InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
CFPB Proposes Permanent Ban on Credit Repair Company for Misleading Consumers, Illegal Fees
On August 30, the CFPB and a credit repair company requested a California federal court to enter a final judgment and order to end the CFPB’s lawsuit against the company. The Bureau claimed that the company had violated the Consumer Financial Protection Act of 2010 and the Telemarketing Sales Rule among other things. According to a CFPB press release, the company “[c]harged illegal advance fees”; “[m]isled consumers about the benefits of its credit repair services”; “[m]isrepresented the costs of its services”; and “[f]ailed to disclose limits on ‘money-back guarantee.’” As previously reported in InfoBytes, the CFPB filed similar proposed final judgments against other credit repair companies for largely the same reasons.
In addition to permanently prohibiting the defendant from working in the credit repair industry, the proposed settlement also requests a civil money penalty of $150,000.
FTC Enters Consent Order with Final Defendant in Alleged 2015 Debt Collection Scheme
On August 30, the FTC announced a settlement banning the final defendant who had participated in a debt collection scheme from debt collection activities. The settlement stems from a 2015 action against three groups of defendants who allegedly violated the FTC Act and the Fair Debt Collection Practices Act (FDCPA) by engaging in the following activities, among others: (i) attempting to collect debts consumers claimed they did not owe; (ii) impersonating law enforcement to threaten non-compliant consumers with arrests and lawsuits; (iii) harassing friends, family members, and employees in an attempt to collect debts; and (iv) failing to identify themselves as debt collectors. (See previous InfoBytes summary here.) In 2016, the FTC reached separate settlements (here and here) against two of the three groups of debt collectors. In addition to banning the final defendant from debt collection activities, the 2017 action also imposes a $9.39 million judgment to be suspended due to the defendant’s inability to pay. However, the judgment will become immediately due if the defendant is found to have misstated his financial condition.
FTC Files Complaint Against Debt Collection Operation for FTC Act and FDCPA Violations
On August 29, the FTC issued a press release announcing charges against a North Carolina-based debt collection business (defendants) for allegedly using a variety of “trade names” that sound like law firms to threaten individuals if they failed to pay debt they did not actually owe or that the defendants had no right to collect. According to the complaint, the defendants violated the FTC Act by making false, unsubstantiated, or misleading representations regarding debt owed on payday loans or other debts and threatening legal action. Additionally, the defendants allegedly violated the Fair Debt Collection Practices Act by: (i) communicating with consumers “at times or places known or which should be known to be inconvenient to the consumer” or “at the consumer’s place of employment when Defendants knew or had reason to know that the consumer’s employer prohibits the consumer from receiving such communications”; (ii) engaging in “unlawful third-party communications” without obtaining prior consumer consent; (iii) participating in harassing and abusive collection practices; (iv) making false, deceptive, or misleading representations, including by withholding the true status of the debt, impersonating attorneys, threatening legal action, and failing to disclose they were debt collectors; and (v) failing to provide consumers written verification of their debt within the required time frame. A federal judge in the U.S. District Court for the Western District of North Carolina has temporarily restrained and enjoined the defendants’ alleged illegal practices and frozen their assets.
FTC Announces Settlement with Operator of Online Tax Preparation Service Over Privacy and Security Allegations
On August 29, the FTC issued a press release announcing a settlement with the operator of a Georgia-based online tax preparation service to resolve allegations that the company failed to implement adequate security procedures to protect client information in violation of several federal privacy and security rules, including the Federal Trade Commission Act and the Gramm-Leach-Bliley Act’s Privacy Rule (Regulation P) and Safeguards Rule. In its complaint, the FTC alleged that the company violated the Safeguards Rule, which requires financial institutions under FTC jurisdiction toprotect customer information by developing, implementing, and maintaining a comprehensive information security program that satisfies certain requirements. The complaint alleged that, because the company failed to implement these requirements and did not have in place adequate risk-based authentication measures, hackers were able to conduct a “list validation attack” between October 2015 and December 2015, which gave them full access to nearly 9,000 customer accounts. Hackers then used the acquired information to engage in tax identity theft. In addition, the FTC alleges that the company failed to notify customers of the list validation attack or alterations until a user called in January 2016 to report suspicious activity, and failed to delivery privacy notices to customers as required by the Privacy Rule.
Under the terms of the decision and order, the company, among other things, is required for 10 years to obtain biennial independent third-party assessments to address the effectiveness of the company’s security programs and safeguard measures to “certify that [the company’s] security program(s) is operating with sufficient effectiveness to provide reasonable assurance that the security, confidentiality, and integrity of personal information is protected and has operated throughout the reporting period.”
The agreement with the FTC will be subject to public comment for 30 days through September 29, at which point the FTC will decide whether to make the proposed consent order final.
FDIC Releases List of Enforcement Actions Taken Against Banks and Individuals in July 2017
On August 25, the FDIC released its list of 24 orders of administrative enforcement actions taken against banks and individuals in July. The FDIC issued consent orders against three banks, including one alleging “unsafe or unsound banking practices relating to [b]ank management and directors, capital maintenance, liquidity, credit administration, third-party risk management, audit, interest rate risk, and strategic and profit planning.”
Ten enforcement actions identified by the FDIC related to unsafe or unsound banking practices and breaches of fiduciary duty leading to financial loss, including seven removal and prohibition orders and three assessments of civil money penalties. Also on the list are four Section 19 orders, which allow applicants to participate in the affairs of an insured depository institution after having demonstrated “satisfactory evidence of rehabilitation,” and seven terminations of consent orders.
There are no administrative hearings scheduled for September 2017. The FDIC database containing all 24 of its enforcement decisions and orders may be accessed here.
OCC Announces Recent Enforcement Actions and Terminations
On August 18, the OCC released a list of new enforcement actions taken against national banks, federal savings associations, and institution-affiliated parties as well as a list of existing enforcement actions that were terminated recently. The actions include cease and desist orders, civil money penalties, removal/prohibition orders and restitution orders.
Cease and Desist Order. On July 18, the OCC issued a consent order against a Florida-based bank for deficiencies related to its Bank Secrecy Act (BSA) rules and regulations. The consent order, among other things, requires the bank to: (i) appoint a compliance committee responsible for ensuring the bank adheres to the order; (ii) appoint a BSA officer who will “ensure compliance with the requirements of the [BSA] . . . and regulations of the Office of Foreign Assets Control (OFAC)”; (iii) acquire an independent third-party consultant to conduct a formal written assessment of the bank’s BSA oversight infrastructure to determine BSA/Anti-Money Laundering (AML) compliance; (iv) review and update a comprehensive BSA/AML compliance action plan and monitoring system, including implementing processes to timely identify and analyze suspicious activity and file suspicious activity reports (SARs); (v) create a comprehensive training program for “appropriate operational and supervisory personnel to ensure their awareness of their specific assigned responsibilities for compliance with” the BSA; (vi) develop policies and procedures related to the collection of customer due diligence and enhanced due diligence; (vii) monitor accounts for “high-risk customers/transactions”; (viii) implement an independent BSA/AML audit program and written risk assessment program; and (ix) conduct a “Look-Back” plan to determine whether suspicious activity was timely identified and reported by the bank and whether additional SARs should be filed for unreported suspicious activity. The bank, while agreeing to the terms of the consent order, has not admitted or denied any wrongdoing.
OCC Updates Comptroller’s Licensing Manual Booklet to Provide Guidance on Failure Acquisitions
On August 3, the Office of the Comptroller of the Currency (OCC) released OCC Bulletin 2017-26 announcing a revised version of its “Failure Acquisitions” booklet designed to provide guidance on several policies and procedures impacting national banks and federal savings associations interested in acquiring a failed depository institution through the FDIC’s bidding process. The booklet, which is part of the Comptroller’s Licensing Manual, covers:
- an overview of the process banks must follow when submitting a purchase and assumption (P&A) application, which requires OCC approval before a bank can begin the FDIC bidding process;
- considerations undertaken by the OCC when reviewing a P&A application;
- a description of the process and elements of the application, including public notice and competitive factors, as well as legal and accounting standards; and
- references and links to informational resources.
CFPB Fines National Bank $4.6 Million for FCRA Violations
On August 2, the CFPB ordered a national bank to pay $4.6 million for allegedly failing to establish adequate policies and procedures for providing consumer deposit account information to nationwide specialty consumer reporting agencies (NSCRAs). The consent order alleges that the bank violated the Fair Credit Reporting Act and Regulation V by failing to provide consumers the results of investigations into their disputes and by withholding the contact information for the consumer reporting company supplying the information used to deny a checking account application. Pursuant to the consent order, in addition to the civil money penalty, the bank must (i) implement policies and procedures to ensure NSCRAs receive accurate consumer deposit account information; (ii) provide consumers with the results of its dispute investigations concerning information furnished to NSCRAs; and (ii) give consumers NSCRA contact information in situations of adverse action.
FDIC Releases List of Enforcement Actions Taken Against Banks and Individuals in June 2017
On July 28, the FDIC released its list of 23 orders in administrative enforcement actions taken against banks and individuals in June. Civil money penalties were assessed against two banks, including one citing violations of the National Flood Insurance Act for (i) failing to obtain flood insurance before loan origination, and (ii) failing to follow force placed flood insurance procedures.
Also on the list are 13 Section 19 orders allowing applicants to participate in the affairs of an insured depository institution and four orders for removal and prohibition for bank employees breaching fiduciary duties and participating in “unsafe or unsound banking practices” leading to financial losses.
There are no administrative hearings scheduled for August 2017.
FINRA Announces Head of Enforcement, Consolidates Enforcement Functions into Single Department
On July 26, the Financial Industry Regulatory Authority (FINRA) announced the promotion of Susan Schroeder to Executive Vice President and Head of Enforcement. Previously, Ms. Schroeder served as FINRA Senior Vice President and Deputy Chief of Enforcement, and she began serving as acting Head of Enforcement around the start of this year. Schroeder will report directly to CEO Robert Cook. FINRA also announced plans to consolidate its existing enforcement teams—“one handling disciplinary actions related to trading-based matters found through Market Regulation’s surveillance and examination programs, and the other handling cases referred from other regulatory oversight divisions including Member Regulation, Corporate Financing, the Office of Fraud Detection and Market Intelligence, and Advertising Regulation”—into a single unit led by Schroeder. This reorganization was prompted by FINRA360, the organization’s comprehensive self-evaluation and improvement examination.