InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
CFPB settles with Kansas-based company and part-owner for debt collection violations
On July 13, the CFPB announced a settlement with a Kansas-based company and its former CEO and part-owner for using a network of debt collection agencies (the Agencies) that allegedly engaged in improper debt collection tactics in violation of the prohibitions in the Consumer Financial Protection Act (CFPA) on engaging in unfair, deceptive, or abusive acts or practices (UDAAPs) and on providing substantial assistance to others engaging in such practices. The Bureau also alleged that the company, acting through the Agencies, violated the Fair Debt Collection Practices Act (FDCPA). According to the consent order, the Kansas-based company and its part-owner had “knowledge or a reckless disregard” of the illegal debt collection tactics used by the Agencies, including misrepresenting the amount the consumer actually owed and falsely threatening consumers and their families with lawsuits. In its findings and conclusions, the CFPB alleges that, after reviewing the Agencies’ practices, the company’s “compliance personnel recommended terminating the Agencies because of the Agencies’ illegal collection acts and practices, but [the company and its part-owner] continued placing accounts with the Agencies” and selling debts to one of the Agencies. In addition, the Bureau alleges the company and its part-owner provided operational assistance to the Agencies, such as (i) drafting and implementing policies and procedures that falsely implied compliance with federal laws; (ii) defending the Agencies’ practices when original creditors raised concerns about collection tactics; and (iii) preventing compliance personnel from conducting effective reviews of the Agencies. The order imposes a civil money penalty judgment of $3 million against the Kansas-based company and $3 million against the part-owner but the full payment is suspended subject to the company paying a $500,000 penalty and the part-owner paying a $300,000 penalty. In addition to the penalties, the company is prohibited from continuing the illegal behavior and must create and submit to the Bureau a comprehensive compliance plan, while the part-owner is permanently restrained from acting as an officer, director, employee, agent or advisor of, or otherwise providing management, advice, direction or consultation to, any individual or business that collects, buys, or sells consumer debt.
FTC, CFPB discuss scope of Fair Credit Reporting Act during Senate Banking Committee hearing
On July 12, the Senate Committee on Banking, Housing, and Urban Affairs held a hearing entitled “An Overview of the Credit Bureaus and the Fair Credit Reporting Act” to discuss the scope and enforcement of the Fair Credit Reporting Act (FCRA), the measures undertaken by the CFPB and the FTC to oversee credit bureau data security and accurate credit reporting, and other laws and regulations as they pertain to credit bureaus. Committee Chairman Mike Crapo, R-Idaho, opened the hearing by discussing the need to understand the “current state of data security, data accuracy, data breach policy” given consumers’ increased reliance on technology and recent cybersecurity incidents.
Associate Director for the Division of Privacy and Identity Protection at the FTC, Maneesha Mithal, discussed in prepared remarks the FTC’s role in implementing, enforcing, and interpreting the FCRA, as we all as the importance of educating consumers and businesses about FCRA requirements. According to Mithal, the FCRA continues to be a “top priority” for the FTC as the consumer reporting system evolves and new technologies emerge. Mithal discussed consumer reporting agency (CRA) FCRA compliance requirements concerning, among other things, dispute resolution processes, furnisher obligations, and credit reporting accuracy. Specifically, Mithal commented on the FTC’s more than 30 FCRA enforcement actions, in addition to the more than 60 law enforcement actions taken against companies for allegedly failing to implement reasonable data security practices. Mithal also touched upon the FTC’s business guidance and consumer education efforts concerning FCRA rights and obligations.
Assistant Director for Supervision Policy at the Bureau, Peggy Twohig, similarly discussed the Bureau’s authority over CRAs and furnishers with respect to the agency’s supervisory and enforcement authority, and noted, among other things, that while the agency possesses broad authority to promulgate rules as required to enforce the FCRA, it lacks rulemaking authority under certain sections of the FCRA related to red flags and the disposal of records, which fall under the FTC’s purview. Twohig further commented on the Bureau’s efforts to educate consumers on a variety of topics, including data breaches, credit freezes, and credit and identity monitoring.
FTC announces settlement with California company over EU-U.S. Privacy Shield false certification claims
On July 2, the FTC announced it had reached a settlement with a California-based company over allegations that it falsely claimed participation in the European Union-U.S. Privacy Shield framework, EU-U.S. Privacy Shield. According to the FTC, the company’s false claim that it was in the process of certification is a violation of the FTC Act’s prohibition against deceptive acts or practices. The settlement prohibits the company from misrepresenting its participation in “any privacy or security program sponsored by a government or any self-regulatory or standard-setting organization” and requires the submission of timely compliance notices. This action marks the fourth FTC EU-U.S. Privacy Shield enforcement action following the EU’s finalization and adoption in July 2016 (see previous InfoBytes coverage here) of the EU-U.S. Privacy Shield, which established a mechanism for companies to transfer consumer data between the EU and the U.S. in compliance with specified obligations.
Federal Reserve issues enforcement actions against former bank employees
On June 26, the Federal Reserve released enforcement actions taken against two former bank employees for improper actions, including one employee who allegedly embezzled money from a bank’s customer on several occasions, and another who misappropriated funds through false representations and accounting entries to pay off personal and family members’ loans owed to the bank. The Federal Reserve issued consent prohibitions for both former employees, which prohibits them from, among other things, participating in any manner in the conduct of the affairs of any insured depository institution, or holding company or subsidiary of an insured depository institution.
FDIC releases May enforcement actions
On June 29, the FDIC announced a list of orders of administrative enforcement actions taken against banks and individuals in May 2018. The 14 orders include “five Section 19 orders; two civil money penalties; one removal and prohibition order; two terminations of consent orders; two terminations of insurance; one order for restitution; one modification of removal and prohibition order; and one modification of civil money penalty order.” The order for restitution is for violations of certain laws, regulations, and a 2016 consent order “relating to statutory lending limits and restrictions on loans to borrowers classified as ‘substandard.’” The civil money penalty orders relate to (i) unsafe or unsound practices and breaches of fiduciary duty, and (ii) a violation of Regulation O concerning the handing of certain loans from the bank to the respondent. The announcement also notes that there are no administrative hearings scheduled for July 2018.
NYDFS fines global banking firm $205 million for alleged FX violations
On June 20, the New York Department of Financial Services (NYDFS) announced a $205 million settlement with a global banking firm to resolve allegations that the bank engaged in unsafe and unsound practices in its foreign exchange (FX) trading business. According to the consent order, the bank did not implement and maintain sufficient controls to identify and prevent unsafe and unsound activities conducted by certain FX traders. Among other things, the order states that FX traders (i) used electronic chatrooms to coordinate trading activity with competitors to improperly affect FX prices; (ii) engaged in a practice known as “jamming the fix,” which entails accumulating a large trading position and subsequently making aggressive trades with the intention of moving the fix price in a desired direction; (iii) disclosed confidential customer information to competitors through electronic chatrooms; and (iv) mislead customers by hiding markups on trades. In addition to the fine, the bank is required to improve its internal controls and programs to comply with applicable New York State and federal laws and regulations, submit a written plan to improve its compliance risk management program, and provide an enhanced written internal audit program.
New York Fed report finds CFPB oversight does not significantly reduce volume of mortgage lending
The Federal Reserve Bank of New York (New York Fed) released a June 2018 Staff Report titled “Does CFPB Oversight Crimp Credit?” which concludes that there is little evidence that CFPB oversight significantly reduces the overall volume of mortgage lending. The report compared the lending outcomes of companies subject to CFPB oversight with smaller institutions below $10 billion in total assets that are exempt from CFPB supervision and enforcement activities, as well as lending outcomes before and after the CFPB’s creation in July 2011. Using HMDA data, bank balance sheets, and bank noninterest expenses, the report concluded, among other things, that (i) CFPB oversight may have changed the composition of lending—supervised banks originated fewer loans to lower-income, lower-credit score borrowers; (ii) there has been a drop in lending to borrowers with no co-applicant by CFPB supervised banks; and (iii) there has been an increase in origination of “jumbo” mortgage loans by CFPB supervised banks. The report noted that its results do not speak to the effect of the CFPB’s rulemaking, such as the TILA-RESPA integrated disclosure rule.
OCC releases recent enforcement actions, issues $12.5 million penalty for BSA/AML compliance deficiencies
On June 15, the OCC released a list of recent enforcement actions taken against national banks, federal savings associations, and individuals currently and formerly affiliated with such entities. The new enforcement actions include cease and desist orders, civil money penalty orders, and removal/prohibition orders. The consent order described below was among those in the OCC’s list:
On April 14, the OCC issued a consent order and $12.5 million civil money penalty order against a New York-branch of an international bank for alleged deficiencies in the branch’s BSA/AML compliance program. The alleged deficiencies included the failure to file timely Suspicious Activity Reports (SARs) as well as deficiencies in the branch’s compliance with Office of Foreign Asset Control (OFAC) requirements. Among other things, the consent order requires the branch to (i) develop and implement an ongoing BSA/AML and OFAC risk assessment program; (ii) adopt an independent audit program to conduct a review of the bank’s BSA/AML compliance program; and (iii) ensure the branch has a permanent and experienced BSA officer. The bank has neither admitted nor denied the OCC’s findings.
CFPB fines installment lender $5 million for improper collection and credit reporting practices
On June 13, the CFPB ordered a South Carolina-based installment lender and its subsidiaries to pay $5 million in civil money penalties for allegedly making improper in-person and telephonic collection attempts in violation of the Consumer Financial Protection Act (CFPA) and inaccurately furnishing information to credit reporting agencies in violation of the Fair Credit Reporting Act (FCRA). According to the consent order, between 2011 and 2016, the company and its subsidiaries (i) initiated collection attempts at consumers’ homes and places of employment; (ii) routinely called consumers at work to collect debts, sometimes after being told they were not allowed to receive calls; and (iii) contacted third parties and disclosed or were at risk of disclosing the existence of the consumer’s debt. The CFPB also alleges that the company and its subsidiaries failed to implement reasonable credit reporting procedures and failed to correct inaccurate information furnished to credit reporting agencies. In addition to the $5 million civil money penalty, the company and its subsidiaries must (i) cease improper collection practices; (ii) correct the credit reporting errors; and (iii) develop a comprehensive compliance plan.
SEC settles RMBS supervision and improper markup allegations with brokerage firm
On June 12, the SEC issued an order against a brokerage firm to settle allegations that it violated antifraud provisions of federal securities laws when it failed to properly supervise traders who persuaded customers with false or misleading statements to overpay for residential mortgage-backed securities (RMBS). According to the SEC, the firm misled customers about how much the firm paid for the securities and illegally profited from the improper markups that were, in some cases, allegedly more than twice as much as what the customers should have paid. The order claims that the firm did not charge a traditional commission on the transactions, but rather derived profits “from the difference between the price at which [the firm] sold securities and the price at which it had purchased them.” Additionally, while the firm had policies and procedures to monitor and prevent excessive markups on RMBS transactions, they were “not reasonably designed and implemented.” While neither admitting nor denying the SEC’s charges, the firm agreed to be censured for failing reasonably to supervise its traders, to pay a fine of approximately $5.2 million, and to pay more than $10.5 million in disgorgement and interest to affected customers.