InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Senate Banking Committee holds hearing on account fees
On July 26, the Senate Banking Committee held a hearing regarding “fees and tactics impacting Americans’ wallets” in relation to financial services and the role of the CFPB in addressing harmful fees. Leading the hearing, Senator Raphael Warnock (D-GA), chairman of the committee, explained that some “excessively high” and unclear fees do not serve an economic value, referring to these as “junk fees.” Senator Warnock shared that 1/3 of households that do not use banks cite high fees as their reason for continuing without a bank account. Senator Thom Tillis (R-N.C.) criticized the CFPB’s attempts at avoiding the oversight of the Administrative Procedures Act in the rule-making process by mislabeling its actions. Tillis added that after the 2008 financial crisis, regulators emphasized the importance of overdraft revenue as, “an appropriate tool for ensuring the stability of the bank’s balance sheets.” He then criticized the shift in guidance, as the CFPB looks to reprimand banks who follow “the established prudential standards for the crime of listening to their previous federal regulators.” He also claimed that the Bureau does not have proper jurisdiction, resources, or staff to make such decisions.
Pennsylvania Attorney General Michelle Henry testified about recent enforcement actions she has taken, including a recently filed suit against a Wall Street private equity-owned installment lender, who allegedly charged consumers “junk fees” for low-value or valueless add-on products. Henry also mentioned entering into a settlement relating to a bank charging “junk fees” in connection with auto finance products. Brian Johnson, a financial regulatory compliance specialist and former deputy director of the CFPB, claimed that the agencies and the White House have failed to provide a consistent definition for the “junk fees” that could subject institutions to scrutiny, and criticized the CFPB, saying that it does not follow its own regulations and laws governing how agencies make rules by publishing interpretive rules as policy statements in bulletins. A final topic raised by Senator Tina Smith (D-MN) regarded land contracts and lease-to-purchase or rent-to-own agreements that she claimed can be exploitative towards underserved communities. Smith noted that such contacts are “designed to fail,” noting that more than 80 percent of the time, people lose all their equity because they do not make it to the last payment of the contract.
FCC warns provider to stop transmitting illegal robocalls
On August 1, the FCC’s Enforcement Bureau notified a gateway intermediate provider and originator that it is allegedly transmitting and originating illegal robocalls, which could result in the FCC permitting downstream service providers to block its traffic permanently if it fails to take action. The illegal robocalls allegedly involved attempts to engage with consumers by informing consumers of fake purchase orders or asking them to confirm their order. Noting that the provider is “closely connected” to two other entities that had previously received similar enforcement letters, the FCC warned that continually changing corporate formations and serving those same entities and related principals could constitute “willful attempts to circumvent the law to originate and carry illegal traffic.” Among other things, the provider is required to investigate the identified transmissions, block all of the identified traffic if the investigation confirms that the entity served as the gateway provider for the illegal transmissions, and report the results to the FCC’s enforcement bureau.
Fed’s annual report: cybersecurity risk management & emerging threats
On August 1, the Fed released its 2023 Cybersecurity and Financial System Resilience Report. Required annually by the Consolidated Appropriations Act, 2021, the report describes the measures the Fed has taken to strengthen cybersecurity within the financial services sector and its supervision and regulation of financial institutions and service providers across the past year. The report details the Fed’s activities in the space, including issuing regulations and guidance for supervised institutions, examining and monitoring supervised institutions’ risk management, and collecting data on relevant cybersecurity incidents. Recent actions highlighted in the report include the publication of an updated Cybersecurity Resource Guide for Financial Institutions, a proposal to update the operational risk management requirements in Regulation HH for systematically important financial market utilities, and final joint guidance issued in conjunction with the FDIC and OCC regarding banking organizations’ risk management of third-party relationships. The Fed also describes the steps it is taking to protect its own operations and assets from cybersecurity threats.
With respect to supervisory activities, the Fed notes that it “has observed improvement in cybersecurity practices over the past several years resulting from supervised institutions’ efforts to address supervisory findings as well as proactive steps taken by the institutions.” The report notes that the Fed is taking measures to address OIG recommendations relating to the effectiveness of its cybersecurity incident response process, including updating the cybersecurity incident response process’s mission and governance structure and enhancing guidance and training. The report describes the Fed’s close coordination with other participants in the global financial system in addressing cybersecurity risk, including domestic and international agencies, governance bodies, financial regulators, and industry.
Finally, the report describes current and emerging threats to the financial system, including (i) geopolitical tensions and accompanying cyberattacks; (ii) cyber-criminal activity involving ransomware as a service, targeting of authentication mechanism weaknesses, and collaboration among cyberthreat actors; (iii) increasing potential of a supply chain or third-party attack; (iv) cyber risks associated with third-party providers; (v) insider threats; and (vi) other emerging technology-related threats, such as risks inherent to machine learning and quantum computing capabilities.
SEC charges companies, founder for operating an unregistered exchange
On July 31, the SEC filed a complaint in the U.S. District Court for the Eastern District of New York against three cryptocurrency trading platforms and their founder for allegedly conducting unregistered offerings of crypto asset securities that raised more than $1 billion in crypto assets from investors. The SEC also claimed that the founder and one of the platforms fraudulently misappropriated at least $12 million of offering proceeds to purchase luxury goods including sports cars, watches, and diamonds.
According to the SEC’s complaint, as early as 2018 the defendants began marketing what they claimed to be the first high-yield “blockchain certificate of deposit,” and promoting tokens as an investment designed to make people “rich.” It is further alleged that from at least December 2019 through November 2020, the defendants offered and sold tokens in an unregistered offering and collected more than 2.3 million cryptocurrency units through “recycling” transactions that enabled the defendants to surreptitiously gain control of more tokens.
The complaint seeks injunctive relief, disgorgement of ill-gotten gains plus prejudgment interest, penalties, and other equitable relief.
ETF, founder to pay SEC $4.4M for misleading trustees
On August 1, the SEC settled for $4.4 million with an investment adviser and entities he founded (collectively, the “respondents”) on charges that they breached both their duty of care and duty of loyalty to their client, an exchange traded fund (ETF), in violation of the Investment Advisers Act and the Investment Company Act. As alleged in the settlement, the respondents needed funds to settle a substantial private litigation judgment, and to secure the funds to do so, committed to keep the client’s security lending business with the company providing the financing to the respondents. However, there were better offers on better terms from other securities lenders that could have provided millions more in revenue to the client, and the respondents did not disclose this information to their client or to the client’s independent trustees. In addition to the civil penalties, without admitting or denying the findings, respondents agreed to various non-monetary penalties, including cease-and-desist orders, an associational bar for the investment adviser and censures for the respondent entities.
Oregon enacts registration requirements for data brokers
On July 27, the governor of Oregon signed HB 2052 (the “Act”) into law, effective upon passage. The Act provides that a “data broker” cannot collect, sell or license brokered personal data within Oregon unless they first register with the Department of Consumer and Business Services. Brokered personal data includes, among other things, name (or the name of a member of the individual’s immediate family or household), data or place of birth, maiden name of the individual’s mother, biometric information, social security or other government-issued identification number, or other information that can “reasonably be associated” with the individual. A data broker does not include consumer reporting agencies, financial institutions, and affiliates or nonaffiliated third parties of financial institutions that are subject to Title V of the Gramm-Leach-Bliley Act, among others. There are certain exceptions to the requirement, including, among others, selling the assets of a business entity a single time, The Act stipulates a civil penalty in an amount less than or equal to $500 for each violation of Act or for each day in which violation continues. Civil money penalties are capped at $10,000 per calendar year.
DFPI concludes MTA licensure not required for data processor
On July 25, the California Department of Financial Protection and Innovation (DFPI) released a new opinion letter concluding that a company that merely receives payment instructions, orders, or directions to transmit money or monetary value does not constitute “receiving money for transmission” requiring licensure under the California Money Transmission Act (MTA).
Citing the California regulations, DFPI states that to “receive money for transmission,” a person must actually or constructively receive, take possession, or hold money or monetary value for transmission; merely receiving instructions, orders, or directions to transmit money or monetary value does not constitute “receiving money for transmission.”
As described in the letter, the data processor facilitated payments made by customers to contracting merchants in exchange for goods and services sold by merchants. The data processor forwards customer account and transaction details to partner financial institutions for debiting the customer’s account, and also facilitates refunds initiated by the merchants, including sending ACH instructions to the partner financial institution. However, the data processor at no point handles transferred funds or has custody or legal ownership of the rights to the transferred funds. DFPI, based on several factors and not solely limited to the services described, determined that the inquiring data processor’s payment system does not constitute money transmission or require an MTA license.
Payment processor fined $75k, partner owes $243M in CFPB suit
On July 31, the District Court for the Central District of California entered judgment in favor of the court-appointed receiver for defendants against the non-party provider of payment processing and escrow services to defendants and its managing member in the amount of $75,000, following a July 10 order requiring defendant to pay $243 million in redress and civil penalties. These judgments were entered in connection with the lawsuit filed by the CFPB, along with the Minnesota and North Carolina attorneys general, and the Los Angeles City Attorney, against a student loan debt relief operation for allegedly deceiving thousands of student-loan borrowers and charging more than $71 million in unlawful advance fees (covered by InfoBytes here).
The defendant companies and one of the controlling business partners settled in 2020, but the court ordered the remaining controlling business partner to pay $243 million in redress and civil penalties earlier in July based on his involvement in violating various laws through the operation, including the TSR and the CFPA. Of the $243 million, the CFPB is entitled to over $95 million as redress for unlawful fees paid by consumers affected by the student loan debt relief operation and nearly $148 million of civil money penalties, and Minnesota, North Carolina, and California are each entitled to $5,000 of civil money penalties. The recent judgment of $75,000 entered against the non-party payment processing service provider resulted from the settlement of a separate lawsuit alleging that the service provider facilitated the fraud perpetuated by the defendants in the student loan debt relief operation and later attempted to deceptively transfer consumer funds held by defendants to avoid their transfer to the receiver.
Judge grants MSJ in class action over disputed debt investigation
On July 28, the U.S. District Court for the Southern District of Alabama granted summary judgment in favor of a defendant third-party debt collector in an FCRA and FDCPA putative class action, holding that the defendant carried out a reasonable investigation following plaintiff’s dispute of the debt it had reported to credit reporting agencies (CRAs) and that the plaintiff failed to establish that the defendant knew or should have known that the debt was inaccurate or invalid. Defendant entered into an asset purchase agreement with another third-party debt collector and reported debts to credit reporting agencies under the name of the non-defendant third-party debt collector, including an account erroneously associated with plaintiff. When defendant received notice that plaintiff disputed the erroneous account information, defendant verified the account information in its system and provided by the CRA, asked the creditor to provide account documentation, and then requested that the CRAs delete their reporting of the account once the creditor failed to provide account documentation within the requested thirty-day period.
In relation to the FCRA claim, the court found that the defendant “did everything required by the FCRA in response to Plaintiff’s dispute” such that the plaintiff “failed to establish how this investigation was not reasonable” or in violation of the FCRA. The court also found that plaintiff “failed to show that any different result would have occurred had [defendant] conducted any part of its investigation differently.” Finally, plaintiff’s claim failed as a matter of law concerning defendant’s initial report of the debt to the CRAs because the defendant was not required under the FCRA to “investigate the validity of a debt before commencing to report on that account to the CRAs.” While the defendant was prohibited from reporting inaccurate consumer information, no private cause of action exists for violations of this initial reporting provision of the FCRA.
For the FDCPA claim, the court held that the plaintiff failed to establish that the defendant had knowledge that the debt it reported was not accurate or was otherwise disputed or invalid. Because the CFPB passed Regulation F in November 2021, after the events at question in this litigation, furnishing information regarding a debt to a CRA before communication with plaintiff was not unlawful at that time. Finally, the court found that plaintiff failed to timely assert that defendant violated the FDCPA provision prohibiting false, deceptive, or misleading representation by using the non-defendant third-party debt collector’s name when reporting the account to the CRAs because this allegation was not present in plaintiff’s complaint.
Tenant screening company subject to FHA
On July 26, a federal judge in the U.S. District Court for the District of Massachusetts ruled that a tenant screening algorithm is subject to the Fair Housing Act, including the FHA's ban on racial discrimination in housing. The court held that even though the company is not itself is not a landlord, as property owners allegedly relied solely on the company's decisions to deny prospective renters' applications, the company was effectively granting it authority to make housing decisions.
Plaintiffs alleged in an amended complaint that a tenant-screening service operated by the defendants violated the Fair Housing Act, 42 U.S.C. § 3604 and Massachusetts anti-discrimination and consumer protection laws. The Plaintiffs claimed that the services discriminate against holders of rental vouchers and applicants of certain races and income classes, in violation of the FHA, resulting in less housing availability, less favorable terms and conditions in rental agreements, and discriminatory provision of services in connection with housing, in each case based on race and national origin.
Defendants, in their respective motions to dismiss, argued that the FHA does not apply to a tenant-screening service, such as the defendant, because the service does not “make housing decisions.” In denying the motion to dismiss on this count, the court reasoned that the FHA provisions do not limit liability to people or entities that “make housing decisions” but rather “focuses on prohibited acts,” and reiterated that the Supreme Court has already held that “language of the Act is broad and inclusive.” The court observed that while housing providers are the typical target of FHA claims, other entities are often held liable under the Act. The court reasoned that the application of the FHA “beyond direct housing providers” is a “logical extension[] which effectuate[s] the purpose of the FHA,” as “a housing provider could simply use an intermediary to take discriminatory and prohibited actions on its behalf and defeat the purpose of the FHA.”
Massachusetts antidiscrimination laws, among other things, make it unlawful to discriminate in the “terms, conditions, or privileges” of the sale or rental of housing or provision of such services “to aid, abet, incite, compel or coerce the doing of any of the acts forbidden under this chapter,” which includes Sections 4(6) and 4(10). Plaintiffs allege that the discriminatory rental application process was facilitated by the tenant score produced by the defendants. The court held that the chapter is construed broadly and reiterated the Massachusetts Supreme Court finding that defendants who play a role in the tenant selection process may be held liable under certain sections even if they only “aid[ed] or abet[ted]” a violation of Section 4(10). As such, the court held that the plaintiff’s claims for disparate impact discrimination for race or source of income under both FHA and Massachusetts antidiscrimination laws were sufficient to survive the motion to dismiss.