Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
U.S. steel manufacturer settles with OFAC for violating Iranian Transactions and Sanctions Regulations
On April 19, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a $435,003 settlement with an Oklahoma-based steel manufacturer to resolve alleged violations of the Iranian Transactions and Sanctions Regulations. According to OFAC’s accompanying web notice, between 2013 and 2018, the company allegedly engaged with a third-party Iranian engineering company on at least 61 occasions to import engineering services. The company asserted that, while several senior officials “were involved in the process of approving each transaction and issuing checks to the Iranian engineering company,” the company’s “lack of familiarity with U.S. sanctions requirements caused its management to allow the Apparent Violations to continue until a new Chief Executive Officer was hired in October 2018.” Once management learned of the alleged violations, the company stated it ceased working with the Iranian engineering company and took several remedial measures to prevent the conduct from reoccurring.
In arriving at the settlement amount, OFAC considered various aggravating factors, including that (i) the company failed to conduct basic due diligence regarding the transactions with the Iranian engineering company; (ii) senior management “had actual knowledge” that the company was outsourcing work to the Iranian engineering company; and (iii) the conduct caused more than $1 million in benefits to Iran.
OFAC also considered various mitigating factors, including that the company (i) had not received a penalty notice from OFAC in the preceding five years; (ii) voluntarily self-disclosed the alleged violations and cooperated with OFAC’s investigation; (iii) ceased the conduct at issue; and (iv) took remedial measures, including terminating the employee responsible for initiating and overseeing the transactions at issue, and developing and implementing an export compliance policy to provide, among other things, staff training and a requirement that all international contracting opportunities be approved by the company’s president.
On April 15, the SEC announced an award of more than $50 million to joint whistleblowers in connection with violations that involved highly complex transactions that would have been difficult to detect without their information. According to the redacted order, the joint whistleblowers “assistance was critical to staff’s ability to identify and investigate the unlawfulsecurities violations,” including meeting with staff numerous times and providing voluminous detailed documents, which led to the return of tens of millions of dollars to harmed investors.
The SEC has now awarded approximately $812 million to 151 individuals since it issued its first award in 2012.
On April 15, the OCC released a list of recent enforcement actions taken against national banks, federal savings associations, and individuals currently and formerly affiliated with such entities. Included among the actions is a March consent order against a Colorado-based bank, which requires the bank to waive any and all rights to the issuance of a Notice of Charges. According to the order, the Bank entered into a Formal Agreement in May 2016 for engaging in “certain unsafe and unsound practices related to the Bank’s capital, strategic planning, corporate governance, credit administration, trust administration, and Bank Secrecy Act/Anti-Money Laundering compliance program.” In addition, as a result of this order, the Bank is in “troubled condition,” as set forth in 12 C.F.R. § 5.51(c)(7)(ii), unless otherwise informed in writing by the OCC.
On April 15, the FTC announced a civil complaint filed by the DOJ on its behalf, against a St. Louis-based company and its owner for violating the Covid-19 Consumer Protection Act and the FTC Act by making deceptive marketing health claims about their products. (See also DOJ press release here.) This is the first action the FTC has brought under the new law, which makes it unlawful under Section 5 of the FTC Act “for any person, partnership, or corporation to engage in a deceptive act or practice in or affecting commerce . . . that is associated with the treatment, cure, prevention, mitigation, or diagnosis of COVID–19” or “a government benefit related to COVID–19.” The FTC’s complaint alleges that the defendants deceptively marketed their products as being an effective treatment for Covid-19 based on the results of certain scientific studies, even though they “lacked any reasonable bases” for their claims. According to the FTC’s announcement, the defendants also allegedly advertised—without scientific support—that their products were equally, or more, effective than the currently available vaccines. The FTC seeks an injunction against the defendants, along with monetary penalties and other civil remedies to prevent harm caused by the defendants’ misrepresentations.
On April 19, the FTC issued a staff report highlighting the Commission’s efforts to protect consumers during the continuing Covid-19 pandemic. The report addresses hardships consumers face during the pandemic and identifies the Commission’s priorities to tackle Covid-19-associated fraud and other consumer issues using “sophisticated targeting, aggressive law enforcement, and ongoing partnership and outreach.” The report highlights the FTC’s efforts through consumer and business education, including sending out consumer alerts about Covid-19 scams, reminding businesses about their responsibilities regarding honest advertising, and alerting companies about scams targeting them. The report also highlights the Commission’s efforts to protect consumers during the Covid-19 pandemic, including: (i) filing 13 enforcement actions against companies that, among other things, “made deceptive health or earnings claims”; (ii) ordering over 350 companies to remove deceptive Covid-19-related claims concerning treatments, potential earnings, and financial relief for small business and students, and warning companies that it is also illegal to facilitate deceptive Covid-19 calls; (iii) prioritizing privacy enforcement actions related to certain types of conduct “exacerbated in the transformation to digital work and schooling, including videoconferencing, ed-tech and health-tech”; (iv) collecting and tracking over 436,000 reports related to Covid-19 between January 2020 and April 2021 where consumers reported $399 million in fraud losses; and (v) issuing more than 100 Covid-19-related consumer and business alerts. In addition, the report notes that the Commission implemented systems to “track and alert the public to shifts in reports from consumers, launched a public dashboard providing information on reports associated with COVID-19, and used COVID-19-related reports to identify law enforcement targets.”
The FTC also briefed lawmakers on these efforts in testimony before the Senate Commerce Committee on April 20. During the testimony, the FTC highlighted its efforts to help consumers facing major challenges as a result of Covid-19 and requested that Congress “affirm the FTC’s authority to return money to consumers using Section 13(b) of the Federal Trade Commission.” The testimony noted that the FTC has issued enforcement actions against those who have communicated deceptive Covid-19 claims, engaged in consumer and business education and outreach, and collected millions of reports from the public on fraud, identity theft, and other consumer problems. The testimony also highlighted the FTC’s partnership with the CFPB to ensure renters are not subjected to unlawful eviction practices (covered by InfoBytes here).
On April 14, NYDFS announced a settlement with an insurance broker to resolve allegations that the broker violated the state’s cybersecurity regulation (23 NYCRR Part 500) by failing to report it was the subject of two cyber breaches between 2018 and 2020. Under Part 500.17, regulated entities are required to provide timely notice to NYDFS when a cybersecurity event involves harm to customers (see FAQs here). A September 2019 examination revealed that the cyber breaches involved unauthorized access to an employee’s email account, which could have provided access to personal data, including social security and bank account numbers. NYDFS also alleged that the broker failed to implement a multi-factor authentication as required by 23 NYCRR Part 500. Under the terms of the consent order, the broker will pay a $3 million civil monetary penalty and will make further improvements to strengthen its existing cybersecurity program to ensure compliance with 23 NYCRR Part 500. NYDFS acknowledged the broker’s “commendable” cooperation throughout the examination and investigation and stated that the broker had demonstrated its commitment to remediation.
On April 12, the Financial Industry Regulatory Authority (FINRA) entered into a Letter of Acceptance, Waiver, and Consent (AWC), fining a New York-based member firm for allegedly failing to implement a reasonable anti-money laundering (AML) program for transactions involving low-priced securities. The firm also allegedly failed to establish a due diligence program for monitoring and investigating “potentially suspicious transactions.” According to FINRA, the firm and its principal failed to, among other things, (i) take reasonable steps to establish and implement an AML program tailored to the firm’s new business line (and particularly the deposit and liquidation of microcap stocks), resulting in the firm’s failure to identify or investigate potentially suspicious transactions; and (ii) provide meaningful guidance regarding how the principal was to identify or review red flags specific to the customer account business. In addition, FINRA allegedly found that the principal “repeatedly” permitted deposits and re-sales of microcap securities despite missing documentation. As a result, the firm and its principal violated FINRA Rules 3310(a) (Anti-Money Laundering Compliance Program), 3110(a) (Supervision) and 2010 (Standards of Commercial Honor and Principles of Trade).
On April 9, the Pennsylvania attorney general announced settlements with the former CEO of a since-dissolved lender and a debt collector to resolve claims that the collector charged borrowers interest rates as high as 448 percent on loans and lines of credit. The AG alleged that the former CEO “participated in, directed and controlled” business activities related to the allegedly illegal online payday lending scheme, while the debt collector collected more than $4 million related to Pennsylvania consumers’ loan accounts. The terms of the settlement require the individual defendant to comply with relevant consumer protection laws and limits the individual defendant’s ability to work in the consumer lending industry in Pennsylvania for the next nine years. Additionally, the individual defendant is required to pay the Commonwealth $3 million.
The AG’s office noted that the U.S. District Court for the Eastern District of Pennsylvania also approved a settlement with the debt collector, which requires the company to comply with relevant consumer protection laws and, among other things, undertake the following actions: (i) ensure that all acquired debts, for which it attempts to collect, comply with applicable laws and regulations; (ii) cancel all balances on applicable accounts, take no further action to collect debts allegedly owed by Pennsylvania consumers on these accounts, and notify consumers of the cancellations; (iii) “refrain from engaging in [c]ollections on any [d]ebts involving loans made over the internet by [n]on-bank lenders that violate Pennsylvania laws,” including its usury laws; and (iv) will not sell, re-sell, or assign debt related to applicable accounts, including accounts subject to a previously-negotiated nationwide class action settlement agreement and Chapter 11 bankruptcy plan. Previous InfoBytes coverage related to the payday lending scheme can be found here, here, and here.
On April 13, the CFPB entered into a preliminary settlement with an online debt-settlement company for allegedly violating the CFPA’s prohibition on abusive acts or practices and failing to clearly and conspicuously disclose total cost under the Telemarketing Sales Rule. The complaint alleges that the company took “unreasonable advantage of consumers’ reasonable reliance that [it] would protect their interests in negotiating their debts” by failing to disclose its relationship to certain creditors and steering consumers into high-cost loans offered by affiliated lenders. The CFPB alleges that the company regularly prioritized creditors with which it had undisclosed relationships in settlements of consumers’ debts. Under the terms of the proposed stipulated final judgment and order, the CFPB is seeking restitution, damages, disgorgement, and civil money penalties.
In the Bureau’s announcement, acting Director David Uejio states that “[t]he CFPB will not tolerate companies that purport to represent consumers, but instead abuse their trust in a self-dealing scheme. This case provides a clear example of what Congress intended to prohibit when it created the CFPB and gave it authority to prevent abusive practices.”
On April 9, the SEC announced an approximately $2.5 million whistleblower award in connection with a successful enforcement action. According to the redacted order, the whistleblower supplied information that led to charges related to a breach of fiduciary duties owed to investors, provided significant ongoing assistance to enforcement staff, and reported the information internally to the company.
The SEC has now paid approximately $762 million to 148 individuals since the inception of the whistleblower program in 2012.
- Garylene D. Javier to discuss “How to ensure customer and workforce equality in consumer financial services” at the American Bar Association Business Law Section Spring Meeting
- Jeffrey P. Naimon to discuss “The bureau in transition” at the American Bar Association Business Law Section Spring Meeting
- Kari K. Hall to discuss “Fair lending and artificial intelligence” at the American Bar Association Business Law Section Spring Meeting
- Jonice Gray Tucker to discuss "Reading the tea leaves of President Biden’s initial financial appointees" at LendIt Fintech
- APPROVED Webcast: Staying in the know with Buckley regtech solutions
- Moorari K. Shah to discuss “CA, NY, federal licensing and disclosure” at the Equipment Leasing & Finance Association Legal Forum
- Jonice Gray Tucker to discuss "Compliance under Biden" at the WSJ Risk & Compliance Forum
- Sherry-Maria Safchuk to discuss UDAAP at an American Bar Association webinar
- Jeffrey P. Naimon to discuss "What to expect: The new administration and regulatory changes" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Jonice Gray Tucker to discuss “The future of fair lending” at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Steven R. vonBerg to discuss "LO comp challenges" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Michelle L. Rogers to discuss "Major litigation" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Michelle L. Rogers to discuss “The False Claims Act today” at the Federal Bar Association Qui Tam Section Roundtable