InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FTC Finalizes Mobile Application Privacy Settlements
On August 19, the FTC approved final orders resolving allegations that two companies: (i) misrepresented the level of security of their mobile applications; and (ii) failed to secure the transmission of millions of consumers’ sensitive personal information. The FTC alleged that one company’s application assured consumers that their credit card information was stored and transmitted securely even though the company disabled a higher level of security validation, which allowed such credit card information to be intercepted. In addition, the company allegedly failed to have an adequate process for receiving vulnerability reports from security researchers and other third parties. The FTC alleged that the second company also disabled enhanced security validation despite claiming that it followed industry-leading security precautions, which also left consumers’ information vulnerable to interception. The final settlement orders require both companies to establish comprehensive programs designed to address security risks during the development of their applications and to undergo independent security assessments every other year for the next 20 years. The settlements also prohibit the companies from misrepresenting the level of privacy or security of their products and services.
FinCEN Permanently Bars Casino Official Over BSA Violations
On August 20, FinCEN announced an action against a casino employee who admitted to violating the Bank Secrecy Act by willfully causing the casino to fail to file certain reports. FinCEN asserted based in part on information obtained from an undercover investigation that the employee helped high-end gamblers avoid detection of large cash transactions by agreeing not to file either Currency Transaction Reports or Suspicious Activity Reports as required under the BSA. FinCEN ordered the employee to pay a $5,000 civil money penalty, and immediately and permanently barred him from participating in the conduct of the affairs of any financial institution located in the U.S. or that does business within the U.S.
FINRA Charges Firm With AML And Systematic Market Access Violations
On August 18, FINRA announced a complaint against a financial services and investment firm, alleging that the firm was responsible for systematic supervisory and AML violations in connection with providing direct market access and sponsored access to broker-dealers and non-registered market participants. Specifically, FINRA claims that from January 2008 through August 2013, the firm failed to “ensure appropriate risk management controls and supervisory systems and procedures,” thereby allowing its market access customers to “self-monitor and self-report” possibly manipulative trades. Moreover, FINRA asserts that during the relevant time period, the firm was made aware of these potential regulatory and compliance risks though numerous industrywide notices, disciplinary decisions taken against other industry participants, and multiple self-regulatory organization inquiries and examinations. The firm may request a hearing before the FINRA disciplinary committee. If FINRA’s charges stand, the firm could face suspension, censure, and/or monetary penalties.
New York Sanctions Bank For Alleged Failure To Comply With Prior AML Settlement
On August 19, the New York DFS announced a consent order with a British bank to resolve claims that the bank and its U.S. subsidiary failed to remediate AML compliance deficiencies as required by a prior settlement with the DFS that required the bank to, among other things, implement a transaction monitoring program. The DFS states that the compliance monitor appointed as part of the prior agreement determined that the procedures adopted by the bank to detect high-risk transactions contained errors and other problems that prevented the bank from identifying high-risk transactions for further review. The DFS asserts that the bank failed to detect these problems because of a lack of adequate testing both before and after implementation of the monitoring system. The DFS also claims the bank failed to properly audit its monitoring system. Under the latest consent order, the bank must: (i) suspend its dollar clearing operations for high-risk retail business clients of the bank’s Hong Kong subsidiary; (ii) obtain prior DFS approval to open a U.S. Dollar demand deposit account for any customer who does not already have such an account with the U.S. entity; and (iii) pay a $300 million penalty. The bank also must implement additional compliance enhancements, including enhanced due diligence and know-your customer requirements.
New York Announces Latest Action Against A Bank Consulting Firm
On August 18, the New York DFS announced an settlement with a bank consulting firm to resolve allegations related to certain services it performed for a bank charged last year with sanctions violations. The consulting firm allegedly altered an historical transaction review (HTR) report submitted to regulators regarding wire transfers that the bank completed on behalf of sanctioned countries and entities. At the bank’s request, the firm allegedly removed from the original HTR report key information and warning language concerning the bank’s transactions. Specifically, the DFS alleges that the firm: (i) removed the English translation of the bank’s wire stripping instructions; (ii) removed a regulatory term to describe the wire-stripping instructions and a discussion of the activities; and (iii) deleted “several forensic questions” that the firm identified as necessary for consideration in connection with the HTR report. The agreement prohibits the firm from doing business with any DFS-regulated institution for two years and requires the firm to: (i) pay a $25 million penalty; and (ii) implement certain reforms to address the conflicts of interest within the consulting industry.
CFPB Enforcement Action Targets Auto Finance Company's Credit Reporting Practices
On August 20, the CFPB announced a consent order with a Texas-based auto finance company to address alleged deficiencies in the finance company’s credit reporting practices. The company offers both direct and indirect financing of consumer auto purchases, and, according to the CFPB, specializes in lending to consumers with impaired credit profiles. In general, the CFPB took issue with the finance company’s alleged failure to implement policies and procedures regarding the accuracy and integrity of information furnished to consumer credit reporting agencies (CRAs) and alleged deceptive acts in the finance company’s representations regarding the accuracy of furnished information.
The CFPB’s action specifically alleged that the finance company violated the Fair Credit Reporting Act (FCRA) by providing inaccurate information to credit reporting agencies regarding how its borrowers were performing on their accounts, including by: (i) reporting inaccurate information about how much consumers were paying toward their debts; (ii) reporting inaccurate “dates of first delinquency,” which is the date on which a consumer first became late in paying back the loan; (iii) substantially inflating the number of delinquencies for some borrowers when it reported borrowers’ last 24 months of consecutive payment activity; (iv) informing CRAs that some of its borrowers had their vehicles repossessed, when in fact those individuals had voluntarily surrendered their vehicles back to the lienholder. The CFPB claims this activity took place over a three-year period, even after the company was made aware of the issue. The CFPB believes the company furnished incorrect information to the CRAs on as many as 118,855 accounts.
The consent order requires the company to pay a $2.75 million penalty to the CFPB. In addition, the finance company must: (i) review all previously reported accounts for inaccuracies and correct those accounts or delete the tradeline; (ii) arrange for consumers to obtain a free credit report; and (iii) inform all affected consumers of the inaccuracies, their right to a free consumer report, and how consumers may dispute inaccuracies. The order also directs the company to sufficiently provide the staffing, facilities, systems, and information necessary to timely and completely respond to consumer disputes in compliance with the FCRA.
CFPB Fines Online Mortgage Company And Its Owner For Alleged Deceptive Rate Advertising
On August 12, the CFPB announced a consent order with a nonbank mortgage lender, its affiliated appraisal management company (AMC), and the individual owner of both companies to resolve allegations that the lender deceptively advertised mortgage rates to consumers, improperly charged fees before providing consumers with Good Faith Estimates (GFE), and failed to disclose its affiliation with the AMC while allowing the AMC to charge inflated fees.
Allegations
As explained in the consent order, the lender primarily conducts business online through its own website, and also advertises its mortgages through display ads on independent websites and the website of an unaffiliated third-party rate publisher. The CFPB asserts that, over a roughly two-year period, a “systemic problem” caused the lender to list on the rate publisher’s website lower rates for certain mortgages than the lender was willing to honor, and that the lender supplied other rates to the rate publisher that were unlikely to be locked for the majority of the lender’s borrowers. The CFPB claims that the lender failed to perform systematic due diligence or quality control to ensure the accuracy of listed rates, even though the lender was made aware through consumer complaints that certain rates were inaccurate.
The CFPB also claims that, over a period of more than two years, the lender advertised in its display ads on independent websites rates that were based on (i) a consumer profile that included an 800 credit score, although most of the lender’s borrowers had scores below 800; and (ii) payment of high discount points, without adequate disclosure of the bases for the rates. In addition, the CFPB asserts that, over a nearly four-year period, the lender generated inaccurate personal loan quotes for certain consumers because the design of the lender’s website prevented those consumers from changing the model’s credit score from 800 to a more applicable lower score. The CFPB asserts these practices violated the Mortgage Advertising and Practices (MAP) Rule by misleading consumers.
The CFPB also alleges that the lender violated RESPA and TILA by overcharging for credit reports and by requiring consumers to schedule and give payment authorization information for appraisals before providing a GFE and receiving indication that the consumers intended to proceed with a loan from the lender, thereby restricting consumers’ ability to shop for alternatives. In addition, the CFPB claims that the lender violated RESPA by failing to properly disclose its affiliate relationship with the AMC and making numerous deceptive statements that led consumers to believe that the lender had no relationship with the AMC and that the AMC’s fees were reasonable third-party fees, and violated the MAP Rule by inflating prices for certain of the AMC’s services, including “appraisal validations.”
According to the CFPB, much of the alleged conduct was directed by, and provided a financial benefit to, the companies’ individual owner.
Redress, Penalties, and Corrective Actions
The consent order requires the lender to pay nearly $14.9 million to the CFPB, which will distribute the funds to consumers who: (i) viewed the lender’s misleading rates on the rate publisher’s website on or after July 21, 2011 and then took out a mortgage with the lender with higher than advertised rates; (ii) received misleading mortgage quotes on the lender’s website based on an inapplicable 800 FICO score on or after July 21, 2011 and then took out a mortgage with the lender at a rate higher than that quoted; (iii) on or after November 1, 2009 paid more than the actual costs of credit reports before the lender provided a GFE; (iv) paid an appraisal fee on or after January 1, 2011 without receiving a proper affiliated business disclosure; and (v) closed loans during or after December 2010 and paid for appraisal review fees.
The order also: (i) requires the lender to pay a $4.5 million penalty; (ii) regulates the way the lender is permitted to advertise interest rates; (iii) mandates numerous other corrective actions related to the alleged activity; and (iv) requires the lender to hire an independent consultant to assess the lender’s advertising and disclosure practices and report to the CFPB’s Enforcement Director.
Under the consent order, the individual owner is jointly and severally liable for the nearly $14.9 million redress judgment, and must pay a $1.5 million civil money penalty.
SDNY Judge Approves RMBS Consent Judgment But Questions Second Circuit's Standard For Reviewing Agency Consent Judgments
On August 5, U.S. District Court for the Southern District of New York Judge Jed Rakoff approved a consent judgment between the SEC and a financial institution to resolve allegations that the institution violated securities laws in connection with certain mortgage-backed securities. SEC v. Citigroup Global Markets Inc., No. 11-7387, 2014 WL 3827497 (S.D.N.Y. Aug. 5, 2014). Earlier this year, the U.S. Court of Appeals for the Second Circuit vacated and remanded the district court’s earlier decision to reject the proposed settlement, holding that the proper standard for reviewing a proposed enforcement agency consent judgment is whether the proposed consent decree is fair and reasonable, and in the event the agreement includes injunctive relief, whether “the public interest would not be disserved.” On remand, Judge Rakoff approved the consent judgment stating that based on the underlying record, “the Court cannot say that the proposed Consent Judgment is procedurally improper or in any material respect fails to comport with the very modest standard imposed by the Court of Appeals.” Judge Rakoff noted his concern, however, that “as a result of the Court of Appeals decision, the settlements reached by governmental regulatory bodies and enforced by the judiciary’s contempt powers will in practice be subject to no meaningful oversight whatsoever.”
CFPB, State AGs Announce Joint Enforcement Action Against Military Consumer Lender
On July 29, the CFPB and 13 state Attorneys General announced a consent order that requires a consumer lender currently in Chapter 7 bankruptcy to provide $92 million in debt relief for about 17,000 U.S. servicemembers and other consumers harmed by the company’s alleged predatory lending scheme. The lender offered credit to consumers purchasing computers, videogame consoles, televisions, or other products, which typically were purchased at mall kiosks near military bases. In some cases the lender was the initial creditor, and in other cases, the lender provided indirect financing by agreeing to buy the financing contracts from merchants who sold the goods.
Allegations
The CFPB claims the lender “lured consumers with the promise of no money down and instant financing.” Then, according to the CFPB, the lender and its merchant partners artificially inflated the disclosed price of the consumer goods being sold to mask finance charges collected by the lender. The CFPB also asserts that the company withheld information on billing statements, failed to obtain required lending licenses, and illegally collected on loans that were void pursuant to state licensing and usury laws.
Specifically, the CFPB alleges the lender violated TILA by (i) failing to accurately disclose the finance charge and annual percentage rate for financing agreements where they served as the creditor; and (ii) failing to disclose or accurately disclose in periodic billing statements for open-end financing agreements the annual percentage rate, the balance subject to interest rate, how that balance was determined, itemized interest charges, the closing date of the billing cycle, and the account balance on that date.
In addition, the CFPB claims the lender violated the Consumer Financial Protection Act’s UDAAP provisions by purchasing deceptive financing agreements from merchants and thereby facilitating the merchant’s deceptive disclosures. The CFPB also asserts UDAAP violations for servicing and collecting on consumer financing agreements that state laws rendered void or limited the consumer's obligation to repay.
Debt Relief
The order requires that all efforts to collect on any outstanding financing agreements cease—approximately $60 million in contracts owed by about 12,000 consumers—and that the liquidating trust created as part of the company’s bankruptcy plan stop collections on approximately $32 million owed by more than 5,000 consumers. Servicemembers may keep the merchandise they purchased. In addition, the company must update credit reporting agencies and notify servicemembers and other consumers of debt status.
Penalty & Redress
The order also requires the company, through its bankruptcy trustee, to make a $1 penalty payment to the CFPB’s Civil Penalty Fund. The CFPB states that the bankruptcy prevents it from assessing a larger penalty, but the $1 payment may allow harmed consumers to be eligible for relief from the Civil Penalty Fund in the future, although that determination has not yet been made. The order also requires redress payments for excess finance charges. Due to the company’s inability to pay, the redress requirement will be suspended once the company complies with the debt relief provisions.
House Oversight Committee Seeks DOJ Documents On RMBS Settlements
On July 24, House Oversight Committee Chairman Darrell Issa (R-CA) sent a letter to Attorney General Holder raising questions about the DOJ’s “inclination to enter into settlement agreements with respect to mortgage securities fraud” claims. The Chairman notes that large RMBS settlements to date have been predicated on violations of FIRREA, which allows the DOJ to initiate lawsuits seeking civil money penalties. The letter suggests the DOJ’s decision not to litigate or secure a criminal plea diverges from the agency’s strategy in other contexts. Chairman Issa asks the DOJ to produce, by August 14, all documents and communications since January 2011 referring or relating to two recent major RMBS settlements, as well as any policies in effect during that time governing the decision to conclude pre-suit negotiations.