Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On October 8, the Department of Education announced the creation of the Office of Enforcement within Federal Student Aid (FSA), which is designed to strengthen oversight of and enforcement against postsecondary schools that participate in the federal student loan, grant, and work-study programs. According to the announcement, the Department named Kristen Donoghue, the former CFPB enforcement director, as the chief enforcement officer. Among other things, the office will work with the Partner Participation and Oversight Office on a risk-based approach to oversight and compliance and will be comprised of the following four existing divisions: (i) Administrative Actions and Appeals Services Group; (ii) Borrower Defense Group; (iii) Investigations Group; and (iv) Resolution and Referral Management Group. The announcement also notes that FSA will coordinate with other state and federal partners as part of FSA’s increased enforcement efforts. Specifically, FSA plans to coordinate “with the Federal Trade Commission, which earlier this week announced a major shift in its enforcement priorities to focus on postsecondary schools that illegally engage in unfair and deceptive acts or practices.” (Covered by InfoBytes here.)
On October 6, the SEC Director of the Division of Enforcement, Gurbir Grewal, discussed the agency’s mission to maintain market integrity and improve public confidence in the securities market. While Grewal noted that enforcement actions taken over the past few years have helped to significantly animate the idea that the SEC “will pursue potential violations by any market participant,” he stressed the need for joint coordination to promote better conduct among market participants. According to Grewal, this includes firms examining ways their specific business models and products interact with both emerging risks and enforcement priorities and tailoring compliance practices and policies accordingly. He stressed that market participants should take “proactive” compliance measures, including enhancing recordkeeping requirements, and anticipate emerging challenges instead of waiting for an enforcement action to implement the appropriate policies and procedures. Grewal also discussed the key role market participants play in identifying and addressing emerging risks. This could include ensuring proactive compliance efforts continue even after violative conduct has occurred, cooperating with SEC investigations, and voluntarily self-reporting potential violations “before the violation is about to be publicly announced." Grewal also noted that the SEC is currently evaluating its approach to enforcement action penalties to better assess whether past penalties have sufficiently deterred misconduct.
On October 7, the Federal Reserve Board announced an enforcement action against a Minnesota-based bank. In the consent order, the Fed alleges that the bank violated the National Flood Insurance Act (NFIA) and Regulation H. The order assesses a $11,00 penalty against the bank for an alleged pattern or practice of violations of Regulation H but does not specify the number or the precise nature of the alleged violations. The maximum civil money penalty under the NFIA for a pattern or practice of violations is $2,000 per violation.
On October 6, the DOJ announced the launch of the National Cryptocurrency Enforcement Team (NCET), which will focus on addressing “complex investigations and prosecutions of criminal misuses of cryptocurrency, particularly crimes committed by virtual currency exchanges, mixing and tumbling services, and money laundering infrastructure actors.” According to the DOJ, the NCET will combine “the expertise of the Department of Justice Criminal Division’s Money Laundering and Asset Recovery Section (MLARS), Computer Crime and Intellectual Property Section (CCIPS) and other sections in the division, with experts detailed from U.S. Attorneys’ Offices.” Among other things, the NCET will: (i) develop strategic priorities for investigations and prosecutions involving cryptocurrency; (ii) identify areas for increased investigative and prosecutorial focus; (iii) develop and maintain relationships with federal, state, local, and international law enforcement agencies involved in cryptocurrency cases; (iv) train federal prosecutors and law enforcement agencies in investigative and prosecutorial strategies; and (v) coordinate with private sector actors in cryptocurrency matters. In announcing the program, Deputy Attorney General Lisa Monaco stated that “[a]s the technology advances, so too must the Department evolve with it so that we’re poised to root out abuse on these platforms and ensure user confidence in these systems.”
On October 6, the FTC unanimously resurrected the Penalty Offense Authority under Section 5 of the FTC Act to deter for-profit higher education institutions from engaging in certain unlawful practices. The Commission sent notices to 70 of the nation’s largest for-profit institutions to inform them that the FTC is “cracking down on any false promises they make about their graduates’ job and earnings prospects and other outcomes and will hit violators with significant financial penalties.” The notice outlines several practices previously found to be unfair or deceptive that could lead to civil penalties of up to $43,792 per violation and puts institutions on alert that they could incur significant sanctions should they engage in certain unlawful practices. Commissioner Rohit Chopra, who was recently confirmed as Director of the CFPB, issued a statement commending the initiative, noting that “[u]nder the FTC’s Penalty Offense Authority, the Commission and the Attorney General can seek substantial civil penalties against companies that engage in practices where they had knowledge that the practices were previously determined by a prior Commission order to be illegal.” This is a particularly important tool, Chopra stressed, given the U.S. Supreme Court’s decision in AMG Capital Management, LLC v. FTC, which unanimously held that Section 13(b) of the FTC Act “does not authorize the Commission to seek, or a court to award, equitable monetary relief such as restitution or disgorgement” (covered by InfoBytes here).
On September 30, the DOJ announced a proposed settlement with a Texas-based auto lender, resolving allegations that the lender denied early motor vehicle lease terminations to qualifying servicemembers as required by the Servicemembers Civil Relief Act (SCRA). The SCRA allows servicemembers to terminate their motor vehicle leases early without penalty if they enter military service or receive qualifying military orders for a permanent change of station or to deploy to another location. According to the DOJ’s complaint, filed concurrently with the proposed settlement, an investigation revealed 10 instances in which the lender allegedly failed to provide early lease terminations to qualifying servicemembers. As a result, the DOJ claimed that the servicemembers, among other things, continued to make payments for vehicles they no longer wanted and were charged early termination penalties. Under the terms of the proposed settlement, the lender is required to pay more than $94,000 in compensation to the affected servicemembers and a $40,000 civil penalty. The proposed settlement also requires the lender to update its SCRA policies and procedures to avoid future violations and to provide SCRA compliance training to any employees whose customer interaction includes discussion of early lease termination benefits.
On October 5, the SEC filed a civil fraud complaint against a Canadian-based hemp company and its two co-founders (collectively, “defendants”), alleging that they fraudulently raised over $15 million from investors, and that they misappropriated a significant portion of the funds for personal and other unrelated uses. The SEC claims that the defendants made misrepresentations, including that the company was a fully integrated company that was processing hemp from its own farm. However, the SEC alleges that the company did not process any of its hemp, instead using products supplied by third parties. The complaint further contends that the financial information given to investors “misstated historical revenue numbers and included baseless projections about future revenue that were unsupported by the [c]ompany’s own internal forecasts.”
The SEC’s complaint, which was filed in U.S. District Court for the Southern District of New York, charges the defendants with violating antifraud provisions of federal securities laws. The complaint seeks a permanent injunction against the defendants, disgorgement with prejudgment interest, civil penalties, and an officer and director and penny stock ban against the co-founders. In addition, the U.S. Attorney’s Office for the Southern District of New York filed criminal charges against the co-founders in a parallel action.
On October 5, the FTC finalized a settlement with the operators of a movie subscription service, resolving allegations that the respondents violated the FTC Act by denying subscribers access to paid-for services and failed to secure subscribers’ personal information. As previously covered by InfoBytes, in June the FTC filed a complaint alleging the respondents, among other things, employed multiple tactics to prevent subscribers from using the advertised services, and failed to disclose all material terms before obtaining consumers’ billing information or obtain consumers’ express informed consent before charging them. The FTC further alleged that the respondents failed to take reasonable measures to protect subscribers’ personal information, including by storing personal data in unencrypted form and failing to restrict who could access the data, which led to a data breach in 2019. In a 4-1 vote, the FTC approved the settlement, which prohibits the respondents from misrepresenting their business and data security practices and requires the establishment of a comprehensive information security program. The respondents must also implement and annually test and monitor safeguards, take steps to address security risks, obtain biennial third-party information security assessments, notify the FTC of any future data breaches, and annually certify that they are complying with the order’s data security requirements. The FTC noted respondents may face monetary penalties of up to $43,792 per violation, per day, should they violate the terms of the order.
Recently, the FTC released a report to Congress regarding the Commission’s actions in strengthening measures to link data privacy and competition enforcement, among other things. The report responds to the Joint Explanatory Statement accompanying the Consolidated Appropriations Act of 2021, P.L. 116-260, which directed the FTC to “conduct a comprehensive internal assessment measuring the agency’s current efforts related to data privacy and security while separately identifying all resource-based needs of the FTC to improve in these areas.” The report highlights areas that the FTC is focusing on to improve the effectiveness of the Commission’s efforts to protect Americans’ privacy:
- Integrating competition concerns. The FTC intends to “spend more time on the overlap between data privacy and competition.” The report also points out that the FTC has a “structural advantage” compared to other agencies and will look with “privacy and competition lenses at problems that arise in digital markets.”
- Advancing remedies. The FTC is providing relief for consumers and deterring unfair or deceptive privacy and security practices though four remedies: (i) notifying harmed consumers; (ii) obtaining monetary remedies for harmed consumers; (iii) obtaining non-monetary remedial relief for consumers; and (iv) prohibiting companies from benefitting from illegal data collection.
- Focusing on digital platforms. The FTC intends to increase its focus on the data practices of dominant digital platforms, which includes focusing on order enforcement.
- Expanding the FTC’s guidance and understanding of the consumer protection and competition implications of algorithms. The FTC intends “to deepen [its] understanding of the consumer protection and competition risks associated with algorithms and to expand upon the guidance that [it has] provided to businesses on using algorithms and AI truthfully, fairly, and equitably.”
Among other things, the report also urges Congress “to clarify Section 13(b) of the FTC Act and shore up the FTC’s ability to enjoin illegal conduct and revive its authority return to consumers money they have lost, which will greatly assist [the FTC’s] efforts to protect consumers.” The report further notes that the FTC will continue to push Congress to enact privacy and data security legislation, enforceable by the FTC.
In a statement released on October 1, FTC Chair Lina Khan stated the agency “should approach data privacy and security protections by considering substantive limits rather than just procedural protections, which tend to create process requirements while sidestepping more fundamental questions about whether certain types of data collection and processing should be permitted in the first place.”
On October 4, the U.S. Supreme Court declined to hear a petition filed by a New Jersey-based finance company accused by the CFPB and the New York attorney general of misleading first responders to the World Trade Center attack and NFL retirees about high-cost loans mischaracterized as assignments of future payment rights (see entry #20-1758). In 2020, the U.S. Court of Appeals for the Second Circuit vacated a 2018 district court order, which had previously dismissed the case on the grounds that the Bureau’s single-director structure was unconstitutional, and that, as such, the agency lacked authority to bring claims alleging deceptive and abusive conduct by the company (covered by InfoBytes here). At the time, the district court also rejected an attempt by then-acting Director Mulvaney to salvage the Bureau’s claims, concluding that the “ratification of the CFPB’s enforcement action against defendants failed to cure the constitutional deficiencies in the CFPB’s structure or otherwise render defendants’ arguments moot.” The 2nd Circuit remanded the case to the district court, determining that the Court’s ruling in Seila Law LLC v. CPFB (which held that the director’s for-cause removal provision was unconstitutional but was severable from the statute establishing the Bureau, as covered by a Buckley Special Alert) superseded the 2018 ruling. The appellate court further noted that following Seila, former Director Kathy Kraninger ratified several prior regulatory actions (covered by InfoBytes here), including the enforcement action brought against the defendants, and as such, remanded the case to the district court to consider the validity of the ratification of the enforcement action.
In its June petition for writ of certiorari, the company argued that the Bureau could not use ratification to avoid dismissal of the lawsuit. The company noted that while several courts, including the U.S. Court of Appeals for the Ninth Circuit (covered by InfoBytes here) have “appl[ied] ratification to cure the structural problem,” other courts have rejected the Bureau’s ratification efforts, finding them to be untimely (see a dismissal by the U.S. District Court for the District of Delaware, as covered by InfoBytes here). As such, the company had asked the Supreme Court to clarify this contradictory “hopeless muddle” by clarifying the appropriate remedy for structural constitutional violations and addressing whether ratification is still effective if it comes after the statute of limitations has expired.
As is customary when denying a petition for certiorari, the Supreme Court did not explain its reasoning.
- Daniel R. Alonso to discuss internal investigations at the Institute of Internal Auditors of Argentina Spanish-language webinar
- Jonice Gray Tucker to discuss “Fintech trends” at the BIHC Network Elevating Black Excellence Regional Summit
- Jeffrey P. Naimon to discuss "Truth in lending” at the American Bar Association National Institute on Consumer Financial Services Basics
- Daniel R. Alonso to discuss anti-money-laundering at FELABAN Spanish-language webinar “Perspective for banks: LAFT, FINCEN, OFAC, Cryptocurrency”
- Daniel R. Alonso to discuss "What’s new in BSA/AML compliance?" at the Institute of International Bankers Regulatory Compliance Seminar
- Marshall T. Bell and John R. Coleman to speak at 2021 AFSA Annual Meeting
- Jon David D. Langlois to discuss "Regulatory update: What you need to know under the new boss; It won’t be the same as the old boss" at the IMN Residential Mortgage Service Rights Forum (East)
- Benjamin B. Klubes to discuss “Creating a Fantastic Workplace Culture”
- John R. Coleman and Amanda R. Lawrence to discuss “Consumer financial services government enforcement actions – The CFPB and beyond” at the Government Investigations & Civil Litigation Institute Annual Meeting
- Jonice Gray Tucker to discuss "Consumer financial services" at the Practising Law Institute Banking Law Institute
- Jonice Gray Tucker to discuss “Regulators always ring twice: Responding to a government request” at ALM Legalweek