Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On August 1, the Department of Justice (DOJ) announced a $3 million settlement with a captive auto finance company, resolving allegations that it violated the Servicemembers Civil Relief Act (SCRA) by repossessing 113 vehicles owned by SCRA-protected servicemembers without first obtaining court orders and failing to refund upfront capitalized cost reduction (CCR) amounts to servicemembers who lawfully terminated vehicle leases early under the SCRA. According to the DOJ’s complaint, when a servicemember terminated their lease early pursuant to the SCRA, the finance company retained the entire CCR amount even though the SCRA requires that it refund all lease amounts paid in advance for a period after the effective date of the termination. The settlement agreement covers all repossessions of servicemembers vehicles and leases terminated by servicemembers since January 2008, and requires the finance company to create an almost $3 million settlement fund to compensate affected servicemembers and pay the U.S. Treasury $62,000. Moreover, the agreement requires the finance company to review and update its SCRA policies and procedures to prevent future violations and to provide SCRA compliance training to specified employees.
On July 30, seven Republican Senators sent a letter to Attorney General William Barr requesting updates on the DOJ’s efforts to clarify website accessibility requirements for businesses under the Americans with Disabilities Act (ADA). This request follows a letter previously sent to the DOJ in September 2018, requesting the Department’s help in resolving uncertainties regarding website accessibility regulations and requesting guidance to address conflicting court opinions. According to the Senators, the DOJ withdrew two Notices of Proposed Rulemaking concerning website accessibility standards in 2017 under claims that it is “evaluating whether promulgating regulations about the accessibility of Web information and services is necessary and appropriate. Such an evaluation will be informed by additional review of data and further analysis. The Department will continue to assess whether specific technical standards are necessary and appropriate to assist covered entities with complying with the ADA.” The DOJ responded a month later, stating that “absent the adoption of specific technical requirements for websites through rulemaking, public accommodations have flexibility in how to comply with the ADA’s general requirements of nondiscrimination and effective communication. Accordingly, noncompliance with a specific voluntary technical standard for website accessibility does not necessarily indicate noncompliance with the ADA.”
In their 2019 letter, the Senators stressed that, because the DOJ did not specify further concrete plans to address website accessibility guidance, businesses are subject to litigation risk and inconsistent outcomes. Moreover, the Senators urged the DOJ to provide further clarity, particularly because the issue of whether private websites must comply with the ADA “continues to be subject to conflicting judicial opinions.” Additionally, they pointed to the Web Content Accessibility Guidelines 2.0 standard, which governs website accessibility for federal government websites, and noted that if the government gets the benefit of clear guidance, then the public should as well.
On July 30, the DOJ announced several settlements with a group of California-based mortgage loan modification service providers to resolve allegations that the defendants violated the Fair Housing Act by targeting Hispanic homeowners for predatory mortgage loan modification services and interfering with the homeowners’ ability to keep their homes. According to the DOJ, the defendants persuaded as many as 400 Hispanic homeowners to pay approximately $5,000 for audits advertised as essential for loan modifications, but in actuality had no impact on the modification process and provided no financial benefit. Additionally, the DOJ claimed that the defendants “encouraged their clients to stop making mortgage payments and instructed them to cease contact with their lenders,” which led to many homeowners losing their homes due to defaulted mortgages. The lawsuit stemmed from complaints filed with HUD by two of the defendants’ former clients, who intervened in the lawsuit, along with their attorney, Housing and Economic Rights Advocates (HERA), and members of one of the former client’s family.
While three of the companies identified as defendants in the complaint ceased operations, the settlement agreements resolve allegations against the individuals responsible for owning and operating the now-defunct companies. Under the terms of the agreements, the individual defendants have agreed to, among other things, (i) refrain from engaging in the discriminatory conduct; and (ii) contribute more than $148,000 towards a restitution fund to reimburse fees paid to the defendants by former clients. Additionally, five of the individual defendants have agreed to pay an additional $405,699 in suspended judgments should it be determined the defendants misrepresented their current financial situations. The DOJ noted that the individual defendants have also agreed to an additional $91,650 in compensation in separate settlements reached with their former clients and HERA.
FTC and DOJ announce $5 billion privacy settlement with social media company; SEC settles for $100 million
On July 24, the FTC and the DOJ officially announced (see here and here) that the world’s largest social media company will pay a $5 billion penalty to settle allegations that it mishandled its users’ personal information. As previously covered by InfoBytes, it was reported on July 12 that the FTC approved the penalty, in a 3-2 vote. This is the largest privacy penalty ever levied by the agency, almost “20 times greater than the largest privacy or data security penalty ever imposed worldwide,” and one of the largest ever assessed by the U.S. government for any violation. According to the complaint, filed the same day as the settlement, the company allegedly used deceptive disclosures and settings to undermine users’ privacy preferences in violation of a 2012 privacy settlement with the FTC, which allowed the company to share users’ data with third-party apps that were downloaded by users’ “friends.” Moreover, the complaint alleges that many users were unaware the company was sharing the information, and therefore did not take the steps needed to opt-out of the sharing. Relatedly, the FTC also announced a separate action against a British consulting and data analytics firm for allegedly using deceptive tactics to “harvest personal information from millions of [the social media company’s] users.”
In addition to the monetary penalty, the 20-year settlement order overhauls the company’s privacy program. Specifically, the order, among other things, (i) establishes an independent privacy committee of the company’s board of directors; (ii) requires the company to designate privacy program compliance officers who can only be removed by the board’s privacy committee; (iii) requires an independent third-party assessor to perform biennial assessments of the company’s privacy program; (iv) requires the company to conduct a specific privacy review of every new or modified product, service, or practice before it is implemented; and (v) mandates that the company report any incidents in which data of 500 or more users have been compromised to the FTC.
In dissenting statements, Commissioner Chopra and Commissioner Slaughter asserted that the settlement, while historic, does not contain terms that would effectively deter the company from engaging in future violations. Commissioner Slaughter argues, among other things, that the civil penalty is insufficient and believes the order should have contained “meaningful limitations on how [the company] collects, uses, and shares data.” Similarly, Commissioner Chopra argues that the order imposes no meaningful changes to the company’s structure or financial incentives, and the immunity provided to the company’s officers and directors is unwarranted.
On the same day, the SEC announced that the company also agreed to pay $100 million to settle allegations that it mislead investors about the risks it faced related to the misuse of its consumer data. The SEC’s complaint alleges that in 2015, the company was aware of the British consulting and data analytics firm’s misuse of its consumer data but did not correct its disclosures for more than two years. Additionally, the SEC alleges the company failed to have policies and procedures in place during that time that would assess the results of internal investigations for the purposes of making accurate disclosures in public filings. The company neither admitted nor denied the allegations.
On July 22, the DOJ announced an $8.7 million settlement with the Hungarian subsidiary of an American multinational technology company to resolve allegations of bid-rigging and bribery in violation of the FCPA. The SEC simultaneously announced a related resolution with the parent technology company over the operations of subsidiaries in four countries, with the parent company paying an additional $16.5 million.
According to the DOJ announcement, between 2013 and 2015, executives and employees of the Hungarian subsidiary falsely represented to the parent company that discounts were necessary to finalize deals with resellers to sell company licenses to government customers; however, the savings were allegedly used for “corrupt purposes” in violation of the FCPA. The subsidiary entered into a non-prosecution agreement with DOJ, which noted that while the subsidiary did not voluntarily self-disclose the misconduct, it received credit for the company’s “substantial cooperation with the Department’s investigation and for taking extensive remedial measures.” Specifically, the subsidiary terminated four licensing partners and the company implemented an enhanced compliance system and internal controls to address corruption risks.
On May 9, pursuant to an indictment filed in federal court in Miami without announcement by DOJ, two Ecuadorian citizens were charged with conspiracy to violate FCPA, conspiracy to commit money laundering, and nine counts of money laundering. The indictment was first reported on July 1 by the Financial Times.
The charges against Armengol Alfonso Cevallos Diaz and Jose Melquiades Cisneros Alarcon, who both live in Florida, relate to the ongoing investigation and prosecution of bribery and money laundering at Ecuador’s state oil company. To date, the investigation has yielded four guilty pleas. One additional defendant has pleaded not guilty; his case is pending.
See prior FCPA Scorecard coverage here.
On June 20, the DOJ announced a $137 million settlement with a U.S.-based multinational retailer (the Retailer) and its wholly owned Brazilian subsidiary (the Subsidiary) to resolve claims they violated the FCPA. The Retailer entered into a non-prosecution agreement, while the Subsidiary pleaded guilty. On the same day, the SEC issued an administrative order requiring the Retailer to pay $144 million in disgorgement and interest. The SEC stated that the Retailer failed to “operate a sufficient anti-corruption compliance program for more than a decade as the retailer experienced rapid international growth.” In total, the Retailer will pay more than $282 million to settle the charges.
According to the DOJ announcement, from 2001 to 2011, the Retailer failed to implement and maintain internal accounting controls related to anti-corruption, and senior officials were aware of the failures. The failures allegedly allowed the Retailer’s foreign subsidiaries in Mexico, India, Brazil and China to hire third-party intermediaries (TPIs) “without establishing sufficient controls to prevent those TPIs from making improper payments to government officials in order to obtain store permits and licenses,” which, in turn, allowed the foreign subsidiaries to open stores faster, earning the company additional profits. In its non-prosecution agreement with the DOJ, in addition to the monetary penalty, the Retailer agreed to: (i) appoint an independent compliance monitor for a two-year term; and (ii) continue to cooperate with the DOJ’s investigation. The monetary penalty amount was calculated by reducing by 25 percent the bottom of the U.S. Sentencing Guidelines fine range for the portion of the penalty applicable to conduct in Brazil, China, and India, and reducing by 20 percent the bottom of the U.S. Sentencing Guidelines fine range for the portion of the penalty applicable to conduct in Mexico.
On June 13, the DOJ announced a settlement with an Indiana bank resolving allegations the bank engaged in unlawful “redlining” in Indianapolis by intentionally avoiding predominantly African-American neighborhoods in violation of the Fair Housing Act and ECOA. In the complaint, the DOJ alleges that from 2011 to 2017, among other things, the bank (i) excluded Marion County in Indianapolis and its “50 majority-Black census tracts” from its Community Reinvestment Act assessment area; (ii) did not have any branch locations in majority-Black areas of the county; (iii) did not market in the majority-Black areas of the country; and (iv) had a residential mortgage lending policy that allegedly showed preference to the location of borrowers, not the creditworthiness. Under the settlement agreement, which is subject to court approval, the bank will, among other things, expand its business services and lending to the predominantly African-American neighborhoods in Indianapolis and will invest at least $1.12 million in a special loan subsidy fund to be used to increase credit opportunities in the specified neighborhoods. Additionally, the bank will designate a full-time Director of Community Lending and Development to oversee the continued development of the bank’s lending in the specified areas.
On May 29, the DOJ announced that a dual U.S.-Venezuelan citizen pleaded guilty for his role in a bribery scheme involving oil and natural gas company officials. The citizen pleaded guilty in the Southern District of Texas to conspiracy to violate the FCPA, violating the FCPA, and failing to report foreign bank accounts. His sentencing is set for August 28.
He controlled multiple U.S. and international companies that provided goods and services to the company. According to the DOJ, the U.S. citizen and a co-conspirator paid at least $629,000 in bribes to a former company official in exchange for favorable business treatment for his companies. Prior FCPA Scorecard coverage is available here.
On May 22, the FDIC announced it resolved a 2014 lawsuit brought by payday lenders that alleged that the FDIC, the OCC and the Federal Reserve abused their supervisory authority during Operation Chokepoint, an Obama Administration DOJ initiative that formally ended in August 2017 (covered by InfoBytes here) and was designed to target fraud by investigating U.S. banks and certain of their clients perceived to be a higher risk for fraud and money laundering. As previously covered by InfoBytes, in 2014, payday lenders filed a lawsuit against the federal banking agencies alleging that they participated in Operation Chokepoint “to drive [the payday lenders] out of business by exerting back-room pressure on banks and other regulated financial institutions to terminate their relationships” with such lenders. The payday lenders argued, among other things, that the initiative resulted in over 80 banking institutions terminating their business relationships with law-abiding companies.
Along with the announcement of the tentative settlement between the parties, the FDIC released a statement summarizing the FDIC’s internal policies and guidance for FDIC recommendations to financial institutions to terminate customer deposit accounts. The statement also included a letter written to the plaintiffs’ counsel acknowledging that “certain employees acted in a manner inconsistent with FDIC policies with respect to payday lenders in what has been generically described as ‘Operation Choke Point,’ and that this conduct created misperceptions about the FDIC’s policies.” In the press announcement regarding the resolution of the case, the FDIC emphasized that neither the statement nor the letter represent a change in the FDIC’s policy and guidance, and that all “existing applicable regulations and guidance documents remain in full force and effect.” Further, while the May 21 joint status report filed in the case noted that FDIC senior leadership had not yet reviewed the agreement, the report noted that the FDIC does “not anticipate any objections.”
Additionally, on May 23, the OCC acknowledged it had been dismissed from the litigation as part of the lawsuit’s resolution.
- Benjamin W. Hutten to discuss "BSA program reporting, management and board of directors responsibilities" at the Georgia Bankers Association BSA Experience Program
- Hank Asbill to discuss "Ethical guidance in conducting internal investigations – The intersection of Yates and Upjohn" at the American Bar Association Southeastern White Collar Crime Institute
- H Joshua Kotin to discuss "Recent developments in fair lending and avoiding the pitfalls" at the Arkansas Community Bankers/Bankers Assurance 2019 Compliance Conference
- Brandy A. Hood to discuss "RESPA Section 8/referrals: How do you stay compliant?" at the New England Mortgage Bankers Conference
- Daniel P. Stipano to discuss "Risk management in enforcement actions: Managing risk or micromanaging it" at the American Bar Association Business Law Section Annual Meeting
- Valerie L. Hletko to discuss "Banking on guns ‘n drugs: Social policy meets financial services" at the American Bar Association Business Law Section Annual Meeting
- Daniel P. Stipano to discuss "Navigating the conflicting federal and state laws for doing business with cannabis companies" at the American Bar Association Business Law Section Annual Meeting
- Tim Lange to discuss "Services and value" at the North American Collection Agency Regulatory Association Annual Conference
- Katherine L. Halliday to discuss "UDAP, UDAAP & the Map rule compliance basics" at the Mortgage Bankers Association Regulatory Compliance Conference
- Amanda R. Lawrence to discuss "Data privacy litigation" at the Mortgage Bankers Association Regulatory Compliance Conference
- Brandy A. Hood to discuss "How to ace your TRID exam" at the Mortgage Bankers Association Regulatory Compliance Conference
- Melissa Klimkiewicz to discuss "Navigating FHA rules and regs" at the Mortgage Bankers Association Regulatory Compliance Conference
- Jeffrey P. Naimon to discuss "Washington regulatory overview" at the Mortgage Bankers Association Regulatory Compliance Conference
- Jonice Gray Tucker to discuss "HMDA data is out, now what?" at the Mortgage Bankers Association Regulatory Compliance Conference
- Daniel P. Stipano to discuss "Assessing the CDD final rule: A year of transitions" at the ACAMS AML & Financial Crime Conference
- Daniel P. Stipano to discuss "Lessons learned from recent enforcement actions and CMPs" at the ACAMS AML & Financial Crime Conference
- Kathryn L. Ryan to discuss "The state’s role in fintech: Providing an industry framework for innovation" at Lend360
- Jeffrey P. Naimon to discuss "Truth in lending" at the American Bar Association National Institute on Consumer Financial Services Basics
- Daniel P. Stipano to discuss "Lessons learned from recent enforcement actions" at the Institute of International Bankers Risk Management and Regulatory Examination/Compliance Seminar
- Jonice Gray Tucker to discuss "Fintech regulatory developments, crypto-assets, blockchain and digital banking, and consumer issues" at the Practising Law Institute Banking Law Institute
- Amanda R. Lawrence to discuss "How to balance a successful (and stressful) career with greater personal well-being" at the American Bar Association Women in Litigation Joint CLE Conference