InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
CSBS announces FTC access to non-confidential NMLS licensing information
On January 18, the Conference of State Bank Supervisors (CSBS) announced it will start sharing non-confidential licensing information obtained through the Nationwide Multistate Licensing System (NMLS) with the FTC. Once implemented, the FTC will have access to regulated companies’ ownership information, and public FTC enforcement actions will be added to the NMLS database and made available to state regulators and to the public. According to the FTC, access to this type of information will improve consumer protection investigation efficiency and coordination with state law enforcement partners. Currently, select NMLS data is shared with the Office of Financial Research, CFPB, Financial Crimes Enforcement Network, and FHA.
Senate Banking Committee: The impact of cryptocurrency in AML/BSA enforcement
On January 17, the Senate Committee on Banking, Housing, and Urban Affairs held a second hearing with witnesses from the Treasury and Justice departments to further address the need to modernize and reform the Bank Secrecy Act and anti-money laundering (BSA/AML) regime. The hearing, entitled “Combating Money Laundering and Other Forms of Illicit Finance: Administration Perspectives on Reforming and Strengthening BSA Enforcement,” follows a January 9 hearing before the same Committee on related issues (see previous InfoBytes coverage here). Committee Chairman Mike Crapo, R-Idaho, opened the hearing by stating the need to understand the government’s position on “strengthening enforcement and protecting the integrity of the U.S. financial system in a new technological era,” while also recognizing the challenges technology creates for law enforcement. A primary topic of interest to the Committee was “the rise of cryptocurrencies and their potential to facilitate sanctions evasion and perhaps, other crimes.”
The first witness, Treasury’s undersecretary for terrorism and financial crimes, Sigal Mandelker (testimony), noted that money laundering related to cryptocurrencies is “an area of high focus” for Treasury, and highlighted actions taken by Treasury’s Financial Crimes Enforcement Network (FinCEN), such as the release of guidance announcing that “virtual currency exchangers and administrators” are subject to regulations under the BSA. Regulated entities, Mandelker stated, are required to file suspicious activity reports (SARs) and are subject to FinCEN and IRS examinations and enforcement actions. Mandelker further commented that Treasury is “aggressively tackling” illicit financing entering the U.S. system and elsewhere, and stressed that other countries face consequences if they fail to have an AML/Combating the Financing of Terrorism regime that meets Treasury standards.
The second witness, DOJ acting deputy assistant attorney general M. Kendall Day (testimony), informed the Committee of the recent hiring of a digital currency counsel who is responsible for ensuring prosecutors are up-to-date on the latest money-laundering threats in the digital currency field. Day also commented on recent DOJ prosecutions in this space, and emphasized the need for enhanced information sharing for law enforcement, including the benefit of deriving information from SARs.
FTC report highlights 2017 privacy and data security enforcement work
On January 18, the FTC released its annual report on the agency’s privacy and data security work performed in 2017. Among other items, the report highlights consumer-related enforcement activities in 2017, including:
- a settlement with a ride-sharing company over allegations that it violated the FTC Act by making deceptive claims about its privacy and data practices (previously covered by InfoBytes here);
- the first EU-U.S. Privacy Shield action resulting in settlements with three companies over allegations that they falsely claimed they were certified to take part in the framework (previously covered by InfoBytes here); and
- a joint settlement with the New Jersey Attorney General against a “smart” television manufacturer for claims that it secretly gathered users’ viewing data and sold it to third parties who used the data for targeted advertising (previously covered by InfoBytes here).
The report also covers the FTC’s approval of TRUSTe’s proposed modifications to its safe harbor program under the Children’s Online Privacy Protection Act of 1998 (COPPA), previously covered by Infobytes here; and the agency’s actions related to the national “Do Not Call” Registry.
CFPB succession update: CFPB requests zero funding; seeks public comment regarding Bureau’s activities; & more
On January 17, in a letter to Federal Reserve Chair Janet Yellen, acting CFPB Director Mick Mulvaney requested zero dollars for the Bureau’s quarterly operating funds. Each fiscal quarter, as required by law, the CFPB formally requests that the Federal Reserve transfer a specified amount of money to the Bureau so it can perform the functions outlined in its budget. In his letter, Mulvaney stated that the prior Director maintained a “reserve fund” for the CFPB, and the money in this fund is sufficient to cover the CFPB’s expenses for the second quarter. This will be the first time in the history of the CFPB that its Director has requested no additional amount to fund quarterly operations. The CFPB also announced its plan to publish a series of Requests for Information (RFIs) in the Federal Register seeking public input on the way the Bureau is performing its statutory obligations. These RFIs will request “comment on enforcement, supervision, rulemaking, market monitoring, and education activities.” The first RFI will seek information regarding the Bureau’s Civil Investigative Demand processes and procedures.
On January 18, the CFPB voluntarily dismissed its case against four online installment lenders for allegedly deceiving customers by collecting debts that were not legally owed, previously covered by InfoBytes here. The complaint, filed in the United States District Court for the Northern District of Illinois, alleged, among other things, that the lenders engaged in unfair, abusive, and deceptive acts—a violation of the Dodd-Frank Act—by collecting on installment loans that are partially or wholly void under state law. In September 2017, the case was transferred to Kansas, where the Bureau’s notice of dismissal was filed. The notice does not specify a reason for the dismissal.
Fed terminates foreclosure enforcement actions, fines five banks CMPs
On January 10, the Federal Reserve Board (Fed) announced the termination of ten enforcement actions for legacy mortgage loan servicing and foreclosure processing activities, along with the issuance of more than $35 million in combined civil money penalties (CMPs) against five of the ten banks. Combined with penalties previously assessed against other supervised firms (see previous InfoBytes coverage here), the Fed’s mortgage servicing enforcement actions have totaled approximately $1.1 billion in penalties. The CMPs assessed against the five banks range from $3.5 million to $14 million.
According to the Fed, the termination of the ten enforcement actions is a result of “evidence of sustainable improvements in the firms’ oversight and mortgage servicing practices.” Under the terms of the previously issued consent orders, in addition to the CMPs, the banks were required to (i) improve residential mortgage loan servicing oversight, and (ii) correct deficiencies in residential mortgage loan servicing and foreclosure processing for banks with Fed supervised-mortgage servicing subsidiaries.
The Fed also announced the termination of two related joint enforcement actions (see here and here) with the OCC, FDIC and FHFA (a party to only one of the actions) against key mortgage servicing service providers. According to the announcement, the terminations were a result of proof of “sustainable improvements” in the companies’ foreclosure-related practices.
FDIC Fines Puerto Rican Bank for Flood Insurance Violations, Releases November Enforcement Actions
On December 29, the FDIC released a list of 29 administrative enforcement action orders taken against banks and individuals in November, as well as one termination order issued in October. The FDIC assessed a $153,000 civil money penalty against a Puerto Rican bank, citing 321 violations of the Flood Disaster Protection Act (FDPA) and the National Flood Insurance Act (NFIA) for (i) failing to notify borrowers that they were required to purchase flood insurance; and (ii) failing to obtain flood insurance on a borrower’s behalf in a timely fashion for those borrowers who failed to obtain insurance within 45 days after receiving notification. A second civil money penalty was issued against an Ohio-based bank for allegedly engaging in a pattern of violating requirements under the FDPA and NFIA, including by failing to obtain flood insurance at the time of origination.
Also on the list are consent orders issued against two banks related to unsafe or unsound banking practices, four Section 19 orders allowing applicants to participate in the affairs of an insured depository institution after having demonstrated “satisfactory evidence of rehabilitation,” five terminations of consent orders, and two adjudicated decisions, among others.
There are no administrative hearings scheduled for January 2018. The FDIC database containing all 30 enforcement decisions and orders may be accessed here.
FINRA Fines Brokerage Firm $2.8 Million for Customer Protection Rule Violations
On December 27, the Financial Industry Regulatory Authority (FINRA) announced that it fined a New York-based brokerage firm $2.8 million based on allegations that the firm violated the SEC’s Customer Protection Rule and due to other related supervisory failures. According to the Letter of Acceptance, Waiver, and Consent (AWC), from March 2008 to June 2016, the firm did not have reasonable processes in place to ensure that its control systems were operating properly. As a result of these design flaws, the firm failed to properly segregate customers’ foreign and domestic securities in appropriate control locations, leading to deficits in securities valued at hundreds of millions of dollars.” The firm neither admitted nor denied the findings set forth in the AWC agreement.
OCC Recent Enforcement Actions Target BSA/AML Compliance Programs and National Flood Insurance Act Violations
On December 14, the OCC released a list of recent enforcement actions taken against national banks, federal savings associations, and individuals currently and formerly affiliated with such parties. The new enforcement actions include cease and desist orders, civil money penalty orders, removal/prohibition orders, and restitution orders. The list also includes recently terminated enforcement actions.
Cease and Desist Order. On November 9, the OCC issued a consent order (2017 Order) two days after converting a Japanese bank’s two New York branches under the supervision of the New York Department of Financial Services (NYDFS) to federally licensed branches under the supervision of the OCC. As part of the OCC’s approval process, the bank’s federal branches and New York branches agreed to the issuance of the 2017 Order, which requires adherence to “remedial provisions . . . substantively the same as those” in consent orders entered into in 2013 and 2014 with NYDFS. The previously issued consent orders addressed deficiencies related to the bank’s Bank Secrecy Act/Anti-Money Laundering (BSA/AML) sanctions compliance programs, specifically concerning the removal of key warnings to regulators on transactions with sanctioned countries.
The 2017 Order, among other things, requires the bank to: (i) submit an action plan on enhancing internal controls and updating policies and procedures to correct BSA/AML deficiencies, address provisions applicable under the Office of Foreign Assets Control’s requirements, and implement requirements outlined in the 2013 and 2014 consent orders; (ii) ensure adherence to the action plan and 2017 Order under the direction of the bank’s general manager; (iii) submit a management oversight plan designed to improve and enhance the bank’s sanctions compliance programs; and (iv) prevent the retention or future engagement of any individual identified and “barred by the 2014 Consent Order from engaging, directly or indirectly, in any duties, responsibilities, or activities at or on behalf of the [b]ank or the [b]ank’s affiliates that involve their banking business in the [U.S.].” The 2017 Order does not require the bank to pay a civil monetary penalty.
Civil Monetary Penalty. On October 10, the OCC assessed a $452,000 civil monetary penalty against a national bank lender for alleged violations of the National Flood Insurance Act and/or the Flood Disaster Protection Act. The bank agreed to pay the penalty without admitting or denying any wrongdoing.
SEC Obtains Emergency Court Order Against Canadian Firm for Allegedly Violating Federal Securities Law; Halts Initial Coin Offering
On December 4, the SEC announced it had obtained an emergency court order to freeze the assets of a Canadian company and the company’s founders (Defendants) and block Defendants’ ability to continue to raise funds through an initial coin offering (ICO). At the time the order was issued, the ICO had raised $15 million since August by “promising investors returns of 1,354% in under 29 days.” This is the first enforcement action taken by the SEC’s recently established Cyber Unit, whose focus includes distributed ledger technology and initial coin offering violations. (See previous InfoBytes Cyber Unit coverage here.)
According to a complaint filed December 1 in the U.S. District Court for the Eastern District of New York, Defendants allegedly violated the anti-fraud and registration provisions of U.S. federal securities laws by making a series of materially false and misleading statements when marketing and selling securities as digital tokens/cryptocurrencies to obtain investor funds. From August to the present, Defendants purportedly raised $15 million through the ICO, and made false representations including, among other things, that: (i) the firm consisted of large teams of experts across the globe, and (ii) investors would receive certain promised returns (1,354% in less than a month) on investments if all tokens were sold. Further, Defendants allegedly failed to disclose (i) that a portion of the proceeds from the ICO funds would pay personal expenses, and (ii) that the company’s principal executive was “a known recidivist securities law violator in Canada.” The SEC seeks relief in the form of permanent injunctions, monetary penalties and interest, and an “officer-and-director bar and a bar from offering digital securities” against the company’s founders.
FTC Announces Final Approval of Settlements With Companies Over EU-U.S. Privacy Shield False Certification Claims
On November 29, the FTC announced it had approved final settlements with three companies over allegations that they falsely claimed participation in the European Union-U.S. Privacy Shield (EU-U.S. Privacy Shield) framework. (See previous InfoBytes coverage here.) The settlements mark the FTC’s first EU-U.S. Privacy Shield enforcement actions following the EU’s finalization and adoption in July 2016 (as covered by InfoBytes) of the EU-U.S. Privacy Shield Framework, which established a mechanism for companies to transfer consumer data between the EU and the U.S. in compliance with specified obligations.