InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FTC Chairman Simons stresses collaboration with state AGs
On March 5, FTC Chairman Joseph Simons spoke at the National Association of Attorneys General (NAAG) Winter Meeting to advocate for increased collaboration with state Attorneys General. Noting that such collaboration is critical to the agency’s mission, Simons highlighted FTC consumer protection goals as well as several collaborative efforts, including joint task forces and investigation and enforcement initiatives.
Kraninger tells Hill CFPB will emphasize supervision rather than enforcement
On March 7, Director of the CFPB, Kathy Kraninger, testified at a hearing held by the House Financial Services Committee entitled “Putting Consumers First? A Semi-Annual Review of the Consumer Financial Protection Bureau.” Pursuant to the Dodd-Frank Act, the hearing covered the semi-annual report to Congress on the Bureau’s work from April 1, 2018 through September 30, 2018. Kraninger was confirmed as Director in December 2018, and this was her first testimony before the Committee in that role. In her opening remarks, Chairwoman Maxine Waters expressed concern with the changes that took place at the Bureau under former acting Director Mick Mulvaney’s time in office and announced a draft bill titled the “Consumers First Act,” which directs the Bureau to, among other things, “promptly reverse all anti-consumer actions taken during Mr. Mulvaney’s tenure.” In her opening testimony, Kraninger emphasized that she is committed to “stability, consistency, and transparency” in the Bureau’s actions and believes the Bureau’s focus should be on the prevention of harm, specifically emphasizing the importance of the Bureau’s mission to educate consumers. Additionally, highlights of Kraninger’s testimony include:
- Supervision and Enforcement. Kraninger repeatedly emphasized that supervision is an important tool in the Bureau’s toolkit to assist companies working to comply with laws and regulations. She asserted that enforcement is a tool that should only be used for bad actors who have “no intention” to comply with the law, and should not be used against entities seeking to comply and self-report compliance concerns. When asked to discuss the Bureau’s reported 35 open enforcement investigations, which include investigations opened under former Director Richard Corday, Kraninger noted that she reviews the actions as they come to a decision point but believes that the Bureau’s enforcement staff is carrying out the agency’s mission and following her guidance on how to proceed.
- Office Reorganizations. Kraninger fielded a number of questions regarding former acting Director Mick Mulvaney’s actions, including the reorganization of the Office of Fair Lending and Equal Opportunity and the dismantling of the Office of Students and Younger Consumers. As for fair lending, Kraninger emphasized that moving the office to be part of the Office of the Director helps to facilitate its policy interests across the Bureau and enhances the mission of fair lending. Concerning the Bureau’s work regarding student loans, Kraninger noted that there is still dedicated staff working on student loan issues in the Bureau’s Consumer Education and Engagement section and that they are currently looking to fill the vacant role for the Student Loan Ombudsman.
- Military Lending Act (MLA). Kraninger reiterated her position that she does not believe Dodd-Frank gives the Bureau the authority to supervise for compliance with the Act under Section 1024(b)(1)(C)—which many state Attorneys General and Democratic congressional leaders have contended it does—and repeated her request for Congress to grant the Bureau with the clear authority to do so (previously covered by InfoBytes here).
- UDAAP. Kraninger noted that the Bureau’s regulatory agenda includes a consideration of a pre-rulemaking activity covering the definition of “abusive,” stating that while the current statute has a definition that prevents companies from taking “unreasonable advantage” of a consumer, she believes there should be clarity on what is considered a “reasonable” advantage.
- Congressional Changes to CFPB. Kraninger stated that she will continue to undertake the responsibilities allocated to the Director under Dodd-Frank but welcomes Congressional action that would provide additional “accountability and transparency” to the agency.
The second part of the hearing consisted of testimony from industry and consumer group representatives in which they discussed the CFPB’s previous actions and their suggestions for actions Bureau leadership should take going forward. Copies of each witnesses’ testimony are available here.
Fed cites control deficiencies in $1 million fine for BHC
On February 28, the Federal Reserve Board announced an enforcement action against a bank holding company for alleged internal control deficiencies, resulting in unsafe and unsound practices in violation of the Federal Deposit Insurance Act that caused a financial loss to the company. The consent order acknowledges that the company has since addressed the deficiencies that contributed to the loss and implemented additional improvements in its internal controls and audit programs. The Federal Reserve Board assessed a civil money penalty of $1,012,500.
Video social networking app settles COPPA allegations
On February 27, the FTC announced a $5.7 million settlement with the operators of a video social networking app concerning alleged violations of the Children’s Online Privacy Protection Act (COPPA). Among other things, the FTC claims the operators failed to provide parents notice of its information collection practices, illegally collected personal information from children under the age of 13 without first obtaining verifiable parental consent, failed to delete personal information when parents requested, and retained information “longer than reasonably necessary to fulfill the purpose for which the information was collected.” Under COPPA, operators of websites and online services directed at children are prohibited from collecting personal information of children under the age of 13, unless the company has explicit parental consent. The FTC alleges that the operators knew a “significant percentage” of its users were under 13 and received thousands of complaints from parents that their children under 13 had created accounts on the app. While neither admitting nor denying the allegations, the operators have agreed to the monetary penalty, will change their business practices to comply with COPPA, and will remove all videos made by children younger than 13. According to the FTC, this settlement is the largest civil penalty obtained to date by the agency for COPPA violations.
FTC hits online student loan lender with order
On February 25, the FTC announced it has approved a final consent order with an online student loan refinance lender resolving allegations that the lender violated the FTC Act by misrepresenting in television, print, and internet advertisements how much money student loan borrowers can save from refinancing their loans with the company. As previously covered by InfoBytes, the FTC alleged that the lender inflated the average savings consumers have achieved by refinancing through the lender, in some instances doubling the average savings by selectively excluding certain groups of consumers from the data. Additionally, the FTC also alleged that in some instances, the lender’s webpage misrepresented instances where a loan option would result in the consumer paying more on a monthly basis or over the lifetime of the loan, simply stating the savings would be “0.00.” In October 2018, without admitting or denying the allegations, the lender agreed to a consent order that required it to cease the alleged misrepresentations and agree to compliance monitoring and recordkeeping requirements. Following a public comment period, the FTC Commission voted 5-0 to approve the final consent order.
FDIC fines banks for flood insurance, BSA violations; releases January enforcement actions
On February 22, the FDIC announced a list of administrative enforcement actions taken against banks and individuals in January 2019. The 25 orders include “10 Section 19 orders; two civil money penalty; six prohibition orders; three consent orders; one prompt corrective order; three terminations of consent orders; and one notice.” The FDIC assessed a civil money penalty against a Texas-based bank for alleged violations of the Flood Disaster Protection Act including failing to either (i) obtain flood insurance coverage on loans at or before origination; or (ii) increase, renew, or extend flood insurance coverage on several loans secured by collateral located or to be located in special flood hazard areas.
The FDIC assessed a second civil money penalty against an Oklahoma-based bank related to alleged weaknesses in its programs concerning Bank Secrecy Act/Anti-Money Laundering (BSA/AML) compliance, information technology (IT), and internal audits. Among other things, the bank was ordered to (i) grant the board full responsibility for the approval of bank policies and objectives related to the identified programs, as well as supervision of bank management; (ii) retain qualified personnel responsible for managing the BSA/AML and IT programs; (iii) revise its internal control programs to correct the identified deficiencies; (iv) obtain an independent public accounting firm to conduct an external financial statements audit and internal controls review; and (v) implement comprehensive written BSA/AML compliance programs.
SEC: No fine for self-reported unregistered ICO
On February 20, the SEC announced a cease-and-desist order with a cybersecurity startup for conducting an unregistered Initial Coin Offering (ICO), which the company self-reported. According to the order, in late 2017, the startup conducted an unregistered ICO, which raised approximately $12.7 million in digital assets. The money was used to finance the startup’s plan to “develop[] a network in which participants could rent spare bandwidth and storage space on their computers and servers to others for use in defense against certain types of cyberattacks.” The SEC noted that the tokens offered and sold were considered securities because a purchaser would have a reasonable expectation of obtaining a future profit from the investment. The startup did not register the ICO nor did it qualify for an exemption to the registration requirements. The SEC did not impose a monetary penalty because, according to the order, in the summer of 2018 the startup self-reported the unregistered ICO and offered to take prompt remedial actions. The order requires the startup to return the funds to investors who purchased the tokens and register the tokens as securities.
IT outsourcing company resolves FCPA investigations
On February 15, an information technology and business process outsourcing company paid $25 million to settle SEC civil charges that it violated the FCPA. The SEC alleged that the company paid $3.6 million in bribes through its construction contractor to senior government officials in India in order to obtain permits needed to build, among other things, a large office campus in Chennai. To resolve the SEC’s allegations, the company paid $19 million in disgorgement and a $6 million penalty.
The DOJ declined to bring criminal charges against the company, citing, among other factors, the company’s voluntary self-disclosure, comprehensive investigation, full cooperation and remediation, and its preexisting compliance program. The company issued a statement highlighting that the matter did not concern any of the company’s work with clients and did not affect any of the services it provides to clients.
On the same day the settlement was announced, two former company executives—the president and chief legal officer—were hit with civil and criminal charges for allegedly authorizing $2 million in bribes and directing the creation of false contractor change orders to mask payment of the bribes. The former executives are charged with violating the anti-bribery, books and records, and internal accounting controls provisions of the FCPA. Pursuant to its letter agreement with DOJ, the company is required to fully cooperate in the ongoing prosecutions.
OCC releases February 2019 enforcement actions
On February 15, the OCC released a list of recent enforcement actions taken against national banks, federal savings associations, and individuals currently and formerly affiliated with such entities. The new enforcement actions include a civil money penalty order against an individual, a notice of prohibition against an individual, and three removal and prohibition consent orders against individuals, and a cease and desist consent order described below.
On January 7, the OCC entered into a consent order with a federal savings bank related to allegations of unsafe or unsound banking practices. The OCC alleges the bank failed to implement and maintain an effective compliance management system, risk governance framework, and information technology (IT) program. Among other provisions, the order requires the bank to develop written plans to strengthen the compliance, risk governance, and IT programs, and requires the Board to ensure the bank has adopted and implemented all the corrective actions required by the order. The bank neither admits nor denies the allegations and the OCC did not assess any monetary penalties against the bank.
FCC proposes to strengthen enforcement of caller ID spoofing
On February 14, the FCC released a notice of proposed rulemaking intended to strengthen its rules against caller ID spoofing and expand the agency’s enforcement efforts against illegal spoofed text messages and phone calls, including those from overseas. The proposed rules would enact requirements in the recently passed RAY BAUM’S Act of 2018, and expand Truth in Caller ID Act prohibitions against the transmittal of “misleading or inaccurate caller ID information (‘spoofing’) with the intent to defraud, cause harm, or wrongfully obtain anything of value” to text messages and calls to U.S. residents originating from outside the U.S.
The FCC seeks comments on the proposed rules—adopted unanimously at the agency’s February 14 meeting—on, among other things, what changes to the Truth in Caller ID rules can be made “to better prevent inaccurate or misleading caller ID information from harming consumers.” Comments will be due 60 days after publication in the Federal Register.