InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FCC Announces $3.5 Million Settlement with Carriers to Resolve Consumer Privacy Investigation
On July 9, the FCC announced a $3.5 million settlement with carriers TerraCom, Inc. and YourTel America, Inc. to resolve an investigation into the exposure of personal information of over 300,000 of their customers online via unprotected servers used by their vendors to store customer information. The exposed information included names, addresses, Social Security numbers, driver’s licenses, and other pieces of sensitive information that were viewable by anyone with access to a search engine. Section 222(a) of the Communications Act imposes on carriers a duty to protect the confidentiality of “proprietary information of… customers” and the FCC Enforcement Bureau viewed this incident as a violation of that duty, as well as its duty under Section 201(b) to employ “just and reasonable” data security practices to protect the confidentiality of consumers’ proprietary information. Under the settlement, TerraCom and YourTel are required to (i) designate a senior corporate manager with certified privacy expertise, (ii) conduct a privacy risk assessment, (iii) put in place a written information security program and data breach response plan, (iv) maintain “reasonable oversight” of third-party vendors, and (v) offer privacy and security training. FCC-regulated entities should review their privacy and data security practices to ensure that they are taking appropriate steps to protect their customers’ proprietary information.
U.S. Senators Introduce Legislation Seeking to Increase SEC Penalty Amounts
On July 9, U.S. Senators Jack Reed (D-RI) and Chuck Grassley (R-IA) introduced Senate bill 1730, the Stronger Enforcement of Civil Penalties Act of 2015 (SECPA), aimed at increasing the SEC’s ability to combat securities’ laws violations to better protect investors and bolster oversight and accountability. Specifically, the SECPA “increase[es] the statutory limits on civil monetary penalties, directly linking the size of these penalties to the scope of harm and associated investor losses, and substantially raising the financial stakes for repeat securities law violators.” In addition, the legislation calls for expanded penalty authority for violations of previously imposed injunctions or bars, and would categorize individual injunction violations as separate charges.
FTC Bans Owners of Online Payday Lending Operations from Consumer Lending Industry
On July 7, the FTC entered into settlement agreements with two individuals and the entities they operate seeking to permanently restrict them from doing business in the consumer lending industry. According to the FTC’s complaint filed in September 2014, the defendants allegedly operated an online payday lending scheme using personal financial information purchased from third-party lead generators or data brokers to make unauthorized deposits and withdrawals into consumers’ bank accounts, regardless of whether or not the consumer applied for a payday loan. Once the loan proceeds were placed into the consumers’ accounts, the defendants would withdraw “finance charges” from the accounts on a recurring basis, but would not credit the loans’ principal balances for those payments. Collectively, the defendants issued $28 million in payday loans, and extracted over $46.5 million from consumers’ bank accounts over an 11-month period. In addition to being banned from the consumer lending industry, the proposed agreements also order the defendants to pay approximately $52 million in restitution (subject to certain conditions), dismiss any consumer debt that may be owed, and prohibit the defendants from reporting such debts to any credit reporting agency or benefiting from the collection of customers’ personal information.
CFPB, 47 State AGs, and District of Columbia Announce $216 Million Settlement to Resolve Credit Card Debt-Buying Investigation
On July 8, the CFPB along with 47 state attorneys general and DC announced an agreement with a major bank to resolve allegations that it sold faulty credit card “zombie debts” to third-party debt buyers, which included accounts with unlawfully obtained judgments, inaccurate or paid-off balances, and debts owed by deceased borrowers. The federal and state investigators also claimed that the bank filed deceptive debt-collection lawsuits against borrowers using robo-signed or illegally sworn affidavits to obtain false or inaccurate judgments for unverified debts. Under terms of the consent order, the bank agreed to, among other things, pay (i) $106 million to 47 state attorneys general, (ii) a $30 million civil money penalty to the CFPB, and (iii) provide at least $50 million in restitution to affected borrowers. The bank also agreed to cease collections on more than 528,000 accounts, and require that third-party debt buyers be prohibited from reselling debts purchased from the bank, unless they are sold back to the bank.
In a related announcement, the OCC imposed a $30 million civil money penalty over allegedly illegal non-home debt collection litigation practices and Servicemembers Civil Relief Act (SCRA) compliance practices. The OCC’s action stems from the bank’s practices related to the preparation and notarization of sworn documents used in debt litigation proceedings, and inadequate policies and procedures to ensure compliance with the SCRA.
Federal Reserve Orders Bank Holding Company to Strengthen its Firmwide Risk Management, Cites Capital Planning and Liquidity Risk Deficiencies
On July 7, the Board of Governors announced the execution of an enforcement action against a Boston-based bank holding company over deficiencies identified by the Federal Reserve Bank of Boston concerning the company’s governance, risk management, capital planning, and liquidity risk management operations. Pursuant to the Agreement, within 60 days of its execution the company must submit written plans detailing their efforts to strengthen board oversight of the company’s management and operations, bolster the risk management program, improve capital planning to match the company’s size and complexity, and strengthen liquidity risk management. No civil money penalty was imposed on the company.
CFPB Tackles Credit Card Vendors For Alleged Unfair Billing of Ancillary Products
Today, the CFPB filed proposed consent orders against two credit card add-on product vendors for allegedly billing consumers for credit monitoring and identity theft protection services they did not receive. Under the proposed consent orders, one vendor will provide nearly $7 million in restitution to the holders of approximately 73,000 accounts, and pay a $1.9 million civil money penalty. The other vendor will provide almost $55,000 in restitution to consumers who were incorrectly billed for identity theft or credit monitoring services, and pay a $1.2 million civil money penalty. The Bureau specifically noted that today’s announcement is the “first time the Bureau has brought actions directly against the companies” that market or administer ancillary products.
FTC Resolves Claims Against Auto Dealers Based on Alleged Deceptive Advertising
On June 29, the FTC filed two administrative complaints and issued proposed orders against two Las Vegas auto dealers to resolve allegations that they engaged in misleading advertising practices that misrepresented the purchase price or leasing offers of their vehicles, as well as the amount actually due at signing. In addition, the FTC also contends that the auto dealers failed to disclose other key information in its advertisements, such as the need for a security deposit, whether a down payment was required, and the terms of repayment. Under the proposed consent orders, the FTC will require both dealerships to refrain from misrepresenting the actual cost to purchase or lease a vehicle, and to comply with requirements of the Consumer Leasing Act and the Truth in Lending Act. No monetary judgment is proposed for either auto dealership.
Mobile App Developer Settles with FTC and New Jersey AG Over Virtual Currency Mining
On June 29, a mobile app developer entered into an agreement with the FTC and the New Jersey AG to settle allegations that the developer engaged in deceptive and unfair practices by marketing its rewards app, called “Prized,” as being free of malicious software, also known as “malware.” However, according to the FTC, the true purpose of the mobile app was to uploaded malware onto consumers’ mobile devices capable of mining virtual currencies for the software developer. This process allegedly reduced the battery life of consumers’ devices and caused consumers to burn through their monthly data plans. Under terms of settlement, the developer and accompanying mobile app are (i) prohibited from creating and distributing malicious software, and (ii) required to pay $50,000 to the state of New Jersey, with $5,200 due immediately, and the remaining $44,800 payable if the developer fails to comply with the terms of the consent order or the New Jersey Consumer Fraud Act within three years of the order.
DOJ Assistant AG Caldwell Delivers Remarks at the ABA's National Institute on Bitcoin and Other Digital Currencies
Today, Assistant Attorney General Leslie Caldwell delivered remarks at the ABA’s National Institute on Bitcoin and Other Digital Currencies. Speaking on the DOJ Criminal Division’s approach to the developing landscape of virtual currency, Caldwell acknowledged the legitimate uses of virtual currencies, such as having the ability to lower costs for brick and mortar businesses and its potential to promote a more efficient online marketplace, while also addressing the Department’s concern for the criminal activity surrounding virtual currencies, noting, “virtual currency facilitates a wide range of traditional criminal activities as well as sophisticated cybercrime schemes.” Citing recent actions against various individuals and groups involved in criminal activities that “sought to exploit decentralized systems such as Bitcoin” – specifically, Silk Road and Ross Ulbricht; and Carl Force and Shaun Bridges, both involved in the Baltimore Silk Road Task Force – Caldwell stressed that there are “many exchanges that don’t concern themselves with following the law.” She explained that the primary legal bases for enforcement are money services business, money transmission, and anti-money laundering statutes, as well as state money transmitter licensing laws and, in some states like New York, virtual-currency specific licensing requirements. Caldwell also noted the Department’s partnership with FinCEN, summarizing its involvement in the Ripple Labs resolution to show that “compliance and remediation can lead to a more favorable resolution of criminal investigations.” Further, Caldwell observed that while there is no “one-size-fits-all” compliance program, the adherence to regulations and state licensing laws by those involved in virtual currency businesses will reduce liability and complying with anti-money laundering guidelines will allow “the legitimate use of virtual currency to grow and be responsive to infiltration and abuse by criminal elements.”
FinCEN Fines MSB and Its Owner for Alleged BSA Violations
Today, FinCEN announced the assessment of a civil money penalty against a Los Angeles-based Money Services Business (MSB) and its owner for alleged violations of the Bank Secrecy Act (BSA). During a 2011 examination of the MSB, FinCEN determined that, from October 1, 2010 through the present, the MSB knowingly violated the BSA by failing to (i) establish and ensure ongoing compliance with an adequate AML program; (ii) provide adequate training; and (iii) conduct independent testing of its compliance program. In addition, the MSB violated the BSA’s reporting requirements by failing to “file required currency transaction reports (“CTRs”) on all of its reportable transactions during the examination scope period,” and continued to file untimely CTRs even after the examination scope period ended on March 31, 2011. Finally, FinCEN expressed concern over the MSB owner’s failure to disclose that the MSB “frequently exchanged check for cash with another MSB, an arrangement known as ‘wholesaling’ or ‘bulk check cashing.’” According to the assessment document, the MSB’s owner, who was also the designated AML compliance officer, participated in the BSA violations by failing to accept his responsibility to “ensure that [an] AML program was in place, was effective, and was followed.” To resolve FinCEN’s allegations, the MSB and its owner admitted to violating the BSA program and its reporting requirements and will pay a civil money penalty of $60,000.