Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • FDIC fines bank for flood insurance violations

    Federal Issues

    On September 27, the FDIC announced its release of a list of administrative enforcement actions taken against banks and individuals in August. According to the press release, the FDIC issued 13 orders, which include “four consent orders; one removal and prohibition order; four civil money penalty orders; two terminations of consent orders; and five section 19 orders.” Notably, the FDIC assessed a civil money penalty against a Texas-based bank for alleged violations of the Flood Disaster Protection Act, including failing to (i) obtain flood insurance coverage on loans at the time of origination, increase, extension, or renewal; (ii) maintain flood insurance coverage for the term of a loan; (iii) follow force-placement flood insurance procedures; or (iv) provide borrowers with notice of the availability of federal disaster relief assistance “in all cases whether or not flood insurance is available under the [National Flood Insurance Act] for the collateral securing the loan.”

    Federal Issues FDIC Enforcement Flood Insurance Flood Disaster Protection Act National Flood Insurance Act

  • CFPB files claims against Maryland debt collectors

    Federal Issues

    On September 25, the CFPB filed a complaint in the U.S. District Court for the District of Maryland against a debt collection entity, its subsidiaries, and their owner (collectively, “defendants”) for allegedly violating the FCRA, FDCPA, and the CFPA. In the complaint, the Bureau alleges that the defendants violated the FCRA and its implementing Regulation V by, among other things, failing to (i) establish or implement reasonable written policies and procedures to ensure accurate reporting to consumer-reporting agencies; (ii) incorporate appropriate guidelines for the handling of indirect disputes in its policies and procedures; (iii) conduct reasonable investigations and review relevant information when handling indirect disputes; and (iv) furnishing information about accounts after receiving identity theft reports about such accounts without conducting an investigation into the accuracy of the information. The Bureau separately alleges that the violations of the FCRA and Regulation V constitute violations of the CFPA. Additionally, the Bureau alleges that the defendants violated the FDCPA by attempting to collect on debts without a reasonable basis to believe that consumers owed those debts. The Bureau is seeking an injunction, damages, redress to consumers, disgorgement, the imposition of a civil money penalty, and costs.

    Federal Issues CFPB FCRA Enforcement FDCPA Credit Reporting Agency Credit Report Debt Collection CFPA

  • CFPB investigating bank’s account opening practices

    Federal Issues

    In September, the CFPB published documents related to an investigation into whether a national bank opened credit card accounts without customer authorization in violation of various federal laws and regulations, including the Fair Credit Reporting Act and the Consumer Financial Protection Act’s ban on unfair or abusive practices. In March 2019, the Bureau issued a civil investigative demand (CID) to the bank seeking, among other things, “a tally of specific instances of potentially unauthorized credit card accounts,” as well as a manual assessment of card accounts that were never used by the customer. The bank argued in its petition to modify or set aside the CID that it had already provided information to regulators showing that it did not have a “systemic sales misconduct issue,” and cited to the OCC’s broad review into sales practice issues at mid-size and large national banks, which has not, according to the bank, identified systemic issues with bank employees opening unauthorized accounts without consumer consent. Among other things, the bank also contended that the CID was unduly burdensome—requiring manual account-level assessments—and said the CFPB should end its investigation because the facts “refute an investigation’s initial hypothesis.” The bank further argued that the inquiry into its sales practices should be conducted by CFPB supervisory staff instead of as an enforcement investigation, which would be “the proper mechanism for resolving any remaining issues when an investigation fails to uncover evidence warranting [e]nforcement action.”

    Concerning the bank’s argument that the CID was unduly burdensome, the Bureau stated in its order denying the petition that the bank had failed to “meaningfully engage” with the Bureau during the course of the investigation in a way that merited modification to the terms of the CID. Moreover, with regard to whether the investigation should be conducted by supervisory staff, the Bureau countered that “[t]his is not a request properly made in a petition to modify or set aside a CID, for the same reasons that it is not proper to use a CID petition to ask that the Bureau close an investigation because (in the recipient’s view) it has already shown that it engaged in no wrongdoing.”

    Federal Issues CFPB Enforcement CIDs Consumer Finance Incentive Compensation

  • CFTC orders FCM to pay $1.5 million for poor cybersecurity

    Federal Issues

    On September 12, the CFTC issued an order against an Illinois-based futures commission merchant imposing a $1.5 million fine for allegedly failing to protect its systems from cybersecurity threats and not alerting its customers in a reasonable timeframe after a breach occurred. According to the order, the CFTC claims the merchant failed to adequately implement and comply with cybersecurity policies and procedures as well as a written information systems security program, and “policies and procedures related to customer disbursements by its employees.” The CFTC contends that because of these failures the merchant’s email system was breached, which allowed access to customer information and convinced the merchant’s customer service specialist to mistakenly wire $1 million in customer funds. While the merchant approved reimbursement of the funds shortly after discovery, instituted measures to prevent additional fraudulent transfers, and notified regulators the same day, the CFTC alleges it failed to disclosure the breach or the fraudulent wire in a timely manner to current or prospective customers. Under the terms of the order, the merchant must pay a civil money penalty of $500,000 plus post-judgment interest, as well as restitution of $1 million.  The merchant’s previous reimbursement of customer funds when the fraud was discovered was credited against the restitution amount.

    Federal Issues CFTC Enforcement Privacy/Cyber Risk & Data Security Data Breach Civil Money Penalties

  • FTC lawsuits allege student loan scams

    Federal Issues

    On September 12, the FTC announced two separate suits filed in the U.S. District Court for the Central District of California against various entities and individuals who allegedly engaged in deceptive practices when promoting student loan debt relief schemes.

    In the first complaint, filed jointly with the Minnesota attorney general, a debt relief company and its owners (collectively, the “Minnesota defendants”) were alleged to have violated the FTC Act, TILA, the Telemarketing Sales Rule (TSR), and various state laws, by charging consumers who sought student loan payment reduction programs an advance fee of over $1,300 while falsely representing that the payment would go toward their student loans. The advance fee, the FTC contends, was allegedly financed through high-interest loans from a third-party finance company identified as a co-defendant in both complaints. The stipulated order entered against the Minnesota defendants prohibits them from, among other things: (i) making material misrepresentations related to their financial products and services, or any other kind of product or service; (ii) making unsubstantiated claims about their financial products and services; (iii) engaging in unlawful telemarketing practices; or (iv) collecting payments on accounts sold prior to the order’s date. The stipulated order also requires the Minnesota defendants to notify its customers that none of their prior payments have gone towards a Department of Education repayment program or towards their student loans, and orders the payment of $156,000, with the total judgment of approximately $4.2 million suspended due to inability to pay.

    The FTC filed a second complaint against a separate student loan debt relief operation for allegedly engaging in deceptive and abusive practices through similar actions, including charging consumers advance fees of up to $1,400 and enrolling consumers in the same finance company’s high-interest loan program. The action against the second student loan debt relief operation is ongoing.

    Both complaints also charge the finance company with violating the assisting and facilitating provision of the TSR by providing substantial assistance to both sets of defendants even though it knew, or consciously avoided knowing, that they were engaging in deceptive and abusive telemarketing practices. The FTC also alleges that the finance company violated TILA when it failed to clearly and conspicuously make certain required disclosures concerning its closed-end credit offers. Separate stipulated orders were entered by the FTC in each case (see here and here) against the finance company. The orders’ terms require the finance company to pay a combined $1 million out of a nearly $28 million judgment, with the rest suspended due to inability to pay, as well as relinquish its rights to collect on any outstanding loans. Among other things, the orders also permanently ban the finance company from engaging in transactions involving secured or unsecured debt relief products and services or making misrepresentations regarding financial products and services.

    Federal Issues FTC Enforcement Student Lending Debt Relief State Attorney General FTC Act Telemarketing Sales Rule TILA UDAP

  • U.S. enforcement authorities seize $3.7 million, arrest 281 for involvement in Business Email Compromise schemes

    Financial Crimes

    On September 10, the DOJ announced a coordinated effort with the U.S. Department of Homeland Security, the U.S. Department of the Treasury, the U.S. Postal Inspection Service, and the U.S. Department of State, against a series of Business Email Compromise (BEC) scams. The effort was conducted over a four-month period, resulting in the seizure of nearly $3.7 million and the arrest of 281 individuals in the U.S. and overseas, including 167 in Nigeria, 18 in Turkey and 15 in Ghana, along with arrests in France, Italy, Japan, Kenya, Malaysia, and the U.K. According to the DOJ, “BEC, also known as ‘cyber-enabled financial fraud,’ is a sophisticated scam often targeting employees with access to company finances and businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments.” BEC scams can involve requests for paper checks and may not actually “compromise” an email account or computer network. The DOJ notes that many BEC scams are perpetrated by foreign citizens, who are often members of transnational criminal organizations.

    As previously covered by InfoBytes, the Financial Crimes Enforcement Network (FinCEN), in July, discussed efforts designed to restrict and impede Business Email Compromise (BEC) scammers and other illicit actors who profit from email compromise fraud schemes and issued an updated advisory, providing general trends in BEC schemes, information concerning the targeting of non-business entities, and risks associated with the targeting of vulnerable business processes.

    Financial Crimes Fraud DOJ Department of Treasury Of Interest to Non-US Persons Enforcement FinCEN

  • CFPB files deceptive and abusive allegations against foreclosure relief services company and principals

    Federal Issues

    On September 6, the CFPB announced a complaint filed in the U.S. District Court for the Central District of California against a foreclosure relief services company, along with the company’s president/CEO (defendants), for allegedly engaging in deceptive and abusive acts and practices in connection with the marketing and sale of purported financial-advisory and mortgage-assistance-relief services to consumers. According to the complaint, since 2014 the defendants allegedly violated the Consumer Financial Protection Act  (CFPA) and Regulation O by making deceptive and unsubstantiated representations about the efficacy and material aspects of its mortgage assistance relief services, as well as making misleading or false claims about the experience and qualifications of its employees. Additionally, the Bureau alleged the defendants’ representations about their services constituted abusive acts and practices because, among other things, consumers “generally did not understand and were not in a position to evaluate the accuracy of [the defendants’] marketing representations or the quality of the mortgage-assistance-relief services that [the defendants] sold.” Moreover, the Bureau claimed the defendants further violated Regulation O by charging consumers advance fees before rendering services.

    In addition, the Bureau entered a proposed stipulated final judgment and order against the company’s principal auditor for providing “substantial assistance in furtherance of [the defendants’] unlawful conduct” in violation of the CFPA and Regulation O. The proposed judgment imposes a $493,403.04 civil penalty, of which all but $5,000 is suspended due to the auditor’s limited ability to pay. The auditor is also permanently banned from providing mortgage assistance relief services or consumer financial products and services.

    Federal Issues CFPB Enforcement Courts CFPA UDAAP Regulation O Foreclosure

  • FTC approves settlement with software provider over FTC Act and GLBA data security failures

    Federal Issues

    On September 6, the FTC voted 5-0 to approve a final settlement under which a software provider agreed to better protect the data it collects, resolving allegations that the company failed to implement reasonable data security measures and exposed personal consumer information obtained from its auto dealer clients in violation of the FTC Act and the Standards for Safeguarding Customer Information Rule, issued pursuant to the Gramm-Leach-Bliley Act.

    As previously covered by InfoBytes, in its complaint, the FTC alleged the company’s failure to, among other things, (i) implement an organization information security policy; (ii) implement reasonable guidance or training for employees; (iii) use readily available security measures to monitor systems; and (iv) impose reasonable data access controls, which resulted in a hacker gaining unauthorized access to the company’s database containing the personal information of approximately 12.5 million consumers. The approved settlement requires the company to, among other things, implement and maintain a comprehensive information security program designed to protect the personal information it collects, including implementing specific safeguards related to the FTC’s allegations. Additionally, the settlement requires the company to obtain third-party assessments of its information security program every two years and have a senior manager certify compliance with the order every year.

    Federal Issues FTC Privacy/Cyber Risk & Data Security FTC Act Enforcement Settlement Consent Order Gramm-Leach-Bliley

  • Fed issues enforcement action for flood insurance violations

    Federal Issues

    On September 5, the Federal Reserve Board announced an enforcement action against a Nebraska-based bank for allegedly violating the National Flood Insurance Act (NFIA) and Regulation H, which implements the NFIA. The consent order assesses a $37,000 penalty against the bank for an alleged pattern or practice of violations of Regulation H, but does not specify the number or the precise nature of the alleged violations. The maximum civil money penalty under the NFIA for a pattern or practice of violations is $2,000 per violation.

    Federal Issues Federal Reserve Enforcement Flood Insurance National Flood Insurance Act

  • FDIC enforcement actions include flood insurance, BSA violations

    Federal Issues

    On August 30, the FDIC announced its release of a list of administrative enforcement actions taken against banks and individuals in July. The list reflects that the FDIC issued fourteen orders and one notice of charges, which include “four stipulated consent orders; four terminations of consent orders; four Section 19 orders; one stipulated civil money penalty order; one stipulated removal and prohibition order; and one notice of charges and hearing.”

    Among other actions, the FDIC assessed a civil money penalty (CMP) against a Louisiana-based bank for alleged violations of the Flood Disaster Protection Act, including, among other things, (i) failing to obtain flood insurance coverage on loans at the time of origination, increase, renewal, or extension; or (ii) failing to maintain flood insurance coverage for the term of a loan secured by property located or to be located in a special flood hazard area.

    The FDIC also entered into consent orders with an Oklahoma-based bank and a West Virginia-based bank relating to alleged weaknesses in their Bank Secrecy Act compliance programs.

    Federal Issues FDIC Enforcement Flood Disaster Protection Act Civil Money Penalties Mortgages Bank Secrecy Act

Pages

Upcoming Events