Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
OFAC reaches $508 million settlement with British tobacco company on North Korean transactions
On April 25, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a $508 million settlement with one of the world’s largest tobacco companies to resolve potential civil liabilities stemming from allegations that the company sent more than $250 million in profits from a North Korean joint venture through U.S. financial institutions by relying on designated North Korean banks and several intermediaries. According to OFAC’s web notice, from 2007 to 2016, the London-headquartered company formed a conspiracy to export tobacco and related products to North Korea, and remitted approximately $250 million in payments from the North Korean joint venture. The payments were allegedly remitted through bank accounts controlled by sanctioned North Korean banks to the company’s Singaporean subsidiary via U.S. banks who cleared the transactions. By causing U.S. financial institutions to process wire transfers containing blocked property interests of sanctioned North Korean banks in order to export financial services and facilitate the export of tobacco, the company violated the Weapons of Mass Destruction Proliferators Sanctions Regulations and the North Korea Sanctions Regulations, OFAC said.
According to OFAC, the settlement is the largest ever reached with a non-financial institution and reflects the statutory maximum penalty due to OFAC’s determination that the company’s conduct was egregious and not voluntarily self-disclosed. In arriving at the settlement amount, OFAC determined, among other things, that the company and its subsidiaries willfully conspired to transfer hundreds of millions of dollars related to North Korea through U.S. financial institutions while being aware that U.S. sanctions regulations prohibited this conduct. The company and its subsidiaries also allegedly “relied on an opaque series of front companies and intermediaries” to conceal their North-Korea-related business, with management having actual knowledge about the alleged conspiracy from the beginning. OFAC also considered various mitigating factors, including that the company has not received a penalty notice from OFAC in the preceding five years, and that the company cooperated with OFAC and agreed to toll the statute of limitations.
Providing context for the settlement, OFAC said that this action demonstrates that “creating the illusion of distance between a firm and apparently violative conduct does not shield that firm from liability.” Moreover, “[s]enior management decisions to approve or otherwise support arrangements that obscure dealings with sanctioned countries and parties can be reflected throughout an organization, compounding sanctions risks and increasing the likelihood of committing potential violations.”
Concurrently, the DOJ announced that the company and one of its subsidiaries have agreed to pay combined penalties of more than $629 million to resolve bank fraud and sanctions violations charges stemming from the aforementioned conduct. According to the DOJ, the subsidiary pleaded guilty to a criminal information charging both entities with conspiracy to commit bank fraud and conspiracy to violate the International Emergency Economic Powers Act. The company entered into a deferred prosecution agreement related to these charges.
District Court won’t stay CFPB litigation with credit reporter
On April 13, the U.S. District Court for the Northern District of Illinois denied a credit reporting agency’s (CRA) bid to stay litigation filed by the CFPB alleging deceptive practices related to the marketing and sale of credit scores, credit reports, and credit-monitoring products to consumers. The Bureau sued the CRA and one of its former senior executives last April (covered by InfoBytes here), claiming the defendants allegedly violated a 2017 consent order by continuing to engage in “digital dark patterns” that caused consumers seeking free credit scores to unknowingly sign up for a credit monitoring service with recurring monthly charges.
The CRA requested a stay while the U.S. Supreme Court considers whether the Bureau’s funding mechanism is unconstitutional. Earlier this year, the Court agreed to review next term the 5th Circuit’s decision in Community Financial Services Association of America v. Consumer Financial Protection Bureau, where it found that the CFPB’s “perpetual self-directed, double-insulated funding structure” violated the Constitution’s Appropriations Clause. (Covered by InfoBytes here and a firm article here.) While acknowledging that a ruling against the Bureau may result in the dismissal of the action against the CRA, the court concurred with the Bureau that consumers may be exposed to harm during a stay. “Were I to grant the requested stay, it could last more than one year, depending on when the Supreme Court issues its opinion,” the court wrote. “In that time, if the Bureau’s allegations bear out, consumers will continue to suffer harm because of defendants’ unlawful conduct. That potential cost is too great to outweigh the resource preserving benefits a stay would confer.”
District Court orders fintech to pay $2.8 million to settle claims of price manipulation of crypto-assets security
On April 20, the U.S. District Court for the Southern District of New York entered a final judgment in which a fintech company and its former CEO (collectively, “defendants”) have agreed to pay the SEC more than $2.8 million to settle allegations that they manipulated the price of their crypto-assets security. The SEC filed charges against the defendants last September for “perpetrating a scheme to manipulate the trading volume and price” of their digital token, and for effectuating the unregistered offering and sale of such token. The complaint also contended that the defendants hired a third party to create the false appearance of robust market activity for the token and inflated the token’s price in order to generate profits for the defendants. According to the SEC, the defendants allegedly earned more than $2 million as a result. The SEC charged the defendants with violating several provisions of the Securities Act of 1934 and Rule 10b-5, as well as certain sections of the Exchange Act. At the time the charges were filed, the third party’s CEO consented to a judgment (without admitting or denying the allegations), which permanently enjoined him from participating in future securities offerings and required him to pay disgorgement and prejudgment interest.
The defendants, while neither admitting nor denying the allegations, consented to the terms of the April final judgment. The company agreed to pay nearly $2.8 million, including more than $1.5 million in disgorgement of net profits, a civil penalty of more than $1 million, and roughly $240,000 in prejudgment interest. The former CEO agreed to pay more than $260,000, representing disgorgement, prejudgment interest, and a civil penalty. Both defendants are permanently enjoined from engaging in future securities law violations, and are restricted in their ability to engage in any offering of crypto asset securities.
DFPI cracks down on crypto platforms’ AI claims
On April 19, the California Department of Financial Protection and Innovation (DFPI) announced enforcement actions against five separate entities and an individual for allegedly offering and selling unqualified securities and making material misrepresentations and omissions to investors in violation of California securities laws. According to DFPI, the desist and refrain orders allege that the subjects (which touted themselves as cryptocurrency trading platforms) engaged in a variety of unlawful and deceptive practices, including promising investors high yield returns through the use of artificial intelligence to trade crypto assets, falsely representing that an insurance fund would prevent investor losses, and using investor funds to pay purported profits to other investors. The subjects also allegedly took measures to make the scams appear to be legitimate businesses through the creation of professional websites and social media accounts where influencers and investors shared testimonials about the money they were supposedly making. The orders require the subjects to stop offering, selling, buying, or offering to buy securities in the state, and demonstrate DFPI’s continued crackdown on high yield investment programs.
FTC, DOJ sue payment processor for tech support scams
On April 17, the DOJ filed a complaint on behalf of the FTC against several corporate and individual defendants for violating the FTC Act and the Telemarketing Sales Rule (TSR) by allegedly engaging in credit card laundering for tech support scams. (See also FTC press release here.) According to the complaint, since at least 2016, the defendants—a payment processing company and several of its subsidiaries, along with the company’s CEO and chief strategy officer—worked with telemarketers who made misrepresentations to consumers about the performance and security of their computers through the use of deceptive pop ups in order to sell technical support scams. Defendants’ involvement included assisting and facilitating the illegal sales and laundering the credit card charges through their own merchant accounts (thus giving the scammers access to the U.S. credit card network) where defendants received a commission for each charge. The complaint maintained that the defendants “engaged in this activity even though it and its officers knew or consciously avoided knowing that its tech support clients were engaged in deceptive telemarketing practices.”
The proposed court orders (see here, here, and here) each impose monetary judgments of $16.5 million and (i) prohibit the defendants from engaging in credit card laundering through merchant accounts; (ii) require the defendants to screen and monitor any high-risk clients and take action if clients should charge consumers without authorization or violate the TSR; and (iii) prohibit the defendants from engaging in payment processing or assisting tech support companies that engage in false or unsubstantiated telemarketing or advertising. According to the DOJ’s announcement the defendants will be required to pay a combined total of $650,000 in consumer redress. This payment will result in the suspension of the total monetary judgment of $49.5 million due to the defendants’ inability to pay.
CFPB denies small-dollar lender’s request to set aside CID
The CFPB recently denied a lender’s request to set aside or modify a civil investigative demand (CID) issued in January related to its short-term and small-dollar lending practices. The lender’s redacted petition asserted that it “is a small business that is barely getting by” and that it has already provided documents and information, as well as corporate testimony from the lender’s CEO/chief compliance officer. Maintaining that the CID is overly broad, unduly burdensome, and contains “many deficiencies,” the lender stated that requests made to the Bureau to withdraw the CID, narrow its focus, or raise specific concerns have not been answered. Rather, the lender claimed it was expected to incur further expenses to comply with requests that “it cannot be expected to make sense of” and that “would almost certainly result in financial ruin.”
In denying the request, the Bureau stated that the lender did not meaningfully engage in the required meet-and-confer process, and informed the lender that, by regulation, it “will not consider a petition to set aside a CID where the petitioner does not first attempt to resolve any objections it has through good-faith negotiation with the Bureau’s investigators.” According to the Bureau, during the meet-and-confer, the lender refused to submit requested information and did not propose any modifications to the CID that would reduce the burden while still ensuring the necessary information would be provided. The Bureau also refuted the lender’s claims that the CID was overly broad, stating that it was seeking information that was “reasonably relevant” to a lawful purpose, i.e. information about its business practices as a short-term and small-dollar lender, employees in possession of relevant information, employee performance metrics, and consumers who took out loans. Obtaining information on the lender’s servicing and collection practices will “shed light on whether the representations it made about the nature and true costs of the loans were deceptive and whether the company improperly induced consumers to renew loans,” the Bureau maintained. The Bureau also disagreed with the assertion that the CID was unduly burdensome, stating that the lender, among other things, failed to establish that complying with the CID would impose excessive financial costs.
The Bureau directed the lender to comply with the CID within 14 days of the order.
Multinational tech company to pay $3.3 million for OFAC and BIS violations
On April 6, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC), in consultation with the Department of Commerce’s Bureau of Industry and Security (BIS), announced a $3.3 million settlement with a multinational technology company to resolve potential civil liabilities stemming from the exportation of services or software from the United States to sanctioned jurisdictions and to Specially Designated Nationals (SDNs) or blocked persons. The settlement comprised an agreement with OFAC to pay a civil penalty of $2,980,264.86 and an administrative penalty of $624,013 with BIS. In light of the related OFAC action, the company was given a $276,382 credit by BIS contingent upon the company fulfilling its requirements under the OFAC settlement agreement, resulting in a combined overall penalty amount of $3,327,896.86.
According to OFAC’s web notice, the conduct underlying the administrative penalty imposed by BIS stemmed from certain conduct involving the company’s Russian subsidiary. The conduct underlying the settlement with OFAC took place between July 2012 and April 2019, when the company and certain subsidiaries allegedly “sold software licenses, activated software licenses, and/or provided related services from servers and systems located in the United States and Ireland to SDNs, blocked persons, and other end users located in Cuba, Iran, Syria, Russia, and the Crimea region of Ukraine.” The total value of the 1,339 apparent violations was more than $12 million. OFAC alleged that the causes of these apparent violations stemmed from a lack of complete or accurate information on end customers for the company’s products, and that during the relevant time period, there were shortcomings in the company’s restricted-party screening controls. Among other things, OFAC alleged that the company’s screening architecture did not aggregate identifying information across its various databases to identify SDNs or blocked persons, failed to screen and evaluate pre-existing customers in a timely fashion, and missed common variations of restricted party names.
In arriving at the $2,980,265.86 settlement amount, OFAC considered various mitigating factors, including that (i) evidence did not show that persons located in U.S. offices or management were aware of the alleged activity at the time (the apparent violations were revealed during a self-initiated look back); (ii) upon identifying the apparent violations, the company self-disclosed the matter to OFAC, conducted a retrospective review of thousands of past transactions, cooperated with OFAC throughout the investigation, terminated the accounts of the SDNs or blocked persons, and updated internal procedures to disable access to products or services upon discovery of a sanctioned party; and (iii) the company “undertook significant remedial measures and enhanced its sanctions compliance program through substantial investment and structural changes.” OFAC outlined several compliance considerations for companies conducting business through foreign-based subsidiaries, distributors, and resellers, and reminded businesses that OFAC’s SDN List is dynamic, and that when changes to the list are made, “companies should evaluate their pre-existing trade relationships to avoid dealings with prohibited parties.”
Collection agency to pay $10k for operating without a license
On March 21, the Connecticut Department of Banking fined a collection agency $10,000 and ordered it to cease and desist from collection agency activity for operating without a valid license. According to the order, the company applied for a consumer collection agency license in Connecticut in October 2022. However, during its review of the company’s application, the Department of Banking discovered that the company had been operating as a consumer collection agency without a license in the state since at least 2019. Under the terms of the consent order, the company must pay a civil penalty fine of $10,000, and pay $800 to cover back licensing fees. The company consented to the entry of the sanctions without admitting or denying any wrongdoing “solely for the purpose of obviating the need for further formal administrative proceedings,” the order said.
FTC, Florida AG sue “chargeback mitigation” company
On April 12, the FTC and the Florida attorney general filed a complaint in the U.S. District Court for the Middle District of Florida alleging a “chargeback mitigation” company and its owners (collectively, “defendants”) used numerous unfair tactics to thwart consumers trying to dispute credit card charges through the chargeback process. The chargeback process allows consumers to contest unwanted, fraudulent, or incorrect credit card charges with their credit card companies. According to the complaint, the defendants regularly sent screenshots and statements on behalf of company clients to credit card companies allegedly showing that consumers had agreed to the disputed charges. However, the FTC claimed that in many instances, the misleading screenshots did not come from the merchant’s website where the consumer made the disputed purchase. The complaint further alleged that the defendants used a system that allowed company clients to run numerous small-value transactions via prepaid debit cards in order to raise the number of transactions, thus lowering the percentage of charges that were disputed by consumers. The service, the FTC maintained, “enabled fraudulent merchants to evade or delay chargeback monitoring programs, fines, and account terminations designed to protect consumers from fraud.”
The FTC noted that three of the defendants’ major clients (for which the defendants disputed tens of thousands of chargebacks on behalf of each of the companies) were previously sued by the FTC for engaging in deceptive negative-option marketing practices. The complaint accused the defendants of ignoring clear warning signs that the screenshots were misleading, including instances where the name of the product referenced in the screenshot did not match the product in the disputed purchase. The defendants also allegedly often overlooked company clients that opened and used a large number of different merchant accounts to process charges. Asserting violations of the FTC Act and the Florida Unfair and Deceptive Trade Practices Act, the complaint seeks permanent injunctive relief, restitution, and civil penalties.
CFPB sues co-trustees for concealing assets to avoid fine
On April 5, the CFPB filed a complaint against two individuals, both individually and in their roles as co-trustees of two trusts, accusing them of concealing assets to avoid paying a fine owed to the Bureau. In 2015 the Bureau filed an administrative action alleging one of the co-trustees—the former president of a Delaware-based online payday lender (the “individual defendant”)—and the lender violated TILA and EFTA and engaged in unfair or deceptive acts or practices when making short-term loans. (Covered by InfoBytes here.) The Bureau’s administrative order required the payment of more than $38 million in both legal and equitable restitution, along with $7.5 million in civil penalties for the company and $5 million in civil penalties for the individual defendant.
As previously covered by InfoBytes, two different administrative law judges (ALJs) decided the present case years apart, with their recommendations separately appealed to the Bureau’s director. The director upheld the decision by the second ALJ and ordered the lender and the individual defendant to pay the restitution. A district court issued a final order upholding the award, which was appealed on the grounds that the enforcement action violated their due process rights by denying the individual defendant additional discovery concerning the statute of limitations. The lender and the individual defendant recently filed a petition for writ of certiorari challenging the U.S. Court of Appeals for the Tenth Circuit’s affirmation of the CFPB administrative ruling, and asked the U.S. Supreme Court to review whether the high court’s ruling in Lucia v. SEC, which “instructed that an agency must hold a ‘new hearing’ before a new and properly appointed official in order to cure an Appointments Clause violation” (covered by InfoBytes here), meant that a CFPB ALJ could “conduct a cold review of the paper record of the first, tainted hearing, without any additional discovery or new testimony,” or whether the Court intended for the agency to actually conduct a new hearing.
The Bureau claimed in its announcement that to date, the defendants have not complied with the agency’s order, nor have they obtained a stay while their appeal was pending. The defendants have also made no payments to satisfy the judgment, the Bureau said. The complaint alleges that the co-trustee defendants transferred funds to hinder, delay, or defraud the Bureau, in violation of the FDCPA, in order to avoid paying the owed restitution and penalties. Specifically, the complaint alleges that between 2013 and 2015, after becoming aware of the Bureau’s investigation, the individual defendant transferred $12.3 million to his wife through their revocable trusts, for which his wife is the beneficiary. The complaint requests a declaration that the transactions were fraudulent, seeks to recover the value of the transferred assets via liens on the property in partial satisfaction of the Bureau’s judgment against the individual defendant, and seeks a monetary judgment against the wife and her trust for the value of the respective property and/or funds received as a transferee of fraudulent conveyances of the property belonging to the individual defendant.