Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On December 2, the DOJ announced that it fined a Swiss-based global technology company $315 million to settle criminal charges related to allegations that, from 2015 to 2017, the company engaged in a bribery scheme with an electricity provider owned by the South African government. As part of the scheme, the company arranged to use a third party to pay a high-ranking South African government official at the electricity provider in exchange for awarding business to the global technology company. The settlement was the DOJ’s first coordinated resolution with authorities in South Africa. Authorities in South Africa separately brought corruption charges against the high-ranking South African government official. In addition to the financial penalty, the company entered into a three-year deferred prosecution agreement in connection with a criminal information charging the company with conspiracy to violate the FCPA’s anti-bribery provisions, conspiracy to violate the FCPA’s books and records provisions, and substantive violations of the FCPA. Two of the company’s subsidiaries located in Switzerland and South Africa each pleaded guilty to conspiracy to violate the anti-bribery provisions of the FCPA.
The next day on December 3, the SEC announced that the company agreed to pay $75 million to settle the SEC’s claims. The company consented to the SEC’s cease-and-desist order which stated that it violated the anti-bribery, books and records, and internal accounting controls provisions of the FCPA and the Exchange Act. The SEC also ordered the company to pay more than $72 million in disgorgement. However, the Commission deemed the disgorgement order satisfied by the company’s reimbursement of its ill-gotten gains to the South African government as part of an earlier civil settlement based largely on the same underlying facts as the SEC’s action.
On November 28, the SEC announced an award totaling nearly $20 million to a whistleblower whose new information and assistance led to a successful SEC enforcement action. According to the redacted order, the whistleblower provided significant information and continuing assistance in the investigation that allowed SEC staff to more quickly and efficiently investigate complex issues.
On December 1, the Federal Reserve Board announced a civil money penalty against a New-York based bank. In its order, the Fed alleged that the bank violated the National Flood Insurance Act (NFIA) and Regulation H. The order assesses a $105,500 civil money penalty against the bank in connection with its “alleged pattern or practice of violations of Regulation H,” but does not specify the number or the precise nature of the alleged violations. The maximum civil money penalty under the NFIA for a pattern or practice of violations is $2,392 per violation.
On November 22, the CFPB denied a petition by a cryptocurrency lender to set aside a civil investigative demand (CID) issued by the Bureau last December. According to the Bureau, the lender (which states on its website that it is licensed by various state regulators to engage in consumer lending and money transmitting) and its affiliates market a range of products, including interest-accruing accounts and lines of credit. The CID informed the lender that a company representative was required to provide oral testimony at an investigational hearing into whether the lender's conduct is subject to federal consumer financial law, whether the lender had violated the Consumer Financial Protection Act and Regulation E, and whether an enforcement action would be in the public interest.
The lender petitioned the Bureau in March to modify or set aside the CID, arguing, among other things, that the Bureau lacks authority to investigate its Earn Interest Product because the SEC had previously made clear in a different matter (covered by InfoBytes here) that interest-bearing crypto lending products like the lender’s Earn Interest Product are securities. Accordingly, the lender contended that the Earn Interest Product fell outside of the Bureau’s jurisdiction. Furthermore, the lender asserted that in light of the SEC’s action, it stopped offering its Earn Interest Product to new U.S. customers and “began working to implement other changes by which current users would no longer earn interest on new funds in their Earn Interest Product accounts.”
In rejecting the lender’s arguments, the Bureau said that lender “is trying to avoid answering any of the Bureau’s questions about the Earn Interest Product (on the theory that the product is a security subject to SEC oversight) while at the same time preserving the argument that the product is not a security subject to SEC oversight. This attempt to have it both ways dooms [the lender’s] petition from the start.” The Bureau also emphasized that unresolved facts related to the lender’s Earn Interest Product make it impossible to determine whether any of the challenged conduct is subject to an exclusion from the Bureau’s authority under the CFPA or an exemption to Regulation E. The Bureau further noted that courts have established that the recipient of a CID cannot challenge an agency investigation by contesting facts that the agency might find, at least in situations “where the investigation is not patently outside the agency’s authority.”
On December 1, the U.S. District Court for the Southern District of New York entered a stipulated final judgment and order against a Delaware financial-services company operating in Florida and New York along with its owner (collectively, “defendants”) for engaging in deceptive acts under the Consumer Financial Protection Act related to its misleading marketing representations when advertising high-yield healthcare savings CD accounts. As previously covered by InfoBytes, the Bureau’s 2020 complaint alleged that defendants engaged in deceptive acts or practices by: (i) falsely representing that consumers’ deposits into the high yield CD accounts would be used to originate loans for healthcare professionals, when in fact, the company never used the deposits to originate loans for healthcare professionals, never sold a loan to a bank or secondary-market investor, and never entered into a contract with a buyer or investor to purchase a loan; (ii) concealing the company’s true business model by falsely representing that the consumers’ deposits, when not being used to originate healthcare loans, would be held in an FDIC- or Lloyd’s of London-insured account or a “cash alternative” or “cash equivalent” account, when in reality, consumers’ deposits were, among other things, invested in securities; (iii) misleading consumers into believing that the accounts their funds were being deposited into functioned like traditional savings accounts when in fact, consumers’ deposits were actively traded in the stock market or used in securities-backed investments; and (iv) falsely representing that past high yield CD accounts allegedly paid interest at rates between 5 percent and 6.25 percent prior to 2019 when in fact, the company did not offer CDs until August 2019, and “consumers’ principals was neither guaranteed nor insured.” The complaint noted that since August 2019, the company took more than $15 million from at least 400 consumers.
The proposed settlement, if approved, provides for a comprehensive consumer redress plan that would require defendants to refund approximately $19 million to approximately 400 depositors. Further, pursuant to the order, the defendants would be required to return the money that each affected consumer deposited into a certain account in a manner consistent with the advertised terms of the product, namely, the principal along with an average per year interest rate of about 6 percent. The proposed order also permanently bans the defendants from engaging or assisting others in any deposit taking activities and requires defendants to pay a civil money penalty to the Bureau in the amount of $391,530.
On November 18, the SEC instituted administrative proceedings against a Wyoming-based organization (respondent) to determine whether a stop order should be issued to suspend the registration of the offer and sale of two crypto assets. The SEC alleged that a Form S-1 registration statement filed by the respondent in September 2021 failed to contain required information about its business, management, and financial condition, such as audited financial statements, and contained materially misleading statements and omissions, including inconsistent statements about whether the tokens are securities as required under the Securities Act of 1933. The SEC further alleged that the respondent failed to cooperate in the examination of respondent’s registration statement.
On November 28, the Irish Data Protection Commission (DPC) announced the conclusion of a “data scraping” inquiry into the practices of a global social media company’s European operations. The inquiry, which included cooperation from all of the other data protection supervisory authorities in the EU, was commenced in April 2021 following media reports that personal data for which the company was responsible was available on the internet. According to the DPC, the inquiry focused on questions related to the company’s compliance with the GDPR’s obligation for “Data Protection by Design and Default.” Specifically, the DPC “examined the implementation of technical and organizational measures pursuant to Article 25 GDPR (which deals with this concept).” The decision, adopted on November 25, and agreed upon by all the other EU supervisory authorities, found that the company violated Articles 25(1) and 25(2) of the GDPR. The decision imposes a reprimand and requires the company to bring its processing into compliance by implementing several specific remedial actions within a particular timeframe. In addition, the company must pay an administrative fine of €265 million.
On November 29, the OCC announced revisions to its civil money penalty (CMP) manual. Specifically, the OCC revised the CMP matrix, which is a tool used to guide the OCC’s decision making in assessing CMPs. The revised CMP matrix, applicable to OCC-regulated institutions, allows for sufficient differentiation among varying levels of misconduct or by institution size, and includes updated mitigating factors to provide a stronger incentive for banks to fully address underlying deficiencies. The OCC also announced a revised Policies and Procedures Manual (PPM) for assessing CMPs. This version replaces the November 13, 2018, version conveyed by OCC Bulletin 2018-41, “OCC Enforcement Actions: OCC Enforcement Action Policies and Procedures Manuals.” Highlights of the PPM include, among other things; (i) revised mitigating factors of self-identification, remediation or corrective action, and restitution: (ii) increased scoring weight of mitigating factors; and (iii) a revised table titled “Suggested Action Based on Total Matrix Score and Total Assets of Bank.” The OCC further noted that the CMP matrix is not a substitute for sound supervisory judgment, and said the OCC may depart from the matrix suggestions when appropriate and when based on the specific facts and circumstances of each matter. The OCC will begin using the revisions on January 1, 2023.
On November 30, the FTC announced an action against three individuals and their affiliated companies (collectively, “defendants”) for allegedly participating together in a credit card debt relief scheme since 2019. The FTC alleged in its complaint that the company violated the FTC Act and the Telemarketing Sales Rule (TSR) by using telemarketers to call consumers and pitch their deceptive scheme, falsely claiming to be affiliated with a particular credit card association, bank, or credit reporting agency and promising they could improve consumers’ credit scores after 12 to 18 months. The defendants also allegedly misrepresented that the upfront fee, which in some cases was as high as $18,000, was charged to consumers’ credit cards as part of the overall debt that would be eliminated, and therefore consumers would not actually have to pay this fee. The District Court for the Middle District of Tennessee granted the Commission’s request to temporarily shut down the scheme operated by the defendants and froze their assets. The complaint requests, among other things, a permanent injunction to prevent future violations of the FTC Act and the TSR by the defendants.
On November 25, the FDIC released a list of administrative enforcement actions taken against banks and individuals in October. During the month, the FDIC made public ten orders consisting of “one consent order; one amended and restated consent order; one personal cease and desist order; three orders to pay civil money penalties; two Section 19 orders; and two orders terminating consent orders.” Among the orders is an order to pay a civil money penalty imposed against a Mississippi-based bank related to 128 alleged violations of the Flood Disaster Protection Act. Among other things, the FDIC claimed that the bank failed to obtain the required flood insurance or obtain an adequate amount of insurance coverage, at or before loan origination, for all structures in a flood zone. The order requires the payment of a $320,500 civil money penalty.
The FDIC also issued a consent order to a New York-based bank, which alleged that the bank had unsafe or unsound banking practices relating to weaknesses in the Bank’s Anti-Money Laundering/Countering the Financing of Terrorism (AML/CFT) Program. The bank neither admitted nor denied the alleged violations but agreed to, among other things, increase its supervision, direction, and oversight of AML/CFT personnel and its AML/CFT program.