InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
DOJ seizes $9 million in crypto from criminal scammers
On November 21, the DOJ seized nearly $9 million in stablecoins from cryptocurrency scammers after the criminals exploited over 70 victims. The DOJ seized stablecoins, a certain crypto asset pegged to a central bank’s currency, tied to the U.S. dollar. The scammers employed a long-con technique called “pig butchering” which is a tactic to build and exploit a victim’s trust over time by creating fake romantic enticements meant to swindle victims into handing over money. The criminals targeted and convinced victims to “make cryptocurrency deposits by fraudulently representing that the victims were making investments with trusted firms and cryptocurrency exchanges.”
The DOJ was able to trace the stolen funds based on the funds’ cryptocurrency addresses as part of a money laundering technique known as “chain hopping… used to ‘layer’ the proceeds of criminal activity into new cryptocurrency ecosystems, all to obfuscate the… ownership of those proceeds.” The DOJ worked with the U.S. Secret Service to trace the victim’s deposits, and it was originally alerted from victim reports made on the FBI’s Internet Crime Complaint Center and the FTC’s Consumer Sentinel Network.
FTC approves measures for compulsory process use for AI-related products and services
On November 21, the FTC approved an omnibus resolution in a 3-0 vote, allowing the use of compulsory processes in nonpublic inquiries involving products and services produced or claimed to be produced by artificial intelligence (AI). This resolution aims to streamline the FTC staff's issuance of civil investigative demands (CIDs), in AI-related investigations while maintaining the Commission's authority to decide when CIDs are necessary. This resolution remains valid for 10 years.
FHFA reports no internal control weaknesses FY 2023 performance report
On November 15, FHFA released its annual performance report, titled “FHFA FY 2023 Performance and Accountability Report” to detail how it regulated the FHLBank system, as well as Fannie Mae and Freddie Mac, during the past fiscal year. The report refers to its FY 2022-2026 Strategic Plan with the goals of securing the safety of regulated entities, fostering equitable housing finance markets, and stewarding FHFA’s infrastructure. For FY 2023, FHFA identified 35 performance targets to help guide it toward achieving its strategic goals. Of the 35 targets, the FHFA met 31 of them––an 89 percent success rate. Table 2 from page 15 of the report displays the goals and ones that have not been met, including (i) “Improve Time-to-Hire” within 80 days; and (ii) “Develop FHFA Information Technology Strategic Plan” by the time the report had been published.
Looking forward, FHFA wishes to implement an “Enterprise Fair Lending Rating System to annually assess each Enterprise’s compliance with fair lending and fair housing standards.” For fintech initiatives, FHFA will publish a summary on Velocity TechSprint, a problem-solving event with “mortgage industry leaders and fintech entrepreneurs to address mortgage market issues.”
NY Fed highlights an increase in unsecured loans from fintech firms in report, primarily among subprime lenders
On November 21, the Federal Reserve Bank of New York released a report on the rise and then contraction of unsecured personal loans from 2019 to 2023 for nonbank or fintech companies, and the role of alternative data and underwriting in that growth.
The report looked at how the economic conditions from 2019 to 2022 “created an ideal environment for FinTech firms to increase their loan originations.” It specifically noted that the U.S. government-issued stimulus payments and student loan repayment moratorium enabled fintech companies to expand their services to low- and moderate-income borrowers, including those with subprime credit. The report also looked at fintech’s role in that growth, what consumer segments are utilizing unsecured personal loans, the overall growth of the products, and the subsequent tightening of credit. Finally, the NY Fed discussed various fintech models and analyzed which models service the needs of low- and moderate-income households.
FTC orders prison contractor to fix security exposures after data breach
On November 16, the FTC issued a proposed order against an integrated technology services company finding a violation of Section 5(a) of the Federal Trade Commission Act. According to the order, the company offered various products and services to jails, prisons, and detention facilities. These products and services included means of communication between incarcerated and non-incarcerated individuals, and, among other things, allowed non-incarcerated individuals to deposit funds into the accounts of incarcerated individuals. According to the complaint, and due to the nature of its operations, the company collected individuals’ sensitive personally identifiable information, including names, addresses, passport numbers, driver’s license numbers, Social Security numbers, and financial account information, some of which was exposed as a result of a data breach in August 2020 due to a misconfiguration in the company’s cloud storage environment.
In its decision, the FTC ordered the company to, among other things, (i) implement a comprehensive data security program, including “change management” measures and multifactor authentication; (ii) notify users affected by the data breach, who had not yet received notice, and offer credit monitoring and identity protection products; (iii) inform consumers and facilities within 30 days of future data breaches; and (iv) notify the FTC within 10 days of reporting any security incident to local, state, or federal authorities.
CFPB report on FDCPA highlights medical debt collection issues
On November 16, the CFPB released its annual Fair Debt Collection Practices Act report, which highlighted challenges specific to medical debt collection. For example, 8,500 complaints were submitted in 2022 related to medical debt collection and described problems such as collectors billing for services never received, collecting the wrong amounts, miscommunication with insurance companies or financial assistance programs, or placing bills on credit reports without prior consumer contact. The report emphasized collectors may violate federal law when they pursue inaccurate medical bills and stressed the need for medical debt collectors to comply with the Fair Debt Collection Practices Act, the No Surprises Act, and the Fair Credit Reporting Act.
The report also includes developments in state law regarding medical debt collection, including recent legislation in Colorado, New York, Maine, and Nevada. Additionally, the report contains sections related to supervision of debt collection activities, enforcement actions, education and outreach initiatives, rulemaking, and research and policy initiatives.
CFPB’s Chopra testifies at Senate Banking Committee hearing
On November 30, the Director of the CFPB, Rohit Chopra, testified during the Senate Banking Committee’s hearing on the Bureau’s Semi-Annual Report to Congress. The Senate Banking Committee questioned Chopra on the Bureau’s oversight of financial institutions providing benefits under the Servicemembers Civil Relief Act (SCRA), medical debt collection, so-called “junk fees,” and the increasing popularity of buy now, pay later (BNPL) products.
In response to questions regarding SCRA, Director Chopra stated that the CFPB estimates that fewer than 10% of servicemembers receive the 6% pre-service rate cap on loans as required by the SCRA. In response to a question on BNPL popularity, Chopra noted there was a high amount of BNPL usage on Black Friday, and the CFPB plans on creating basic consumer protection standards.
Director Chopra stated that the CFPB is developing rules or researching potential activity in several areas, including: (i) reporting certain medical debts to the credit bureaus; (ii) BNPL standards; and (iii) protecting consumer data, particularly in the context of credit reporting.
CFPB releases its spring 2023 semi-annual report
The CFPB recently issued its semi-annual report to Congress covering the Bureau’s work for the period beginning October 1, 2022 and ending March 31, 2023. The report, which is required by Dodd-Frank, includes, (i) a list of significant rules and orders (including final rules, proposed rules, pre-rule materials, and upcoming plans and initiatives); (ii) an analysis of consumer complaints, (iii) lists of public supervisory and enforcement actions, (iv) assessments of actions by state regulators and attorneys generals related to consumer financial law; (v) assessment of fair lending enforcement and rulemaking; and (vi) an analysis of efforts to increase workforce and contracting diversity.
SEC charges crypto firm for failing to register and mitigate risk factors
On November 20, the SEC filed a complaint in the U.S. District Court of the Northern District of California against a crypto trading platform, which allows customers to buy and sell crypto assets through an online market, for allegedly acting as an unregistered securities exchange, broker, dealer, and clearing agency. The SEC is also claimed defendant’s business practices, internal controls, and recordkeeping were inadequate and presented additional risks to consumers, that would also be prohibited had defendant been properly registered with the commission. For instance, the SEC cited practices including commingling billions of dollars of consumers’ cash and crypto assets with defendant’s own crypto assets and cash, which defendant’s 2022 independent auditor identified as “a significant risk of loss."
Director of the SEC’s Division of Enforcement, Gurbir S. Grewal said, “[Defendant’s] choice of unlawful profits over investor protection is one we see far too often in this space, and today we’re both holding [defendant] accountable for its misconduct and sending a message to others to come into compliance.”
The SEC seeks to (i) permanently enjoin defendant from violating Section 5 and section 17A of the Exchange Act; (ii) permanently enjoin defendant from offering or selling securities through crypto asset staking programs; (iii) disgorge defendant’s allegedly illegal gains and pay prejudgment interest; and (iv) impose a civil money penalty.
IOSCO releases report advising country regulators on crypto asset regulation
On November 16, the International Organization of Securities Commissions (IOSCO) released a report titled “Policy Recommendations for Crypto and Digital Asset Markets” for centralized financial bodies to put forth parallel, global policies on crypto assets, including a country’s stablecoin.
IOSCO’s report aims to protect retail investors from illegal crypto-asset market activities, including regulatory non-compliance, financial crime, fraud, market manipulation, and money laundering that have led to investor losses. The report puts forth 18 policy recommendations summarized within six key themes: conflicts from firms doing too much at once; market manipulation, insider trading, and fraud; cross-border risks and regulatory cooperation; operational and technological risks; and retail access, suitability, and distribution. ISOCO maintains its principles on global regulation are within the “same activities, same risks, same regulation/regulatory outcomes.” IOSCO also mentioned it plans on releasing a second report on decentralized finance before the year’s end.