Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On June 18, the California Department of Business Oversight (CDBO) announced a $7.8 million settlement with a mortgage servicer to pay allegedly overdue escrow interest to more than 94,000 California homeowners. According to the stipulation reflecting the settlement, the allegations result from a 2017 CDBO mortgage servicing examination, which found that the servicer “had failed to pay [two percent] interest on escrow impounds in violation of” California Fin. Code § 50202(d) and California Civ. Code § 2954.8. The settlement requires the servicer to pay the two percent interest for the period of July 1, 2014, through December 31, 2018, to 94,483 borrowers with escrow impound accounts. The servicer also agreed to pay two percent interest on escrow impound accounts for California residential mortgages going forward, although it reserved the right to stop paying interest in certain circumstances, including a final civil order or decision from the California Supreme Court or U.S. Court of Appeals for the 9th Circuit finding that Financial Code Section 2954.8 is not applicable to national banks or their subsidiaries.
On June 14, the SEC announced a $42 million settlement with a wholly-owned subsidiary of an international bank to resolve allegations that certain associated persons on its securities lending desk allegedly improperly pre-released American Depositary Receipts (ADRs), or “U.S. securities that represent shares in foreign companies.” The SEC announcement explains that “[t]he practice of ‘pre-release’ allows ADRs to be issued without the deposit of foreign shares, provided brokers receiving them have an agreement with a depositary bank and the broker or its customer owns the number of foreign shares that corresponds to the number of shares the ADRs represent.” According to the SEC, the subsidiary “improperly obtained pre-released ADRs from depositary banks when [the subsidiary] should have known that neither the firm nor its customers owned the foreign shares needed to support those ADRs.” The SEC asserts that this resulted in an inflated total number of foreign issuer’s tradeable securities and short selling and dividend arbitrage. The SEC alleged that these practices violated the Securities Act of 1933 and claimed that the subsidiary failed to reasonably supervise its securities personnel. The consent order requires the subsidiary to pay more than $24 million in disgorgement, roughly $4.4 in prejudgment interest, and a civil money penalty of approximately $14.3 million. The order acknowledges the subsidiary’s cooperation in the investigation.
On the same day, the SEC announced an $8.1 million consent order with a securities company to resolve allegations that the company allegedly improperly pre-released American Depositary Receipts (ADRs). According to the SEC, the company, in violation of the Securities Act of 1933, “improperly obtained pre-released ADRs from depositary banks when [the company] should have known that neither the firm nor its customers owned the foreign shares needed to support those ADRs.” The SEC announcement asserts that the lack of shares to support the ADRs resulted in an inflated total number of foreign issuer’s tradeable securities and short selling and dividend arbitrage. Additionally, the SEC alleges the company failed to establish and implement effective policies and procedures to address whether the company was in compliance with its obligations in connection with pre-release transactions. The consent order requires the company to pay more than $4.8 million in disgorgement, approximately $800,000 in prejudgment interest, and a civil money penalty of more than $2.4 million. The order acknowledges the company’s cooperation in the investigation.
On June 12, the FTC announced a settlement under which a software provider agreed to better protect the data it collects, resolving allegations that the company failed to implement reasonable data security measures and exposed personal consumer information obtained from its auto dealer clients in violation of the FTC Act and the Standards for Safeguarding Customer Information Rule, issued pursuant to the Gramm-Leach-Bliley Act.
In its complaint, the FTC alleged the company’s failure to, among other things, (i) implement an organization information security policy; (ii) implement reasonable guidance or training for employees; (iii) use readily available security measures to monitor systems; and (iv) impose reasonable data access controls, resulted in a hacker gaining unauthorized access to the company’s database containing the personal information of approximately 12.5 million consumers. The proposed consent order requires the company to, among other things, implement and maintain a comprehensive information security program designed to protect the personal information it collects, including implementing specific safeguards related to the FTC’s allegations. Additionally, the proposed consent order requires the company to obtain third-party assessments of its information security program every two years and have a senior manager certify compliance with the order every year.
On June 6, the FTC announced that it submitted its 2018 Annual Financial Acts Enforcement Report to the CFPB. The report—which the Bureau requested for its use in preparing its 2018 Annual Report to Congress—covers the FTC’s enforcement activities regarding Regulation Z (the Truth in Lending Act or TILA), Regulation M (the Consumer Leasing Act or CLA), and Regulation E (the Electronic Fund Transfer Act or EFTA). Highlights of the enforcement matters covered in the report include:
- Auto Lending and Leasing. The report discusses two enforcement matters related to deceptive automobile dealer practices. The first, filed in August 2018, alleged that a group of four auto dealers, among other things, advertised misleading discounts and incentives in their vehicle advertisements, and falsely inflated consumers’ income and down payment information on financing applications. The charges brought against the defendants allege violations of the FTC Act, TILA, and the CLA. The FTC sought, among other remedies, a permanent injunction to prevent future violations, restitution, and disgorgement. (Detailed InfoBytes coverage of the filing is available here.) In the second, in December 2018, the FTC mailed over 43,000 checks, totaling over $3.5 million, to consumers allegedly harmed by nine dealerships and owners engaged in deceptive and unfair sales and financing practices, deceptive advertising, and deceptive online reviews. (Detailed InfoBytes coverage is available here.)
- Payday Lending. The report covers two enforcement matters, including the U.S. Court of Appeals for the 9th Circuit’s December 2018 decision upholding the $1.3 billion judgment against defendants responsible for operating an allegedly deceptive payday lending program. The decision is the result of a 2012 complaint in which the FTC alleged that the defendants engaged in deceptive acts or practices in violation of Section 5(a) of the FTC Act by making false and misleading representations about costs and payment of the loans. (Detailed InfoBytes coverage is available here.) The report also indicates that, in February 2018, the FTC issued over 72,000 checks totaling more an $2.9 million to consumers stemming from a July 2015 settlement, that alleged that online payday operators used personal financial information purchased from third-party lead generators or data brokers to make unauthorized deposits into and withdrawals from consumers’ bank accounts, regardless of whether the consumer applied for a payday loan. (Detailed InfoBytes coverage is available here.)
- Negative Option. The report covers six enforcement matters related to alleged violations of the EFTA and Regulation E for “negative option” plans, including three new filings against online marketers for allegedly advertising “free trial” offers for products that enrolled consumers in expensive, ongoing plans without their knowledge or consent. The report notes that, in 2018, the FTC reached a settlement with one entity and obtained a court judgment against another, both resulting in injunctive relief and monetary settlements (which were suspended due to the defendants’ inability to pay). The report also notes that the FTC mailed 2,116 refund checks totaling more than $355,000 to people who bought an allegedly deceptive “memory improvement” supplement.
Additionally, the report addresses the FTC’s research and policy efforts related to truth in lending and leasing, and electronic fund transfer issues, including (i) a study of consumers’ experiences in buying and financing automobiles at dealerships; and (ii) the FTC’s Military Task Force’s work on military consumer protection issues. The report also outlines the FTC’s consumer and business education efforts, which include several blog posts warning of new scams and practices.
On May 31, the FDIC announced its release of a list of administrative enforcement actions taken against banks and individuals in April. The list reflects that the FDIC issued 17 orders, which includes “two consent orders; three terminations of consent orders; five Section 19 orders; three removal and prohibition orders; and four orders to pay civil money penalty.” Among other actions, the FDIC assessed civil money penalties against three separate banks (see here, here, and here) for alleged violations of the Flood Disaster Protection Act, including failing to (i) obtain flood insurance coverage on loans at or before origination; (ii) maintain, increase, extend, renew, or provide written notification to borrowers concerning flood insurance coverage on loans secured by collateral located in special flood hazard areas; (iii) follow force-placement flood insurance procedures; or (iv) provide borrowers with notice of the availability of federal disaster relief assistance within a reasonable timeframe.
The FDIC also assessed a civil money penalty against a New York-based bank related to alleged violations of the Bank Secrecy Act.
OFAC issues Finding of Violation, no penalties, against bank for alleged Iranian sanctions violations
On May 28, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a Finding of Violation against a bank, acting as a trustee for a customer, for violations of the Iranian Transactions and Sanctions Regulations (ITSR). According to the announcement, OFAC’s Finding of Violation was based on the fact that the bank processed at least 45 pension payments totaling over $11,000 to a U.S. citizen with a U.S. bank account, residing in Iran. After learning of and reporting the issue to OFAC, the bank modified its review and reporting process to ensure that retirement payments are screened by the right screening platform and that sanctions alerts are handled through the appropriate process, including review by compliance specialists with expertise in sanctions.
When issuing a Finding of Violation against the bank, as opposed to a civil money penalty, OFAC considered the fact that, among other things, (i) no managers or supervisors appear to have been aware of the conduct that led to the violations; (ii) the payments at issue may not have actually been transferred to Iran; (iii) the bank took remedial action in response to the violations; and (iv) the bank cooperated with OFAC by self-disclosing the alleged violations and agreeing to tolling the matter with extensions.
On May 21, the FTC announced a payment processor, its CEO and owner, and two other officers (collectively, “defendants”) agreed to settle charges that they knowingly processed fraudulent transactions to consumers’ accounts in violation of the FTC Act. According to the FTC’s complaint, the defendants allegedly assisted merchants, who were engaged in fraud, in hiding their activities from banks and credit card networks. The defendants allegedly (i) created fake foreign shell companies to open accounts in their names; (ii) submitted dummy websites and other false information to merchant banks; and (iii) worked to evade card network rules and monitoring designed to prevent fraud. The settlement order against the processing company and its CEO imposes a judgment of over $110 million, which is partially suspended due to the inability to pay. The settlement order against one officer imposes a judgment of over $300,000, which is suspended due to the inability to pay. The settlement order against the second officer, the company’s Chief Operating Officer, imposes a $1 million judgment. Each order imposes a permanent ban on the defendants from, among other things, engaging in payment processing and credit card laundering, whether directly or through an intermediary.
On May 16, the OCC released a list of recent enforcement actions taken against national banks, federal savings associations, and individuals currently and formerly affiliated with such entities. The new enforcement actions include personal cease-and-desist orders, removal and prohibition orders, notice of charges against an individual, and terminations of existing enforcement actions against individuals and banks. The release also includes two civil money penalty orders discussed below.
On April 9, the OCC assessed $35,000 in civil money penalties against an Oklahoma-based bank for an alleged pattern or practice of violations of the Flood Disaster Protection Act and its implementing regulations. Additionally, on April 24, the OCC assessed $136,000 in civil money penalties against a Texas-based bank for an alleged pattern or practice of failing to ensure timely notification and force-placement of flood insurance on property in special flood hazard areas, in violation of the National Flood Insurance Act.
On May 17, the CFPB announced it filed a lawsuit in the U.S. District Court for the Eastern District of New York against a New York debt-collection law firm. According to the Bureau’s complaint, between 2014 and 2016 the law firm allegedly initiated more than 99,000 collection lawsuits in an attempt to collect debts through reliance on “non-attorney support staff, automation, and both a cursory and deficient review of account files,” in violation of both the FDCPA and the Consumer Financial Protection Act. The Bureau alleges the lawsuits contained names and signatures of attorneys despite those attorneys “not being meaningfully involved in reviewing the merits of the lawsuits,” including not reviewing pertinent documentation related to the debts, such as account applications, billing statements, payment histories, and the terms and conditions governing an account. The law firm allegedly did not perform reviews of the contracts related to debt sales, despite filing lawsuits on behalf of debt buyers that have been accused of unlawful debt collection practices. The Bureau is seeking an injunction, damages, redress to consumers, and the imposition of a civil money penalty.
On May 16, the Federal Reserve Board (Board) announced an enforcement action against a Nebraska-based bank for allegedly violating the National Flood Insurance Act (NFIA) and Regulation H, which implements the NFIA. The consent order assesses a $69,000 penalty against the bank, but does not specify the number or the precise nature of the alleged violations. The maximum civil money penalty for a pattern or practice of violations under the NFIA is $2,000 per violation.
The same day, the Board issued an order of prohibition against a former employee and institution-affiliated party of an Illinois-based bank for allegedly engaging in unsafe and unsound lending practices, including engaging in improper lending practices and failing to implement adequate Bank Secrecy Act/anti-money laundering controls and training. The terms of the order prohibit the individual from, among other things, “participating in any manner in the conduct of the affairs of any financial institution or organization specified in section 8(e)(9)(A) of the [Federal Deposit Insurance Act],” or “voting for a director, or serving or acting as an institution-affiliated party.”
- Buckley Webcast: Hot topics in debt collection — An analysis of recent federal FDCPA litigation
- Jonice Gray Tucker to discuss "How to succeed in law school" at the SEO Law DC Panel Discussions
- Amanda R. Lawrence to discuss "Navigating the challenges of the latest data protection regulations and proven protocols for breach prevention and response" at the ACI National Forum on Consumer Finance Class Actions and Government Enforcement
- Sasha Leonhardt and John B. Williams to discuss "Privacy" at the National Association of Federally-Insured Credit Unions Summer Regulatory Compliance School
- Warren W. Traiger to discuss "CRA modernization" at the National Association of Industrial Bankers and the Utah Association of Financial Services Annual Convention
- Benjamin W. Hutten to discuss "Requirements for banking inherently high-risk relationships" at the Georgia Bankers Association BSA Experience Program
- Henry Asbill to discuss "Ethical guidance in conducting internal investigations – The intersection of Yates an Upjohn" at the American Bar Association Southeastern White Collar Crime Institute
- Brandy A. Hood to discuss "RESPA Section 8/referrals: How do you stay compliant?" at the New England Mortgage Bankers Conference
- Daniel P. Stipano to discuss "Lessons learned from recent enforcement actions and CMPs" at the ACAMS AML & Financial Crime Conference
- Daniel P. Stipano to discuss "Assessing the CDD final rule: A year of transitions" at the ACAMS AML & Financial Crime Conference