InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
OCC, FDIC say some overdraft fees may be unfair or deceptive
On April 26, the OCC and FDIC issued supervisory guidance addressing consumer compliance risks associated with bank overdraft practices. (See OCC Bulletin 2023-12 and FDIC FIL-19-2023.) The guidance highlighted certain practices that may result in increased risk exposure, including assessing overdraft fees on “authorize positive, settle negative” (APSN) transactions and assessing representment fees each time a third party resubmits the same item for payment after being returned by a bank for non-sufficient funds. The agencies provided guidance for banks that may help control risks associated with overdraft protection programs and achieve compliance with Dodd-Frank’s UDAAP prohibitions and section 5 of the FTC Act, which prohibits unfair or deceptive acts or practices.
The FDIC’s supervisory guidance expanded on the 2019 Consumer Compliance Supervisory Highlights (covered by InfoBytes here), and warned that APSN overdraft fees present risks of unfairness under both statutes as consumers “cannot reasonably avoid” receiving these fees because they lack “the ability to effectively control payment systems and overdraft processing systems practices.” The FDIC cited the “complicated nature of overdraft processing systems” as another impediment to a consumer’s ability to avoid injury. The FDIC also emphasized that risks of unfairness exist both in “available balance” or “ledger balance” methods of assessing overdraft fees, but cautioned that risks may be “more pronounced” when a bank uses an available balance method. Furthermore, the FDIC warned that disclosures describing how transactions are processed may not mitigate UDAAP and UDAP risk. Banks are encouraged to “ensure customers are not charged overdraft fees for transactions consumers may not anticipate or avoid,” and should take measures to ensure overdraft programs provided by third parties comply with all applicable laws and regulations, as such arrangements may present additional risks if not properly managed, the FDIC explained.
The OCC’s guidance also warned that disclosures may be deceptive under section 5 if they fail to clearly explain that multiple or additional fees may result from multiple presentments of the same transaction. Recognizing that some banks have already implemented changes to their overdraft protection programs, the OCC also acknowledged that “[w]hen supported by appropriate risk management practices, overdraft protection programs may assist some consumers in meeting short-term liquidity and cash-flow needs.” The OCC encouraged banks to explore other options, such as offering low-cost accounts and low-cost alternatives for covering overdrafts, such as overdraft lines of credit and linked accounts.
Texas bankers seek to invalidate CFPB’s small business lending rule
On April 26, plaintiffs, including a Texas banking association, sued the CFPB, challenging the agency’s final rule on the collection of small business lending data. As previously covered by InfoBytes, last month, the Bureau released its final rule implementing Section 1071 of the Dodd-Frank Act, which requires financial institutions to collect and provide to the Bureau data on lending to small businesses with gross revenue under $5 million in their last fiscal year. According to the Bureau, the final rule is intended to foster transparency and accountability by requiring financial institutions—both traditional banks and credit unions, as well as non-banks—to collect and disclose data about small business loan recipients’ race, ethnicity, and gender, as well as geographic information, lending decisions, and credit pricing.
The plaintiffs’ goal of invalidating the final rule is premised on the argument that it will drive from the market smaller lenders who are not able to effectively comply with the final rule’s “burdensome and overreaching reporting requirements” and decrease the availability of products to customers, including minority and women-owned small businesses. Plaintiffs argued that the Bureau “took the original three pages of legislation and the 13 reporting data points required by [Dodd-Frank] and turned them into almost 900 pages of rulemaking—a new [f]inal [r]ule that requires banks to develop and implement new software and compliance mechanisms to comply with over 80 reporting requirements that have been exponentially grown by the CFPB since the Act requiring this [r]ule was passed.”
The plaintiffs further pointed to a decision issued by the U.S. Court of Appeals for the Fifth Circuit in Community Financial Services Association of America v. Consumer Financial Protection Bureau, where the court found that the CFPB’s “perpetual self-directed, double-insulated funding structure” violated the Constitution’s Appropriations Clause (covered by InfoBytes here and a firm article here), as justification for why the final rule should be set aside. The plaintiffs also pointed out certain aspects of the final rule that allegedly violate various requirements of the Administrative Procedure Act, and claimed that a recent data breach involving sensitive information on numerous financial institutions and consumers indicates that the agency is unprepared “to adequately assess the security and privacy impacts of its massive § 1071 data collection on small businesses.” The complaint seeks a court order finding the final rule to have been premised on the same unconstitutional grounds as found in CFSA, preliminary and permanent injunctions to set aside the final rule, and attorney fees and costs.
FinCEN fines trust company $1.5 million for BSA violations
On April 26, FinCEN announced its first enforcement action against a trust company, in which it assessed a $1.5 million civil money penalty against a South Dakota-chartered trust company for willful violations of the Bank Secrecy Act (BSA) and its implementing regulations. According to the consent order, the trust company admitted that it willfully failed to timely and accurately report hundreds of transactions to FinCEN involving suspicious activity by its customers, including transactions with connections to a trade-based money-laundering scheme and several securities fraud schemes. The agency cited the trust company’s “severely underdeveloped” process for identifying and reporting potentially suspicious activity as part of “an overall failure to build a culture of compliance.”
According to FinCEN acting Director Himamauli Das, the trust company “had virtually no process to identify and report suspicious transactions, resulting in it processing over $4 billion in international wires with essentially no controls.” FinCEN said that the trust company should have realized that a large volume of activity from high-risk customers played a role in the closure of numerous correspondent accounts it maintained at other financial institutions, and pointed out that the trust company only began closing accounts flagged during an audit after several forced closures of its own accounts by other financial institutions and after receiving law enforcement inquiries about the accounts referred by the audit. However, at the time, the trust company made no effort to file suspicious activity reports (SARs), FinCEN found, claiming that the trust company processed hundreds of suspicious transactions worth tens of millions of dollars for risky customers that, among other things, appeared to operate in unrelated business sectors. FinCEN added that “personnel with [anti-money laundering (AML)] responsibilities have acknowledged not fully understanding federal SAR filing requirements and that they may have missed important information about some of their riskiest clients as the result of maintaining other, non-AML responsibilities.”
The consent order requires the trust company to hire an independent consultant to review its AML program and transactions from all referenced accounts, as well as any other accounts the trust company maintained for customer referrals, and conduct a SAR lookback review. The trust company is also required to implement recommendations made by the independent consultant and file SARs for any flagged covered transactions. FinCEN recognized the close collaboration and assistance provided by the DOJ and the FBI on this matter.
Washington enacts robocall measures
On April 20, the Washington governor signed HB 1051 to expand existing provisions regulating robocalls and telephone solicitations and prohibit abusive telephone communications that mislead or harm state residents. In doing so, the Act extends liability to “persons who provide substantial assistance or support in the origination and transmission of robocalls” that violate state law, and prohibits the initiation of unwanted calls to phone numbers listed on the National Do Not Call Registry pursuant to the Telemarketing Sales Rule. Among other things, practices that violate the Act’s provisions will be considered an unfair or deceptive act in trade or commerce and an unfair method of competition for purposes of applying the state’s consumer protection act. Injured persons may bring a civil action in Washington superior court to prevent further violations and “shall recover actual damages or $1,000 per violation of this section, whichever is greater.” The Act is effective July 23.
Washington enacts credit repair regulation
On April 20, the Washington governor signed HB 1311 to enact provisions relating to credit repair services performed by a credit services organization. Among other things, the Act outlines new requirements, including that a credit services organization must provide consumers with a monthly statement that details the services performed, as well as “an accounting of any funds paid by a consumer and held or disbursed on the consumer’s behalf and copies of any letters sent by the credit services organization on the consumer’s behalf,” if applicable. Additionally, a credit services organization is prohibited from sending any communications to a consumer reporting agency, creditor, collection agency, or regulatory entity unless the consumer has provided prior written authorization. Credit services organizations must also comply with specified written communication requirements and provide disclosures addressing consumers’ rights to review their files. Modifications to certain provisions relating to notices of cancellation have also been made. The Act is effective July 23.
Federal agencies reaffirm commitment to confront AI-based discrimination
On April 25, the CFPB, DOJ, FTC, and Equal Employment Opportunity Commission released a joint statement reaffirming their commitment to protect the public from bias in automated systems and artificial intelligence (AI). “America’s commitment to the core principles of fairness, equality, and justice are deeply embedded in the federal laws that our agencies enforce to protect civil rights, fair competition, consumer protection, and equal opportunity,” the agencies said, emphasizing that existing authorities apply equally to the use of new technologies and responsible innovation as they do to any other conduct. The agencies have previously expressed concerns about potentially harmful AI applications, including black box algorithms, algorithmic marketing and advertising, abusive AI technology usage, digital redlining, and repeat offenders’ use of AI, which may contribute to unlawful discrimination, biases, and violate consumers’ rights.
“We already see how AI tools can turbocharge fraud and automate discrimination, and we won’t hesitate to use the full scope of our legal authorities to protect Americans from these threats,” FTC Chair Lina M. Khan said. “Technological advances can deliver critical innovation—but claims of innovation must not be cover for lawbreaking. There is no AI exemption to the laws on the books, and the FTC will vigorously enforce the law to combat unfair or deceptive practices or unfair methods of competition,” Khan added.
CFPB Director Rohit Chopra echoed Khan’s sentiments and said the Bureau, along with other agencies, are taking measures to address unchecked AI. “While machines crunching numbers might seem capable of taking human bias out of the equation, that’s not what is happening,” Chopra said. “When consumers and regulators do not know how decisions are made by artificial intelligence, consumers are unable to participate in a fair and competitive market free from bias,” Chopra added. The Director’s statements concluded by noting that the Bureau will continue to collaborate with other agencies to enforce federal consumer financial protection laws, regardless of whether the violations occur through traditional means or advanced technologies.
Additionally, Assistant Attorney General Kristen Clarke of the DOJ’s Civil Rights Division noted that “[a]s social media platforms, banks, landlords, employers and other businesses [] choose to rely on artificial intelligence, algorithms and other data tools to automate decision-making and to conduct business, we stand ready to hold accountable those entities that fail to address the discriminatory outcomes that too often result.”
CFPB says furnishers’ investigative duties include legal disputes
On April 20, the CFPB filed an amicus brief in a case before the U.S. Court of Appeals for the Eleventh Circuit arguing that the duty to investigate a consumer’s credit dispute applies not only to factual disputes but also to disputes that can be labeled as legal in nature. The plaintiffs entered into a timeshare agreement with the defendant hotel chain and made monthly payments for nearly two years but then stopped. The plaintiffs disputed the validity of, and attempted to rescind, the agreement. The defendant did not agree to the rescission and continued to record the deed under the plaintiffs’ names. The plaintiffs later obtained copies of their credit reports, which showed past-due balances with the defendant, and subsequently submitted letters to a credit reporting agency (CRA) disputing the credit reporting. After the defendant certified the information was accurate, the plaintiffs sued the defendant and the CRA alleging that the defendant violated the FCRA by failing to conduct a proper investigation. The defendant moved for summary judgment, arguing that the issue of whether the debt is owed—the basis of the plaintiffs’ FCRA claim—constitutes a legal dispute and is not a factual inaccuracy. The defendant further maintained that there was no legal error because the plaintiffs owed the money as a matter of law. Last December, the U.S. District Court for the Middle District of Florida granted partial summary judgment in favor the defendant after concluding, among other things, that because the plaintiffs’ dispute centered on the legal validity of their debt, rather than a factual inaccuracy, the investigation requirement was not triggered and the claim was “not actionable under the FCRA.”
The Bureau argued in favor of the plaintiffs-appellants. According to the Bureau, the district court “unduly narrow[ed] the scope of a furnisher’s obligations by holding that furnishers categorically need not investigate indirect disputes involving ‘legal’ inaccuracies.” This position, the Bureau maintained, contradicts the purpose of the FCRA’s requirement to conduct a reasonable investigation of consumer disputes and “could reduce the incentive of furnishers to resolve ‘legal’ disputes, and, in turn, could increase the volume of consumer complaints about credit reporting issues that the Bureau receives and devotes resources to address.”
Explaining that the FCRA does not distinguish between legal and factual disputes, the Bureau stated that the district court’s conclusion “is not supported by the statute, risks exposing consumers to more inaccurate credit reporting, conflicts with the decision of another circuit, and undercuts the remedial purpose of the FCRA.” The Bureau presented several arguments to support its position, including that a reasonable investigation is required under the FCRA, and that while the reasonableness of an investigation is case specific, it “can be evaluated by how thoroughly the furnisher investigated the dispute (e.g., how well its conclusion is supported by the information it considered or reasonably could have considered).”
The Bureau also claimed that the Congress did not intend to exclude disputes that involve legal questions. “[M]any inaccurate representations pertaining to an individual’s debt obligations arguably could be characterized as legal inaccuracies, given that determining the truth or falsity of the representation could require the reading of a contract,” the Bureau wrote. Moreover, an “atextual exception for legal inaccuracies will create a loophole that could swallow the reasonable investigation rule,” the Bureau stressed. The agency urged the court to “reject a formal distinction between factual and legal investigations because it will likely prove unworkable in practice” and said that allowing such a distinction would “curtail the reach of the FCRA’s investigation requirement in a way that runs counter to the purpose of the provision to require meaningful investigation to ensure accuracy on credit reports.”
As previously covered by InfoBytes, the CFPB and the FTC filed an amicus brief presenting the same arguments last December in a different FCRA case on appeal to the 11th Circuit involving the same defendant.
OFAC reaches $508 million settlement with British tobacco company on North Korean transactions
On April 25, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a $508 million settlement with one of the world’s largest tobacco companies to resolve potential civil liabilities stemming from allegations that the company sent more than $250 million in profits from a North Korean joint venture through U.S. financial institutions by relying on designated North Korean banks and several intermediaries. According to OFAC’s web notice, from 2007 to 2016, the London-headquartered company formed a conspiracy to export tobacco and related products to North Korea, and remitted approximately $250 million in payments from the North Korean joint venture. The payments were allegedly remitted through bank accounts controlled by sanctioned North Korean banks to the company’s Singaporean subsidiary via U.S. banks who cleared the transactions. By causing U.S. financial institutions to process wire transfers containing blocked property interests of sanctioned North Korean banks in order to export financial services and facilitate the export of tobacco, the company violated the Weapons of Mass Destruction Proliferators Sanctions Regulations and the North Korea Sanctions Regulations, OFAC said.
According to OFAC, the settlement is the largest ever reached with a non-financial institution and reflects the statutory maximum penalty due to OFAC’s determination that the company’s conduct was egregious and not voluntarily self-disclosed. In arriving at the settlement amount, OFAC determined, among other things, that the company and its subsidiaries willfully conspired to transfer hundreds of millions of dollars related to North Korea through U.S. financial institutions while being aware that U.S. sanctions regulations prohibited this conduct. The company and its subsidiaries also allegedly “relied on an opaque series of front companies and intermediaries” to conceal their North-Korea-related business, with management having actual knowledge about the alleged conspiracy from the beginning. OFAC also considered various mitigating factors, including that the company has not received a penalty notice from OFAC in the preceding five years, and that the company cooperated with OFAC and agreed to toll the statute of limitations.
Providing context for the settlement, OFAC said that this action demonstrates that “creating the illusion of distance between a firm and apparently violative conduct does not shield that firm from liability.” Moreover, “[s]enior management decisions to approve or otherwise support arrangements that obscure dealings with sanctioned countries and parties can be reflected throughout an organization, compounding sanctions risks and increasing the likelihood of committing potential violations.”
Concurrently, the DOJ announced that the company and one of its subsidiaries have agreed to pay combined penalties of more than $629 million to resolve bank fraud and sanctions violations charges stemming from the aforementioned conduct. According to the DOJ, the subsidiary pleaded guilty to a criminal information charging both entities with conspiracy to commit bank fraud and conspiracy to violate the International Emergency Economic Powers Act. The company entered into a deferred prosecution agreement related to these charges.
District Court won’t stay CFPB litigation with credit reporter
On April 13, the U.S. District Court for the Northern District of Illinois denied a credit reporting agency’s (CRA) bid to stay litigation filed by the CFPB alleging deceptive practices related to the marketing and sale of credit scores, credit reports, and credit-monitoring products to consumers. The Bureau sued the CRA and one of its former senior executives last April (covered by InfoBytes here), claiming the defendants allegedly violated a 2017 consent order by continuing to engage in “digital dark patterns” that caused consumers seeking free credit scores to unknowingly sign up for a credit monitoring service with recurring monthly charges.
The CRA requested a stay while the U.S. Supreme Court considers whether the Bureau’s funding mechanism is unconstitutional. Earlier this year, the Court agreed to review next term the 5th Circuit’s decision in Community Financial Services Association of America v. Consumer Financial Protection Bureau, where it found that the CFPB’s “perpetual self-directed, double-insulated funding structure” violated the Constitution’s Appropriations Clause. (Covered by InfoBytes here and a firm article here.) While acknowledging that a ruling against the Bureau may result in the dismissal of the action against the CRA, the court concurred with the Bureau that consumers may be exposed to harm during a stay. “Were I to grant the requested stay, it could last more than one year, depending on when the Supreme Court issues its opinion,” the court wrote. “In that time, if the Bureau’s allegations bear out, consumers will continue to suffer harm because of defendants’ unlawful conduct. That potential cost is too great to outweigh the resource preserving benefits a stay would confer.”
District Court orders fintech to pay $2.8 million to settle claims of price manipulation of crypto-assets security
On April 20, the U.S. District Court for the Southern District of New York entered a final judgment in which a fintech company and its former CEO (collectively, “defendants”) have agreed to pay the SEC more than $2.8 million to settle allegations that they manipulated the price of their crypto-assets security. The SEC filed charges against the defendants last September for “perpetrating a scheme to manipulate the trading volume and price” of their digital token, and for effectuating the unregistered offering and sale of such token. The complaint also contended that the defendants hired a third party to create the false appearance of robust market activity for the token and inflated the token’s price in order to generate profits for the defendants. According to the SEC, the defendants allegedly earned more than $2 million as a result. The SEC charged the defendants with violating several provisions of the Securities Act of 1934 and Rule 10b-5, as well as certain sections of the Exchange Act. At the time the charges were filed, the third party’s CEO consented to a judgment (without admitting or denying the allegations), which permanently enjoined him from participating in future securities offerings and required him to pay disgorgement and prejudgment interest.
The defendants, while neither admitting nor denying the allegations, consented to the terms of the April final judgment. The company agreed to pay nearly $2.8 million, including more than $1.5 million in disgorgement of net profits, a civil penalty of more than $1 million, and roughly $240,000 in prejudgment interest. The former CEO agreed to pay more than $260,000, representing disgorgement, prejudgment interest, and a civil penalty. Both defendants are permanently enjoined from engaging in future securities law violations, and are restricted in their ability to engage in any offering of crypto asset securities.