InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
OFAC sanctions evasion network supporting Russia’s military-industrial complex
On February 1, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced it is imposing “full blocking sanctions against 22 individuals and entities across multiple countries related to a sanctions evasion network supporting Russia’s military-industrial complex.” The sanctions, taken pursuant to Executive Order 14024, are part of the United States’ strategy to target sanctions evasion efforts around the globe, shut down key backfilling channels, expose facilitators and enablers, and limit Russia’s access to revenue to fund its war against Ukraine. “Targeting proxies is one of many steps that Treasury and our coalition of partners have taken, and continue to take, to tighten sanctions enforcement against Russia’s defense sector, its benefactors, and its supporters,” Deputy Secretary of the Treasury Wally Adeyemo said. The sanctions are part of Treasury’s ongoing commitment to the Russian Elites, Proxies, and Oligarchs Task Force, which identifies, freezes, and seizes assets of sanctioned Russians around the world, and leverages information sharing between international partners as well as key data from the Financial Crimes Enforcement Network.
As a result of the sanctions, all property and interests in property belonging to the sanctioned persons that are in the U.S. or in the possession or control of U.S. persons are blocked and must be reported to OFAC. Further, “any entities that are owned, directly or indirectly, 50 percent or more by one or more blocked persons are also blocked.” U.S. persons are prohibited from engaging in any dealings involving the property or interests in property of blocked or designated persons, unless exempt or authorized by a general or specific OFAC license. Prohibitions “include the making of any contribution or provision of funds, goods, or services by, to, or for the benefit of any blocked person and the receipt of any contribution or provision of funds, goods, or services from any such person.”
OFAC issues sanctions to counter narcotics trafficking
On January 30, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions pursuant to Executive Order 14059 against the leader of a Mexico-based network and two associates for procuring precursor chemicals to manufacture and traffic illicit narcotics to the United States. As a result of the sanctions, all property and interests in property belonging to the sanctioned persons subject to U.S. jurisdiction are blocked and must be reported to OFAC. Additionally, “any entities that are owned, directly or indirectly, 50 percent or more by one or more blocked persons are also blocked.” U.S. persons are also generally prohibited from engaging in any dealings involving the property or interests in property of blocked or designated persons.
DFPI takes action against five debt collectors
On January 30, the California Department of Financial Protection and Innovation (DFPI) announced enforcement actions against five separate debt collectors for unlicensed activity under the Debt Collection Licensing Act (DCLA) and unlawful and deceptive acts or practices in violation of the California Consumer Financial Protection Law (CCFPL). According to DFPI, the desist and refrain orders allege that the subjects engaged in a variety of different unlawful and deceptive practices, including, among other things: (i) engaging in debt collection in California without a license from the DFPI; (ii) attempting to collect a debt that a consumer did not owe; (iii) making unlawful threats to sue on debts; (iv) making false claims of pending lawsuits; and (v) failing to notify consumers of their right to request validation of debts. According to DFPI Commissioner Clothilde Hewlett, the agency has observed “an increase in fake debt collector scams in recent months,” and is “committed to rigorous, ongoing enforcement efforts to protect Californians from these deceitful practices.” The combined actions resulted in penalties totaling $120,000 and ordered the debt collectors to desist and refrain from violating the DCLA and CCFPL.
9th Circuit orders district court to reassess $7.9 million civil penalty against payments company
On January 27, the U.S. Court of Appeals for the Ninth Circuit ordered a district court to reassess its decision “under the changed legal landscape since its initial order and opinion” in an action concerning alleged misrepresentations made by a bi-weekly payments company. The Bureau filed a lawsuit against the company in 2015, alleging, among other things, that the company made misrepresentations to consumers about its bi-weekly payment program when it overstated the savings provided by the program and created the impression the company was affiliated with the consumers’ lender. In 2017, the district court granted a $7.9 million civil penalty proposed by the Bureau, as well as permanent injunctive relief, but denied restitution of almost $74 million sought by the agency. (Covered by InfoBytes here.) The company appealed the district court’s conclusion that it had engaged in deceptive practices in violation of the Consumer Financial Protection Act, while the Bureau cross-appealed the district court’s decision to deny restitution. The 9th Circuit consolidated the appeals for consideration.
During the pendency of the cross-appeals, the U.S. Supreme Court issued a decision in 2020 in Seila Law LLC v. CFPB, in which it determined that the director’s for-cause removal provision was unconstitutional but was severable from the statute establishing the Bureau (covered by a Buckley Special Alert). Following Seila, former Director Kathy Kraninger ratified several prior regulatory actions (covered by InfoBytes here), including the enforcement action brought against the company. At issue in the company’s appeal is whether the Bureau has authority to pursue its claims, including whether the agency’s funding mechanism is unconstitutional and whether its case is distinguishable from other actions and is entitled to dismissal for the Bureau director’s unconstitutional for-cause removal provision.
The appellate court declined to offer a position on these issues, and instead left them for the district court to consider. The 9th Circuit noted that since the district court’s 2017 order, “sister circuit courts have split” on the funding issue. “We vacate the district court’s order and remand, allowing it to reassess the case under the changed legal landscape since its initial order and opinion,” the appellate court wrote, directing the district court to “provide further consideration to [the company’s] argument on the constitutionality of the Bureau’s funding mechanism.” With respect to the Bureau’s appeal of the restitution denial, the 9th Circuit remanded the case to allow the district court to consider the effect CFPB v. CashCall and Liu v. SEC may have on the action (covered by InfoBytes here and here), as well as whether the agency “waived its claim to legal restitution by characterizing it only as a form of equitable relief before the district court.”
CFPB proposal targets late fees on cards
On February 1, the CFPB issued a notice of proposed rulemaking (NPRM) to amend Regulation Z, which implements TILA, and its commentary to better ensure that late fees charged on credit card accounts are “reasonable and proportional” to the late payment as required under the statute, the Credit Card Accountability Responsibility and Disclosure Act of 2009 (CARD Act). The NPRM would (i) adjust the safe harbor dollar amount for late fees to $8 for any missed payment—issuers are currently able to charge late fees of up to $41—and eliminate a higher safe harbor dollar amount for late fees for subsequent violations of the same type (a company would be able to charge above the immunity provision provided it could prove the higher fee is necessary to cover the incurred collection costs); (ii) eliminate the automatic annual inflation adjustment for the immunity provision amount (the Bureau would instead monitor market conditions and make adjustments as necessary); and (iii) cap late fees at 25 percent of the consumer’s required minimum payment (issuers are currently able to potentially charge a late fee that is 100 percent of the cardholder’s minimum payment owed).
The NPRM also seeks feedback on other possible changes to the CARD Act regulations, including “whether the proposed changes should apply to all credit card penalty fees, whether the immunity provision should be eliminated altogether, whether consumers should be granted a 15-day courtesy period, after the due date, before late fees can be assessed, and whether issuers should be required to offer autopay in order to make use of the immunity provision.” Comments on the NPRM are due by April 3, or 30 days after publication in the Federal Register, whichever is later.
According to the CFPB, the Federal Reserve Board “created the immunity provisions to allow credit card companies to avoid scrutiny of whether their late fees met the reasonable and proportional standard.” As a result, the CFPB stated that immunity provisions have risen (due to inflation) to $30 for an initial late payment and $41 for subsequent late payments, resulting in consumers being charged approximately $12 billion in late fees in 2020. Based on CFPB estimates, the NPRM could reduce late fees by as much as $9 billion per year. CFPB Director Rohit Chopra issued a statement commenting that the current immunity provisions are not what Congress intended when it passed the CARD Act.
The Bureau also released an unofficial, informal redline of the NPRM to help stakeholders review the proposed changes, as well as a report titled Credit Card Late Fees: Revenue and Collection Costs at Large Bank Holding Companies, which documents findings on the relationship between late fee revenue and pre-charge-off collection costs for certain large credit card issuers. According to the report, “revenue from late fees has consistently far exceeded pre-charge-off collection costs over the last several years.”
The NPRM follows several actions initiated by the Bureau last year, including a request for comments on junk fees, a research report analyzing credit card late fees, and an advance notice of proposed rulemaking that solicited information from credit card issuers, consumer groups, and the public regarding credit card late fees and late payments, and card issuers’ revenue and expenses (previously covered by InfoBytes here and here).
Senators exploring bank’s dealings with collapsed crypto exchange
On January 30, Senators Elizabeth Warren (D-MA), John Kennedy (R-LA), and Roger Marshall (R-KS) sent a follow-up letter to a California-based bank asking for additional responses to questions related to the bank’s relationship with several cryptocurrency firms founded by the CEO of a now-collapsed crypto exchange. As previously covered by InfoBytes, the senators pressed the CEO for an explanation for why the bank failed to monitor for and report suspicious transactions to the Financial Crimes Enforcement Network, and asked for information about how deposits it was holding on behalf of the collapsed exchange and related firm were being handled. The senators stressed that the bank has a legal responsibility under the Bank Secrecy Act to maintain an effective anti-money laundering program that may have flagged suspicious activity.
In the letter, the senators accused the bank of evading their previous questions in its December response, writing that while the bank’s answers confirm the extent of its failure to monitor and report suspicious financial activity, it failed “to provide key information needed by Congress to understand why and how these failures occurred.” The bank’s “repeated reference to ‘confidential supervisory information’” as a justification for its refusal to provide the requested information “is simply not an acceptable rationale,” the senators said. They also noted that the bank’s recent advance from the Federal Home Loan Bank of San Francisco—intended “to ‘stave off a further run on deposits’”—has introduced additional crypto market risks into the traditional banking system, especially should the bank fail. The bank was asked to explain how it plans to use the $4.3 billion it received.
The senators further commented that additional findings have revealed that neither the Federal Reserve nor the bank’s independent auditors were able to identify the “extraordinary gaps” in the bank’s due diligence process. The senators asked the bank to provide responses to questions related to its risk management policies, as well as how many safety and soundness exams were conducted, and whether any of the bank’s executives were “held accountable” for the failures related to the collapsed exchange, among other things.
Biden administration presents roadmap for mitigating crypto risks
On January 27, the Biden administration presented a roadmap for mitigating cryptocurrency risks to ensure that cryptocurrencies do not undermine financial stability, investors are protected, and bad actors are held accountable. At President Biden’s direction, the administration previously laid out a comprehensive framework for developing digital assets in a safe, responsible way that also identifies clear risks. (Covered by InfoBytes here.) The administration identified clear risks taken by some crypto entities, such as ignoring applicable financial regulations and basic risk controls, misleading consumers, having conflicts of interest, failing to provide adequate disclosures, or committing fraud. The roadmap also outlined actions taken by the federal banking agencies, including a recently issued joint interagency statement that highlighted key risks banks should consider when choosing to engage in crypto-related services and a notice of proposed rulemaking issued by the FDIC warning companies against making false or misleading claims about digital assets being insured by the agency (covered by InfoBytes here and here). The administration also noted that agencies across the government are developing public-awareness programs to help consumers understand the risks associated with digital assets.
The administration stressed, however, that further action is needed. Priorities for digital asset research and development will be unveiled in the coming months, the administration said, adding that Congress should also step up efforts in this space. This includes expanding regulators’ powers to prevent misuses of customers’ assets, “strengthen[ing] transparency and disclosure requirements for cryptocurrency companies so that investors can make more informed decisions about financial and environmental risks,” “strengthen[ing] penalties for violating illicit-finance rules and subject cryptocurrency intermediaries to bans against tipping off criminals,” and limiting crypto risks to the financial system by following steps outlined in a recent Financial Stability Oversight Council report (covered by InfoBytes here), the administration said.
FHA expands Covid-19 loss mitigation options
On February 13, HUD issued Mortgagee Letter 2023-03, which makes technical corrections to Mortgagee Letter 2023-02 issued in January that expanded and enhanced loss mitigation options for borrowers struggling to make payments on FHA-insured mortgages. The enhancements extend FHA’s Covid-19 loss mitigation options to all eligible borrowers, including non-occupant borrowers, who fall behind on mortgage payments, regardless of the cause of delinquency. Mortgage servicers must use FHA’s Covid-19 recovery loss mitigation “waterfall” of options to assess all borrowers who are in default (or at risk of imminent default). The enhancements also raise the maximum partial claim amount from 25 percent of the mortgage’s unpaid principal balance to the maximum 30 percent allowed by statute to help increase home retention. Mortgage servicers can also offer loss mitigation options to borrowers who qualified for or used homeowner assistance funds who may no longer technically be delinquent but require further assistance to avoid redefault. Additionally, the enhancements provide incentive payments to mortgage servicers when Covid-19 recovery options are successfully completed.
The availability of FHA’s Covid-19 loss mitigation options are extended for 18 months beyond the April 30 mandatory effective date for servicers to remove “uncertainties associated with the timing of the end of the National Emergency,” HUD explained, adding that “FHA is temporarily suspending the use of its FHA-Home Affordable Modification (FHA-HAMP) options concurrent with [Mortgagee Letter 2023-02]” in order to simplify loss mitigation options. Mortgage servicers may begin offering these options to borrowers immediately.
District Court denies certification and defendants’ motion for summary judgment in FDCPA class action
On January 26, the U.S. District Court for the Western District of Washington denied a plaintiff’s motion for class certification and denied motions for summary judgment from defendants in an FDCPA case stemming from a consent order between one of the defendants and the CFPB. As previously covered by InfoBytes, in September 2017, the CFPB announced it had filed a complaint in the U.S. District Court for the District of Delaware against a collection of 15 Delaware statutory trusts and their debt collector for, among other things, allegedly filing lawsuits against consumers for private student loan debt that they could not prove was owed or that was outside the applicable statute of limitations. According to the consent judgment, the trusts were required to pay at least $3.5 million in restitution to more than 2,000 consumers who made payments resulting from the improper collection suits, to pay $7.8 million in disgorgement to the Treasury Department, and to pay an additional $7.8 million civil money penalty to the CFPB. In addition, the trusts were required to: (i) hire an independent auditor, subject to the Bureau’s approval, to audit all 800,000 student loans in the portfolio to determine if collection efforts must be stopped on additional accounts; (ii) cease collection attempts on loans that lack proper documentation or that are time-barred; and (iii) ensure false or misleading documents are not filed and that documents requiring notarization are handled properly. A separate consent order issued against the debt collector orders the company to pay a $2.5 million civil money penalty to the CFPB.
According to the district court’s order, the plaintiffs, who were sued by the defendants for failing to pay their student loans, alleged that the defendants filed fraudulent, deceptive, and misleading affidavits in order to obtain default judgments. The plaintiffs sought to include a class of those residing in Washington for which the defendants sought to collect a debt allegedly owned by one of the trusts. The district court, however, was “unconvinced” that any of the questions would generate common answers on a class-wide basis. For example, the question of whether the defendants’ employees filed false or misleading affidavits “cannot be resolved in one stroke,” the district court said, because the plaintiffs “cannot show by a preponderance of the evidence that the documents Defendants used in every debt collection action suffered from the same alleged deficiencies.” With respect to the defendants’ summary judgment motion, the district court determined there were genuine issues of material fact regarding the alleged violations of the FDCPA and state law in Washington. The district court denied the defendants’ motion for summary judgment, noting noted that “[a]ttempts to collect debts with false affidavits and without the necessary documentation to prove the claims is unfair or unconscionable and involves false, deceptive, and/or misleading representations in violation of the FDCPA.”
FTC finalizes data-security order with ed tech provider
On January 27, the FTC finalized an order with an education technology (ed tech) provider which claimed that the provider’s lax data security practices led to the exposure of millions of users and employees’ sensitive information, including Social Security numbers, email addresses, and passwords. As previously covered by InfoBytes, due to the company’s alleged failure to adequately protect the personal information collected from its users and employees, the company experienced four data breaches beginning in September 2017, when a phishing attack granted a hacker access to employees’ direct deposit information. Claiming violations of Section 5(a) of the FTC Act, the FTC alleged the company failed to implement basic security measures, stored personal data insecurely, and failed to implement a written security policy until January 2021, despite experiencing three phishing attacks.
Under the terms of the final decision and order, the company (who neither admitted nor denied any of the allegations) is required to take several measures to address the alleged conduct, including: (i) implementing a data retention and deletion process, which will allow users to request access to and deletion of their data; (ii) providing multi-factor authentication methods for users to secure their accounts; (iii) providing notice to affected individuals; (iv) implementing a comprehensive information security program; and (v) obtaining initial and biennial third-party information security assessments. The company must also submit covered incident reports to the FTC and is prohibited from making any misrepresentations relating to how it collects, maintains, uses, deletes, permits, or denies access to individuals’ covered information.