InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FDIC releases March enforcement actions
On April 28, the FDIC released a list of administrative enforcement actions taken against banks and individuals in March. The FDIC made public 11 orders including “four prohibition orders, three orders terminating deposit insurance, two consent orders, one order to pay civil money penalty (CMP), and one order terminating consent order.” Included is a civil money order issued against a Missouri-based bank related to alleged violations of the Flood Disaster Protection Act (FDPA). The FDIC determined that the bank had engaged in a pattern or practice of violating the FDPA by increasing, extending, or renewing a loan secured by property located or to be located in a special flood hazard area without timely notifying the borrower and/or the servicer as to whether flood insurance was available for the collateral.
11th Circuit: ECOA anti-discrimination provision against requiring spousal signature does not apply to defaulted mortgage during loan modification offer
On April 27, the U.S. Court of Appeals for the Eleventh Circuit affirmed a lower court’s decision to enter judgment in favor of a defendant national bank following a bench trial related to claims arising from foreclosure proceedings on the plaintiff’s home. The plaintiff executed a promissory note secured by a mortgage signed by both the plaintiff and her husband. After the borrowers defaulted on the mortgage, the defendant filed a foreclosure action and approved the plaintiff for a streamlined loan modification while the foreclosure action was pending. One of the conditions of the streamlined loan modification was that the plaintiff had to make required trial period plan payments and submit signed copies of the loan modification agreement within 14 days. Both individuals were expressly required to sign the modification agreement as borrowers on the mortgage. However, should one of the borrowers not sign, the bank required documentation as to why the signature is not required, as well as a recorded quit claim deed and a divorce decree. The plaintiff acknowledged that she refused to return a fully signed loan modification agreement or provide alternative supporting documentation, and during trial, both individuals admitted that the husband refused to sign. The borrowers eventually consented to final judgment in the foreclosure action and the property was sold.
The plaintiff then brought claims under ECOA and RESPA. The district court granted summary judgment to the defendant on the ECOA discrimination claim and the RESPA claim. After a bench trial on the ECOA notice claim, the district court determined that because the defendant gave proper notice to the plaintiff as required by ECOA (i.e., she was provided required written notices within 30 days after being verbally informed that her modification agreement was not properly completed), plaintiff’s claim failed on the merits.
On appeal, plaintiff argued, among other things, that the district court erred in granting summary judgment in favor of the defendant on her ECOA discrimination claim. The 11th Circuit explained that under ECOA it is unlawful for a creditor to discriminate against an applicant on the basis of marital status. However, ECOA and Regulation B also establish “exceptions for actions that are not considered discrimination, including when a creditor may require a spouse’s signature,” and include additional exceptions to creditor conduct constituting “adverse action” (i.e. “any action or forbearance taken with respect to an account that is delinquent or in default is not adverse action”). The appellate court held that because the plaintiff had defaulted on the mortgage at the time the loan modification was offered, ECOA and Regulation B’s anti-discrimination provision against requiring spousal signatures did not apply to her. Moreover, even if the provision was applicable in this instance, the appellate court held that “the district court correctly concluded that it was reasonable for [defendant] to require either [plaintiff’s] signature or a divorce decree in light of Florida’s homestead laws,” and that such a requirement does not constitute discrimination under ECOA.
As to the notice claim, the appellate court found no error in the district court’s conclusion that the defendant had satisfied applicable notice requirements by timely sending a letter to the plaintiff that (i) specified the information needed from the plaintiff; (ii) designated a reasonable amount of time within which to provide the information; and (iii) informed the plaintiff that failure to do so would result in cancellation of the modification. This letter satisfied the “notice of incompleteness” requirements of 12 C.F.R. § 202.9(c)(2).
House committee continues federal privacy legislation discussions
On April 27, the House Subcommittee on Innovation, Data, and Commerce, a subcommittee of the House Energy and Commerce Committee, held a hearing entitled “Addressing America’s Data Privacy Shortfalls: How a National Standard Fills Gaps to Protect Americans’ Personal Information” to continue discussions on the need for comprehensive federal privacy legislation. Subcommittee Chair Gus Bilirakis (R-FL) delivered opening remarks, commenting that the Committee has examined in depth how a federal privacy law is needed to protect Americans and balance the needs of business, government and civil society, what happens when malicious actors exploit access to data, where the FTC’s jurisdictional lines and authority lay and how that interplays with a comprehensive federal privacy law, and the role of data brokers and the lack of protections given to consumers to manage their data.
During the hearing, subcommittee members commented that one of the big debates about the American Data Privacy and Protection Act (ADPPA) as it came out of committee last year was the degree to which it should preempt state laws. There was push back on the bill from former Speaker Nancy Pelosi who was against the proposed preemption measures, as well as from the California attorney general and the California Privacy Protection Agency who expressed similar concerns and asked Congress to “allow states to provide additional protections in response to changing technology and data privacy protection practices.” The ADPPA was advanced through the committee last July by a vote of 53-2 (covered by InfoBytes here) and was sent to the House floor during the last Congressional session but never came up for a full chamber vote. The bill has not been reintroduced yet.
Subcommittee members said that while drafting a comprehensive national data privacy law is a priority, there are a lot of concerns over preemption of state laws. Certain Republican members also commented that it is very important for Congress to create a single national standard before the FTC proposes data privacy rules from its commercial surveillance rulemaking efforts. As previously covered by InfoBytes, FTC Chair Lina M. Khan and Commissioners Rebecca Slaughter and Alvaro Bedoya testified before the same committee in April, during which time they said they are currently reviewing comments on the proposed rulemaking but support federal privacy legislation.
While the ADPPA has not yet been reintroduced, House Financial Services Committee Chairman Patrick McHenry (R-NC) introduced the Data Privacy Act of 2023 (see H.R. 1165) earlier this year, which would, among other things, modernize the Gramm-Leach-Bliley Act to better align the statute with the evolving technological landscape and ensure consumers understand how their data is being collected and used and grant consumers power to opt-out of the collection of their data and request that their data be deleted at any time.
Washington State passes new health data privacy measures
On April 27, the Washington State governor signed HB 1155 to enact the My Health My Data Act—a comprehensive health privacy law that provides broad restrictions on the use of consumer health data. The Act is intended to cover health data not covered by the Health Insurance Portability and Accountability Act. The Act defines a regulated entity as any legal entity that conducts business in the state of Washington or engages with Washington residents that (alone or jointly with others) “determines the purpose and means of collecting, processing, sharing, or selling of consumer health data.” Government agencies, tribal nations, and contracted service providers that process such data on behalf of a government agency are exempt. The Act increases privacy protections, and outlines several requirements, such as (i) entities must maintain a consumer health data privacy policy that clearly and conspicuously discloses the categories of health data collected and specifies how the data will be used, collected, and shared (including with third parties and affiliates); (ii) entities must obtain consent from consumers prior to collecting, sharing, and selling their health data; (iii) entities are restricted from geofencing particular locations to collect and sell data; and (iv) entities are required to develop specific privacy disclosures. Consumers are also empowered with the right to have their health data deleted. The Act outlines numerous compliance elements relating to access restrictions, replying to consumers, and processor requirements. The Act also specifies the types of information and documents for which the Act is not applicable. In addition, the Act provides a private right of action to consumers and grants the state attorney general enforcement authority as well.
The Act is effective July 23. Regulated entities must comply by March 31, 2024, except for certain provisions applicable to small businesses that have until June 30, 2024 to comply.
OFAC sanctions Iranian senior officials for wrongfully detaining U.S. nationals
On April 27, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions, pursuant to Executive Order 14078, against four senior officials of Iran’s Islamic Revolutionary Guard Corps Intelligence Organization (IRGC-IO). The IRGC-IO was concurrently designated by the State Department for its involvement in the hostage-taking or wrongful detention of U.S. nationals in Iran. OFAC also implemented the State Department’s designation of Russia’s Federal Security Service as well as the IRGC-IO for their role in wrongfully detaining U.S. nationals abroad. As a result of the sanctions, all property and interests in property of the designated persons that are in the United States or in the possession or control of U.S. persons must be blocked and reported to OFAC. Additionally, “any entities that are owned, directly or indirectly, individually or in the aggregate, 50 percent or more by one or more blocked persons are also blocked.” OFAC’s announcement further noted that its regulations “generally prohibit” U.S. persons from participating in transactions with designated persons unless exempt or otherwise authorized by a general or specific license. Financial institutions and persons that engage in certain transactions with the designated persons may themselves be exposed to sanctions or subject to enforcement.
OFAC, Turkey sanction terrorist financing facilitators
On May 2, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced, pursuant to Executive Order 13224, a joint action with the Republic of Turkey to designate two financial facilitators of Syria-based terrorist groups. The terrorist groups have both been sanctioned by the U.S. and the United Nations. The action demonstrates OFAC’s continued cooperation with Turkey to restrict the financing of terrorist groups that perpetuate violence and instability throughout the region. According to the announcement, the Turkish Ministry of Treasury and Finance and the Turkish Ministry of Interior concurrently implemented an asset freeze against the sanctioned individuals. As a result of the sanctions, all property interests belonging to the sanctioned individuals and entities that are in the U.S. or in the possession or control of U.S. persons are blocked and must be reported to OFAC, as well as “any entities that are owned, directly or indirectly, 50 percent or more by them, individually, or with other blocked persons.” U.S. persons are generally prohibited from engaging in any dealings involving the property interests of blocked or designated persons, and persons that engage in certain transactions with the designated individuals may themselves be exposed to sanctions. OFAC further stated that it “can prohibit or impose strict conditions on the opening or maintaining in the United States of a correspondent account or a payable-through account of a foreign financial institution that knowingly conducted or facilitated any significant transaction on behalf of a Specially Designated Global Terrorist.”
SEC orders crypto ATM operator to pay $3.9 million for selling unregistered tokens
On April 28, the SEC settled with a cryptocurrency ATM operator for allegedly selling unregistered tokens in order to raise money to expand its bitcoin ATM network. Described as a “token sale,” the SEC claimed the respondents in total raised crypto assets during an initial coin offering valued at roughly $3.65 million. According to the SEC, the company offered and sold its token as investment contracts, which qualified it as a security since investors would have reasonably expected to obtain future profits from the token’s rise in value based upon the respondents’ efforts. By offering and selling securities without having on file a registration statement with the SEC or qualifying for an exemption, the respondents violated Sections 5(a) and 5(c) of the Securities Act, the SEC said. Additionally, one of the respondents and its CEO were also accused of violating Section 17(a) of the Securities Act and Section 10(b) of the Exchange Act and Rule 10b-5 by making materially false and misleading statements and engaging in other fraudulent conduct connected to the offer and sale of the token. The respondents neither admitted nor denied the SEC’s findings, but agreed to pay a collective $3.92 million civil penalty and said they would cease and desist from committing violations of the Securities Act and the Securities Exchange Act. One of the individual respondents also received a three-year officer and director ban.
2nd Circuit addresses preclusion standard in dismissal of RMBS actions
On April 26, the U.S. Court of Appeals for the Second Circuit upheld the dismissal of three residential mortgage-backed securities lawsuits tied to losses incurred during the 2008 financial crisis. The plaintiffs, issuers of collateralized debt obligations secured by RMBS certificates, sued several trust entities in separate lawsuits over the losses. According to the opinion, the district courts in each action assumed the plaintiffs had Article III standing but determined that they “were precluded from relitigating the issue of prudential standing” due to a related case they had previously brought against a different bank.
The 2nd Circuit explained that the district court in the related case had determined that the plaintiffs lacked standing because they had “conveyed all right, title, and interest in the RMBS certificates”—including the full power to file lawsuits—to third parties when issuing their notes, which were secured by certificates in RMBS trusts, among other assets. Following the decision, the third parties reassigned the litigation rights associated with the RMBS certificates back to the plaintiffs, but the court granted summary judgment in favor of the bank, holding that the plaintiffs lacked both Article III and prudential standing. The 2nd Circuit “affirmed on the ground that the assignments were champertous and that [p]laintiffs thus lacked prudential standing,” assuming but not deciding the issue of Article III standing.
With respect to the current lawsuits, the district court premised its dismissal on the finding that the plaintiffs were precluded from relitigating the issue of prudential standing by the holding in the related action. “In resolving an issue of first impression in this Circuit, we join the [9th] Circuit in concluding that the district courts permissibly bypassed the question of Article III standing to address issue preclusion, which offered a threshold, non-merits basis for dismissal,” the appellate court wrote. “In short, we fully agree with the district courts that [p]laintiffs were not entitled to a second bite at the prudential-standing apple after the [related] action. The district courts therefore did not err in taking this straightforward, if not ‘textbook,’ path to dismissal.”
FTC obtains permanent ban against debt relief operators
On May 1, three individuals accused of allegedly participating in a credit card debt relief scheme agreed to court orders permanently banning them from telemarketing and selling debt relief products and services. As previously covered by InfoBytes, last November the FTC filed a lawsuit claiming the defendants and their affiliated companies violated the FTC Act and the Telemarketing Sales Rule by using telemarketers to pitch their deceptive scheme, in which they falsely claimed to be affiliated with a particular credit card association, bank, or credit reporting agency, and promised they could improve consumers’ credit scores after 12 to 18 months. The defendants also allegedly misrepresented that the upfront fee, which in some cases was as high as $18,000, was charged to consumers’ credit cards as part of the overall debt that would be eliminated, and therefore would not actually have to be paid. Without admitting or denying the allegations, the defendants agreed to the court orders (available here, here, and here) imposing numerous conditions, including (i) a permanent ban on advertising, selling, or assisting in any debt relief product or service or participating in telemarketing; (ii) a broad prohibition forbidding defendants from deceiving consumers about any other products or services they sell or market; and (iii) the surrender of certain property interests and assets that will be used to provide restitution to affected consumers. The orders impose a total monetary judgment of approximately $17.5 million, for which each defendant is jointly and severally liable, to be satisfied by defendants’ surrender of certain assets and subject to a partial suspension of the remainder of the judgment pursuant to defendants’ truthfulness regarding their financial status and ability to pay.
OFAC adds more sanctions linked to timeshare fraud
On April 27, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions, pursuant to Executive Order 14059, against seven individuals and 19 Mexican companies connected to timeshare fraud on behalf of the Cartel de Jalisco Nueva Generacion (CJNG). The CJNG—a Mexico-based organization responsible for trafficking a significant proportion of illicit fentanyl and other drugs that enter the U.S.—is also designated under E.O. 14059. OFAC explained that timeshare fraud often targets older U.S. citizens to scam victims of their life savings and is an important revenue stream for the group’s criminal enterprise. The designations build on sanctions imposed on several other companies in April (covered by InfoBytes here) and continue OFAC’s efforts to disrupt CJNG’s timeshare fraud network.
As a result of the sanctions, all property and interests in property of the designated persons located in the U.S. or held by U.S. persons are blocked and must be reported to OFAC. Further, “any entities that are owned, directly or indirectly, individually or in the aggregate, 50 percent or more by one or more blocked persons are also blocked.” U.S. persons are generally prohibited from engaging in any dealings involving the property or interests in property of blocked or designated persons unless authorized by an OFAC-issued general or specific license, or exempt. OFAC further warned that “U.S. persons may face civil or criminal penalties for violations of E.O. 14059 and the Kingpin Act.”