InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
District Court orders crypto platform and its CEO to disgorge and pay penalty in SEC case
On July 5, the U.S. District Court for the Southern District of New York ordered a crypto platform and its CEO to each pay a civil money penalty of $141,410, as well as to jointly pay disgorgement in the same amount, in a case brought by the SEC. The SEC filed a complaint in February 2021 alleging that the defendants violated the registration provisions of the Securities Act of 1933 in connection with their offer and sale of digital asset securities. According to the SEC, the defendants sold digital asset securities to hundreds of investors, including investors based in the United States, but failed to file a registration statement for the offering. The complaint further charged the defendants with denying prospective investors the material information required for such an offering to the public. The SEC alleged that the defendants raised at least $141,410 through their offering.
Neither defendant responded to the complaint, and the court accordingly entered an order of default against the defendants, permanently enjoining the defendants from violating the registration provisions of the Securities Act. The court also referred the case to a magistrate judge to make a recommendation regarding disgorgement and penalties. The magistrate judge concluded—and the court agreed—that there were sufficient facts supporting the SEC’s allegations against the defendants and that disgorgement and civil monetary penalties were appropriate remedies. In addition to the civil monetary penalty of $141,410 per defendant, the court held the defendants jointly and severally liable for disgorgement of $141,410 plus pre-judgment interest.
District Court orders individual to pay $148 million in student debt-relief scam
On July 7, the U.S. District Court for the Central District of California entered a final judgment and order against an individual defendant accused of operating and controlling a deceptive student loan debt relief operation. As previously covered by InfoBytes, in 2019, the CFPB, along with the Minnesota and North Carolina attorneys general and the Los Angeles City Attorney (together, the “states”), announced an action against the student loan debt relief operation for allegedly deceiving thousands of student loan borrowers. The Bureau and the states alleged that since at least 2015, the debt relief operation violated the Consumer Financial Protection Act (CFPA), Telemarketing Sales Rule (TSR), FDCPA, and various state laws by charging and collecting over $95 million in illegal advance fees from student loan borrowers. In addition, the Bureau and the states claimed that the debt relief operation engaged in deceptive practices by misrepresenting the purpose and application of the fees they charged and the nature and benefits of their services. Specifically, the debt relief operation allegedly failed to inform borrowers that, among other things, (i) they would request that the loans be placed in forbearance and interest would continue to accrue during the forbearance period, thereby increasing the borrowers’ overall loan balances; and (ii) it was their practice to submit false information about the borrowers to student loan servicers to try to qualify borrowers for lower monthly payments. The individual defendant was accused of owning, controlling, and managing the student loan debt relief operation, materially participating in the operation’s affairs, and providing substantial assistance or support while knowing or consciously avoiding knowledge that the operation was engaging in illegal conduct.
The individual defendant was held liable, jointly and severally, in the amount of approximately $95,057,757, for the purpose of providing redress to affected borrowers. Because the individual defendant was found to have recklessly violated the TSR and the CFPA, the court also imposed second-tier civil monetary penalties of $147,985,000 to the Bureau, of which $5,000 will be paid to each state. The final judgment also imposes various forms of injunctive relief, including permanent bans on engaging in consumer financial products or services and violating the TSR, CFPA, and similar laws in Minnesota, North Carolina, and California. The individual defendant is also prohibited from disclosing, using, or benefiting from customer information obtained in connection with the offering or providing of the debt relief services, and may not “attempt to collect, sell, assign, or otherwise transfer any right to collect payment from any consumer who purchased or agreed to purchase” a debt relief service from any of the defendants.
Fed vice chair calls for higher capital for large banks
On July 10, Federal Reserve Board Vice Chair for Supervision Michael S. Barr delivered remarks at the Bipartisan Policy Center outlining proposed updates to capital standards. As part of his holistic review of capital standards for large banks, Barr concluded that the existing approach to capital requirements—including risk-based requirements, stress testing, risk-based capital buffers, and leverage requirements and buffers—was sound. He stated that the changes he proposes are intended to build on the existing foundation. Barr’s proposed updates include: (i) updating risk-based requirement standards to better reflect credit, trading, and operational risk, consistent with international standards adopted by the Basel Committee; (ii) evolving the stress test to capture a wider range of risks; and (iii) improving the measurement of systemic indicators under the global systemically important bank surcharge. Barr stated that at this time he was not recommending changes to the enhanced supplementary leverage ratio.
Barr also proposed implementing changes to the risk-based capital requirements, referred to as the “Basel III endgame,” which are intended to ensure that the U.S. minimum capital requirements require banks to hold adequate capital against their risk-taking. These proposed changes include: (i) with respect to a firm’s lending activities, the proposed rules would terminate the practice of relying on banks’ own individual estimates of their own risk and would instead adopt a more transparent and consistent approach; (ii) regarding a firm’s trading activities, the proposed rules would adjust the way that the firm measures market risk, better aligning market risk capital requirements with market risk exposure and providing supervisors with improved tools; and (iii) for operational losses, such as trading losses or litigation expenses, the proposed rules would replace an internal modeled operational risk requirement with a standardized measure.
Barr recommended that these enhanced capital rules apply only to banks and bank holding companies with $100 billion or more in assets. He emphasized that the proposed changes would not be fully effective for some years due to the notice and comment rulemaking process, and that any final rule would provide for an appropriate transition.
FHFA proposes amendments to strengthen Suspended Counterparty Program
On July 7, the FHFA issued a notice of proposed rulemaking and announced that it is seeking feedback on a proposed rule to amend the Suspended Counterparty Program (SCP) regulation. The SCP regulation currently requires FHFA-regulated entities to report to FHFA if they became aware of certain forms of misconduct committed within the past three years by individuals or institutions they do business with. The SCP regulation also grants FHFA the authority to issue orders directing the regulated entities to cease or refrain from doing business with certain counterparties.
According to FHFA Director Sandra L. Thompson, the proposed rule aims to strengthen FHFA’s ability to protect its regulated entities from business risks associated with misconduct, enabling them to continue serving as reliable sources of liquidity. The proposed rule would specifically authorize the suspension of business between regulated entities and counterparties who are found to have committed misconduct in the context of civil enforcement actions in connection with the management or ownership of real property. Furthermore, the proposed rule would allow FHFA to immediately suspend business without prior notice when misconduct has resulted in debarment, suspension, or limited denial of participation imposed by a federal agency. Comments on the proposed rule are due within 60 days of publication in the Federal Register.
FTC bans operators of auto-warranty scam
On July 6, the FTC announced that it reached an agreement on a stipulated order to resolve a lawsuit against the operators of a telemarketing scam that pitched “extended automobile warranties” to hundreds of thousands of consumers nationwide. The stipulated order, which has been approved by the U.S. District Court for the Southern District of Florida, imposes a lifetime ban against a consulting group and its owner from any outbound telemarketing business and any involvement with extended automobile warranty sales. In February 2022, the FTC sued several companies—including the consulting group and its owner—in connection with their alleged involvement in the telemarketing scam, alleging that they had defrauded consumers out of millions of dollars. The complaint alleged that the companies made numerous unsolicited calls, falsely claiming to be affiliated with vehicle manufacturers and inaccurately promoting their products as offering comprehensive “bumper-to-bumper” protection.
In addition to the lifetime ban, the stipulated order includes a monetary judgment of $6.5 million, which is partially suspended based on the defendants’ alleged inability to pay. The FTC reached a separate settlement with three of the other original defendant companies and their owners in March 2023.
Illinois amends mortgage licensing provisions
On June 30, HB 2325 (the “Act”) was signed by the Illinois governor to amend The Residential Mortgage License Act of 1987. According to the amendments, residential mortgage licensees in Illinois must register every physical office where they conduct business with the Secretary of Financial and Professional Regulation. However, they are allowed to permit mortgage loan originators to work from a remote location if certain conditions are fulfilled. Conditions include but are not limited to: (i) the licensee must have written policies and procedures for supervising remote mortgage loan originators; (ii) access to company platforms and customer information must comply with the licensee's information security plan; (iii) mortgage originators' residences cannot be used for in-person customer interactions unless the residence is a licensed location; (iv) physical records cannot be stored at remote locations; and (v) electronics used at remote locations must be able to securely access the company’s systems. Moreover, "remote location" is not considered a full-service office as defined by the regulations. If the loan originator works remotely, their primary office is the office registered on the Nationwide Multistate Licensing System and Registry record, unless they choose another licensed branch.
The Act is effective January 1, 2024.
Nevada requires licenses for EWA providers
The Nevada governor recently signed SB 290 (the “Act”) outlining several requirements for providers of earned wage access (EWA) products. EWA products allow individuals to access their earned income before receiving their regular paycheck. To operate such services in Nevada, providers must obtain a license from the Nevada Commissioner of Financial Institutions. The licensing requirements apply to both “employer-integrated” services, where the provider receives verified data directly from the employer or the employer’s payroll service to deliver unpaid wages, and “direct-to-consumer” services where the provider delivers unpaid wages after verifying the earned income based on data not obtained from the employer or their payroll service. Notably, the Act specifies that EWA products are not loans or money transmissions under Nevada law and are not subject to existing laws governing these products. The Act outlines application and fee requirements (licenses will be issued via the Nationwide Multistate Licensing System and Registry) and requires licensed EWA providers to submit annual reports to the commissioner by April 15 of each year.
Providers of EWA products are also subject to certain prohibitions, which include: (i) sharing any fees, voluntary tips, gratuities, or other donations with an employer; (ii) the use of credit reports or credit scores to determine eligibility for an EWA service; (iii) the imposition of late fees or penalties for nonpayment by users; (iv) the reporting of a user’s nonpayment to a consumer reporting agency or a debt collector; (v) coercion of users to make payments through civil action; and (vi) restrictions on using a third-party collector or debt buyer to pursue collections from a user.
Additionally, EWA providers must, among other things, (i) implement policies and procedures to respond to questions and complaints raised by users (responses must be provided within 10-business days of receipt); (ii) disclose to the user his or her rights, as well as all related fees, prior to entering an agreement; (iii) allow users to cancel their EWA agreements at any time without being charged a fee; (iv) conspicuously disclose that any tips, gratuities, or donations paid by the user do not directly benefit any specific employee of the EWA provider or any other person (providers must also allow users to select $0 as an amount for such a tip); (v) comply with the EFTA when seeking payment of outstanding proceeds, fees, or other payments from a user’s depository account; and (vi) reimburse users for any overdraft or non-sufficient funds fees incurred as a result of the provider attempting to collect payment on a date earlier than disclosed to the user or in an amount different from what was disclosed.
On or before September 30, the commissioner is required to prescribe application requirements. EWA providers who were engaged in the offering of EWA services as of January 1, 2023, may continue to provide services until December 31, 2024, if the provider submits an application for licensure by January 1, 2024, and otherwise complies with the Act’s provisions. The Act becomes effective immediately for the purpose of adopting any regulations and performing any preparatory administrative tasks that are necessary to carry out the provisions of the Act and on July 1, 2024, for all other purposes.
Connecticut implements measures for auto-renewals
On June 28, the Connecticut governor signed HB 5314 (the “Act”), enacting measures relating to automatic renewal offers and consumer agreements. The Act, among other things, includes newly defined terms such as “automatic renewal provision.” The Act stipulates that any business that enters into a consumer agreement that contains an automatic renewal or continuous services provision must provide various consumer notices and enable any consumer who enters into such an agreement online to terminate online. Notices include a description of the actions the consumer must take to terminate, and if disclosed electronically, a link or other electronic means. Also, to be disclosed before renewal, in any consumer agreement containing an automatic renewal provision, must be the amount of the recurring charge and the amount of the change if the charges are subject to change (if such change in amount is known by the business). The business must further disclose the length of the term for such an agreement, unless the consumer chooses the length of the term, as well as any minimum purchase obligations and contact information for the business. The business must also establish a means for communication with consumers, such as email, toll-free phone number, or website if the agreement is contracted online. The Act also stipulates the nature of the disclosures for consumers before entering such an agreement, before the business makes a material change to the terms of the agreement, and before a consumer enters an agreement that offers a gift or free trial period. Additionally, the Act provides that no person doing business can impose any charge or fee for providing bills to consumers in paper form.
The Act is effective October 1.
Texas enacts data broker requirements
The Texas governor recently signed SB 2105 (the “Act”) to regulate data brokers operating in the state. The Act defines a “data broker” as “a business entity whose principal source of revenue is derived from the collecting, processing, or transferring of personal data that the entity did not collect directly from the individual linked or linkable to the data.” The Act’s provisions apply to data brokers that derive, in a 12-month period, (i) more than 50 percent of their revenue from processing or transferring personal data, or (ii) revenue from processing or transferring the personal data of more than 50,000 individuals, that was not collected directly from the individuals to whom the data pertains. Among other things, the Act requires covered entities to post conspicuous notices on websites or mobile applications disclosing that they are a data broker. Data brokers must also register annually with the secretary of state and pay required fees. Additionally, data brokers must implement a comprehensive information security program to protect personal data under their control and conduct ongoing employee and contractor education and training. Data brokers are required to take measures to ensure third-party service providers maintain appropriate security measures as well.
The Act does not apply to deidentified data (provided certain conditions are met), employee data, publicly available information, inferences that do not reveal sensitive data that is derived from multiple independent sources of publicly available information, and data subject to the Gramm-Leach-Bliley Act. Additionally, the Act does not apply to service providers that process employee data for a third-party employer, persons or entities that collect personal data from another person or entity to which they are related by common ownership or control where it is assumed a reasonable consumer would expect the data to be shared, governmental entities, nonprofits, consumer reporting agencies, and financial institutions.
The Texas attorney general has authority to bring an action against a data broker that violates the Act and impose a civil penalty in an amount not less than the total of “$100 for each day the entity is in violation,” as well as the amount of unpaid registration fees for each year an entity fails to register. Penalties may not exceed $10,000 in a 12-month period. By December 1, the secretary of state is required to promulgate rules necessary to implement the Act. The Act is effective September 1.
Connecticut establishes rules for virtual currency kiosks
On June 27, the Connecticut governor signed HB 6752 (the “Act”) to establish certain requirements for owners or operators of virtual currency kiosks in the state. Among other things, the commissioner has the authority to establish regulations, forms, and orders that govern the use of digital assets, such as virtual currencies and stablecoins, by regulated entities and individuals. When adopting, amending, or rescinding any such regulation, form, or order, the commissioner may consult with federal financial services regulators, regulators from other states, as well as other stakeholders and industry professionals to promote the consistent treatment and handling of digital assets. Definitions for “virtual currency address,” “virtual currency kiosk,” and “virtual currency wallet” have also been added.
The Act further provides that prior to engaging in an initial virtual currency transaction with a customer, the owner or operator of a virtual currency kiosk is required to provide clear and conspicuous written disclosures in English regarding the material risks associated with virtual currency. These disclosures should cover several key points, including a prominent and bold warning acknowledging that losses resulting from fraudulent or accidental transactions may not be recoverable, transactions in virtual currency are irreversible, and that the nature of virtual currency may lead to an increased risk of fraud or cyber-attack. Disclosures must also address a customer’s liability for unauthorized virtual currency transactions, a customer’s right to stop payment for a preauthorized virtual currency transfer (along with the process to initiate a stop-payment order), and circumstances in which the owner or operator will disclose information regarding the customer’s account to third parties, unless required by a court or government order. Additionally, customers must be provided upfront information relating to the amount of the transaction, any fees, expenses, and charges, and any applicable warnings. It is the responsibility of the owner or operator of a virtual currency kiosk to ensure that every customer acknowledges the receipt of all disclosures mandated by the Act, and to provide receipts upon completion of any virtual currency transaction. The Act is effective October 1.