InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
OFAC settles with international financial institution
On June 20, the U.S Treasury Department’s Office of Foreign Assets Control (OFAC) announced a settlement with a Latvia-based bank—a subsidiary of an international financial institution headquartered in Sweden—to resolve potential civil liability stemming from OFAC’s Crimea sanctions. According to OFAC’s web notice, in 2015 and 2016, a shipping industry client of the Latvia-based subsidiary bank made 386 transactions totaling over $3 million through its e-banking platform from a Crimea-based IP address to persons in Crimea, which were processed through U.S. correspondent banks. OFAC alleges that in 2016, the client attempted to make a payment to a U.S. correspondent bank from a Crimea-based IP address, but after the payments were rejected and the bank was reassured by the client that the transactions did not involve Crimea, the bank rerouted the payment through a different U.S. correspondent bank. OFAC alleges that the bank had client onboarding information that the client had a physical presence in Crimea, so the bank had reason to know that the transactions in fact involved Crimea. OFAC also accused the bank of not integrating the client’s IP data into its sanctions screening processes.
In arriving at the $3.4 million settlement amount, OFAC considered, among other things, that the bank willfully violated U.S. sanctions by not self-disclosing the violations, which is required as a third party. According to the OCC, the bank failed to exercise due caution or care in neglecting to account for the client’s presence in Crimea, and instead solely relied on the client’s reassurances when it possessed contradictory information. OFAC also claimed that the bank had many customers in Crimea, and therefore had reason to know the origin of the payments it was processing. OFAC also considered several mitigating factors, including that: (i) the bank has not received a penalty notice from OFAC in the preceding five years; (ii) the bank and the financial institution took remedial action; and (iii) the bank and the financial institution cooperated with OFAC’s requests for information.
OFAC said that this action “demonstrates the importance of implementing and maintaining effective, risk-based sanctions compliance controls, especially for sophisticated financial institutions operating in proximity to high-risk regions.” OFAC added that this case also demonstrates the importance of undertaking reasonable efforts to investigate red flags. Finally, OFAC noted that this matter underscores the importance of remaining vigilant against efforts by entities based in Crimea, Russia, and other high-risk countries seeking to evade sanctions and elude compliance controls.
Texas has new licensing requirements for digital-asset platforms
In June, the Texas governor signed HB 1666 (the “Act”) to add practice restrictions to digital asset service providers, defined as electronic platforms that facilitate the trading of digital assets on behalf of a digital asset customer and maintain custody of the customer’s digital assets. The Act applies to a digital asset service provider conducting business in Texas that holds a money transmission license and either services more than 500 digital asset customer in the state or has at least $10 million in customer funds. Digital asset service providers are required to comply with certain provisions in order to obtain and maintain a money transmission license including provisions relating to the commingling of funds, customer access to funds, accounting requirements, annual reporting requirements. The Texas Department of Banking has the authority to suspend and revoke a license if these requirements are not met and may impose a penalty for violations of the Act. The commissioner also has examination authority and may promulgate rules to administer and enforce the Act’s provisions. The Act is effective September 1. Certain financial institutions and entities not required to hold a money transmission license are exempt.
Louisiana amends virtual currency licensing
On June 13, the Louisiana governor signed SB 185 (the “Act”), which amends provisions relating to the regulation and licensure of virtual currency businesses and is effective immediately. The Act adds and amends several definitions, including “acting in concert,” “affiliate,” “blockchain,” “mining,” “non-fungible token,” “responsible individual,” “unsafe or unsound act or practice” “virtual currency business activity,” and “virtual currency network.” With respect to licensure, the Act now requires applicants to provide a copy of their business plan, detailing, among other things, the anticipated volume of virtual currency business activities in the state, the expected number of virtual currency locations (including kiosks) in the state, and information on surety bonds and tangible net worth. Applicants must also provide audited financial statements and certificates of coverage for each liability, casualty, business interruption, and cybersecurity insurance policies (applicable policies for affiliates, agents, and control persons are required as well) with respect to an applicant’s virtual currency business activities. The Act also adds numerous licensing conditions and includes new requirements relating to background checks/criminal records/character fitness and fees and costs. Applicants will now be required to provide their financial services-related regulatory history, including information concerning money transmission, securities, banking, insurance, and mortgage-related industries. The Act extended the time that the state’s office of financial institutions has after the completion of an application to notify an applicant of its decision from 30 days to 60 days. If the office denies a license application, an advanced change of control notice, or an advanced change of responsible individual notice, an applicant has 30 days to appeal. Information on submitting annual licensing renewal applications, as well as guidance on providing appropriate disclosures is also included.
Furthermore, the Act outlines provisions to protect residents’ assets, including prohibitions on selling, transferring, and assigning virtual currency and commingling assets belonging to a resident with assets belonging to a licensee. Also stipulated within the Act are authorities granted to the commission relating to examinations, investigations, and enforcement activity, as well as the authority to coordinate and share information and conduct joint examinations with other state regulators of virtual currency business activities.
Unregistered crypto platform to pay $1.8 million to New York
On June 15, the New York attorney general announced a settlement with a Hong Kong-based cryptocurrency platform to resolve allegations that the company failed to register as a securities and commodities broker-dealer and falsely represented itself as a crypto exchange. The respondent’s platform enables investors to buy and sell cryptocurrency. An investigator was able to create an account on the platform using a New York-based IP address to buy and sell tokens even though the respondent was not registered with the state. (Under New York law, securities and commodities brokers are required to be registered.) The respondent is ordered to refund more than one million dollars to investors and pay more than $600,000 to the state. According to the settlement, investors will receive their refunds in the form of cryptocurrency within 90 days. Additionally, the respondent must cease operating in the U.S., and implement geoblocking to prevent New York IP addresses from accessing its platform. The platform is also banned from offering, selling, or purchasing securities and commodities in New York, and must send weekly emails to its investors in New York, advising them to withdraw their funds from their accounts, or their funds will be transferred to the AG’s office. “Unregistered crypto platforms pose a risk to investors, consumers, and the broader economy,” the AG said, further warning of the serious consequences to other crypto platforms that do not follow New York law. This settlement follows other crypto-related legislation and suits from the New York AG (covered by InfoBytes here).
Colorado amends GAP requirements
The Colorado governor recently signed HB 23-1181 (the “Act”) to codify and amend rules relating to guaranteed asset protection (GAP) agreements (designed to relieve “all or part of a consumer’s liability for the deficiency balance remaining, after the payment of all insurance proceeds,” upon the total loss of a consumer’s motor vehicle that served as collateral for a loan). In addition to adding new definitions and outlining exemptions, the Act also, among other things, (i) establishes conditions, notices, and provisions that must be included in order to offer, sell, provide or administer a GAP agreement in connection with a consumer finance agreement; (ii) establishes that the maximum fee that may be charged for a GAP agreement must not exceed four percent of the amount financed in the consumer credit transaction or $600, whichever amount is greater; (iii) provides that a creditor may contract for, charge, and receive only one GAP fee as part of an agreement regardless of the number of co-borrowers, co-signers, or guarantors; (iv) lays out the process for calculating a deficiency balance and how much a consumer is owed in the event of a total loss; (v) establishes requirements in the event a GAP agreement is cancelled; (vi) details when a consumer must submit a GAP agreement claim after a total loss; and (vii) prohibits the sale of a GAP agreement in specific circumstances.
The Act is effective January 1, 2024, and applies to GAP agreements entered into on or after this date.
CFPB opposes Texas bankers’ request to delay small biz lending rule
The CFPB recently asked a district court in the 5th Circuit to deny a proposed injunction which would delay the implementation of its small-business lending data collection rule, arguing that plaintiffs have failed to establish standing or meet the requirements for preliminary relief. As previously covered by InfoBytes, plaintiffs (including a Texas banking association and a Texas bank) sued the Bureau, challenging the agency’s final rule on the collection of small business lending data. The small business lending rule, which implements Section 1071 of the Dodd-Frank Act, requires financial institutions to collect and provide to the Bureau data on lending to small businesses with gross revenue under $5 million in their previous fiscal year.
Plaintiffs explained in their complaint that the goal of invalidating the final rule is premised on the argument that it will drive from the market smaller lenders who are not able to effectively comply with the final rule’s “burdensome and overreaching reporting requirements” and decrease the availability of products to customers, including minority and women-owned small businesses. Plaintiffs also argued that the final rule is invalid because the Bureau’s funding structure is unconstitutional and that certain aspects of the final rule allegedly violate various requirements of the Administrative Procedure Act. Last month, plaintiffs filed a preliminary injunction motion asking the court to enjoin the final rule and stay the compliance deadlines.
Claiming plaintiffs failed to establish standing for preliminary relief, the Bureau argued that the Texas bank has not demonstrated that it would even have to comply with the final rule. The Bureau further maintained plaintiffs have also not satisfied all four factors required for preliminary relief, including that plaintiffs “have not shown that irreparable harm is imminent or that the balance of equities favors the requested relief,” which would lead to the postponement of reporting requirements mandated by Congress more than ten years ago. With respect to the funding structure constitutionality concerns raised by plaintiffs, the Bureau argued that “even assuming that [p]laintiffs have shown a likelihood of ultimately succeeding on the merits … that factor standing alone would not be enough to warrant preliminary relief.” The Bureau asked the court to, at a minimum, tailor any relief to apply only to plaintiffs and members who would face imminent harm absent such relief.
7th Circuit: Insurer required to cover BIPA defense
On June 15, the U.S. Court of Appeals for the Seventh Circuit upheld a district court’s ruling requiring an insurance company to defend an Illinois-based IT company against two putative class actions alleging violations of the Illinois Biometric Information Privacy Act (BIPA). The insurance company sued for a declaration that, under its business liability insurance policy, it has no obligation to indemnify or defend the IT company in the two class actions. Class members alleged the IT company acted as a vendor for a company that “scraped” more than 3 billion facial scans and converted them into biometric facial recognition identifiers, which were then paired to images on the internet and sold via a database to the Chicago Police Department, in violation of BIPA.
The insurance company’s policy bars coverage for any distribution of material in violation of certain specific statutes or in violation of “[a]ny other laws, statutes, ordinances, or regulations” and asserted that this catch-all provision includes BIPA. The district court disagreed, ruling that the language of the policy’s statutory violations exclusion was “intractably ambiguous” and did not explicitly bar coverage of the underlying suits.
On appeal, the 7th Circuit agreed that the district court was correct in determining that a plain-text reading of the insurance policy’s “broad” and ambiguous catch-all coverage exclusion for “personal or advertising injury” would “swallow a substantial portion of the coverage that the policy otherwise explicitly purports to provide.” The 7th Circuit held that “the broad language of the catch-all exclusion purports to take away with one hand what the policy purports to give with the other in defining covered personal and advertising injuries.”
Although the 7th Circuit considered whether there was a “common element” related to privacy in the enumerated statutes that could be read to include BIPA, ultimately the appellate court determined that nothing in the exclusion language “points to privacy as the focus of the exclusion.”
7th Circuit: No causation in FCA claims against mortgage servicer
On June 14, the U.S. Court of Appeals for the Seventh Circuit affirmed a district court’s grant of summary judgment in favor of a defendant mortgage servicer, holding that while the plaintiff had sufficient proof of materiality with respect to alleged violations of the False Claims Act (FCA), plaintiff failed to meet her burden of proof on the element of causation. Plaintiff (formerly employed by the defendant as an underwriter) alleged the defendant made false representations to HUD in the course of certifying residential mortgage loans for federal insurance coverage. She maintained that HUD would not have endorsed the loans for federal insurance if it had known defendant was not satisfying the agency’s minimum underwriting guidelines. Defendant moved for summary judgment after the district court excluded the bulk of plaintiff’s “expert opinion,” arguing that plaintiff could not meet her evidentiary burden on the available record. The district court sided with defendant, ruling that as a matter of law, plaintiff could not prove either materiality (due to the lack of evidence that would allow “a reasonable factfinder to conclude that HUD viewed the alleged underwriting deficiencies as important”) or causation (the false statement caused the government’s loss).
On appeal, the 7th Circuit explained that to show proximate causation, plaintiff was required to identify evidence indicating that the alleged false certifications in reviewed loans were the foreseeable cause of later defaults, as defaults trigger HUD’s payment obligations. The appellate court noted that “it is not clear how a factfinder would even spot the alleged false statement in each loan file, let alone evaluate its seriousness and scope.” Without further evidence indicating how defendant’s alleged misrepresentations caused subsequent defaults, the plaintiff’s claims could not survive summary judgment.
However, the 7th Circuit disagreed with the district court’s reasoning with respect to materiality under the FCA. Although the district court held that plaintiff had failed to establish materiality, the appellate court determined that because HUD’s regulations “provide some guidance, in HUD’s own voice, about the false certifications that improperly induce the issuance of federal insurance, and those are precisely the false certifications present here” there was enough evidence to “clear the summary judgment hurdle” on this issue.
District Court: Servicer’s QWR responses did not violate RESPA
The U.S. District Court for the Western District of Washington recently granted summary judgment in favor of a defendant mortgage servicer related to alleged RESPA violations concerning qualified written requests and notices of error. Plaintiff entered into a permanent loan modification for which she made timely payments until she applied for new financing. One year later, plaintiff noticed a deferred principal balance that she claimed was not listed on her 2019 loan modification agreement. Plaintiff asserted that she called seeking to have the deferred principal balance removed and sent a notice of error (NOE) letter to the defendant, claiming, among other things, that the loan documentation did not mention the deferred amount. Defendant acknowledged the NOE and timely responded that the modification agreement included the deferred principal balance.
In granting defendant’s motion for summary judgment, the court held that while plaintiff’s allegations “are framed as a RESPA violation … [p]laintiff’s true concern is that [defendant] misrepresented the terms of the 2019 loan modification.” The defendant, however, complied with RESPA by providing “a statement of the reasons for which the servicer believes the account of the borrower is correct as determined by the servicer,” and plaintiff’s “disagreement with the servicer’s determination does not create a claim under RESPA.” Further, the court found that the deferred principal balance was in fact included on the executed loan modification agreement, and that the plaintiff did not suffer any actual harm under RESPA or otherwise.
FDIC revises NSF guidance
On June 16, the FDIC updated its Supervisory Guidance on Multiple Re-Presentment NSF Fees to clarify its supervisory approach for addressing violations of law. This new guidance, FIL-32-2023, updates FIL-40-2022 (originally issued last August and covered by InfoBytes here), which warned supervised financial institutions that charging customers multiple non-sufficient funds (NSF) fees on re-presented unpaid transactions may increase regulatory scrutiny and litigation risk. The FDIC noted that since the issuance of FIL-40-2022, the agency has received additional data relating to the amount of consumer harm associated with NSF fees at particular institutions, as well as information regarding extensive, ongoing challenges institutions face to accurately identify re-presented transactions. Consequently, the FDIC made changes to its supervisory guidance to specify that it “does not intended to request an institution to conduct a lookback review absent a likelihood of substantial consumer harm.”