InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Agencies release 2023 list of distressed, underserved communities
On June 23, the FDIC, Federal Reserve Board, and the OCC released the 2023 list of distressed or underserved nonmetropolitan middle-income geographies where revitalization or stabilization activities are eligible to receive Community Reinvestment Act (CRA) consideration. According to the joint release, the list of distressed nonmetropolitan middle-income geographies and underserved nonmetropolitan middle-income geographies are designated by the agencies under their CRA regulations and reflect local economic conditions such as unemployment, poverty, and population changes. Under CRA, banks are encouraged to help meet the credit needs of the local communities listed. For any geographies that were designated by the agencies in 2022 but not in 2023, the agencies apply a one-year lag period, so such geographies remain eligible for CRA consideration for another 12 months.
Waters asks Treasury, SEC to comment on crypto framework
On June 23, Representative Maxine Waters solicited viewpoints, analysis, and recommendations in letters sent to the Department of Treasury and the SEC regarding a recently introduced discussion draft of cryptocurrency framework. In her letters, Waters requested insight on how the proposed legislation would impact the federal regulators’ ability to conduct oversight, among other things. Waters specifically asked the SEC for recommended amendments to existing law, outside of the bill, to further protect investors in the digital assets space. In her letter to the Treasury, she asked for insight on how the bill would address or conflict with its policy recommendations, and if the bill or specific provisions of it are needed. Waters requested that both regulators provide a written response by June 30 and be prepared to brief the House Financial Services Committee.
Introduced on June 2, the discussion draft to which Waters referred would impact the jurisdiction of the CFTC over digital commodities and the SEC’s authority over digital assets. Committee Chairman Patrick McHenry is a co-author of the discussion draft and also the primary sponsor of newly proposed bills regarding financial statement requirements of emerging growth companies that if passed, will indirectly impact regulators’ oversight in the crypto space. HR 2608 would limit the financial information an emerging growth company would be required to submit to the SEC, among other things. Specifically, “an emerging growth company is not required to present a financial statement for any period prior to the earliest audited period of the emerging growth company in connection with its initial public offering, such as a statement for an acquired company.” Additionally, HR 2610 would amend the Securities Exchange Act of 1934, so emerging growth companies would only need to submit the last 2 years of their profit and loss statements (previously 3 years). Among other things, the bill allows an issuer of securities to submit a draft registration statement to the SEC for confidential review prior to a public filing. Both bills have passed the House.
FTC updates its Endorsement Guide after 14 years
On June 29, the FTC announced the finalized updated version if its Endorsement Guide, to help the agency combat deceptive reviews and endorsements. The FTC says its endorsement guides, which were previously updated in 2009, advise businesses on what practices are considered unfair and deceptive in violation of the FTC Act. The FTC explained that the current, updated version takes into consideration comments solicited earlier this year, to reflect the ways advertisers now reach consumers. The revisions: (i) “articulate[] a new principle regarding procuring, suppressing, boosting, organizing, publishing, upvoting, downvoting, or editing consumer reviews so as to distort what consumers think of a product”; (ii) “address[] incentivized reviews, reviews by employees, and fake negative reviews of a competitor;” (iii) “add[] a definition of ‘clear and conspicuous’ and saying that a platform’s built-in disclosure tool might not be an adequate disclosure”; (iv) “[change] the definition of ‘endorsements’ to clarify the extent to which it includes fake reviews, virtual influencers, and tags in social media;” (v) “better explain[] the potential liability of advertisers, endorsers, and intermediaries”; and (vi) highlight[] that child-directed advertising is of special concern. The FTC concurrently issued an updated version of its guidance regarding frequently asked questions about its endorsement guides.
FTC orders sweepstakes company to pay $18.5 million for using “dark patterns”
On June 26, the FTC filed a complaint against a sweepstakes company alleging they used “dark patterns” (via the use of “manipulative phrasing and website design”) to trick consumers into purchasing products in order to enter the increase the chances of winning the company’s sweepstakes. The FTC further claimed the defendant engaged in other unlawful practices in violation of the FTC Act, including (i) failing to disclose the true price of goods and failing to inform consumers they were responsible for return shipping costs for unwanted products; (ii) misleading consumers with fictitious email subject lines; and (iii) sharing consumer data with third parties despite disclosing in its privacy policy prior to January 2019 that it did sell or rent consumer data to third parties.
Under the terms of the proposed court order filed June 27 stipulating to an injunction, monetary judgement, and other relief, the defendant would be required to pay $18.5 million in monetary relief and make numerous changes to its email and internet operations. Among other things, the defendant would be required to clearly and conspicuously disclose on every shopping page that a purchase is not required to enter a sweepstakes and that purchasing will not help a consumer win. Consumers would also be required, in many cases, to acknowledge this disclosure when responding to a call to action that results in an order. The defendant must also clearly disclose material costs and terms of purchase, as well as any additional fees, and cancellation and return policies. Additionally, the defendant would be required to delete all consumer data collected prior to January 1, 2019, unless required for processing transactions, and stop misrepresenting its data collection and sharing practices.
FHA requires info on language preference, homeowner education in mortgage originations
On June 27, FHA announced lenders will have to submit information about borrowers’ language preferences and homeownership education or housing counseling history through the Supplemental Consumer Information Form when originating mortgages for FHA insurance. According to FHA, borrowers may choose to provide all, some, or none of the information requested on the form, and lenders must transmit any information the borrower disclosed. The information collected from the form will allow the administration to have a better aggregate view of language preferences, which FHA stated, “will influence its future actions to continue breaking down language and other barriers to homeownership.” On June 13, FHA also announced the availability of Chinese, Korean, Spanish, Tagalog, and Vietnamese versions of more than 30 single family mortgage documents and related resources associated with FHA programs.
CFPB levies $25 million penalty for EFTA violations
On June 27, the CFPB entered a consent order against a Nebraska-based payment processor and its Delaware-based subsidiary for alleged violations of the EFTA (Regulation E), and the Consumer Financial Protection Act’s prohibition against unfair acts and practices. According to the Bureau, in 2021 the respondent’s employees allegedly used sensitive consumer financial information while conducting internal testing, without employing the proper information safety protocols. The internal tests allegedly created payment processing files that were treated as containing legitimate consumer bill payment orders. According to the Bureau, the erroneous bill payment orders were allegedly sent to consumers’ banks for processing, which resulted in approximately $2.3 billion in mortgage payments being debited from nearly 500,000 borrower bank accounts without their knowledge or authorization. The Bureau alleged in its order that some consumers accounts were depleted, “depriving Affected Consumers of the use of their funds, including by being prevented from making purchases or completing other legitimate transactions, and many were charged fees, including fees for insufficient funds or overdrawn accounts.” While neither admitting nor denying any of the allegations, the respondent has agreed to pay a $25 million penalty, stop activities the Bureau deemed unlawful, and adopt and enforce reasonable information security practices.
DOJ and FTC find UDAPs in handling of women’s health data
On June 23, the DOJ and FTC announced the government has obtained substantial injunctive relief, and that the department will collect $100,000 in civil penalties, from an Illinois-based healthcare corporation pursuant to a stipulated federal court order. In the complaint, the United States claimed that the corporation violated Section 5 of the FTC Act, in which the defendant engaged in unfair and deceptive acts in connection with its period and ovulation tracking mobile app. The government alleged that the corporation shared consumers’ persistent identifiers and sensitive personal information to third-party companies without user notice or consent. Additionally, the corporation allegedly failed to disclose how those third-party companies would use consumers’ personal information. The complaint also alleges the corporation failed to take “reasonable measures” surrounding data and privacy risk when they integrated third-party software into the mobile application, and that they violated the HBNR.
The order entered by the court requires that the corporation: (i) “implement a comprehensive privacy and data security program with safeguards to protect consumer data”; (ii) “hire an independent third-party to regularly assess its compliance with the privacy program for a period of 20 years”; (iii) “[is] enjoined from sharing health information with third-parties for advertising purposes, from sharing health information with third-parties for other purposes without obtaining users’ affirmative express consent, and from making misrepresentations about [the corporation’s] privacy practices”; and (iv) comply with the HBNR’s notification provisions in any future breach of Security.
Biden administration launches NIST working group on AI
On June 22, the Biden administration announced that the National Institute of Standards and Technology (NIST) launched a new public working group on generative AI. The Public Working Group on Generative AI will reportedly help NIST develop guidance surrounding the special risks posed by AI in order to help organizations and support initiatives to address the opportunities and challenges associated with generative AI’s creation of code, text, images, videos, and music. “The public working group will draw upon volunteers, with technical experts from the private and public sectors, and will focus on risks related to this class of AI, which is driving fast-paced changes in technologies and marketplace offerings” NIST stated. NIST also outlined the immediate, midterm, and long-term goals for the group. Initially, the working group will research how the NIST AI Risk Management Framework can be used to support AI technology development. The working group’s midterm goal will be to support NIST in testing, evaluation and measurement related to generative AI. In the long term, the group will explore the application of generative AI to address challenges in health, environment, and climate change. NIST encourages those interested in joining the working group to submit a form no later than July 9.
OFAC sanctions DPRK missile development procurers
On June 15, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions, pursuant to Executive Orders (E.O.) 13382 and 13810, against two individuals involved in the procurement of equipment and materials that support the Democratic People’s Republic of Korea’s (DPRK) ballistic missile program. According to OFAC, the missile program relies on foreign-sourced ballistic missile-related components that it cannot produce domestically. One of the sanctioned persons has collaborated with a number of individuals to purchase and procure items including those known to be used in the production of DPRK ballistic missiles. The individual’s wife is the second sanctioned individual listed as “being a North Korean person, including a North Korean person that has engaged in commercial activity that generates revenue for the Government of North Korea or the Workers’ Party of Korea.”
As a result of the sanctions, all property and interests in property of the designated persons that are in the U.S., or in the possession or control of U.S. persons, are blocked and must be reported to OFAC. In addition, any entities that are owned, directly or indirectly, 50 percent or more by one or more blocked persons are also blocked. OFAC further mentioned, “any foreign financial institution that knowingly facilitates a significant transaction or provides significant financial services for any of the individuals or entities designated today could be subject to U.S. correspondent or payable-through account sanctions.”
OFAC sanctions Russians for election influence
On June 23, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions, pursuant to Executive Order 14024, against two individuals for attempting to conduct “global malign influence operations,” including efforts to influence a U.S. local election. According to OFAC, the designated individuals are Russian Federal Security Service officers who operate as part of a mission that provokes anti-government and anti-democratic positions designed to undermine faith in democratic principles, weaken U.S. diplomatic connections, and exploits societal divisions in an effort to expand Russia’s influence. OFAC said one of the individuals directed more than six U.S. co-conspirators, including two who ran in local U.S. elections, to report on the activities of political groups. OFAC designated the two individuals “for having acted or purported to act for or on behalf of, directly or indirectly, the Government of the Russian Federation.” The designated individuals were also recently indicted by the DOJ as well as by the U.S. Attorney’s Office for the Middle District of Florida. In a parallel action announced the same day, the EU released its Eleventh Package of sanctions against Russia. The Eleventh Package added, among other things, over 100 individuals and entities subject to asset freezes, a new anti-circumvention tool to restrict the trade of sanctioned goods, and 87 new entities to the list of those directly supporting Russia’s military and industrial complex in the war against Ukraine.
As a result of these sanctions, all property and interests in property belonging to the sanctioned persons that are in the U.S. or in the possession or control of U.S. persons are blocked and must be reported to OFAC. Further, “any entities that are owned, directly or indirectly, individually or in the aggregate, 50 percent or more by one or more blocked persons are also blocked.” U.S. persons are prohibited from engaging in any dealings involving the property or interests in property of blocked or designated persons, unless exempt or authorized by a general or specific OFAC license. Additionally, OFAC warned that financial institutions and other persons that engage in certain transactions or activities with the sanctioned persons may themselves be exposed to sanctions or be subject to an enforcement action.