InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
SDNY pilots new whistleblower program to protect individuals
On January 12, the SDNY launched its Whistleblower Pilot Program to protect individuals who report company wrongdoing from any future prosecution by the DOJ. The SDNY issued this program to encourage the “voluntary self-disclosure of criminal conduct” within white-collar practice areas undertaken in companies, exchanges, and financial institutions, among others. The program aims to reduce fraud or corporate failures affecting market integrity. Specifically, future whistleblowers who approach SDNY with a claim will enter into a non-prosecution agreement (NPA) only if the following conditions are met: the misconduct is not public and is not already known to the SDNY; the whistleblower discloses the information voluntarily, and is not in response to an inquiry or obligation; the whistleblower must assist in the investigation; the information is truthful; the whistleblower is not a government-elected or an appointed official, among others; and the whistleblower has not engaged in any criminal conduct. The policy also provides prosecutors and supervisors with factors to consider when deciding whether to enter into a NPA with a whistleblower.
HUD Secretary Fudge confirms interest in eliminating Mortgage Interest Premiums
On January 11, the Secretary for Housing and Urban Development, Marcia Fudge, testified at the House Financial Services Committee hearing on the Oversight of HUD and the FHA. Topics included qualification for housing programs by veterans, HUD efforts to support more affordable housing, and oversight of public housing authorities, among other things.
Secretary Fudge addressed the possibility of eliminating the Mortgage Insurance Premiums (MIP) from Federal Housing Administration (FHA) mortgages. Specifically, Rep. Brad Sherman (D-CA) asked Secretary Fudge whether she would be willing to eliminate MIPs, to which Secretary Fudge replied “Yes, I’m willing to look at it.” Rep. Gregory Meeks (D-NY) asked whether FHA insurance could follow the same model as private mortgage insurance, where the product is terminated after a certain amount of payment on the principal of the loan. In response, the Secretary replied positively with “I would love to see it happen.”
Fed’s OIG report on CFPB says training improvements needed to meet enforcement goals
Recently, the Office of Inspector General of the Federal Reserve Board released a report assessing the CFPB’s process for conducting enforcement investigations. The report makes two key recommendations. First, noting that the CFPB has not met its stated goal to file or settle 65 percent of its enforcement actions within two years, the OIG recommended that the CFPB Office of Enforcement incorporates the timing expectations for key steps in the enforcement process into the tracking and monitoring of matters. In addition, the Office of the Inspector General also recommended improvements to enforcement staff training on document maintenance and retention requirements for the CFPB’s matter management system. The report states that the recommendations were accepted by the CFPB, with a follow-up to ensure full implementation.
FTC bans data aggregator company from selling consumer data
On January 18, the FTC issued a complaint against a digital platform and data aggregator (the company) and ordered the company to no longer sell or license precise location data, among other requirements. As previously covered by InfoBytes, the FTC’s order followed a recent FTC decision against a data broker in which the FTC alleged the data broker’s contracts were “insufficient to protect consumers from the substantial injury” caused by location data collection as consumers visited sensitive locations, such as churches, healthcare facilities, and schools.
In this case, the company obtained large amounts of personal data on consumers’ demographic data, movements, and purchasing history and retained that information for five years. The company had applications and third-party apps that have been downloaded over 390 million times, leading to about 100 million unique devices sending location data each year to the company. Like the previous FTC order, this FTC order alleged the company collected sensitive information on where consumers live, work, and worship; where their children went to school; where they received medical treatment; and if they attended rallies or demonstrations. The FTC alleged that the company cross-references consumers’ data location histories with points of interest to advertisers, including offering a push notification about a product when a consumer is located near a store that sells that product.
The FTC alleged the company failed to notify users that consumers’ location data is used for targeted advertising. Additionally, the FTC alleged the company retains consumer data “longer than reasonably necessary” which the FTC argues could lead to future consumer injury. According to the FTC, these allegations constitute deceptive or unfair practices as prohibited by Section 5(a) of the FTC Act. Under the order, the company must not materially misrepresent how the company collects or uses consumers’ location data, the company must not sell or license location data, and the company must implement a sensitive location data program as proscribed by the order. The company must also delete all historical location data for all consumers which does not affirmatively consent to the continued retention of such data. The company neither admits nor denies any of these allegations.
CFPB, seven State AGs file suit against debt-relief company
On January 19, the CFPB and seven state attorneys general (Colorado, Delaware, Illinois, Minnesota, New York, North Carolina, and Wisconsin) announced a lawsuit against a debt-relief company, its subsidiaries, and its two individual owners (defendants) for allegedly facilitating an unlawful debt relief service. According to the complaint, the company used third parties to solicit consumers with large debts and direct them to contact defendants. The company then, allegedly, advised consumers to enroll in their debt-relief service that will negotiate reduced payoff amounts with consumers’ creditors and represent consumers. Additionally, individual defendants implicated in the action created law firms paired with one of the company’s subsidiaries, which performed little to no work on behalf of consumers, while non-attorney negotiators from the company were tasked with renegotiating a consumer’s debt. The CFPB and the AGs alleged that the company charges fees ($84 million since 2016) before and during the service, that left consumers with additional debt, lower credit scores, lawsuits with creditors, and had none of their original debts settled or reduced.
Among other things, the CFPB claimed the company violated the Telemarketing Sales Rule (TSR) by (i) charging advance fees before a consumer has made at least one payment under a debt settlement plan; (ii) collecting fees after settling some of a consumer’s debts when the fees are not proportional to the amount of debt defendant successfully settled or based on a fixed percentage of the amount saved; and, (iii) supporting its subsidiary law firms that the company knew or knowingly avoided knowing engaged in abusive acts or practices. The complaint sought permanent and preliminary injunctive relief, redress for consumers, and a civil money penalty. On January 11, the court granted the Bureau’s request for a temporary restraining order.
Washington Appeals Court disagrees with appellant in a class action data breach; affirms lower court’s decision
On January 8, the Washington State Court of Appeals affirmed superior court rulings granting final approval to a class action settlement, denying a motion to consolidate six class action lawsuits, and approving a class notice plan. According to the opinion, in 2021, the U.S. Department of Health and Human Services notified the respondent company, a nonprofit organization serving low-income individuals, of a data breach that exposed the social security numbers of 163,499 individuals. In 2022, appellant filed a class action lawsuit against the respondent company, one of six such separate class action lawsuits. The appellant filed a motion to consolidate the six pending class action lawsuits, which was denied. Subsequently, plaintiffs in one of the class action lawsuits signed a settlement agreement and release that would release, discharge, and bar all claims asserted in the other class action lawsuits and provide compensation anywhere from $100 to $25,000 to impacted individuals. The appellant plaintiff then filed the instant appeal alleging that the lower court abused its discretion by denying her motion to consolidate the six actions, that the class action plan failed to provide reasonable notice, and that the settlement was not fair, reasonable, or adequate because “the settlement is the product of collusion between the settling parties.” The appellate court disagreed and ultimately upheld the lower court’s rulings.
Student loan servicer fined $1.8 million by Massachusetts Attorney General
On January 11, the Massachusetts Attorney General (AG) announced a $1.8 million settlement with a student loan servicer, to resolve allegations that the company did not properly communicate Income-Driven Repayment (IDR) plan renewals to borrowers. According to the settlement, IDR plans are a “helpful tool for managing unaffordable federal student loan debt and avoiding the consequences of default… [and respondent] is required to follow specific procedures intended to ensure that borrowers are able to successfully navigate the enrollment and annual recertification processes required for IDR.” The AG alleged that the respondent violated state law by sending written notices that did not meet regulatory requirements and failed to send required notices.
Under the terms of the settlement, respondent will (i) pay $1.8 million; (ii) include certain disclosures in renewal notice correspondence to borrowers; (iii) comply with requirements for FFELP loans owned by the DOE and enrolled in certain repayment plans; (iv) clearly disclosure to certain borrowers that failure to timely provide certain information about income or family size will result in increased monthly payments; and (v) retain copies of each written communication that it sends to borrowers regarding their IDR plans. The student loan servicer enters into this agreement for settlement purposes only (without admission).
FINRA report covers new topics including cryptoassets
On January 9, FINRA released a report on regulatory oversight titled “2024 FINRA Annual Regulatory Oversight Report.” The report integrates FINRA’s regulatory operations programs as a source of information for firms to strengthen their compliance standards. The report outlines new topics, including Crypto Asset Developments, OTC Quotations in Fixed Income Securities, Advertised Volume, and the Market Access Rule.
With respect to Crypto Asset Developments, the report focuses on surveillance themes and effective practices including best practices for due diligence. On the topic of OTC Quotations in Fixed Income Securities, the report highlights amendments to the rules governing publication of quotations by broker-dealers in a quotation medium. Further, with respect to Advertised Volume, FINRA highlights Rule 5210, which prohibits member firms from publishing transactions that are not believed to be a bona fide purchase or sale of a security.
The report notes that the SEC’s Market Access Rule prohibits firms that provide market access from “jeopardiz[ing] their own financial condition.” Findings include insufficient controls and failure to consider additional data. Effective practices include pre-trade fixed-income financial controls and soft blocks, among others. The report also covers several other topics including Cybersecurity, AML Fraud and Sanctions, Reg BI and Form CRS, and Consolidated Audit Trail.
NYDFS offers guidance to insurers on AI models
On January 17, NYDFS issued a guidance letter on artificial intelligence (AI) intended to help licensed insurers understand NYDFS’s expectations for combating discrimination and bias when using AI in connection with underwriting. The guidance is aimed at all insurers authorized to write insurance in New York State and is intended to help insurers develop AI systems, data information systems, and predictive models while “mitigat[ing] potential harm to consumers.”
The guidance letter states that while the use of AI can potentially result in more accurate underwriting and pricing of insurance, AI technology can also “reinforce and exacerbate” systemic biases and inequality. As part of the letter’s fairness principles, NYDFS states that an insurer should not use underwriting or pricing technologies “unless the insurer can establish that the data source or model… is not biased in any way” with respect to any class protected pursuant to New York insurance law. Further, insurers are expected to demonstrate that technology-driven underwriting and pricing decisions are supported by generally accepted actuarial standards of practice and based on actual or reasonably anticipated experience. It was last noted that these rules build on New York Governor Hochul’s statewide policies governing AI.
New York State floats BNPL legislation in FY 2025 budget
On January 14, New York proposed its FY 2025 budget: Transportation, Economic Development and Environmental Conservation Article VII Bill, which includes an article, cited as the “Buy Now Pay Later Act” (the “Act”). The Act includes new licensing provisions, requiring buy now pay later (BNPL) financing providers (referred to as “lenders” within the Act) to pay a fee and file a written application to receive a license in order to provide BNPL loans. BNPL lenders would also be required to submit an affidavit of financial solvency, disclose their license on their website, app, or other consumer interface, and list the license in the terms and conditions of any BNPL loan offered and entered by the licensee. Licensees would also be subject to supervisory investigations. The Act would further require BNPL lenders to (i) maintain policies for ensuring the accuracy of data that may be reported to credit agencies; (ii) disclose certain loan terms; (iii) engage in limited ability-to-repay analyses; (iv) refrain from charging unfair, abusive, or excessive fees; and (v) abide by certain restrictions and disclosure requirements relating to the use of consumer data, among other things.