InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FDIC releases June enforcement actions
On July 27, the FDIC announced a list of orders of administrative enforcement actions taken against banks and individuals in June. The 12 orders include “four Section 19 orders; one civil money penalty; one removal and prohibition order; one prompt corrective action directive; three terminations of consent orders; one termination of prompt corrective action directive; and one modification of removal and prohibition order.” The civil money penalty order relates to violations of the Flood Disaster Protection Act by a Mississippi-based bank for allegedly failing to obtain flood insurance coverage on seven loans secured by buildings located, or to be located, in a special flood area at or before loan origination or renewal. There are no administrative hearings scheduled for August 2018. The FDIC database containing all 12 enforcement decisions and orders may be accessed here.
Federal Reserve fines Kentucky-based bank $4.75 million for FTC Act violations
On July 26, the Federal Reserve Board (Board) announced a settlement with a Kentucky-based bank for allegedly violating section 5 of the FTC Act regarding its offering of deposit account add-on products to consumers. According to the consent order, the bank marketed certain add-on products to accountholders, including an identity protection product, and represented that all benefits of the products would be effective upon enrollment when in actuality, certain benefits needed to be individually activated after enrollment. The Board alleges the bank charged the enrolled accountholders fixed monthly fees for the full benefits of the products without adequately disclosing to accountholders how to receive all the associated benefits. In addition to the $4.75 million the bank must pay in restitution, the consent order also requires the bank to, among other things (i) submit written plans to strengthen the oversight of the compliance management program and enhance the consumer compliance risk management program; (ii) hire an independent auditor to verify the restitution has been made; and (iii) submit quarterly progress reports regarding compliance with the consent order.
Georgia Department of Banking and Finance issues cease and desist over licensing violation involving bitcoin
On July 26, the Georgia Department of Banking and Finance (Department) announced the issuance of a cease and desist order against a bitcoin trading platform. According to the Department, the company allegedly engaged in the sale of payment instruments and money transmissions without first acquiring a valid license or applicable exemption in violation of the state’s financial institutions code. Licensure requirements in the state apply to persons engaged in transactions involving virtual currency.
OCC releases recent enforcement actions
On July 20, the OCC released a list of recent enforcement actions taken against national banks, federal savings associations, and individuals currently and formerly affiliated with such entities. The new enforcement actions include cease and desist orders, civil money penalty orders, removal/prohibition orders, and terminations of existing enforcement actions. Two of the more notable actions by the OCC covered in this report are discussed below.
On May 31, the OCC issued a consent order against an international investment bank’s federal branches located in Stamford, Miami, and New York, which identified alleged deficiencies in the branches’ Bank Secrecy Act/Anti-Money Laundering (BSA/AML) compliance programs. The alleged deficiencies include failure to adopt and implement adequate BSA/AML compliance programs and failure to file timely Suspicious Activity Reports. Among other things, the consent order requires the branches to (i) develop and implement an ongoing BSA/AML risk assessment program; (ii) adopt an independent audit program to conduct a review of the bank’s BSA/AML compliance program; (iii) submit a written progress report within 30 days after the end of each calendar quarter that details actions undertaken to ensure compliance with the consent order’s provisions; and (iii) ensure each branch has permanent, experienced BSA officers responsible for compliance functions. The bank has neither admitted nor denied the OCC’s findings, and a civil money penalty was not assessed against the branches.
In addition, on June 18 the OCC issued an order terminating a 2016 consent order against a national bank following the OCC’s determination that the bank had successfully completed the consent order’s requirements for complying with provisions of the Servicemembers Civil Relief Act.
CFPB Succession: Kraninger testifies before Senate Banking Committee; Bureau nominates Paul Watkins to lead Office of Innovation
On July 19, the Senate Banking Committee held a confirmation hearing for Kathy Kraninger on her nomination as permanent director of the CFPB. Prior to the hearing, the White House issued a fact sheet asserting that “Kraninger has the management skills and policy background necessary to reform and refocus the Bureau.” In her written testimony Kraninger shared four initial priorities: (i) the Bureau should be fair and transparent, utilize a cost benefit analysis to facilitate competition, and effectively use notice and comment rulemaking to ensure the proper balance of interests; (ii) the Bureau should work closely with other regulators and states to “take aggressive action against bad actors who break the rules by engaging in fraud and other illegal activities”; (iii) data collection will be limited to what is needed and required under the law and measures will be taken to ensure the protection of the data; and (iv) the Bureau will be held accountable to the public for its actions, including its expenditure of resources.
Chairman of the Committee Senator Mike Crapo, R-Idaho, remarked in his opening statement that he hoped Kraninger “will be more accountable to senators on this Committee than Director Cordray was” but that he had “the utmost confidence that she is well-prepared to lead the Bureau in enforcing federal consumer financial laws and protecting consumers in the financial marketplace.” Conversely, Senator Elizabeth Warren, D-Mass., released a staff report prior to the hearing detailing Kraninger’s tenure at OMB and identifying her participation in several alleged management failures in the current administration.
During the hearing, Kraninger received questions covering a range of topics, including whether she would appeal last month’s ruling by a federal judge in New York that the CFPB’s structure was unconstitutional. (See previous InfoBytes coverage on the ruling here.) Kraninger responded that constitutionality questions are “not for me in this position to answer.” However, Kraninger did comment that “Congress, through [the] Dodd-Frank Act, gave the Bureau incredible powers and incredible independence from both the president and the Congress in its structure. . . . My focus is on running the agency as Congress established it, but certainly working with members of Congress. I’m very open to changes in that structure that will make the agency more accountable and more transparent.” Kraninger also commended recent efforts by the OCC to encourage banks to make small-dollar loans, discussed plans to consult Bureau staff on the use of the disparate impact theory in enforcement, and stated she will seek to promote the agency’s regulatory views through formal rulemaking instead of through enforcement.
On July 18, acting Director of the CFPB Mick Mulvaney announced the selection of Paul Watkins to lead the Bureau’s new Office of Innovation. The Office of Innovation—a recent addition to the Bureau—will focus on policies for facilitating innovation, engage with entrepreneurs and regulators, and review outdated or unnecessary regulations. Specifically, the Office of Innovation will replace what was previously known as Project Catalyst, which was—as previously discussed in InfoBytes—responsible for facilitating innovation in consumer financial services. Prior to joining the Bureau, Watkins worked for the Arizona Attorney General and helped launch the first state regulatory sandbox for fintech innovation. (See previous InfoBytes coverage on Arizona’s regulatory sandbox here.) Earlier in May, Mulvaney announced at a luncheon hosted by the Women in Housing & Finance that the Bureau is working to build its own regulatory sandbox program, and last year the agency took steps to make it easier for emerging technology companies to comply with federal rules by issuing its first “no action letter.”
Federal Reserve issues enforcement actions against New York branch of Pakistani bank, former bank employee
On July 12, the Federal Reserve Board released an enforcement action taken against a Pakistani bank’s New York branch concerning deficiencies in the branch’s Bank Secrecy Act/anti-money laundering (BSA/AML) compliance program. Under the terms of the written agreement, the branch is required to (i) submit a written governance plan to strengthen the board of director’s oversight of BSA/AML compliance; (ii) retain an independent third party to conduct a BSA/AML compliance review; (iii) submit a revised, written compliance program that complies with BSA/AML requirements; (iii) submit an enhanced, written customer due diligence program plan; and (iv) submit a revised program to ensure compliant suspicious activity monitoring and reporting. On a parallel basis, the Federal Reserve terminated an enforcement action taken against the branch in 2013.
The Federal Reserve also issued a separate enforcement action against a former bank employee for engaging in unsafe or unsound banking practices by concealing an unreconciled balance using improper accounting practices. The consent order of prohibition prohibits the former employee from, among other things, participating in any manner in the conduct of the affairs of any insured depository institution, holding company, or subsidiary of an insured depository institution.
CFPB settles with Kansas-based company and part-owner for debt collection violations
On July 13, the CFPB announced a settlement with a Kansas-based company and its former CEO and part-owner for using a network of debt collection agencies (the Agencies) that allegedly engaged in improper debt collection tactics in violation of the prohibitions in the Consumer Financial Protection Act (CFPA) on engaging in unfair, deceptive, or abusive acts or practices (UDAAPs) and on providing substantial assistance to others engaging in such practices. The Bureau also alleged that the company, acting through the Agencies, violated the Fair Debt Collection Practices Act (FDCPA). According to the consent order, the Kansas-based company and its part-owner had “knowledge or a reckless disregard” of the illegal debt collection tactics used by the Agencies, including misrepresenting the amount the consumer actually owed and falsely threatening consumers and their families with lawsuits. In its findings and conclusions, the CFPB alleges that, after reviewing the Agencies’ practices, the company’s “compliance personnel recommended terminating the Agencies because of the Agencies’ illegal collection acts and practices, but [the company and its part-owner] continued placing accounts with the Agencies” and selling debts to one of the Agencies. In addition, the Bureau alleges the company and its part-owner provided operational assistance to the Agencies, such as (i) drafting and implementing policies and procedures that falsely implied compliance with federal laws; (ii) defending the Agencies’ practices when original creditors raised concerns about collection tactics; and (iii) preventing compliance personnel from conducting effective reviews of the Agencies. The order imposes a civil money penalty judgment of $3 million against the Kansas-based company and $3 million against the part-owner but the full payment is suspended subject to the company paying a $500,000 penalty and the part-owner paying a $300,000 penalty. In addition to the penalties, the company is prohibited from continuing the illegal behavior and must create and submit to the Bureau a comprehensive compliance plan, while the part-owner is permanently restrained from acting as an officer, director, employee, agent or advisor of, or otherwise providing management, advice, direction or consultation to, any individual or business that collects, buys, or sells consumer debt.
FTC, CFPB discuss scope of Fair Credit Reporting Act during Senate Banking Committee hearing
On July 12, the Senate Committee on Banking, Housing, and Urban Affairs held a hearing entitled “An Overview of the Credit Bureaus and the Fair Credit Reporting Act” to discuss the scope and enforcement of the Fair Credit Reporting Act (FCRA), the measures undertaken by the CFPB and the FTC to oversee credit bureau data security and accurate credit reporting, and other laws and regulations as they pertain to credit bureaus. Committee Chairman Mike Crapo, R-Idaho, opened the hearing by discussing the need to understand the “current state of data security, data accuracy, data breach policy” given consumers’ increased reliance on technology and recent cybersecurity incidents.
Associate Director for the Division of Privacy and Identity Protection at the FTC, Maneesha Mithal, discussed in prepared remarks the FTC’s role in implementing, enforcing, and interpreting the FCRA, as we all as the importance of educating consumers and businesses about FCRA requirements. According to Mithal, the FCRA continues to be a “top priority” for the FTC as the consumer reporting system evolves and new technologies emerge. Mithal discussed consumer reporting agency (CRA) FCRA compliance requirements concerning, among other things, dispute resolution processes, furnisher obligations, and credit reporting accuracy. Specifically, Mithal commented on the FTC’s more than 30 FCRA enforcement actions, in addition to the more than 60 law enforcement actions taken against companies for allegedly failing to implement reasonable data security practices. Mithal also touched upon the FTC’s business guidance and consumer education efforts concerning FCRA rights and obligations.
Assistant Director for Supervision Policy at the Bureau, Peggy Twohig, similarly discussed the Bureau’s authority over CRAs and furnishers with respect to the agency’s supervisory and enforcement authority, and noted, among other things, that while the agency possesses broad authority to promulgate rules as required to enforce the FCRA, it lacks rulemaking authority under certain sections of the FCRA related to red flags and the disposal of records, which fall under the FTC’s purview. Twohig further commented on the Bureau’s efforts to educate consumers on a variety of topics, including data breaches, credit freezes, and credit and identity monitoring.
FTC announces settlement with California company over EU-U.S. Privacy Shield false certification claims
On July 2, the FTC announced it had reached a settlement with a California-based company over allegations that it falsely claimed participation in the European Union-U.S. Privacy Shield framework, EU-U.S. Privacy Shield. According to the FTC, the company’s false claim that it was in the process of certification is a violation of the FTC Act’s prohibition against deceptive acts or practices. The settlement prohibits the company from misrepresenting its participation in “any privacy or security program sponsored by a government or any self-regulatory or standard-setting organization” and requires the submission of timely compliance notices. This action marks the fourth FTC EU-U.S. Privacy Shield enforcement action following the EU’s finalization and adoption in July 2016 (see previous InfoBytes coverage here) of the EU-U.S. Privacy Shield, which established a mechanism for companies to transfer consumer data between the EU and the U.S. in compliance with specified obligations.
Federal Reserve issues enforcement actions against former bank employees
On June 26, the Federal Reserve released enforcement actions taken against two former bank employees for improper actions, including one employee who allegedly embezzled money from a bank’s customer on several occasions, and another who misappropriated funds through false representations and accounting entries to pay off personal and family members’ loans owed to the bank. The Federal Reserve issued consent prohibitions for both former employees, which prohibits them from, among other things, participating in any manner in the conduct of the affairs of any insured depository institution, or holding company or subsidiary of an insured depository institution.