InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
States reach $1.85 billion settlement with student loan servicer
On January 13, a coalition of attorneys general from 38 states and the District of Columbia reached a $1.85 billion settlement with one of the nation’s largest student loan servicers, resolving allegations that it engaged in misconduct when servicing student loans. The settlement, subject to court approval, brings to an end multistate litigation and investigations into the allegations that the servicer steered borrowers into costly forbearances and expensive repayment plans rather than helping borrowers find affordable income-driven repayment (IDR) plans. The servicer denies violating any consumer financial laws or causing borrower harm, as stated in a separate press release, but has agreed to maintain servicing practices to support borrower success.
Under the terms of the settlement, the servicer has agreed to cancel more than $1.7 billion in private student loan balances owed by roughly 66,000 borrowers. An additional $95 million in restitution payments of about $260 each will also be sent to approximately 357,000 federal student loan borrowers, and the servicer will also pay approximately $142.5 million to the signatory AGs. The settlement also requires the servicer to make several reforms, including explaining the benefits of IDR plans and offering estimated income-driven payment options to borrowers prior to placing them into deferment or discretionary forbearance. The servicer is also required to notify borrowers about the Department of Education’s Public Service Loan Forgiveness limited waiver opportunity (covered by InfoBytes here), implement changes to its payment-processing procedures to limit certain fees for late payments or entering forbearance status, and improve communications informing borrowers of their rights and obligations.
OFAC reaches $5.2 million settlement with Hong Kong company for apparent Iranian sanctions violations
On January 11, the U.S. Treasury Department’s Office of Foreign Assets Control announced a $5.2 million settlement with a Hong Kong, China-based company for allegedly processing certain transactions related to goods of Iranian origin through U.S. financial institutions in violation of the Iranian Transactions and Sanctions Regulations (ITSR). According to OFAC’s web notice, from August 2016 through May 2018, certain company employees violated company-wide policies and procedures by causing the company to purchase Iranian-origin goods from a supplier in Thailand for resale to buyers in China. Under the terms of the trading arrangement, the company made 60 separate U.S. dollar payments from its bank in Hong Kong to the Thai supplier’s banks in Thailand, transferring a total of $75.6 million. Each of these payments were allegedly “processed and settled through multiple U.S. financial institutions, including the U.S. correspondent banks of the Hong Kong and Thai banks.” Due to the noncompliant employees’ misconduct, the funds transfer instructions omitted references to Iran. As a result, U.S. financial institutions were unable to flag the transfers as violating the ITSR, which would have “caused them to reject and report each of these U.S. dollar denominated funds transfers.”
In calculating the settlement amount, OFAC considered the following aggravating factors: (i) the noncompliant employees omitted Iranian country of origin references from all relevant transactional documents over a period of two years, despite knowing and having been advised repeatedly that this conduct violated the ITSR and company policy; (ii) the noncompliant employees “had actual knowledge about the [supplier’s] relation to Iran”; (iii) the company’s actions conferred significant economic benefits to Iran, specifically with respect to Iran’s petrochemical sector; and (iv) the company “is a sophisticated offshore trading and cross-border trade financing company with ready access to experience and expertise in international trade, investment, financing, and sanctions compliance.”
OFAC also considered various mitigating factors, including that (i) the company repeatedly reminded noncompliant employees not to make U.S. dollar payments in connection with Iran-related business transactions; (ii) senior management and compliance personnel were unaware of the violations due to the concealment of the information internally; (iii) the company has not received a penalty notice from OFAC in the preceding five years; and (iv) the company voluntarily self-disclosed the apparent violations, cooperated with OFAC’s investigation, and has undertaken significant remedial measures to ensure sanctions compliance.
SEC issues multiple whistleblower awards
On January 10, the SEC announced that it awarded whistleblowers nearly $4 million for providing information and assistance in two separate investigations. According to the first redacted order, the whistleblower, who reported internally prior to reporting to the SEC, provided significant new information during an existing investigation that alerted the SEC to misconduct occurring overseas and permitted SEC staff to develop an efficient investigative plan to discover the full extent of the violations. The whistleblower received approximately $2.6 million. In the second redacted order, the SEC issued approximately $1.5 million to joint whistleblowers for providing substantial ongoing assistance throughout the investigation, such as by consulting telephonically with SEC staff and providing information about key witnesses, which led to the success of the investigation.
Earlier on January 6, the SEC announced that it awarded a whistleblower nearly $13 million for providing information and assistance that led to an investigation and successful SEC enforcement action. According to the redacted order, the whistleblower voluntarily provided original information to the Commission by meeting in person and helping SEC staff understand the mechanics of the fraudulent scheme, which enabled the Commission to stop an ongoing fraud, minimize investor losses, and return tens of millions of dollars to harmed investors.
The SEC has awarded approximately $1.2 billion to 241 individuals since issuing its first award in 2012.
DFPI enters into a settlement with a rent-to-own furniture provider
On January 10, the California Department of Financial Protection and Innovation (DFPI) announced a settlement with a Los Angeles-based rent-to-own furniture provider for allegedly failing to comply with the Karnette Rental-Purchase Act (Karnette Act) in connection with its subscription agreements. This settlement constitutes the first action against a rent-to-own firm for violating the California Consumer Financial Protection Law (CCFPL). According to the settlement, in addition to charging excessive late fees, the company failed to: (i) disclose whether the property subject to the rental-purchase agreement is new or used; (ii) clearly and conspicuously provide the Karnette Act’s mandated contractual disclosures; and (iii) adhere to the Karnette Act’s prescribed formula for calculating the maximum cash price, among other things. As part of the settlement, the company must desist and refrain from violating the CCFPL, refund customers late fee overcharges, offer its rent-to-own products and services in compliance with the Karnette Act and applicable consumer laws, and report on its activities semi-annually to the DFPI. According to DFPI Commissioner Clothilde V. Hewlett, the consent order “reminds California businesses and consumers that the DFPI will be exercising its expanded authority under the new law.”
CFPB sues debt collectors
On January 10, the CFPB filed a complaint against three debt collection companies and their owners (collectively, “defendants”) for allegedly engaging in illegal debt-collection practices. According to the Bureau, the defendants purchase debt portfolios and place them with other collection companies or sell them. The complaint states that from September 2017 through April 2020, the defendants placed debts valued at more than $8 billion and asserts that the defendants knew or should have known that these third-party collection companies were engaging in unlawful and deceptive debt collection measures. The Bureau alleges the defendants were aware of the companies’ false statements to consumers because they received hundreds of complaints from consumers claiming the companies were threating to arrest or file lawsuits if the consumers’ debts were not paid imminently, and the defendants received recorded phone calls alerting them to the companies’ threats and false statements regarding credit reporting. Further, the Bureau claims that the defendants continued to place debts with and sold debts to these companies even after an internal review found major violations of federal law. The Bureau’s complaint, which alleges violations of the CFPA and the FDCPA, seeks consumer restitution, disgorgement, injunctive relief, and civil money penalties.
French data protection agency issues privacy fines over cookies
On January 6, the French data protection agency, Commission Nationale de l’Informatique et des Libertés (CNIL), fined a multinational technology company 150 million euros and a global social media company 60 million euros (approximately $170 and $68 million USD respectively) for failure to comply with the French Data Protection Act related to the companies’ process for managing cookies. (See additional press releases here and here.) According to the CNIL, the companies provide a button allowing users to immediately accept cookies but do not provide an equivalent option to allow users to easily refuse the cookies through a single click. This process, CNIL stated, “influences [a user’s] choice in favor of consent” since a user “cannot refuse the cookies as easily as they can accept them,” and constitutes an infringement of Article 82 of the French Data Protection Act. In addition to the fines, the CNIL gave the companies three months “to provide […] users located in France with a means of refusing cookies as simple as the existing means of accepting them, in order to guarantee their freedom of consent.” Failure to comply will come with the risk of an additional daily fine of 100,000 euros per day of delay.
FTC permanently bans merchant cash advance providers
On January 5, the FTC announced that two defendants who allegedly participated in small business financing scheme are permanently banned from participating in the merchant cash advance and debt collection industries. As previously covered by InfoBytes, the FTC filed a complaint against two New York-based small-business financing companies and a related entity and individuals (including the settling defendants), claiming the defendants engaged in deceptive and unfair practices by, among other things, misrepresenting the terms of their merchant cash advances, using unfair collection practices, and making unauthorized withdrawals from consumers’ accounts. The defendants also allegedly violated the Gramm-Leach-Bliley Act’s prohibition on using false statements to obtain consumers’ financial information, including bank account numbers, log-in credentials, and the identity of authorized signers, in order “to withdraw more than the specified amount from consumers’ bank accounts.” Additionally, the defendants allegedly “engaged in wanton and egregious behavior, including laughing at consumer requests for refunds from [the defendants’] unauthorized withdrawals from customer bank accounts; abusing the legal system to seize the business and personal assets of their customers; and threatening to break their customers’ jaws or falsely accusing them of child molestation during collection calls.” Under the terms of the stipulated order, the settling defendants are required to pay a $675,000 monetary judgment, and must vacate any judgments against their former customers and release any liens against their customers’ property.
OFAC settles with money services business for Cuba sanctions violations
On January 3, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a $91,172 settlement against a registered money services business for allegedly processing payment transactions for guests traveling to Cuba "for reasons outside of OFAC’s authorized categories” and failing to maintain certain required records associated with Cuba-related transactions. These actions, OFAC, stated, allegedly violated the Cuban Assets Control Regulations (CACR). According to OFAC’s web notice, as the company scaled up its traveler services in Cuba, its technology platforms were allegedly unable to manage the associated sanctions risks, which led to the alleged violations. Among other things, OFAC maintained that the company used a manual process to screen hosts and guests for potential sanctions issues until it began using a customized IP blocking system. Additionally, the company’s alleged recordkeeping violations were primarily attributed to technical defects involving an older version of the company’s mobile application that could be used for Cuba-related travel without “maintain[ing] complete functionality for [g]uests to make an attestation regarding their reason for travel to Cuba.”
In arriving at the settlement amount, OFAC considered various aggravating factors, including, among other things, that the company is a large, sophisticated U.S.-based technology company, and that its alleged violations followed a 2015 foreign policy change with respect to Cuba, as well as associated changes to the CACR, which maintained certain specified restrictions. OFAC also considered various mitigating factors, including that the company (i) did not receive a penalty notice or finding of violation in the past five years preceding the earliest transaction giving rise to this settlement; (ii) conducted a comprehensive review of its sanctions compliance program, voluntarily reported its findings to OFAC, and substantially cooperated with the investigation; and (iii) undertook significant remedial measures to ensure sanctions compliance.
FDIC releases November enforcement actions
On December 30, the FDIC released a list of administrative enforcement actions taken against banks and individuals in November. During the month, the FDIC made public fourteen orders consisting of “three Orders to Pay Civil Money Penalty, one Consent Order, three Termination of Consent Orders, one Order Terminating Supervisory Prompt Corrective Action Directive, one Amended Supervisory Prompt Corrective Action Directive, two Orders of Prohibition from Further Participation, and three Section 19 Orders.” Among the orders is an order to pay a civil money penalty imposed against a Nebraska-based bank related to alleged violations of the Flood Disaster Protection Act. Among other things, the FDIC claimed that the bank: (i) “made, increased, extended, or renewed loans secured by a building or mobile home located or to be located in a special flood hazard area without requiring that the collateral be covered by flood insurance”; (ii) “made, increased, extended or renewed a loan secured by a building or mobile home located or to be located in a special flood hazard area without providing timely notice to the borrower and/or the servicer as to whether flood insurance was available for the collateral”; and (iii) “failed to comply with proper procedures for force-placing flood insurance in instances where the collateral was not covered by flood insurance at some time during the term of the loan.” The order requires the payment of a $6,500 civil money penalty.
The FDIC and the California Department of Financial Protection and Innovation also issued a consent order to a California-based bank, which alleged that the bank had unsafe or unsound banking practices relating to management, capital, asset quality, liquidity and funds management, and violations of law. The bank neither admitted nor denied the alleged violations but agreed to, among other things, retain qualified management and “maintain its total risk-based capital ratio in such an amount as to equal or exceed 12 percent.”
OFAC settles with bank for alleged NKSR and Foreign Narcotics Kingpin Sanctions Regulations violations
On December 23, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a roughly $115,005 settlement of two cases with a Delaware-based bank for allegedly processing transactions in violation of the North Korea Sanctions Regulations (NKSR) and the Foreign Narcotics Kingpin Sanctions Regulations. According to OFAC’s web notice, in the first matter, between December 2016 and August 2018, the bank processed 1,479 transactions totaling $382,685, and maintained nine accounts on behalf of five employees of the North Korean Mission to the United Nations without a license from OFAC. Additionally, the bank allegedly often misidentified North Korea or did not properly complete the citizenship field in the customer profiles, which resulted in failing to flag the accounts. The web notice explained that “[u]nder the [NKSR], a general license authorizing certain transactions with the North Korean Mission to the United Nations specifies that it does not authorize U.S. financial institutions to open and operate accounts for employees of the North Korean mission. It further specifies that U.S. financial institutions are required to obtain OFAC specific licenses to operate accounts for such persons.” According to the web notice, since the bank did not obtain a specific license to offer these services, its conduct resulted in apparent violations.
In arriving at the settlement amount of $105,238, OFAC considered various aggravating factors, including, among other things, that the bank (i) failed to use due caution or care in processing the 1,479 transactions, which was in violation of the NKSR for over a year; (ii) “had reason to know that it maintained accounts for North Korean nationals because at account opening, the account holders of all nine accounts presented to [the bank] North Korean passports”; and (iii) “is a large and commercially sophisticated financial institution with a global presence.” OFAC also considered various mitigating factors, including, among other things, that the bank (i) “enhanced its controls for identifying government officials of sanctioned countries”; and (ii) “updated its operating procedures to specify that reviews of customers in or affiliated with sanctioned jurisdictions must be escalated.”
In the second matter, according to the web notice, the bank allegedly maintained accounts for a U.S. resident who was on OFAC’s SDN List. The bank did not block the account and disclose to OFAC until after the fifth high-confidence sanctions screening alert was generated because the previous alerts had a “match on full name DOB and geographical location.” The bank’s fraud unit, unaware of the sanctions-related reason for account closure, then credited one of the individual’s accounts, which caused it to be re-opened. The notice reported that the failure to correctly identify the individual as a person on the SDN List was the result of human error and a breakdown in the bank’s sanctions compliance procedures. Further, “[i]n addition to incorrectly dispositioning these alerts, [the bank’s] analysts contravened [the bank’s] procedures which require alerts to be escalated if a match occurs in first and last name and any additional information field.” Such conduct resulted in 145 apparent violations of the Foreign Narcotics Kingpin Sanctions Regulations.
In arriving at the settlement amount of $9,766, OFAC considered various aggravating factors, including, among other things, that the bank (i) “failed to exercise due caution or care for U.S. economic sanctions requirements by incorrectly adjudicating high-confidence sanctions screening alerts four times over four years, despite full date-of-birth and first and last name matches”; (ii) permitted $35,514.13 in transactions by an individual on the SDN List; and (iii) “is a large and sophisticated financial institution with a global presence.” OFAC also considered various mitigating factors, including, among other things, that the bank did not appear to have had actual knowledge of the conduct that led to the apparent violations, and represented that it has terminated this conduct and has undertaken remedial measures.