.   

    In addition, DFPI also entered a consent order with the platform to settle an investigation into the platform’s interest-earning program. The resolution is part of a multistate settlement facilitated by a task force led by California and Washington, comprising of eight state securities regulators. The investigation found that from 2020 through 2022, the platform engaged in the unregistered offer and sale of securities through its crypto interest-earning program. The platform offered the program to investors, allowing them to passively earn interest on crypto assets loaned to the platform. The platform maintained “total discretion” over revenue-generating activities to generate returns for investors, DFPI added. As part of the settlement with DFPI, the company agreed to pay a $1.5 million penalty to the DFPI on behalf of 51 U.S. jurisdictions, mirroring a similar settlement with the SEC for the same amount. 

    Securities DFPI SEC Registration Securities Exchange Commission Consent Order Digital Assets

  • District Court dismisses FDCPA class action lawsuit for lack of standing on alleged concrete injuries suffered

    Courts

    On January 31, the U.S. District Court for the Eastern District of New York dismissed an FDCPA class action lawsuit for lack of standing. According to the order, plaintiff alleged numerous violations of the FDCPA related to two debt collection letters sent to the plaintiff and his girlfriend. In September 2023, a debt collector (defendant) reportedly sent two letters to the plaintiff which allegedly did not contain the requisite information mandated by the FDCPA for communication with consumers, including validation and itemization details. One of the letters purportedly demanded payment by September 29, falling within the 30-day validation period. Additionally, plaintiff asserted that one of the letters was addressed to his girlfriend who bore no responsibility for the debt. Plaintiff claimed two concrete injuries: (i) the letters allegedly strained his relationship with his girlfriend, causing emotional distress; and (ii) due to the omission of critical information in the letters, plaintiff felt confused and uncertain about how to effectively respond.  

    In considering the plaintiff’s claims, the court discussed the elements required to state a claim for publicity given to private life and examines a specific case where such a claim was rejected by the court. It highlights that for such a claim to succeed, the matter publicized must be highly offensive to a reasonable person and not of legitimate public concern. Additionally, mere communication of private information to a single person typically does not constitute publicity, unless it has the potential to become public knowledge. Although Congress explicitly prohibits debt collectors from sharing consumer financial information with third parties, the court noted that it “does not automatically transform every arguable invasion of privacy into an actionable, concrete injury.” Therefore, the plaintiff's injury, as pleaded, was deemed insufficiently concrete for standing purposes. Regarding the second alleged injury, the court argued that confusion alone does not suffice as a concrete injury for standing purposes, and courts have determined that mere confusion or frustration does not qualify as an injury. Additionally, the court compared the case to other cases where plaintiffs had alleged confusion yet had also demonstrated further injuries.

    Courts FDCPA Class Action Consumer Finance Litigation Standing Debt Collection

  • Senate Banking Committee hearing on P2P payment scams calls for updates to EFTA definitions

    On February 1, the U.S. Senate Committee on Banking, Housing, and Urban Affairs held a hearing on “Examining Scams and Fraud in the Banking System and Their Impact on Consumers,” and invited three panelists to testify, including an attorney from a consumer law center and two vice presidents from banking associations. Chairman Sherrod Brown (D-OH) led the hearing by noting that peer-to-peer (P2) apps are a rising target among scammers, alongside a rise in check fraud. The Chairman noted a 2023 alert from FinCEN warning (as covered by InfoBytes here) of a surge in check fraud after a “drastic” rise in scams, and concluded with a statement that the P2P companies need “rules to make them” do better. Next, Ranking Member Senator Tim Scott (R-SC) called for the companies to spend more money developing security technologies to protect consumers from fraud. Sen. Scott then called for better education in financial literacy to learn about scams and methods. 

    At the hearing, Mr. John Breyault noted that reported losses from P2P payment platforms nearly doubled from $87 million in 2020 to $163 million in 2022. Mr. Breyault asked Congress to play a larger role in preventing fraud on P2P platforms and urged the passage of the Protecting Consumers from Payment Scams Act (which would expand EFTA’s definition of unauthorized electronic fund transfer to cover fraudulently induced payments). Ms. Carla Sanchez-Adams, in her testimony, asserted the entire burden of payment fraud should not fall on the customers and advocated for an updated Electronic Funds Transfer Act that protects consumers from fraudulently-induced transactions. She testified that receiving institutions should have more responsibility, and called for anti-fraud policies that protect consumers from having their accounts frozen, among others. Mr. Paul Benda testified to similar points: he called for an increase in consumer education and the closure of regulatory loopholes to stop impersonation scams. He testified in favor of improved information sharing and enhanced collaboration with law enforcement and regulators.  

    Bank Regulatory Peer-to-Peer Fraud Senate Banking Committee EFTA U.S. Senate Federal Issues

  • CFPB secures $12 million after decade-old complaint against foreclosure relief scam company

    Federal Issues

    On February 8, the CFPB announced the resolution of an enforcement action, begun in 2014, against a foreclosure relief operation that allegedly violated Regulation O. After a decade of court orders, opinions, and appeals, on February 5, 2024, the defendants and the CFPB jointly agreed to the dismissal of their respective appeals and on February 7, 2024, the Seventh Circuit dismissed the parties’ appeals. The final settlement required the defendants to pay $10.9 million in consumer redress and a $1.1 million penalty. The enforcement action notes that the defendants remain “subject to the bans” under the district court’s 2022 order. 

    The CFPB had alleged that the defendants violated Reg. O by taking payments from consumers for (i) mortgage modifications before they signed an agreement from their lender; (ii) failing to make required disclosures; (iii) directing consumers not to contact lenders; and (iv) making deceptive statements to consumers. As previously reported by InfoBytes, the CFPB and the Florida Attorney General obtained a judgment against this group in May 2015 for parallel violations.  

    Federal Issues CFPB Enforcement Foreclosure Regulation O Seventh Circuit Appellate

  • SEC charges alleged hedge fund with defrauding $1.2 million from investors

    Financial Crimes

    On February 2, the SEC issued a complaint which charged a company for allegedly raising $1.2 million from 15 investors through an offer and sale of fraudulent securities for a hedge fund. The company raised this money from 2017-2018 and offered securities that would be used to form a hedge fund and invest in crypto-assets using “specific” investment strategies. (The company ostensibly managed the hedge fund, but the hedge fund never appeared to be created.) 

    The company made several misrepresentations which the SEC claimed violated Section 17(a) of the Securities Act of 1933 and Section 10(b) and Rule 10b-5 of the Securities Exchange Act of 1934. These alleged misrepresentations included the founder’s background and education, the demand for and size of the proposed hedge fund, and the investment scheme to grow a return for investors. The investors were given an investor pitch deck that put forth the hedge fund’s terms, investment strategy, and management team. Then, the investors gave a minimum investment of $1 million; however, the hedge fund investors were offered the opportunity to invest for less than $1 million through a separate entity.  

    Through this, the SEC alleged that the company violated the federal securities law and put forth two claims for relief. The SEC permanently enjoins the company from issuing, buying, offering, or selling any security, including crypto-assets. No civil monetary judgment has been offered. 

    Financial Crimes SEC Securities Cryptocurrency Enforcement

  • Washington State Attorney General wins two suits under medical billing practices

    State Issues

    On February 1, the Attorney General from Washington State successfully sued a large healthcare group to pay over $158 million for settlement of funds under the state’s Consumer Protection Act (CPA). The Washington AG stated that the healthcare group violated state law which requires hospital management to notify patients about financial assistance and to screen them for eligibility before trying to collect payment. The healthcare group has been ordered to pay $20.6 million in patient refunds and will forgive $137.2 million in medical debts; it will also pay $4.5 million to cover the attorney general’s costs. Among others, the consent decree includes several injunctions to be engaged in or refrained from for five years, including maintaining charity care policies, and not collecting payment for medical services unless presented with either of two stated stipulations. Lastly, the consent decree states that if the healthcare group violates a condition, it would have to pay up to $125,000 per violation. The defendants do not admit the allegations of the complaints filed in the first lawsuit from February 2022. 

    Similarly, on February 2 the Washington AG successfully entered into a motion for partial summary judgment against a medical debt collection agency working within the healthcare group for sending 82,729 debt collection notices under the Collection Agency Act (CAA). The court agreed with the AG’s finding that the agency’s debt collection notices failed to make the required disclosures under the CAA. Damages have not yet been awarded. 

    State Issues Medical Debt FDCPA Washington State Attorney General

  • Connecticut Attorney General reports on Connecticut Data Privacy Act

    State Issues

    On February 1, Connecticut’s Attorney General (AG) released a report on the Connecticut Data Privacy Act (CTDPA) including information on the law and how the state enforces it. Enacted in May 2022, the CTDPA is a comprehensive consumer data privacy law which took effect on July 1, 2023. The CTDPA gives consumers in Connecticut a set of rights regarding their personal information and privacy standards for businesses handling such data. Connecticut residents can: (i) see what data companies have on them; (ii) ask for corrections on inaccurate information; (iii) request the deletion of their data; and (iv) choose not to have their personal information used for selling products, targeted advertisements, or profiling. The report noted that within the first six months the CTDPA has been in effect, the AG issued dozens of violations towards a number of information requests. It added that companies generally responded positively to the notices and updated quickly their privacy policies and consumer rights mechanisms. According to the report, while some companies initially went below the CTDPA threshold, they made changes to meet it later while a few went beyond identified areas in the notices by strengthening their disclosures. 

    The report also mentioned that beginning on January 1, 2025, businesses are required to acknowledge universal opt-out signals, reflecting consumers’ choice to opt out of targeted advertising and the sale of personal data. This mandatory provision was emphasized during Connecticut's legislative process to alleviate the consumer burden, and it has been enacted into law. Finally, the report discusses possible expansions and clarifications to the CTDPA for the legislature to consider.  

    State Issues Connecticut State Attorney General Privacy, Cyber Risk & Data Security

  • Trade associations sue OCC, FDIC, and Federal Reserve on their Proposed Rules for the CRA

    Courts

    On February 5, a group of trade, banking, and business associations filed a class-action complaint for injunctive relief against the OCC, Federal Reserve, and FDIC (the Agencies) for their enforcement of the new rulemaking (the Rule) implementing the Community Reinvestment Act of 1977 (CRA). The plaintiffs argued that the Rule creates a “wholesale and unlawful change” to a successful fifty-year-old statute. After listing several problems, the plaintiffs requested the Court to “enjoin, hold unlawful, vacate, and set aside” the Rule; additionally, plaintiffs requested the Court declare that the Rule violates the CRA and the Administrative Procedures Act. 

    As previously covered by InfoBytes, the Rule was approved by the Agencies on October 24, 2023, published in the Federal Register on February 1, 2024, and would take effect on April 1, 2024. The plaintiffs state that the new regulatory rules are “extraordinarily and unnecessarily complex” since they require a “staggering” 649 pages. (An FDIC Vice Chairman was quoted as labeling the rules as “by far the longest rulemaking the FDIC has ever issued.”) In detail, the plaintiffs support their claims by pointing out the Rule creates different performance tests that differ “radically” from the previous regulatory framework, e.g., the Retail Lending Test is a two-part test, and that each of these tests includes “multiple sub-parts and sub-parts of sub-parts” that create complexity in the Rule. Banks will be given two years (until January 1, 2026) to comply with the Rule. Plaintiffs argue that banks must act immediately, citing the OCC’s own words that the estimated compliance costs are over $90 million during the first year. 

    The plaintiffs argue the Rule violates the APA by exceeding the Agencies’ statutory authority by “assessing banks on their responsiveness to credit needs outside of their geographic deposit-taking footprint” (Count I), and by issuing a rule that is arbitrary and capricious by failing to give reasonable notice of the areas and products that will be assessed and the market benchmarks against which performance will be evaluated; failing to conduct an adequate cost benefit analysis; and failing to consider the implications of the Rule (Count II). 

    Courts OCC FDIC Federal Reserve CRA Administrative Procedure Act

Pages

Upcoming Events