InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
District Court says debtor bears the burden of asserting a garnishment exemption
On December 15, the U.S. District Court for the Eastern District of Pennsylvania granted a defendant’s motion for judgment on the pleadings in a debt collection garnishment suit. One of the plaintiffs was referred to collections after he defaulted on his credit card debt, and a judgment was entered against him by the original creditor. The defendant filed for a writ of execution, seeking to garnish funds that were in a joint bank account maintained by both plaintiffs. The writ outlined major exemptions under Pennsylvania and federal law, noting that the plaintiff may also be able to rely on other exemptions, and instructed him to complete a claim for exemption. Plaintiffs sued for violations of the FDCPA, claiming, among other things, that the defendant should have known that the account was a joint account, and therefore exempt, before seeking the writ of execution. According to the plaintiffs, the defendant should have known or reasonably known “that the funds in the joint account were immune from execution because it ‘performed its own private asset search to discover’ the account.” The court disagreed, holding, that under Pennsylvania’s garnishment procedures, the debtor bears the burden of asserting an exemption. This assertion, the court said, must be more than a “self-serving statement that an exemption applies.”
The court cited a ruling issued by the U.S. District Court for the Southern District of California, in which the court determined that “[t]he bottom line here is that, right or wrong, a judgment creditor has no duty under either California or federal law to investigate, much less confirm, that a judgment debtor’s bank accounts contain only non-exempt funds prior to authorizing a levy on those accounts. It is unreasonable to conclude that a judgment creditor’s failure to conduct a pre-levy debtor’s exam, when there is no legal obligation or requirement to do so, constitutes unfair or unconscionable action.”
NYDFS releases proposed guidance for mitigating climate-related risks
On December 21, NYDFS proposed guidance for regulated banking and mortgage institutions to support efforts for responding to evolving risks stemming from climate change. The proposed guidance—which was developed to align with the climate-related work of federal and international banking regulators—will aid institutions in identifying, measuring, monitoring, and controlling material climate-related financial risks, consistent with existing risk management principles. Institutions should “minimize and affirmatively mitigate adverse impacts on low- and moderate-income communities while managing climate-related financial risks,” NYDFS said, explaining that the proposed guidance focuses on areas of risk management related to corporate governance, internal control frameworks, risk management processes, data aggregation and reporting, and scenario analysis that also accounts for unknown future risks. Among other things, the proposed guidance warned institutions of the importance of ensuring fair lending is provided to all communities, including low- to moderate-income neighborhoods that may face heightened risks, when managing climate-related financial risks. The proposed guidance also outlined tools institutions should use to measure and protect against climate change risks. NYDFS warned institutions that they may have to directly absorb a greater portion of losses and should plan for insurance coverage premiums to either increase or be withdrawn entirely in areas where climate risks are prevalent.
NYDFS commented that the proposed guidance serves as a basis for supervisory dialogue and instructed interested parties to provide input as it undertakes a data-driven approach to formulating the final guidance. Comments are due by March 21, 2023. A webinar will be held on January 11, 2023 to provide an overview of the proposed guidance.
“Regulators must anticipate and respond to new risks to operational resiliency and safety and soundness, jeopardizing an institution’s future,” Superintendent Adrienne A. Harris said. “NYDFS is committed to working with all stakeholders to further refine expectations and finalize guidance appropriate for institutions to address material climate-related financial risks.”
DFPI orders online platform to cease offering crypto-related products
On December 21, the California Department of Financial Protection and Innovation (DFPI) announced it has ordered an online platform offering several crypto-related services and products to desist and refrain from violating the California Securities Law and the California Consumer Financial Protection Law. According to DFPI, the company, which is registered with the California Secretary of State, offers services including (i) a peer-to-peer loan brokering service in which it claims that loans are secured by borrowers’ crypto assets; (ii) an interest-bearing crypto asset account that promises a fixed annual percentage rate yield; and (iii) an interest-bearing fiat account that promises a fixed annual percentage interest rate return. DFPI maintained that the company engaged in unlicensed loan brokering by offering and providing brokering services for personal loans made from one consumer to another (known as peer-to-peer lending), and conducted the unregistered sale of securities, in which consumers’ assets were pooled together with the stated purpose of generating passive returns. DFPI claimed that the company was and is not registered to offer investment contracts or to operate in this capacity with any relevant authority. Finding that these peer-to-peer lending services and interest-bearing accounts violate state law, including a prohibition against engaging in unlawful acts or practices, DFPI ordered the company to stop offering the services and products in California.
Treasury implements humanitarian sanctions exceptions
On December 21, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced that it co-led, with Ireland, the development of UNSCR 2664, which implements a carveout from the asset freeze provisions of UN sanctions programs. OFAC noted that to implement the policy across U.S. sanctions programs, it issued or amended general licenses (GLs) to ease the delivery of humanitarian aid and ensure a baseline of authorizations for the provision of humanitarian support across many sanctions programs. The GLs being issued or amended provide authorizations in: (i) the official business of the U.S. government (see here); (ii) the official business of certain international organizations and entities (see here); (iii) certain humanitarian transactions in support of activities of nongovernmental organizations (NGOs), such as disaster relief, health services, and activities to support democracy, education, environmental protection, and peacebuilding (see here); and (iv) the provision of agricultural commodities, medicine, and medical devices, as well as replacement parts and components and software updates for medical devices, for personal, non-commercial use (see here). OFAC also noted that it is separately updating a regulatory interpretation in several sanctions programs’ regulations to explain that the property and interests in property of an entity are blocked if one or more blocked persons own, whether individually or in the aggregate, directly or indirectly, a 50 percent or greater interest in the entity. These changes are effective immediately. OFAC is also publishing four new Frequently Asked Questions (FAQs 1105, 1106, 1107 and 1108), which provide further guidance on the action and the authorizations being issued or amended, including guidance for financial institutions facilitating activity for NGOs and OFAC’s due diligence expectations. According to OFAC, these historic steps “further enable the flow of legitimate humanitarian assistance supporting the basic human needs of vulnerable populations while continuing to deny resources to malicious actors.”
OFAC sanctions Iranian officials
On December 21, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions pursuant to Executive Order 13553 against the prosecutor general and key military and paramilitary officials in Iran, as well as a company manufacturing and providing Iran’s Law Enforcement Forces with anti-riot equipment. According to OFAC, the designations target the senior official overseeing the prosecution of protestors, as well as leaders of military and paramilitary organizations accused of violently cracking down and detaining protestors, and a company that procures and provides security forces with tools of suppression. As a result of the sanctions, all property and interests in property belonging to the sanctioned persons subject to U.S. jurisdiction are blocked and must be reported to OFAC. Additionally, “any entities that are owned, directly or indirectly, 50 percent or more by one or more blocked persons are also blocked.” U.S. persons are also generally prohibited from engaging in any dealings involving the property or interests in property of blocked or designated persons. Persons that engage in certain transactions with the individuals designated today may themselves be exposed to designation. Additionally, OFAC warned that “any foreign financial institution that knowingly facilitates a significant transaction or provides significant financial services for any of the persons designated today could be subject to U.S. sanctions.”
CFTC orders respondent to pay $6.5 million for CEA violations
On December 20, the CFTC announced a settlement with a registered futures commission merchant (respondent) for allegedly violating the Commodity Exchange Act, Commission regulations, and Bank Secrecy Act compliance requirements. According to the CFTC, the respondent allegedly “failed to implement an adequate anti-money laundering [] program, particularly as applied to a futures and options trading account controlled by [a customer],” and “failed to implement risk-based limits concerning trading by [a customer].” The CFTC also alleged supervisory and recordkeeping failures stemming from the inadequate anti-money laundering program. The respondent is ordered to pay a $6.5 million civil money penalty and undertake certain remedial measures relating to the violations.
OFAC publishes illicit drug trade sanctions regulations
On December 19, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced it is adding regulations to implement Executive Order (E.O.) 14059 of December 15, 2021, Imposing Sanctions on Foreign Persons Involved in the Global Illicit Drug Trade. As previously covered by InfoBytes, the E.O. was issued due to the threat of drug trafficking into the U.S of illicit drugs, which “is causing the deaths of tens of thousands of Americans annually, as well as countless more non-fatal overdoses with their own tragic human toll.” Among other provisions, the E.O authorizes the Treasury Department to impose certain sanctions on any foreign person determined to have engaged in activities contributing to the international proliferation of drugs or to have knowingly received property derived from drug proliferation. According to the notice, the regulations are being published in abbreviated form to provide immediate guidance, and OFAC intends to add a more comprehensive set of regulations, which may include additional interpretive guidance and definitions, general licenses, and other regulatory provisions.
California privacy agency holds public meeting on CPRA
On December 16, the California Privacy Protection Agency (CPPA) Board held a public meeting to discuss the ongoing status of the California Privacy Rights Act (CPRA). As previously covered by InfoBytes, the CPRA (largely effective January 1, 2023, with enforcement delayed until July 1, 2023) was approved by ballot measure in November 2020 to amend and build on the California Consumer Privacy Act (CCPA). In July, the CPPA initiated formal rulemaking procedures to adopt proposed regulations implementing the CPRA, and in November the agency posted updated draft regulations (covered by InfoBytes here and here). The CPPA stated it anticipates conducting additional preliminary rulemaking in early 2023. After public input is received, the CPPA will discuss proposed regulatory frameworks for risk assessments, cybersecurity audits, and automated decisionmaking.
During the board meeting, the CPPA introduced sample questions and subject areas for preliminary rulemaking that will be provided to the public at some point in 2023, and finalized and approved at a later meeting. The questions and topics relate to, among other things, (i) privacy and security risk assessment requirements, including whether the CPPA should follow the approach outlined in the European Data Protection Board’s Guidelines on Data Protection Impact Assessment, as well as other models or factors the agency should consider; (ii) benefits and drawbacks for businesses should the CPPA accept a business’s risk assessment submission that was completed in compliance with GDPR’s or the Colorado Privacy Act’s requirements for these assessments; (iii) how the CPPA can ensure cybersecurity audits, assessments, and evaluations are thorough and independent; and (iv) how to address profiling and logic in automated decisionmaking, the prevalence of algorithmic discrimination, and whether opt-out rights with respect to a business’s use of automated decisionmaking technology differ across industries and technologies. The CPPA said it is also considering different rules for businesses making under $25 million in annual gross revenues.
FSOC annual report highlights digital asset, cybersecurity, and climate risks
On December 16, the Financial Stability Oversight Council (FSOC or the Council) released its 2022 annual report. The report reviewed financial market developments, identified emerging risks, and offered recommendations to mitigate threats and enhance financial stability. The report noted that “amid heightened geopolitical and economic shocks and inflation, risks to the U.S. economy and financial stability have increased even as the financial system has exhibited resilience.” The report also noted that significant unaddressed vulnerabilities could potentially disrupt institutions’ ability to provide critical financial services, including payment clearings, liquidity provisions, and credit availability to support economic activity. FSOC identified 14 specific financial vulnerabilities and described mitigation measures. Highlights include:
- Nonbank financial intermediation. FSOC expressed support for initiatives taken by the SEC and other agencies to address investment fund risks. The Council encouraged banking agencies to continue monitoring banks’ exposure to nonbank financial institutions, including reviewing how banks manage their exposure to leverage in the nonbank financial sector.
- Digital assets. FSOC emphasized the importance of enforcing existing rules and regulations applicable to the crypto-asset ecosystem, but commented that there are gaps in the regulation of digital asset activities. The Council recommended that legislation be enacted to grant rulemaking authority to the federal banking agencies over crypto-assets that are not securities. The Council said that regulatory arbitrage needs to be addressed as crypto-asset entities offering services similar to those offered by traditional financial institutions do not have to comply with a consistent or comprehensive regulatory framework. FSOC further recommended that “Council members continue to build capacities related to data and the analysis, monitoring, supervision, and regulation of digital asset activities.”
- Climate-related financial risks. FSOC recommended that state and federal agencies should continue to work to advance appropriately tailored supervisory expectations for regulated entities’ climate-related financial risk management practices. The Council encouraged federal banking agencies “to continue to promote consistent, comparable, and decision-useful disclosures that allow investors and financial institutions to consider climate-related financial risks in their investment and lending decisions.”
- Treasury market resilience. FSOC recommended that member agencies review Treasury’s market structure and liquidity challenges, and continue to consider policies “for improving data quality and availability, bolstering the resilience of market intermediation, evaluating expanded central clearing, and enhancing trading venue transparency and oversight.”
- Cybersecurity. FSOC stated it supports partnerships between state and federal agencies and private firms to assess cyber vulnerabilities and improve cyber resilience. Acknowledging the significant strides made by member agencies this year to improve data collection for managing cyber risk, the Council encouraged agencies to continue gathering any additional information needed to monitor and assess cyber-related financial stability risks.
- LIBOR transition. FSOC recommended that firms should “take advantage of any existing contractual terms or opportunities for renegotiation to transition their remaining legacy LIBOR contracts before the publication of USD LIBOR ends.” The Council emphasized that derivatives and capital markets should continue transitioning to the Secured Overnight financing Rate.
CFPB Director Rohit Chopra issued a statement following the report’s release, flagging risks posed by the financial sector’s growing reliance on big tech cloud service providers. “Financial institutions are looking to move more data and core services to the cloud in coming years,” Chopra said. “The operational resilience of these large technology companies could soon have financial stability implications. A material disruption could one day freeze parts of the payments infrastructure or grind other critical services to a halt.” Chopra also commented that FSOC should determine next year whether to grant the agency regulatory authority over stablecoin activities under Dodd-Frank. He noted that “[t]hrough the stablecoin inquiry, it has become clear that nonbank peer-to-peer payments firms serving millions of American consumers could pose similar financial stability risks” as these “funds may not be protected by deposit insurance and the failure of such a firm could lead to millions of American consumers becoming unsecured creditors of the bankruptcy estate, similar to the experience with [a now recently collapsed crypto exchange].”
Gaming company to pay $520 million to resolve FTC allegations
On December 19, the DOJ filed a complaint on behalf of the FTC against a video game developer for allegedly violating the Children’s Online Privacy Protection Act (COPPA) by failing to protect underage players’ privacy. The FTC also alleged in a separate administrative complaint that the company employed “dark patterns” to trick consumers into making unwanted in-game purchases, thus allowing players to accumulate unauthorized charges without parental involvement. (See also FTC press release here.)
According to the complaint filed in the U.S. District Court for the Eastern District of North Carolina, the company allegedly collected personal information from players under the age of 13 without first notifying parents or obtaining parents’ verifiable consent. Parents who requested that their children’s personal information be deleted allegedly had to take unreasonable measures, the FTC claimed, and the company sometimes failed to honor these requests. The company is also accused of violating the FTC Act’s prohibition against unfair practices when its settings enabled, by default, real-time voice and text chat communications for children and teens. These default settings, as well as a matching system that enabled children and teens to be matched with strangers to play the game, exposed players to threats, harassment, and psychologically traumatizing issues, the FTC maintained. While company employees expressed concerns about the default settings and players reported concerns, the FTC said that the company resisted turning off the default setting and made it difficult for players to figure out how to turn the voice chat off when the FTC did eventually take action.
Under the terms of a proposed court order filed by the DOJ, the company would be prohibited from enabling voice and text communications unless parents (of players under the age of 13) or teenage users (or their parents) provide affirmative consent through a privacy setting. The company would also be required to delete players’ information that was previously collected in violation of COPPA’s parental notice and consent requirements unless it obtains parental consent to retain such data or the player claims to be 13 or older through a neutral age gate. Additionally, the company must implement a comprehensive privacy program to address the identified violations, maintain default privacy settings, and obtain regular, independent audits. According to the DOJ’s announcement, the company has agreed to pay $275 million in civil penalties—the largest amount ever imposed for a COPPA violation.
With respect to the illegal dark patterns allegations, the FTC claimed that the company used a variety of dark patterns, such as “counterintuitive, inconsistent, and confusing button configuration[s],” designed to get players of all ages to make unintended in-game purchases. These tactics caused players to pay hundreds of millions of dollars in unauthorized charges, the FTC said, adding that the company also charged account holders for purchases without authorization. Players were able to purchase in-game content by pressing buttons without requiring any parental or card holder action or consent. Additionally, the company allegedly blocked access to purchased content for players who disputed unauthorized charges with their credit card companies, and threatened players with a lifetime ban if they disputed any future charges. Moreover, cancellation and refund features were purposefully obscured, the FTC asserted.
To resolve the unlawful billing practices, the proposed administrative order would require the company to pay $245 million in refunds to affected players. The company would also be prohibited from charging players using dark patterns or without obtaining their affirmative consent. Additionally, the order would bar the company from blocking players from accessing their accounts should they dispute unauthorized charges.