Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • DOJ fines bank in "first-ever" FCA settlement over PPP loan

    Federal Issues

    On September 13, the U.S. Attorney’s Office for the Southern District of Texas announced an agreement with a bank to pay approximately $18,600 to resolve allegations that it violated the False Claims Act (FCA). This “is believed to be the nation’s first settlement with a Paycheck Protection Program (PPP) lender pursuant to the [FCA],” the announcement said. As previously covered by a Buckley Special Alert, in March 2020, President Trump signed the Coronavirus Aid, Relief, and Economic Security Act, which provided a host of relief measures for small businesses, including $349 billion for Small Business Administration loan forgiveness, guarantees, and subsidies. According to the announcement, the bank approved and processed a $213,400 PPP loan for a clinic, despite knowing that the sole owner of the clinic was facing criminal charges arising from his practice of prescribing opioids and was therefore ineligible to apply for the PPP loan. The announcement noted that “the bank processed the application anyway and falsely granted the money to [the sole owner].” The bank received a 5 percent processing fee from the government, including $10,670 to which it was not entitled. The owner of the clinic entered a $523,000 settlement in November 2021, resolving allegations that he used false statements on his PPP application and allegedly submitted false claims for the placement of electroacupuncture devices. In 2022, the owner also repaid the PPP loan in full. According to the announcement, the settlement reflects the bank’s “efforts to cooperate with the government’s investigation and provide relevant facts along with its implementation of additional compliance measures.”

    Federal Issues DOJ CARES Act FCA Covid-19 Enforcement

  • District Court grants final approval in data breach suit

    Privacy, Cyber Risk & Data Security

    On September 13, the U.S. District Court for the Eastern District of Virginia granted final approval of a class action settlement in a data breach suit. As previously covered by InfoBytes, in July 2019, a national bank (defendant) announced that an unauthorized individual had obtained the personal information of credit card customers and applicants. In May 2020, a magistrate judge ordered the defendant to produce to plaintiffs in litigation a forensic analysis performed by a cybersecurity consulting firm regarding the defendant’s 2019 data breach, concluding the report was not entitled to work product protection. According to the final settlement, members of the settlement class, which includes approximately 98 million U.S. residents whose information was compromised in the breach disclosed in July 2019, will receive cash compensation for out-of-pocket losses traceable to the data breach, cash compensation for time spent addressing with issues related to the breach, and at least three years of identity theft defense and resolution services. Counsel can seek fees and court costs of 35 percent of the settlement fund. Additionally, each of the eight settlement class representatives could receive $5,000 in service awards, and the other plaintiffs who were deposed by the defendant will receive service awards.

    Privacy, Cyber Risk & Data Security Courts Data Breach Credit Cards Settlement Consumer Finance

  • OFAC publishes additional guidance related to sanctioned virtual currency “mixer”

    Financial Crimes

    On September 13, the U.S. Treasury Department’s Office of Foreign Assets Control published new cyber-related frequently asked questions concerning transactions involving a virtual currency mixer sanctioned last month for allegedly laundering more than $7 billion in virtual currency since 2019. As previously covered by InfoBytes, the company “repeatedly failed to impose effective controls designed to stop it from laundering funds for malicious cyber actors on a regular basis,” and provided financial, material, or technological support for, or in support of, cyber-enabled activity contributing to a significant threat to the national security, foreign policy, or economic health or financial stability of the U.S. The FAQs outline requirements for completing virtual currency transactions without violating U.S. sanctions regulations, discuss whether OFAC reporting obligations apply to transactions involving unsolicited and nominal amounts of virtual currency, and reiterate that transactions involving identified virtual currency wallet addresses are prohibited absent a specific OFAC license. The FAQs noted that as part of the SDN List entry, OFAC included as identifiers certain virtual currency wallet addresses associated with the company as well as the company’s URL address. OFAC provided additional clarification on interactions with open-source code that does not involve a prohibited transaction with the sanctioned company.

    Financial Crimes Of Interest to Non-US Persons Department of Treasury OFAC OFAC Sanctions OFAC Designations Digital Assets Cryptocurrency Anti-Money Laundering

  • OFAC sanctions individuals and entities connected to IRGC-QF

    Financial Crimes

    On September 14, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions as part of a joint action with the DOJ, Department of State, FBI, U.S. Cyber Command, National Security Agency, and Cybersecurity and Infrastructure Security Agency, against ten individuals and two entities for their roles in conducting malicious cyber acts, including ransomware activity. The individuals and entities designated are affiliated with Iran’s Islamic Revolutionary Guard Corps (IRGC), which “is known to exploit software vulnerabilities in order to carry out their ransomware activities, as well as engage in unauthorized computer access, data exfiltration, and other malicious cyber activities.” OFAC also noted that a joint cyber security advisory was published to highlight continued malicious cyber activity by advanced persistent threat actors that the authoring agencies assess are affiliated with IRGC. As a result of the sanctions, all property, and interests in property of the designated individuals and entities, “and of any entities that are owned, directly or indirectly, 50 percent or more by them, individually, or with other blocked persons, that are in the United States or in the possession or control of U.S. persons, must be blocked and reported to OFAC.” U.S. persons are generally prohibited from engaging in transactions with the designated persons. OFAC further warned that engaging in certain transactions with the individuals and entities designated today entails risk of additional sanctions.

    Financial Crimes Of Interest to Non-US Persons Department of Treasury OFAC OFAC Sanctions OFAC Designations SDN List Privacy, Cyber Risk & Data Security Iran

  • District Court orders college operator to comply with CFPB CID

    Courts

    On September 13, the U.S. District Court for the District of Utah ordered the operator of several defunct colleges to cooperate with a CFPB civil investigative demand (CID) for potential violations of the Consumer Financial Protection Act. In 2019, the Bureau issued a CID to the operator seeking information on its private student loan financing program, as well as litigation concerning the loan program dating back to 2012, to aid its investigation into whether the program constituted unfair, deceptive, or abusive acts or practices. The operator argued that the CID was unenforceable for several reasons, including that it was “unreasonably oppressive” and that the legality of its program had already been litigated in state action. The operator also argued that because the Bureau’s leadership structure rendered it unconstitutional, it lacked authority to enforce the CID. A magistrate judge’s recommendation narrowed the scope of the CID, but the operator continued to object, stating that a severe reduction in staff created a loss of “significant institutional knowledge” about the loan program. After the U.S. Supreme Court issued its ruling in Seila Law LLC v. CFPB (holding that the director’s for-cause removal provision was unconstitutional but severable from the statute establishing the Bureau, as covered by a Buckley Special Alert ), the Bureau’s director ratified the CID. The operator then raised new objections claiming the Bureau’s funding structure violates the U.S. Constitution’s separation of powers, and therefore the agency lacks valid authority to enforce the CID.

    The court rejected the operator’s argument, writing that dicta in the Supreme Court’s decision in Seila Law “suggests the Bureau’s funding structure is not an unconstitutional delegation of power from Congress to the Executive Branch.” According to the court, while the majority opinion in Seila Law made note of the CFPB’s funding structure, it treated it “merely as an aggravator” of the for-cause removal protection issues and “went as far as saying the Bureau’s constitutional infirmity would ‘disappear’ if ‘the Director were removable at will by the President.’”

    With respect to burdensomeness, the court said the operator has failed to show evidence establishing an unreasonable burden in its objections, and that, moreover, it “has had more than three years’ notice to preserve any information it thought may be relevant to the Bureau’s investigation.” The court further stressed that the CID does not become overly burdensome simply because the operator shuttered its campuses thereby allegedly relinquishing “institutional knowledge” concerning its own education loan program prior to complying with the CID. The court granted the operator a 90-day extension to comply with the CID.

    Courts Consumer Finance CFPB Student Lending CID Enforcement Dodd-Frank CFPA UDAAP

  • Democrats want PLUS loans in relief plan

    Federal Issues

    On September 12, eight Senate Democrats sent a letter to President Biden, urging him to extend student-loan debt relief to roughly 3.6 million borrowers under the Parent Loan for Undergraduate Student (PLUS) loan program. Biden’s debt relief plan instructed the Department of Education (DOE) to, among other things: (i) provide up to $20,000 in debt cancellation to Pell Grant recipients with loans held by the DOE; (ii) provide up to $10,000 in debt cancellation to non-Pell Grant recipients for borrowers making less than $125,000 a year or less than $250,000 for married couples; and (iii) propose a new income-driven repayment (IDR) plan and cap monthly payments for undergraduate loans at 5 percent of a borrower’s discretionary income. Additionally, for IDR plans, Biden’s August announcement instructed the DOE to propose a rule to, among other things, reduce the amount that borrowers have to pay each month for undergraduate loans from 10 percent to 5 percent. The Senators expressed their concern that Biden’s recent actions do not appropriately cover Parent PLUS borrowers and urged his administration and the DOE to “to incorporate Parent PLUS borrowers in any administrative improvements to federal student loan programs, including the Public Service Loan Forgiveness and Income-Driven Repayment programs, extensions or creation of waivers, and in the implementation of executive actions to provide student debt relief.”

    Federal Issues U.S. Senate Student Lending Biden Debt Cancellation Consumer Finance Income-Driven Repayment Department of Education PLUS Loans

  • Republicans take issue with CFPB agenda

    Federal Issues

    On September 12, several Republican senators sent a letter to CFPB Director Rohit Chopra expressing concerns that the Bureau is again pursuing “a radical and highly-politicized agenda unbounded by statutory limits.” In particular, the letter took issue with recent Bureau reports on the use of overdraft fees (covered by InfoBytes here and here), calling the agency’s actions a “relentless smear campaign” against banks. “Charging fees that customers chose to pay should not be disturbing or illegal, and yet, the CFPB appears to have developed a particular disdain for banks charging their customers for services, pejoratively calling overdraft protection ‘junk fees,’” the letter stated. Additionally, the letter claimed that the Bureau is changing its rules in order to publish previously confidential information about financial institutions to make it easier to threaten them with reputational harm (covered by InfoBytes here), without affording the financial institution the similar ability to, for example, disclose the existence of a CFPB examination. Among other things, the new procedural rule establishes a disclosure mechanism intended to increase transparency of the Bureau’s risk-determination process that will exempt final decisions and orders by the CFPB director from being considered confidential supervisory information, allowing the Bureau to publish the decisions on their website. According to the senators, the rule requires nonbanks to keep confidential information relating to a decision issued by the Bureau, including facts that could question the decision or raise procedural concerns. “The one-sided nature of the CFPB’s rule change gives the agency the ability to publicly tarnish an institution’s name without affording the firm the power to defend itself,” the letter said. The letter also decries a recent change to the agency’s rules of adjudication to make it more difficult for companies to defend themselves against novel enforcement theories by bypassing an administrative law judge and permitting the director to rule directly on the validity of the legal basis for the enforcement action.

    Federal Issues U.S. Senate Agency Rule-Making & Guidance CFPB Supervision Nonbank Nonbank Supervision Overdraft Fees Consumer Finance Examination Fintech

  • Toomey seeks "greater transparency" on CRA agreements

    On September 7, Senate Banking Committee Ranking Member Pat Toomey (R-PA) wrote a letter to the Federal Reserve Board, OCC, and FDIC (together, the “Agencies”) expressing his concern for “the lack of transparency associated with community benefits plans (CBPs) developed by banks and community groups in connection with the Community Reinvestment Act,” which often remain undisclosed by banks despite the requirements of the CRA. He noted that greater transparency is “critically necessary” for Congress and the public to judge the efficacy of the CRA and its implementing regulations. Toomey described that the growth and prevalence of the dollar value of CBPs in recent years underscores the need to update the regulations implementing the Gramm-Leach-Bliley Act’s CRA sunshine provision. Toomey requested that the Agencies establish a public, searchable database on their websites containing all CRA-related agreements, including CBPs, and to provide comprehensive data on those agreements. Additionally, Toomey urged the Agencies to broaden the definition of “covered agreement” under the regulations to align with congressional intent and mitigate the potential for evasion by banks and community groups.

    Bank Regulatory Federal Issues CRA OCC FDIC Federal Reserve Senate Banking Committee Gramm-Leach-Bliley

  • 11th Circuit says wasted time, distress can confer FDCPA standing

    Courts

    On September 7, the U.S. Court of Appeals for the Eleventh Circuit vacated the dismissal of an FDCPA action after determining that wasted time and emotional distress can be sufficiently concrete as to confer Article III standing. After the plaintiff fell behind on his monthly condo association payments, the association referred the matter to a law firm (collectively, “defendants”). The defendant law firm eventually filed a claim of lien against the plaintiff’s condo and threatened foreclosure if the plaintiff did not pay more than $10,000 in past-due fees, interest, late fees, attorney’s fees, and costs. The plaintiff sued for violations of the FDCPA and state law, claiming, among other things, that the debt collection letters and claim of lien overstated the amount due by including interest, late fees, and other charges not permitted under Florida law. He also alleged that the law firm violated the FDCPA by filing the claim of lien in the public record, thereby communicating with a third party about his debt without permission. These actions, the plaintiff contended, caused him emotional distress and cost him time, money, and effort when “trying to ‘determine, verify, and dispute the amounts being sought against him.’” The plaintiff eventually voluntarily dismissed the claims against the association, and the law firm moved to dismiss for lack of jurisdiction. The district court determined that the plaintiff lacked standing because the law firm’s actions did not cause him any concrete injury and dismissed the suit.

    On appeal, the 11th Circuit disagreed after finding that the time the plaintiff spent trying to determine the correct amount of debt and the emotion distress he suffered during the process were adequate to satisfy constitutional standing requirements. “[Plaintiff] presented evidence that he suffered injuries—including an inaccurate claim of lien against his property; time spent trying to determine the correct amount of his debt, resolve the lien, and avoid the threatened foreclosure; and emotional distress manifesting in a loss of sleep—which are sufficiently tangible to confer Article III standing,” the appellate court wrote. The 11th Circuit explained that while the time and money spent on the FDCPA lawsuit itself could not give rise to a concrete injury for standing purposes, the time and money spent by the plaintiff defending against a legal action taken by a debt collector was “separable” from the costs of bringing the FDCPA suit. Moreover, the appellate court determined that the defendants refusing to release the lien against the plaintiff’s home unless he paid more than what was actually owed “was a tangible harm sufficient to give [plaintiff] standing for his claims that the defendants’ conduct in filing the lien and threatening to foreclose on it violated the FDCPA.”

    Courts State Issues Appellate Eleventh Circuit Debt Collection Consumer Finance FDCPA Florida

  • DFPI proposal would consider ISAs as student loans

    State Issues

    On September 9, the California Department of Financial Protection and Innovation (DFPI) issued a notice of proposed rulemaking to adopt new regulations and amend current regulations implementing the Student Loan Servicing Act (Act), which provides for the licensure, regulation, and oversight of student loan servicers by DFPI (formerly the Department of Business Oversight) (previously covered by InfoBytes here). The proposed rulemaking also outlines new clarifications to the Student Loans: Borrower Rights Law, which was enacted in 2020 (effective January 1, 2021) to provide new requirements for student loan servicers (previously covered by InfoBytes here).

    In its initial statement of reasons for the new regulations, DFPI noted that since the Act took effect five years ago, additional private student loan financing products have emerged, such as income share agreements and installment contracts, which use terminology and documentation distinct from traditional loans. DFPI commented that while lenders and servicers of these products have asserted that their products do not fall within the definition of a student loan and are not subject to the statute’s requirements, these education financing products serve the same purpose as traditional loans—“help pay the cost of a student’s higher education"—and are therefore student loans subject to the Act, and servicers of these products must be licensed and comply with all applicable laws. The proposed rulemaking, among other things, (i) defines the term “education financing products,” which now fall under the purview of the Act, along with other related terms; (ii) amends various license application requirements, including amended financial requirements for startup applicants; (iii) outlines provisions related to non-licensee (e.g., servicers that do not require a license but that are subject to the Student Loans: Borrower Rights Law) filing requirements; and (iv) specifies that servicers of all education financing products must submit annual aggregate student loan servicing reports to DFPI. The proposed rulemaking also removes certain unnecessary requirements based on DFPI’s experience in administering the Act to reduce the regulatory burden.

    Comments on the notice of proposed rulemaking are due October 28.

    State Issues State Regulators DFPI Student Lending Licensing Student Loan Servicer Consumer Finance California Student Loan Servicing Act

Pages

Upcoming Events