InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
CFPB announces advisory opinion program, updates business conduct bulletin, proposes whistleblower award legislation
On March 6, the CFPB announced three new measures it is undertaking to prevent customer harm, including (i) implementing an advisory opinion program; (ii) updating its bulletin regarding responsible business conduct; and (iii) advancing whistleblower award legislation through engagement with Congress. Details of each measure are as follows:
- Advisory Opinion Program. As previously covered by InfoBytes, the Bureau issued three new innovation policies last September to reduce regulatory uncertainty and improve compliance. Similarly, the Bureau’s March 6 announcement states that the advisory opinion program should “provide clear guidance to assist companies in better understanding their legal and regulatory obligations.” The program directs that requests for advisory opinions should be submitted through the CFPB website. The opinions will then be published in the Federal Register and on its website.
- Responsible Business Conduct Bulletin. The amended bulletin, originally released in 2013, “clarif[ies] [the Bureau’s] approach to responsible business conduct” and emphasizes “the importance of such conduct.” The updated bulletin presents four categories of “responsible conduct” that entities are encouraged to adopt to improve the culture of compliance and that the CFPB will use to evaluate whether credit is warranted in an enforcement investigation or supervisory matter, including (i) self-assessment; (ii) self-reporting; (iii) remediation; and (iv) cooperation.
- Whistleblower Award Legislation. The proposed legislative language would amend Title X of the Dodd-Frank Act and authorize the Bureau to create a whistleblower award program. For individuals that volunteer information leading to a “successful enforcement action,” the program would enable the Bureau to provide a monetary award of between 10 to 30 percent of the collected penalty amount, up to $10 million.
OCC proposes licensing policy changes
On March 5, the OCC announced a Notice of Proposed Rulemaking (NPR) and request for comment on proposed amendments that would update and clarify certain licensing policies and procedures and would revise its rules in 12 CFR part 5 to eliminate unnecessary requirements. Proposed changes include, among other things (i) allowing national and federal savings associations to “follow the procedures applicable to state banks or state savings associations…for certain business combinations”; (ii) expanding operating subsidiary notice and expedited review processes to include activities that are substantively the same as activities previously approved by the OCC; (iii) allowing “non-controlling investments and pass-through investments” in non-OCC supervised entities; (iv) creating procedures for citizenship and residency waivers for national bank directors; (v) redefining “troubled condition” in relation to director and senior executive officer changes; and (vi) adding chief risk officer to the list of positions for which a bank in troubled condition must provide notice when making a personnel change. Comments must be received by May 4.
FTC reaches settlements with affiliate marketers
On March 5, the FTC announced settlements with four groups of affiliate marketers that, among other things, allegedly violated the FTC Act by using deceptive marketing tactics and earnings claims to persuade consumers to pay thousands of dollars each for business coaching and investment “mentoring” services. The FTC alleged in the first complaint that certain defendants sold membership packages for an online business coaching scheme, and then, when the business coaching scheme went out of business, created their own branded programs and systems that claimed consumers would be able to start their own online marketing businesses and earn substantial income. The defendants also allegedly encouraged consumers to open multiple credit lines to finance the purchases of these programs. The FTC claimed that the defendants “used straw signers and shell companies and provided banks and payment processors with ‘dummy’ websites to evade scrutiny by bank underwriters and obtain multiple merchant accounts to process credit card payments from consumers.” According to the FTC’s second complaint, the other defendants made deceptive earnings claims in order to recruit consumers into the now-defunct business coaching scheme and earned millions of dollars as a reward. In both complaints, the FTC claimed that most consumers who purchased the products suffered large losses and mounting debts.
Under the terms of the settlements, each of the defendants is permanently banned from selling or marketing any business coaching programs or money-making methods, and must pay judgments of (i) $3.35 million to be paid in full for potential consumer redress (order here); and (ii) monetary judgments totaling $38.1 million, which will be partially suspended due to the defendants’ inability to pay (orders here, here, and here).
SEC’s disgorgement authority examined during Supreme Court oral arguments
On March 3, the U.S. Supreme Court heard oral arguments in Liu v. SEC. As previously covered by InfoBytes, the principal question at issue in this case is whether the SEC’s authority to seek “equitable relief” permits it to seek and obtain disgorgement orders in federal court. Petitioners—a couple found to have defrauded investors and ordered to disgorge $26.7 million by a California federal court—argued that disgorgement is not a form of “equitable relief” available to the SEC. Respondent SEC contended that Congress enacted several statutes that anticipated the SEC’s use of disgorgement, including the Securities Exchange Act and the Sarbanes-Oxley Act, and that historically, disgorgement has been used as an equitable remedy to deny wrongdoers of their ill-gotten gains.
Counsel for the petitioners made three primary arguments before the Court: (i) the SEC is only authorized to use the powers conferred upon it by Congress and disgorgement is not one of them; (ii) though the statute allows the SEC to seek equitable relief, disgorgement as the SEC has used it is akin to a penalty and “penalties are not equitable relief.”; and (iii) “Congressional silence…does not give an agency any authority to act, much less the authority to punish” in a manner that exceeds its existing statutory authority
Petitioners’ counsel fielded questions from Justices Ginsburg, Alito, and others that probed the limits of the petitioners’ position. The justices asked, among other things, whether disgorgement could ever be ordered by the SEC; whether it could be ordered if the profits are paid out to injured parties; and whether the Court’s holding in Kokesh v SEC, that disgorgement as a penalty should be controlling only when determining the applicable statute of limitations, which was the issue presented in that case. Petitioner’s counsel stated that “the rule should be, if you’re giving the money back to the investors, then [the SEC] can take it and not otherwise, because…then it’s just a punishment.”
Respondent’s counsel argued that the Court’s ruling in Kokesh was limited to determining the applicability of the statute of limitations. He also urged that “courts should continue to order disgorgement but compute it in accordance with traditional general equitable rules, not in accordance with any SEC-specific formula.” In response to a question from Justice Sotomayor regarding the proper recipient of disgorged funds, respondent’s counsel said that if the defrauded investors can be located, the SEC’s practice it to return disgorgement amounts to them. However, he noted that sometimes, such as in FCPA actions, there are no obvious victims to whom the money could be returned. Justice Kavanaugh asked if it would be proper for the Court to insist that the amounts received from a disgorgement order be returned to defrauded investors if at all possible. Respondent’s counsel conceded this would be within the Court’s authority, but added that the “core purposes of disgorgement are to prevent the wrongdoer from profiting from its own wrong and to deter future violations, and disgorgement can serve those traditional purposes, regardless of where the money ends up.”
On rebuttal, petitioner’s counsel asserted that “the scope of disgorgement has grown over time in part because it is not grounded in statutory text.” He contended that “there is no precedent for using an accounting to compel funds to be paid to the Treasury.” Justice Ginsburg pressed petitioner’s counsel regarding statutes that appear to be predicated on disgorgement being available. Petitioner’s counsel suggested those statutes might show that Congress was aware that courts were ordering disgorgement, but that was “not an authorization, and authorization is what’s needed…to inflict a penalty.” He closed by asking the Court to reverse the case, saying that the petitioners were already responsible to pay their entire gains from the fraud, and “anything more would go beyond the equitable principle that no individual should be permitted to profit from his or her own wrong.”
SEC issues $7 million whistleblower award
On February 28, the SEC announced an award of over $7 million to a whistleblower in an enforcement action. According to the SEC’s press release, the whistleblower “provided extensive and sustained assistance, such as identifying witnesses,” which was “critically important to the success of [the] enforcement action.” The formal order also states that the whistleblower helped the SEC “understand complex fact patterns” and that “[t]he whistleblower’s information and assistance helped the SEC staff devise an investigative plan, craft document requests, and ultimately bring an important enforcement action focusing on serious financial abuses.”
The SEC’s press release states that it has awarded 73 individuals a total of approximately $394 million in whistleblower awards since 2012.
Pharmaceutical company settles FCPA-related allegations with SEC
On February 28, an Ohio-based pharmaceutical company agreed to pay over $8.8 million to settle SEC claims that the company violated the books and records and internal accounting controls provisions of the FCPA. According to the SEC, the pharmaceutical company’s former Chinese subsidiary maintained and operated marketing accounts for a European dermocosmetic company, and was the exclusive product distributor for the company in China. The SEC alleged that the dermocosmetic company directed the day-to-day activities of former subsidiary employees who “used the marketing account funds to promote the dermocosmetic company's products” and “directed payments to government-employed healthcare professionals and to employees of state-owned retail companies who had influence over purchasing decisions.” The pharmaceutical company also allegedly received a percentage of profits from sales derived from the improper payments through a profit-sharing agreement.
While the pharmaceutical company “determined that other marketing accounts should be terminated because of their significant FCPA-related compliance risks,” the SEC alleged that the pharmaceutical company “inaccurately assessed the risks of the arrangements with the dermocosmetic company as minimal” and failed to apply its full internal accounting controls to these accounts. The SEC alleged that as a result, the former subsidiary routinely authorized and made payments from the marketing accounts without being able “to provide reasonable assurance that the transactions were executed in accordance with management’s general or specific authorization, and failed accurately to record on its books and records payments made from the accounts.”
In entering into the administrative order, the SEC considered the pharmaceutical company’s self-disclosure, cooperation, and remedial efforts. Without admitting or denying wrongdoing, the pharmaceutical company consented to a cease and desist order, and agreed to pay a $2.5 million civil money penalty and approximately $6.3 million in disgorgement and pre-judgment interest.
FDIC releases January enforcement actions
On February 28, the FDIC released a list of administrative enforcement actions taken against banks and individuals in January. The FDIC issued 18 orders, which “consisted of two consent orders; one civil money penalty; three removal and prohibition orders; eight section 19 orders; three terminations of consent orders and cease and desist orders; and one order terminating prompt corrective action.” Among the actions was a civil money penalty assessed against a Montana-based bank for allegedly violating the Flood Disaster Protection Act by failing to obtain adequate flood insurance coverage on certain loans and failing to provide borrowers with notice of the availability of federal disaster relief assistance. Separately, in a joint action with the California Department of Business Oversight, the agency issued a consent order against a California-based bank related to alleged weaknesses in its Bank Secrecy Act and anti-money laundering (BSA/AML) compliance program. Among other things, the bank was ordered to (i) retain qualified management to ensure compliance with applicable laws and regulations; (ii) “correct all violations of law to the extent possible”; (iii) implement a revised, written BSA compliance program to address BSA/AML deficiencies; (iv) establish a written Customer Due Diligence Program to ensure the reasonable detection of suspicious activity and the identification of higher-risk customers; (v) adopt a process for reviewing transaction monitoring alerts; and (vi) “ensure that suspicious activity monitoring system is independently validated.”
Maryland orders vehicle title lender to pay $2.2 million
On February 21, the Maryland attorney general announced the issuance of a final order against a vehicle title lender, its owner, and related businesses (defendants) for making unlicensed and usurious consumer loans in violation of the Maryland Consumer Protection Act. According to the AG’s Consumer Protection Division (Division), the defendants offered consumers short-term, high-interest loans secured by a consumer’s motor vehicle title. The defendants allegedly kept the vehicle’s title, and, if the consumer failed to make a payment on the loan, would repossess or sell the vehicle. The Division claimed that these transactions, which the defendants claimed were pawn transactions, were actually consumer loans under Maryland law and carried interest rates of 360 percent. Under the terms of the final order, all loans the defendants made to Maryland consumers are void and unenforceable. The defendants are also ordered to, among other things, permanently cease engaging in unlicensed lending activities in the state and may not make loans that exceed the maximum allowed rate of interest, charge fees that are not permitted under state law, repossess secured vehicles or other personal property, or operate without requisite surety bonds. In addition, the defendants may not repossess consumers’ vehicles and must return any repossessed vehicles still in their possession. Finally, the defendants must pay at least $2.2 million in restitution to affected consumers, a $1.2 million civil penalty, a $50,000 claims procedure fee, and $73,000 in costs.
DOJ, SEC settle with national bank for $3 billion over sales-compensation practices
On February 21, the DOJ and SEC announced that one of the nation’s largest banks agreed to a settlement including a $3 billion monetary penalty to resolve investigations regarding their incentive compensation sales program. (See the DOJ’s Statement of Facts here). As previously covered by InfoBytes, the OCC also recently issued charges against five of the bank’s former executives, and announced settlements with the former CEO and operating committee members for allegedly failing to adequately ensure that the bank’s sales incentive compensation plans operated according to policy.
The SEC alleged in its Cease and Desist order that the bank violated the antifraud provisions of the Securities Exchange Act of 1934. The SEC’s press release states that in addition to agreeing to cease and desist from committing any future violations of the antifraud provisions, the bank agreed to a civil penalty of $500 million, which the SEC will return to harmed investors.
The bank also settled the DOJ’s civil claims under the Financial Institutions Reform, Recovery and Enforcement Act. According to the settlement, the bank accepted responsibility, cooperated in the resulting investigations, and has taken “extensive remedial measures.” In addition, the DOJ’s press release states that it entered into a three-year deferred prosecution agreement with the bank regarding the bank’s sales incentive compensation practices.
FTC report highlights 2019 privacy and data security work
On February 25, the FTC released its annual report highlighting the agency’s privacy and data security work in 2019. Among other items, the report highlights consumer-related enforcement activities in 2018, including:
- A $5 billion penalty—the largest consumer privacy penalty to date—against a global social media company to resolve allegations that the company violated its 2012 FTC privacy order and mishandled users’ personal information. (Covered by InfoBytes here.)
- A $170 million penalty against a global online search engine and its video-sharing subsidiary to resolve alleged violations of the Children’s Online Privacy Protection Act (COPPA). (Covered by InfoBytes here.)
- A proposed settlement in the FTC’s first case against developers of “stalking” apps that monitor consumers’ mobile devices and allegedly compromise consumer privacy in violation of the FTC’s Act prohibition against unfair and deceptive practices and COPPA.
- A global settlement of up to $700 million issued in conjunction with the CFPB, 48 states, the District of Columbia and Puerto Rico, to resolve federal and state investigations into a 2017 data breach that reportedly compromised sensitive information for approximately 147 million consumers. (Covered by InfoBytes here.)
The report also discusses the FTC’s enforcement of the EU-U.S. Privacy Shield framework, provides links to FTC congressional testimony on privacy and data security, and offers a list of relevant rulemaking, including rules currently under review. In addition, the report highlights recent privacy-related events, including (i) an FTC hearing examining consumer privacy as part of its Hearings on Competition and Consumer Protection in the 21st Century; (ii) the fourth annual PrivacyCon event, which hosted research presentations on consumer privacy and security issues (covered by InfoBytes here); (iii) a workshop examining possible updates to COPPA; and (iv) a public workshop that examined issues affecting consumer reporting accuracy.