InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
9th Circuit affirms judgment for defendant in FCRA suit
On March 1, the U.S. Court of Appeals for the Ninth Circuit affirmed dismissal in favor of a consumer reporting agency (defendant). The suit accused the defendant of violating the FCRA by failing to disclose certain information about a consumer. The plaintiffs were originally part of a class action alleging FCRA disclosure violations against the defendant, but that case was dismissed. Instead of appealing the suit, three plaintiffs brought a separate proposed class action. The defendant removed the case to federal court and filed a motion to dismiss based on a failure to state a claim. Though the case was again dismissed, the plaintiffs were granted leave to amend their complaint. In their First Amended Complaint, the plaintiffs argued that under the FCRA, the disclosures they received from the defendant did not include, among other things: (i) behavioral data; (ii) “soft inquiries” not initiated by the consumer; (iii) the identity of parties procuring consumer reports; and (iv) the date on which employment data was reported. The district court found that the defendant was not obligated to include the behavioral data in its disclosure since the information alleged to have not been disclosed was not part of the consumer’s “file” under the FCRA and was not information that was or might be furnished in a consumer report.
On appeal, the 9th Circuit noted that “none of the information [the plaintiffs] contend [the defendant] failed to disclose is of the type that has been included in a consumer report in the past or is planned to be included in such a report in the future.” The appellate court also noted that “the date employment dates were reported can have no ‘bearing on a consumer’s credit worthiness, credit standing, credit capacity, character, general reputation, personal, characteristics, or mode of living.’” Since the district court found that the data that the consumers alleged the defendants failed to include in its disclosures is actually not subject to disclosure under the FCRA, the appellate court affirmed the district court’s dismissal.
Waters sends letter to HUD and others regarding appraisal bias
On February 22, Chairwoman of the House Financial Services Committee Maxine Waters (D-CA) sent a letter to HUD Secretary Marcia Fudge, the Appraisal Subcommittee, the Appraisal Foundation, and the Appraisal Institute regarding appraisal bias and discrimination. The letter, among other things, urged federal regulators and the Appraisal Institute to investigate appraiser misconduct and the possibility of illegal discrimination and highlighted “longstanding racial inequities plaguing America’s home valuation system, particularly in Black-majority communities and other communities of color,” according to the press release. In the letter, Waters noted that during her time with the House Financial Services Committee, the committee has “paid special attention to the racial inequities that continue to plague America’s home valuation system, including through home appraisals, despite the passage of anti-discrimination laws.” She further pointed to “qualitative research” from the National Fair Housing Alliance to shed light on “the ways in which individual appraisers and the appraisal profession help perpetuate systemic and overt racism, highlighting statements made by appraisers as well as policies and practices that continue to be upheld by an appraisal profession that is 97% White.” The letter also provided excerpts from an appraiser’s email as an example of discriminatory practices, in which Waters asserted, “shines a spotlight on the racist stereotypes and harmful lines of thinking prevalent in an industry which systematically devalues the homes of Black people and other people of color.” Waters noted that she will be drafting legislation “to address systemic appraisal discrimination,” recommended that the recipients of her letter conduct pertinent investigations, and urged them to respond to her letter accordingly. Waters also disclosed that the House Financial Services Committee “will convene hearings, advance legislation, and continue working with stakeholders to end housing discrimination and hold the appraisal industry fully accountable.”
State AGs investigate streaming service for privacy violations
On March 2, a coalition of state attorneys general, led by California Attorney General Rob Bonta, announced a nationwide investigation into a video streaming service regarding whether it is violating state consumer protection laws and putting children at risk by promoting its social media platform to children and young adults while its use is associated with physical and mental health harm to youth. According to the California AG, the investigation will examine the harm that the platform may cause to young users and what the platform knew about that harm, and will focus on, among other things, the techniques it utilized to boost young user engagement, including strategies or efforts to increase the duration of time spent on the platform and the frequency of engagement with the platform.
NYDFS will take expedited measures to enforce Russian sanctions
On March 2, New York Governor Kathy Hochul announced that NYDFS will increase its sanctions enforcement actions against Russia, including taking measures to expedite the procurement of blockchain analytics tools to detect exposure among regulated licensed virtual currency businesses to Russian individuals, banks, and other entities sanctioned by the Biden administration. “Accelerating the procurement process is a critical step to strengthen the Department's ability to enforce anti-money laundering and Bank Secrecy Act laws in this immediate crisis and beyond,” the announcement stated, explaining that “[l]everaging purpose-built technologies and service providers for virtual currency protects the financial system from illicit activity including money laundering, terrorist financing and ransomware activity.” NYDFS Superintendent Adrienne A. Harris added that monitoring transactions and exposure in real-time is imperative for preventing actors from attempting to evade sanctions through the transmission of virtual currency. The announcement follows NYDFS guidance on cybersecurity and virtual currency issued last week, which raised the specter of elevated cyber risk due to ongoing cyberattacks against Ukraine that could spill over to other networks, as well as potential direct attacks against U.S. critical infrastructure. (Covered by a Buckley Special Alert.) Governor Hochul also issued an Executive Order at the end of February, which directed all New York State agencies and authorities to review and divest public funds from Russia.
Florida house tries again on consumer privacy legislation
On March 2, the Florida house passed HB 9, which would, among other things, regulate the sale and sharing of consumers’ personal data and provide consumers the right to sue over alleged violations. This is the state’s latest attempt to pass comprehensive consumer privacy legislation. Last year, the Florida legislatures failed to reconcile differences in their bills before the session ended. Highlights of the bill (which include changes from last session’s versions) include:
- Applicability. The bill will apply to any entity meeting the definition of a controller, processor, or third party that buys, sells, or shares consumers’ personal information and (i) has global annual gross revenues exceeding $50 million; (ii) annually buys, receives, sells, or shares personal information of at least 50,000 consumers, households, or devices; or (iii) derives 50 percent or more of its global annual revenue from the selling or sharing of personal information. The bill sets forth numerous exemptions from its requirements, including personal information shared “with a financial service provided solely to facilitate short term, transactional payment processing for the purchase of products or services”; deidentified or aggregated personal information; data governed by certain federal, state, or local regulations or used to exercise or defend legal claims; certain personal information collected through a controller’s direct interaction with a consumer that is used to advertise or market products or services that are produced or offered directly by the controller; personal information used in the context of a consumer’s role or former role with the controller; specified protected health information; financial institutions covered by the Gramm-Leach-Bliley Act; personal information disclosed during intentional interactions or disclosed as part of a merger, acquisition, bankruptcy, or other transaction in which the third party assumes control of all or part of the controller; and personal information used to fulfill the terms of a written warranty, a product recall, or public- or peer-reviewed scientific or statistical research in the public interest.
- Consumer rights. Under the bill, consumers will be able to, among other things, access their personal data; request deletion or make corrections; and opt out of the sale or sharing of personal information to third-parties. Controllers will be required to deliver the requested information free of charge within 45-calendar days (a one-time additional 45-day extension may be granted), but are not required to provide personal information to a consumer more than twice in a 12-month period. Controllers will also be prohibited from selling or disclosing the personal information of minor consumers, except in certain circumstances. Additionally, the bill will provide controllers the ability to charge a consumer who exercises any of their rights under the bill “a different price or rate, or provide a different level or quality of goods or services to the consumer” provided the “difference is reasonably related to the value provided to the controller by the consumer’s data or is related to a consumer’s voluntary participation in a financial incentive program, including a bona fide loyalty, rewards, premium features, discounts, or club card program offered by the controller.” Financial incentives that are not unjust, unreasonable, coercive, or usurious may also be offered as long as consumers give prior consent and are allowed to revoke consent at any time. The bill further stipulates that contracts or agreements that waive or limit certain consumer rights are void and unenforceable.
- Disclosures. The bill will require controllers that collect consumers’ personal information to disclose certain information regarding data collection and selling practices to consumers at or before the point of collection. This information “may be provided through a general privacy policy or through a notice informing the consumer that additional specific information will be provided upon a certain request.” Additionally, processors or third parties must require any subcontractor to meet the same obligations with respect to personal information. Businesses also will be prohibited from collecting or using additional categories of personal information without first notifying consumers.
- Security. Under the bill, businesses will be required “to implement reasonable security procedures and practices” to protect consumers’ personal information.
- Private cause of action, right to cure. The bill will provide a private right of action to allow consumers to bring a civil action under certain circumstances for injunctive or declaratory relief, and establishes a damage amount of either statutory damages of at least $100 but not more than $750 per consumer per incident, or actual damages, whichever is greater. Consumers may obtain specific relief from businesses with annual gross revenues greater than $50 million. In lawsuits involving businesses with annual gross revenues exceeding $500 million, consumers also are permitted to recover attorneys’ fees and costs. Civil actions must be filed within one year after discovery of the violation. The Department of Legal Affairs is also authorized to take action against a controller, processor, or third party for unfair or deceptive acts or practices. Fines may be tripled if a violation involves consumers 18 years of age or younger, or if a controller, processor, or third party fails to cure the violation upon written notice within 45 calendar days.
If enacted in its current form, the bill would take effect January 1, 2023. The bill must be approved by the Florida senate and any differences reconciled before being sent to the governor.
OFAC, DOJ measures aim for stronger compliance with Russian sanctions
On March 2, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) and the DOJ announced new measures to strengthen compliance with Russia-related sanctions in response to the situation in Ukraine. OFAC observed that in the past few days, Russia has taken measures “to use exporters to act as their agents and help them raise resources to prop up their currency and fund their priorities.” In response, OFAC reiterated that such actions taken on behalf of Russia’s Central Bank are prohibited. Newly issued and updated frequently asked questions address enhanced sanctions compliance measures and further explain recent sanctions, including prohibitions imposed pursuant to Directive 4 under Executive Order (E.O.) 14024, “Prohibitions Related to Transactions Involving the Central Bank of the Russian Federation, the National Wealth Fund of the Russian Federation, and the Ministry of Finance of the Russian Federation.” (Covered by InfoBytes here.) Additionally, the updated FAQs clarify, among other things, that energy payments can and should continue. As explained in OFAC’s announcement, General License (GL) 8A permits “U-turn transactions” so that energy payments may be processed through non-sanctioned, third-country financial institutions to allow the continuation of transactions that support the flow of energy to the market. OFAC also issued new FAQs and general licenses (see GLs 9A, 10A, 13, and 14) related to E.O. 14065, “Blocking Property of Certain Persons and Prohibiting Certain Transactions With Respect to Continued Russian Efforts to Undermine the Sovereignty and Territorial Integrity of Ukraine” to further clarify the stipulated prohibitions.
The same day, the DOJ launched Task Force KleptoCapture, “an interagency law enforcement task force dedicated to enforcing the sweeping sanctions, export restrictions, and economic countermeasures that the United States has imposed, along with allies and partners,” in order to “isolate Russia from global markets.” “The Justice Department will use all of its authorities to seize the assets of individuals and entities who violate these sanctions,” Attorney General Merrick B. Garland stated. The Task Force will be staffed with DOJ prosecutors, agents, analysts, and professional staff with expertise in sanctions and export control enforcement, anticorruption, asset forfeiture, anti-money laundering, tax enforcement, national security investigations, and foreign evidence collection. According to the announcement, the Task Force will use data analytics, cryptocurrency tracing, foreign intelligence sources, and information from financial regulators and private sector partners to investigate and prosecute violations of new and future sanctions (both those related to the Ukraine invasion as well as those imposed for prior instances of Russian aggression and corruption), and “combat[] unlawful efforts to undermine restrictions taken against Russian financial institutions,” including prosecuting persons who attempt to evade know-your-customer and anti-money laundering measures. The Task Force will also target efforts to use cryptocurrency to launder foreign corruption proceeds and sanctions evasion and “us[e] civil and criminal asset forfeiture authorities to seize assets belonging to sanctioned individuals or assets identified as the proceeds of unlawful conduct.”
District Court rules apps’ terms of service hyperlinks were clear and conspicuous
On February 23, the U.S. District Court for the Eastern District of New York ruled that parties must arbitrate class claims concerning alleged fraudulent transactions on app users’ accounts. Plaintiffs—users of the defendants’ mobile payment platform who claimed that third parties fraudulently withdrew funds from their app accounts—alleged that the defendants’ inadequate dispute resolution process “improperly places the burden on the user to prove that a disputed transaction was unauthorized” in violation of the EFTA and N.Y. Gen. Bus. Law § 349. Defendants, however, countered that the plaintiffs agreed to arbitrate any disputes related to their app accounts, and moved to compel arbitration and dismiss the complaint. The court analyzed the applicable sign-up flows and ruled that in signing up for the apps, users agreed to unambiguous terms of service, which included an arbitration agreement presented in a clickable hyperlinked URL. The court rejected plaintiffs’ assertion that a reasonably prudent smartphone user would not think to click on the terms of service hyperlink, stating that the hyperlink for both apps provided reasonably clear and conspicuous interfaces. The court further found that the claims were subject to arbitration because plaintiffs’ specifically assented to the arbitration provisions and that the parties’ agreed to present any question of arbitrability to an arbitrator.
Treasury publishes risk assessments for money laundering, terrorist financing, and proliferation financing
On March 1, the U.S. Treasury Department published the 2022 National Risk Assessments on money laundering, terrorist financing, and proliferation financing, which highlight significant illicit finance threats, vulnerabilities, and risks facing the United States.
The 2022 National Money Laundering Risk Assessment found that “[c]riminals continue to use a wide range of money laundering techniques, including traditional ones, to move and conceal illicit proceeds depending on what is available or convenient to them.” Crimes generating the largest amount of laundered illicit proceeds in or through the U.S. include fraud, drug trafficking, cybercrime, human trafficking and smuggling, and corruption. The assessment found that continued and emerging money laundering risks involve, among other things, the persistent misuse of legal entities, a lack of transparency in certain real estate transactions, merchants and professionals that misuse their positions or businesses, and compliance and supervision weaknesses at some regulated U.S. financial institutions. Additionally, operators of virtual asset service providers (VASPs) are reminded that violating the Bank Secrecy Act or neglecting regulatory requirements, “such as failing to establish effective AML programs or report suspicious activities,” present vulnerabilities to the financial system.
The findings of the 2022 National Terrorist Financing Risk Assessment, according to the press release, included that, with respect to foreign terrorist groups, “the most common form of financial support from U.S.-based individuals continues to be the transfer of small sums (several hundred to tens of thousands of dollars) to facilitators outside of the U.S. working on behalf of ISIS and its affiliates, Al-Qaida and its affiliates, and Hizballah.” For the first time, the assessment also analyzed funding methods used to support domestic violent extremists.
The 2022 National Proliferation Financing Risk Assessment found that most significant proliferation finance threats are posed by the Democratic People’s Republic of Korea followed by Iran. These networks misuse correspondent banking relationships and create front/shell companies to facilitate financial activity and conduct trade, and they generate significant revenue from the maritime sector. The press release stated that the assessment further found that these networks are beginning to “increasingly exploit[] the digital economy, including through the systematic mining and trading of virtual assets, and the hacking of virtual asset service providers.” In the upcoming weeks, Treasury will release the 2022 National Strategy for Combatting Terrorist and Other Illicit Finance, which will be informed by the analysis contained in these risk assessments and will share recommendations for addressing these highlighted threats.
OFAC targets Russian wealth, imposes sanctions on Putin and Lavrov
During February and March, as conflict continued to escalate in Ukraine, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) imposed significant new sanctions, including most recently designations targeting numerous Russian elites and their family members for continuing to provide direct and indirect support to the Russian government through their business empires, wealth, and other resources. (See also General License 15.) The sanctions also targeted six of the individuals companies, one of Russia’s largest privately-owned aircraft, and one of the world’s largest superyachts. The actions were taken in close coordination with the EU, UK, Canada, Japan, the ROK, and Australia as part of a “transatlantic effort to further deny Russian elites the benefits of their kleptocracy” and to ensure the effective implementation of recently announced financial sanctions. An additional 26 Russia- and Ukraine-based individuals and seven Russian entities connected with the Russian government’s efforts to promulgate disinformation and influence perceptions were also sanctioned by OFAC, while the Department of State imposed substantial costs on 22 Russian defense-related firms. OFAC also released three new Russian harmful foreign activities sanctions FAQs.
OFAC also imposed significant sanctions against the Central Bank of the Russian Federation, the National Wealth Fund of the Russian Federation, and the Ministry of Finance of the Russian Federation, as well as three entities that manage one of Russia’s key sovereign wealth funds: the Russian Direct Investment Fund, its management company, and one of the managing company’s subsidiaries. Sanctions were also imposed against Russian President Vladimir Putin and Minister of Foreign Affairs Sergei Lavrov, along with directors of the Foreign Intelligence Service, the Federal Security Service and the Federal Service of National Guard Troops, the interior minister, and other top government officials (see announcements here and here). As a result of the sanctions, all property and interests in property belonging to the sanctioned individuals and entities, and “any entities that are owned, directly or indirectly, 50 percent or more” by the blocked persons that are subject to U.S. jurisdiction are blocked and must be reported to OFAC. U.S. persons are prohibited from engaging in any dealings involving the property or interests in property of blocked or designated persons, unless exempt or authorized by a general or specific OFAC license. The Financial Industry Regulatory Authority also sent a regulatory notice alerting members of recent sanctions-related developments and advising members to continue to monitor OFAC’s website for relevant information.
OFAC also issued Directive 4 under Executive Order (E.O.) 14024, which prohibits related transactions involving the Central Bank of the Russian Federation, the National Wealth Fund of the Russian Federation, and the Ministry of Finance of the Russian Federation, unless otherwise authorized by OFAC. Entities subject to Directive 4 can be found in OFAC’s updated list of Specially Designated Nationals or on OFAC's Non-SDN Menu-Based Sanctions List. Additionally, OFAC issued Russia-related General License 8A to authorize certain energy transactions with specified entities through 12:01 a.m. eastern daylight time, June 24, 2022.
OFAC further announced that it is adding regulations to implement E.O. 14024 related to specified harmful foreign activities of the Russian government (covered by InfoBytes here). OFAC stated it plans to supplement these regulations with a more comprehensive set of regulations that may include additional interpretive guidance and definitions, general licenses, and other regulatory provisions.
Additionally, President Biden, along with leaders of the European Commission, France, Germany, Italy, the UK, and Canada, issued a joint statement imposing further restrictive economic measures to further isolate Russia from the international financial system. The leaders agreed to block certain Russian banks from accessing the SWIFT global messaging system in order to harm the banks’ ability to operate globally and announced their commitment to “restrictive measures” against the Russian Central Bank to prevent the deployment of its international reserves in a manner that undermines the impact of these sanctions. The announcement further noted that the leaders plan to launch a transatlantic task force to ensure financial sanctions are effectively implemented through the identification and freezing of assets belonging to sanctioned individuals and companies that exist within their countries’ jurisdictions. Actions will include “employing sanctions and other financial and enforcement measures on additional Russian officials and elites close to the Russian government, as well as their families, and their enablers.”
Find continuing InfoBytes coverage on the U.S. sanctions response to Russia’s invasion of Ukraine here.
OFAC sanctions ISIS facilitators
On March 1, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions pursuant to Executive Order 13224 against four Islamic State of Iraq and Syria (ISIS) and ISIS-Mozambique financial facilitators based in South Africa for allegedly supporting the transfer of funds from the top of the ISIS hierarchy to branches across Africa or for serving as leaders of ISIS cells. As a result of the sanctions, all property and interests in property of the designated individuals within U.S. jurisdiction must be blocked and reported to OFAC. OFAC further noted that its regulations “generally prohibit” U.S. persons or persons within the United States from participating in transactions with the designated persons and warned foreign financial institutions that if they knowingly facilitate significant transactions for any of the designated individuals, OFAC may prohibit or impose strict conditions on the opening or maintaining of a U.S. correspondent account or payable-through account.