InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
District Court approves $4.3 million data breach settlement
Earlier this month, the International Organization of Securities Commissions (IOSCO) released draft policy recommendations to support greater regulatory and oversight consistency within the crypto and digital assets markets. According to the global securities watchdog, regulators must strive for consistency in their oversight of crypto-asset activities given the cross-border nature of these markets and the varying approaches taken by individual jurisdictions. Seeking to optimize consistency in the way crypto-asset and securities markets are regulated, the IOSCO advised regulators to enhance cooperation efforts and attempt “to achieve regulatory outcomes for investor protection and market integrity that are the same as, or consistent with, those required in traditional financial markets in order to facilitate a level-playing field between crypto-assets and traditional financial markets and help reduce the risk of regulatory arbitrage.” Encouraging regulators to engage in rulemaking and information sharing, the IOSCO presented a comprehensive strategy for harmonizing the oversight of crypto companies, including standards on conflicts of interest and governance, fraud and market abuse, cross-border cooperation, custody of client monies and assets, and operational and technological risks. The IOSCO also suggested measures for reducing money laundering risks, explaining that crypto assets may be more appealing to criminals who want to avoid traditional financial system oversight. The IOSCO noted that its goal is to finalize its policy recommendations in early Q4 2023. Comments will be received through July 31.
OCC releases enforcement actions
On May 18, the OCC released a list of recent enforcement actions taken against national banks, federal savings associations, and individuals currently and formerly affiliated with such entities. Among the enforcement actions is a consent order against an Indiana-based bank for allegedly engaging in unsafe or unsound practices relating to, among other things, its strategic and capital planning, risk management processes, audit program, and consumer compliance program (including alleged violations of TILA and Regulation Z). In addition to complying with measures to address the alleged deficiencies, the bank (which neither admits nor denies the allegations) is also required to submit written consumer compliance policies and procedures designed to ensure compliance with TILA and Regulation Z. The bank also must undergo an independent compliance review and audit and ensure bank officers and employees are appropriately trained.
OFAC expands Russian sanctions
The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) recently announced several actions targeting Russia’s attempts to circumvent or evade sanctions and implemented other economic measures to degrade the country’s capacity to wage its war against Ukraine. In coordination with the G7 and other international partners, OFAC implemented several new commitments to cut Russia off from revenue streams and key inputs needed to equip its military. The sanctions target 22 individuals and 104 entities with touchpoints in more than 20 countries or jurisdictions with involvement in the technology, energy, and financial services sectors. OFAC also expanded sanctions authorities to target new sectors of Russia’s economy and sever the country’s access to several new categories of services. Additional sanctions-related measures include the designation or identification as blocked property of nearly 200 individuals, entities, vessels, and aircraft by the State Department. Concurrently, the Commerce Department significantly expanded the territorial reach and categories covered by its export controls and added 71 entities to its Entity List to prevent Russia from accessing goods needed for its war.
OFAC noted that it also expanded its Russia-related sanctions authorities through the issuance of a determination that identifies the architecture, engineering, construction, manufacturing, and transportation sectors of the Russian economy pursuant to Executive Order (E.O.) 14024. The determination complements existing sanctions authorities and allows for additional economic costs to be imposed on Russia and for sanctions to be imposed on any person determined to operate of have operated in any of the sectors. OFAC issued a second determination pursuant to E.O. 14071 (effective June 18) to prohibit the “exportation, reexportation, sale, or supply, directly or indirectly, from the United States, or by a United States person, wherever located, of architecture services or engineering services to any person located in the Russian Federation.” (See new OFAC FAQs and general licenses here.)
Additionally, OFAC amended Directive 4 under E.O. 14024 “to require U.S. persons to report to OFAC any property in their possession or control in which the Central Bank of the Russian Federation, the National Wealth Fund of the Russian Federation, or the Ministry of Finance of the Russian Federation has an interest.”
Earlier in the month, OFAC also announced sanctions against a Russian ransomware actor for being complicit in cyberattacks against U.S. law enforcement, businesses, and critical infrastructure. OFAC commented that analysis conducted by FinCEN found that “75 percent of ransomware-related incidents reported between July and December 2021 were linked to Russia, its proxies, or persons acting on its behalf.”
As a result of the sanctions, all property and interests in property of the designated persons that are in the U.S. or in the possession or control of U.S. persons must be blocked and reported to OFAC. Additionally, “any entities that are owned, directly or indirectly, 50 percent or more by one or more blocked persons are also blocked.” OFAC’s announcement further noted that its regulations “generally prohibit” U.S. persons from participating in transactions with designated persons unless exempt or otherwise authorized by a general or specific license.
Fintech fined over interest charges billed as tips and donations
A California-based fintech company recently entered separate consent orders with California, Connecticut, and the District of Columbia to resolve allegations claiming it disguised interest charges as tips and donations connected to loans offered through its platform. The company agreed to (i) pay a $100,000 fine in Connecticut and reimburse Connecticut borrowers for all loan-related tips, donations, and fees paid; (ii) pay a $30,000 fine in the District of Columbia, including restitution; and (iii) pay a $50,000 fine in California, plus refunds of all donations received from borrowers in the state. The company did not admit to any violations of law or wrongdoing.
The Connecticut banking commissioner’s consent order found that the company engaged in deceptive practices, acted as a consumer collection agency, and offered, solicited, and brokered small loans for prospective borrowers without the required licensing. The company agreed that it would cease operations in the state until it changed its business model and practices and was properly licensed. Going forward, the company agreed to allow consumers to pay tips only after fully repaying their loans. The consent order follows a temporary cease and desist order issued in 2022.
A consent judgment and order reached with the D.C. attorney general claimed the company engaged in deceptive practices by misrepresenting the cost of its loans and by not clearly disclosing the true nature of the tips and donations. The AG maintained that the average APR of these loans violated D.C.’s usury cap. The company agreed to ensure that lenders accessing the platform are unable to see whether a consumer is offering a tip (or the amount of tip) and must take measures to make sure that withholding a tip or donation will not affect loan approval or loan terms. Among other actions, the company is also required to disclose how much lenders can expect to earn through the platform.
In the California consent order, the Department of Financial Protection and Innovation (DFPI) claimed that the majority of consumers paid both a tip and a donation. A pop-up message encouraged borrowers to offer the maximum tip in order to have their loan funded, DFPI said, alleging the pop-up feature could not be disabled without using an unadvertised, buried setting. These tips and/or donations were not included in the formal loan agreement generated in the platform, nor were borrowers able to view the loan agreement before consummation. According to DFPI, this amounted to brokering extensions of credit without a license. Additionally, the interest being charged (after including the tips and donations) exceeded the maximum interest rate permissible under the California Financing Law, DFPI said, adding that by disclosing that the loans had a 0 percent APR with no finance charge, they failed to comply with TILA.
Arizona amends licensing provisions
On May 19, the Arizona governor signed HB 2010 to amend certain sections of the Arizona revised statutes relating to the Department of Insurance and Financial Institutions. Amendments make changes to several licensing provisions, including the length of time a license remains active and licensure renewal requirements. The Act provides that on or before June 30 of each year, a licensee may renew each license without investigation by paying prescribed fees. Other revisions amend accounting practices and record retention requirements for mortgage brokers, mortgage bankers, and commercial mortgage bankers, among others. HB 2010 is effective 90 days after enactment.
DFPI examines whether some payment services are exempt from MTA
The California Department of Financial Protection and Innovation (DFPI) recently released a new opinion letter covering aspects of the California Money Transmission Act (MTA) relating to whether certain payment services are exempt or subject to licensure. The redacted opinion letter examines three payment services provided by the inquiring company. DFPI first analyzed and determined that payments received by a law firm collection agent from a different entity’s collection attorneys and remitted to said entity are exempt pursuant to MTA Financial Code section 2011. DFPI next considered whether the MTA’s agent of payee exemption applies to certain tax payment transactions wherein a customer’s payment obligation to the company is extinguished once the customer has submitted a payment through a particular contractor. According to DFPI, transactions conducted pursuant to a contract between the company and the contractor (appointed as a limited agent for the sole purpose of receiving payments on the company’s behalf from taxpayers) are exempt from the MTA under the agent of payee exemption. Finally, DFPI considered whether the agent of payee exemption applies to certain payments to government entities. DFPI explained, among other things, that the language contained within the contracts with each government entity “establishes that the government entity has appointed [the company] to act as its agent and that payment to [the company] extinguishes the payor’s payment obligation to the government entity.” As such, DFPI determined that “transactions conducted pursuant to contracts containing such language are exempt from the MTA under the agent of payee exemption.”
Iowa modernizes money transmission provisions
The Iowa governor recently signed HF 675 to revise certain provisions of the Uniform Money Transmission Modernization Act. The Act is designed to eliminate unnecessary regulatory burden and harmonize the licensing and regulation of money transmitters with other states. Among other things, the Act defines terms for when a state money services business (MSB) license is required and adds a process for joint multistate examination and supervision of MSB licensees. The Act also outlines several exemptions, including federally insured depository institutions and certain persons appointed as an agent of a payee who collect and process payments from a payor to the payee for goods or services (other than money transmission itself).
With respect to licensing provisions, the Act states that a person shall not engage in the business of money transmission unless they are licensed. New provisions modify the licensing process, including by requiring that applications be approved 121 days after completion, unless denied or approved earlier by the superintendent. The license will take effect the first business day after expiration of the 120-day period (although the superintendent may for good cause extend the application period). The Act also outlines licensing application renewal procedures, requirements for maintaining licensure, processes for person(s) seeking to acquire control of a licensee or seeking to change key individuals, authorized delegate provisions, net worth and surety bond criteria, permissible investments, and reporting and financial condition requirements, among other criteria. The Act further specifies that a person who engages in the business of money transmission on behalf of a person not licensed under the chapter “provides money transmission to the same extent as if the person were a licensee, and shall be jointly and severally liable with the unlicensed or nonexempt person.” The Act takes effect July 1.
Pennsylvania reaches $11 million settlement with rent-to-own company
On May 15, the Pennsylvania attorney general announced a $11.4 million settlement with a rent-to-own lender and its subsidiaries accused of engaging in predatory practices targeting low-income borrowers and employing deceptive collection practices. According to the AG, the lender disguised one-year rent-to-own agreements as “100-Day Cash Payoffs” and then concealed the balances owed. The AG maintained that consumers were locked into binding 12-month agreements that included high leasing fees (equal to 152 percent APR interest). The AG explained that consumers entitled to restitution and relief “had already satisfied the cash price, the sales tax on the cash price, and the processing fees associated with their purchase – yet still owed [the lender] a balance.” Additionally, the AG accused the lender of using a web-based portal for creating and signing contracts, which made it easy for persons other than the consumer to sign the agreements.
The order requires the lender to pay $7.3 million in restitution that will be distributed to affected consumers, $200,000 in civil penalties, and $750,000 in costs to be paid to the AG to be used for public protection and education purposes. Additionally, the lender is required to reduce the balances of delinquent lease-to-own accounts for certain rental purchase agreements, resulting in a $3.15 million aggregate reduction in balances. The lender has also agreed to, among other things, not represent or imply that failure to pay a debt owed or alleged to be owed “will result in the seizure, attachment or sale of any property that is the subject of the debt unless such action is lawful” or that the lender’s subsidiary intends to take such actions. The lender is also prohibited from collecting any amount, including interest, fees, charges, or expenses incidental to the principal obligation, unless the amount is expressly authorized by the agreement creating the obligation or permitted by law. Furthermore, the lender’s subsidiaries must clearly and conspicuously disclose customer balances during servicing calls and through a customer portal.
IOSCO urges global harmonization of crypto oversight
Earlier this month, the International Organization of Securities Commissions (IOSCO) released draft policy recommendations to support greater regulatory and oversight consistency within the crypto and digital assets markets. According to the global securities watchdog, regulators must strive for consistency in their oversight of crypto-asset activities given the cross-border nature of these markets and the varying approaches taken by individual jurisdictions. Seeking to optimize consistency in the way crypto-asset and securities markets are regulated, the IOSCO advised regulators to enhance cooperation efforts and attempt “to achieve regulatory outcomes for investor protection and market integrity that are the same as, or consistent with, those required in traditional financial markets in order to facilitate a level-playing field between crypto-assets and traditional financial markets and help reduce the risk of regulatory arbitrage.” Encouraging regulators to engage in rulemaking and information sharing, the IOSCO presented a comprehensive strategy for harmonizing the oversight of crypto companies, including standards on conflicts of interest and governance, fraud and market abuse, cross-border cooperation, custody of client monies and assets, and operational and technological risks. The IOSCO also suggested measures for reducing money laundering risks, explaining that crypto assets may be more appealing to criminals who want to avoid traditional financial system oversight. The IOSCO noted that its goal is to finalize its policy recommendations in early Q4 2023. Comments will be received through July 31.
CFPB announces $9 million settlement with bank on credit card servicing
On May 23, the CFPB announced a settlement to resolve allegations that a national bank violated TILA and its implementing Regulation Z, along with the Consumer Financial Protection Act. The Bureau sued the bank in 2020 (covered by InfoBytes here) claiming that, among other things, when servicing credit card accounts, the bank did not properly manage consumer billing disputes for unauthorized card use and billing errors, and did not properly credit refunds to consumer accounts resulting from such disputes. At the time, the bank issued a response stating that it self-identified the issues to the Bureau five years ago while simultaneously correcting any flawed processes.
The bank neither admitted nor denied the allegations but agreed under the terms of the stipulated final judgment and order filed in the U.S. District Court for the District of Rhode Island to pay a $9 million civil penalty. In addition to amending its credit card practices, the bank is prohibited from automatically denying billing error notices and claims of unauthorized use of cards should the customer fail to provide a fraud affidavit signed under penalty of perjury. The bank must also (i) credit reimbursable fees and finance charges to a customer’s account when unauthorized use and billing errors occur; (ii) provide required acknowledgement and denial notices to customers upon receipt or resolution of billion error notices; and (iii) provide customers who call its credit counseling hotline with at least three credit counseling referrals within the caller’s state. The bank must also maintain procedures to ensure customers are properly refunded any fees or finance charges identified by valid error notices and unauthorized use claims. The bank issued a statement following the announcement saying that while it “continues to disagree with the CFPB’s stance with respect to these long-resolved issues, which were self-identified and voluntarily addressed years ago,” it is pleased to resolve the matter.