InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FinCEN Director Reinforces Enforcement And Compliance Themes, Highlights Risks For Securities Firms
On January 30, in remarks to SIFMA’s AML and Financial Crimes Conference, FinCEN Director Jennifer Shasky Calvery stressed the importance of establishing a “culture of compliance” at financial institutions to support effective AML safeguards. The Director’s comments reinforce similar remarks made in recent months by both the Deputy U.S. Attorney General and Comptroller Curry. And like Comptroller Curry, Ms. Shasky Calvery highlighted the need for better information sharing not only within institutions but between institutions. FinCEN agrees with industry feedback that the agency needs to improve its own ability to share information. Also part of a broader theme among enforcement authorities, the Director explained that financial institutions should take responsibility when their actions violate the BSA, not only by admitting to the facts alleged by FinCEN but also by acknowledging a violation of the law. She highlighted specific risks in the securities sector including those related to the use of cash, and explained that securities firms that provide bank-like services need to consider the vulnerabilities associated with engaging in such services and must ensure that their compliance programs are commensurate with those risks.
SEC Chairman Sets 2014 Agenda, Promises Vigorous Enforcement
On January 27, SEC Chairman Mary Jo White outlined in remarks to the 41st Annual Securities Regulation Institute her agency’s 2014 agenda, promising “incredibly active enforcement” across “the entire industry spectrum.” Within that enforcement push, the Commission will pay particular attention to financial fraud, including by working to complete its major investigations stemming from the financial crisis while ramping up investigations by its new Financial Reporting and Accounting Task Force. As part of the broader enforcement agenda, the SEC will continue its new stance on seeking admissions from alleged wrongdoers, a policy change that Ms. White first announced publicly last June. Chairman White cited public and media pressure as part of the reason for the change, and explained that “admissions can achieve a greater measure of public accountability.” Outside of the agency’s enforcement plans, Chairman White highlighted numerous other SEC initiatives, including finalizing new disclosure requirements for asset-backed securities. The Commission also will continue to implement the National Examination Program’s new trading data analytics tool—just one example of the “transformative changes at the SEC in 2014” necessary to keep up with evolving market technology.
SDNY U.S. Attorney Details BSA/AML Enforcement Plans
On January 27, during a speech to certified AML compliance specialists, the U.S. Attorney for the Southern District of New York, Preet Bharara, stressed BSA/AML enforcement as a top priority for his office. Mr. Bharara focused on three issues: (i) the importance of holding institutions accountable for misconduct; (ii) the need for law enforcement to stay ahead of rapidly changing markets and technologies; and (iii) organizational changes within his office to bring the needed resources to bear. With regard to enforcement against institutions, the U.S. Attorney rebutted arguments that prosecutors should focus on individuals and described the full spectrum of tools available to hold institutions accountable—ranging from pursuing criminal prosecutions to seeking monetary fines and restitution through civil actions. He stressed the need to employ the full range of tools against institutions, especially in the AML context where many of the anti-money laundering laws and BSA provisions are specifically directed at institutions. The U.S. Attorney also announced that his office’s Criminal Division’s Asset Forfeiture Unit will be renamed the Money Laundering and Asset Forfeiture Unit to reflect his office’s commitment to dedicate more physical and human resources to addressing money laundering crimes and BSA violations.
Federal Government Seeks Higher Penalties In GSE Fraud Case
On January 29, the DOJ filed a supplemental brief in support of its claim for civil penalties following a jury verdict it obtained last October in the first case alleging violations of FIRREA in connection with loans sold to Fannie Mae and Freddie Mac. U.S. v. Countrywide Fin. Corp., No. 12-CV-1422 (S.D.N.Y. Jan. 28, 2014). In October, following a four week trial, a jury found a bank liable under FIRREA based on a program operated by a lender that the bank had acquired. The government originally sought damages of $864 million based on alleged losses incurred by Fannie Mae and Freddie Mac. After the judge requested supplemental briefing from the parties focused on the alleged gain rather than loss, the government submitted a brief arguing that the gain was $2.1 billion, and requesting that the court impose a penalty in that amount. The government asserts that the penalty should be calculated using gross gain, rather than net gain, to accomplish “FIRREA’s central purpose of punishment and deterrence.”
California Attorney General Files Suit Over Untimely Data Breach Notice
On January 24, the California Attorney General (AG) sued a health care company over its alleged failure to timely submit notice of a 2011 data breach. According to the complaint, the company learned of the breach at the end of September 2011, completed a preliminary investigation in December 2011, and subsequently continued the investigation through mid-February 2012. The company allegedly did not begin mailing notice letters to affected individuals until mid-March. The complaint alleges the company failed to provide such notice in the most expedient time possible, which the AG alleges could have commenced in December 2011. The complaint also includes allegations regarding the actual breach at issue. The AG is seeking statutory penalties of $2500 per violation. Among other things, the suit demonstrates the AG’s inclination to take privacy and data security actions beyond the California Online Privacy Protection Act.
CFPB Director Defends Mortgage Rules, Discusses Plans In Other Markets
On January 28, the House Financial Services Committee held a lengthy hearing with CFPB Director Richard Cordray in connection with the CFPB’s November 2013 Semi-Annual Report to Congress, which covers the period April 1, 2013 through September 30, 2013. The hearing came a day after the Committee launched a CFPB-like “Tell Your Story” feature through which it is seeking information from consumers and business owners about how the CFPB has impacted them or their customers. The Committee has provided an online submission form and also will take stories by telephone. Mr. Cordray’s prepared statement provided a general recap of the CFPB’s recent activities and focused on the mortgage rules and their implementation. It also specifically highlighted the CFPB’s concerns with the student loan servicing market.
The question and answer session centered on the implementation and impact of the CFPB’s mortgage rules, as well as the CFPB’s activities with regard to auto finance, HMDA, credit reporting, student lending, and other topics. Committee members also questioned Mr. Cordray on the CFPB’s collection and use of consumer data, particularly credit card account data, and the costs of the CFPB’s building construction/rehabilitation.
Mortgage Rule Implementation / Impact
Generally, Director Cordray pushed back against charges that the mortgage rules, in particular the ATR/QM rule, are inflexible and will limit credit availability. He urged members to wait for data before judging the impacts, and he suggested that much of the concerns being raised are “unreasoned and irrational,” resulting from smaller institutions that are unaware of the CFPB’s adjustments to the QM rule. He stated that he has personally called many small banks and has learned they are just not aware of the rule’s flexibility. He repeatedly stated that the rules can be amended, and that the CFPB will be closely monitoring market data.
The impact of the mortgage rules on the availability of credit for manufactured homes was a major topic throughout the hearing, On the substance of the issue, which was raised by Reps. Pearce (R-NM), Fincher (R-TN), Clay (D-MO), Sewell (D-AL), and others, Director Cordray explained that in his understanding, the concerns from the manufactured housing industry began with earlier changes in the HOEPA rule that resulted in a retreat from manufacture home lending. He stated that industry overreacted and now lenders are coming back into the market. Mr. Cordray has met personally with many lenders on this issue and will continue to do so while monitoring the market for actual impacts, as opposed to the “doomsday scenarios that are easy to speculate on in a room like this.” Still, he committed to work on this issue with manufacturers and lenders, as well as committee members.
Several committee members, including Reps. Sherman (D-CA), and Huizenga (R-MI) raised the issue of the requirement that title insurance from affiliated companies must be counted in the QM three percent cap. Mr. Cordray repeated that the CFPB believes Congress made a determination to include affiliate title protections in numerous places in the Dodd-Frank Act. That said, the CFPB is looking at the data on the impacts and meeting with stakeholders. Rep. Huizenga was most forceful, stating that while the CFPB has sought to limit the impact of the three percent cap, it is not enough. He raised again his bill, HR 1077, Rep. Meeks’ HR 3211, and ongoing work with Senators Vitter (R-LA) and Manchin (D-WV). He cited a survey conducted by the Real Estate Settlement Providers Council that found the inclusion of title charges causes 60 percent of loans under $60,000 to fail as qualified mortgages, and such loans actually become high-cost HOEPA loans. The survey also found that 45 percent of affiliated loans between $60,000 and $125,000 failed to qualify as qualified mortgages, and that 97 percent of the loans that failed as QMs were under $200,000 simply due to the inclusion of title insurance. Director Cordray did not have time to respond in full, but indicated the CFPB is waiting to see data on the actual impact.
Rep. Capito focused on the QM rule impact on Habitat for Humanity and other 501(c)(3) entities. Director Cordray stated that he spoke with the Habitat CEO prior to the hearing and believes the CFPB can address all of that organization’s concerns through rule amendments. He added that the CFPB already amended the rule to address Habitat’s first set of concerns, and that its latest concerns are new.
HMDA Rule Amendments & Small Business Fair Lending Rule
As she has done several times in the past, Rep. Velazquez (D-NY) raised the status of rulemaking required by Dodd-Frank Act section 1071 regarding small and minority/women-owned business lending. As he has in the past, Director Cordray explained that the CFPB is having difficulty addressing this rule given it is the only area in which the CFPB is required to address business lending. He added that the CFPB has determined that as it moves forward with the rule to amend HMDA data collection, which is underway now, the Bureau will attempt to fold the small business lending element into that process. He stated that the CFPB is working with the Federal Reserve Board on “overhauling that whole [HMDA] database” and “it feels to me that the right spot for this, and we've talked to a number of folks both from industry and consumer side on this, is to make [the small business lending requirements] part of the later stages of that, so it's coming, but not immediate.”
Auto Finance
Rep. Bachus (R-AL) asked Director Cordray to specify appropriate dealer compensation alternatives. Mr. Cordray responded that the CFPB does not know all the mechanisms yet that would be satisfactory. It is “open to auto lenders and others bringing those to [the CFPB’s] attention, but [the CFPB] did say flat fees are one possibility. A flat percentage of the loan might be a possibility. Some combination of that with different durations of the loan, different levels, and potentially other things that [the CFPB has not] thought of but others in the industry may think of and bring to [its] attention. So [the CFPB is] open-minded on that.”
Reps. Scott (D-GA) and Barr (R-KY) also were critical of the CFPB’s auto finance guidance and suggested the CFPB should have met with industry stakeholders in advance or should have conducted a rulemaking. Mr. Scott asserted that auto credit is tighter and more expensive now. Mr. Cordray defended the guidance, as he has in the past, as a restatement of existing law. He does not believe the guidance has impacted or will impact the health of the auto market.
Rep. Beatty (D-OH) raised a recent proposal from the National Association of Auto Dealers on alternative dealer compensation models. Mr. Cordray acknowledged having seen it, and said that as long as all parties agree that the CFPB is respecting its jurisdictional lines in the auto context, the Bureau is willing to sit down with dealers and others to work on a “broader solution.”
Credit Reporting
Rep. Velazquez (D-NY) asked for an update on the CFPB’s efforts to regulate consumer credit reporting agencies. Director Cordray described the CFPB’s efforts to, for the first time, provide federal supervision of the major credit reporting agencies. He stated that those agencies are not used to such supervision and that, in his view, it has been an adjustment for them. The CFPB has had examination teams into each of the three largest credit reporting agencies and is discussing “various issues” with them and areas of concern. He informed the committee that as a result of the CFPB’s efforts the credit reporting agencies, for the first time, are forwarding the documentation that consumers send them about problems and potential errors in their credit reports to the furnishers to be evaluated. The CFPB still is concerned about errors and error resolution.
Prepaid & Overdraft
In response to an inquiry from Rep. Maloney (D-NY), Mr. Cordray stated that the CFPB is continuing to work on the prepaid card proposed rule to address “a hole in the fabric” of consumer protection. He said the rule likely will address disclosures and add new protections. On overdraft, he acknowledged the CFPB is not as far along—the agency is still studying the market.
Payday & Internet Lending
Rep. Luetkemeyer (R-MO) stated the FDIC and DOJ have admitted to working to shut down online lending. He confirmed that the Oversight Committee is considering investigating DOJ on Operation Choke Point (its payment processor investigations). He asked Director Cordray to support, perhaps with a letter of some sort, legitimate online lending businesses and processors. Mr. Cordray agreed that there is plenty of appropriate online lending, but declined to offer specific help absent further context.
Rep. Murphy (D-FL) later suggested that the CFPB look at the “good regulation and great enforcement” in Florida. Director Cordray responded that the CFPB is looking at “a number of states that have developed different provisions on short-term, small-dollar payday lending” including Florida, Colorado, and Washington.
Rep. Heck (D-WA) inquired as to the status of proposed Military Lending Act regulations. Director Cordray explained that the CFPB has been “actively engaged” on writing new rules with the Department of Defense, the Federal Reserve, the FDIC, the OCC, Treasury Department, and the FTC. It stated that it has been difficult to get multiple agencies to work together, and asked Congress to “keep our feet to the fire and make it clear that you want to see that quickly.”
Mobile Payments & Emerging Products/Providers
Rep. Ellison (D-MN) asked about the CFPB’s views on emerging financial service providers, citing recent reports about T-Mobile’s efforts. Mr. Cordray stated that the CFPB is watching very closely and trying to keep up with the rapidly changing products and markets. He stated that it will present challenges to the current regulatory structure, particularly when phone companies are involved, and that the CFPB will need to coordinate with other regulators and probably will need legislation from Congress. Rep. Heck asked the CFPB to conduct a front-end in-depth analysis of consumer protection issues across various emerging mobile payments platforms. Mr. Cordray did not commit.
Student Lending
Rep. Peters (D-MI) raised his FAIR Student Credit Act bill, HR 2561. The bill, which is co-sponsored by Reps. Bachus (R-AL), Capito (R-WV), and seven other Republicans and 11 Democrats, would amend FCRA with respect to the responsibilities of furnishers of information to consumer reporting agencies. It would provide for the removal of a previously reported default regarding a qualified education loan from a consumer report if the consumer of the loan meets the requirements of a loan rehabilitation program, where the number of consecutive on-time monthly payments are equal to the number of payments specified in a default reduction program under the Higher Education Act of 1965. The bill would limit such rehabilitation benefits to once per loan. Rep. Peters indicated the Committee will consider the legislation, and that he has met with lenders who stated they could start offering rehabilitation immediately after the bill is enacted. Director Cordray stated that without having read the bill, it sounded promising, and that he would ask Rohit Chopra to work with the Congressman.
FTC Actions Allege Violations Of International Safe Harbor Privacy Framework
On January 21, the FTC announced agreements with 12 companies to resolve allegations that the companies falsely claimed compliance with an international privacy framework. The FTC complaints explain that the U.S.-EU Safe Harbor Framework provides a method for U.S. companies to transfer personal data outside of the EU that is consistent with the requirements of the European Union Directive on Data Protection. The Directive sets forth EU requirements for privacy and the protection of personal data and requires EU Member States to implement legislation that prohibits the transfer of personal data outside the EU unless the European Commission has made a determination that the recipient jurisdiction’s laws ensure the protection of such personal data. To participate in the Framework, a U.S. company must self-certify to the U.S. Department of Commerce that it complies with seven principles and related requirements that have been deemed to meet the EU’s adequacy standard. The FTC claimed that the companies indicated compliance with the Safe Harbor principles, for example through privacy policies or certification marks, when the companies had allowed their self-certifications to lapse. The FTC alleged that this conduct violated Section 5 of the FTC Act. The companies did not admit the allegations, and the FTC acknowledged that the allegations do not necessarily mean that the companies committed any substantive violations of the privacy principles of the Safe Harbor framework. The proposed settlement agreements would prohibit the companies from misrepresenting the extent to which they participate in any privacy or data security program sponsored by the government or any other self-regulatory or standard-setting organization.
New York Launches Student Protection Unit, Investigation Of Debt Relief Companies
On January 22, New York Governor Andrew Cuomo launched a new Student Protection Unit within the New York Department of Financial Services dedicated to investigating potential consumer protection violations in the student loan industry. Its first public investigation is focused on companies the unit believes are charging “high, improper fees without adequate notice for enrolling students in debt relief programs that are available for free through the federal government.” The Student Protection Unit issued subpoenas to 13 debt relief companies seeking advertising materials, contracts, consumer disclosures, and fee schedules among other materials.
SEC Administrative Judge Censures Accounting Firms Over Failure To Produce Work For China-Based Companies
On January 22, an SEC administrative law judge (ALJ) prohibited the Chinese affiliates of four major accounting firms from practicing or appearing before the SEC for six months for allegedly failing to turn over certain documents sought by the SEC. BDO China Dahua CPA Co., Ltd., Initial Decision Release No. 553, File Nos. 3-14872, 3-15116 (Jan. 2014). The SEC brought the case in December 2012, alleging that the companies violated the Securities Exchange Act and the Sarbanes-Oxley Act, which requires foreign public accounting firms to provide the SEC upon request with audit work papers involving any company trading on U.S. markets, by refusing to produce audit work papers and other documents related to China-based companies under investigation by the SEC for potential accounting fraud against U.S. investors. The ALJ’s decision centered on Sarbanes-Oxley section 106(e), which provides that a "willful refusal to comply . . . with any request by the Commission . . . under this section, shall be deemed a violation of this Act." The ALJ rejected the firms’ interpretation of willful refusal to require evidence of bad faith or intent, and instead held that "willful refusal to comply" means choosing not to act in response to a request, without regard to good faith. The ALJ determined that each company received a constructive notice of a request pertaining to a client or former client, and willfully refused to comply. The ALJ added that the SEC was permitted to not allow alternate production of the requested materials, explaining that “[n]othing compels the [SEC] to use one avenue rather than another, and it should have discretion to seek documents in whatever fashion the law permits.”
OCC, FDIC Enforcement Action Targets Vendors' Risk Management
On January 17, the OCC released a cease and desist order entered jointly by the OCC and the FDIC with two affiliated technology service providers that offer payment and other technology solutions for banks. Without describing the specific circumstances leading to the action, the order states that the regulators had reason to believe the service providers were operating without (i) an internal auditor or an integrated risk-focused audit program; (ii) a comprehensive due diligence program or formal policies to evaluate vendor risk; (iii) an enterprise-wide risk assessment; (iv) effective business continuity or disaster recovery planning; (v) procedures to identify software vulnerabilities; and (vi) an effective log review program to identify threats. The regulators did not assess a penalty, but will require the vendors to implement numerous risk management enhancements. Under the order, the technology service providers or their board must, among other things, (i) fill specific management positions; (ii) implement an audit program; (iii) conduct a security risk assessment; (iv) develop a vendor management program; (v) implement business continuity/disaster recovery plans; and (vi) submit quarterly progress reports to regulators and client banks.