InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
California AG takes action against casino for AML violations
On November 5, the California attorney general filed an administrative accusation with the California Gambling Control Commission against a California casino for violating the Bank Secrecy Act’s (BSA) anti-money laundering provisions. The action, which follows a federal investigation, alleges that the casino “overlooked, neglected, or was willfully blind to accusations and actions taken against other casinos for violations of the BSA and for failing to maintain adequate Anti Money Laundering (AML) programs.” The casino had previously entered into a Non-Prosecution Agreement with the U.S. Attorney’s Office for the Central District of California, accepted responsibility for “failing to properly file reports for a foreign national who conducted millions of dollars in cash transactions at the casino,” and agreed to pay $500,000 and undergo an increased review of its AML compliance program to prevent future violations, according to a DOJ press release. The California AG now seeks to hold the casino and its owners responsible for state law violations.
11th Circuit lifts a receivership and asset freeze of $85 million
On November 4, the U.S. Court of Appeals for the Eleventh Circuit affirmed in part and vacated in part a district court’s order, finding that portions of the district court’s decision could not stand under the U.S. Supreme Court’s April ruling in AMG Capital Management v. FTC. The Court held in that case that Section 13(b) of the FTC Act “does not authorize the Commission to seek, or a court to award, equitable monetary relief such as restitution or disgorgement.” (Covered by InfoBytes here). According to the 11th Circuit’s opinion, in 2019, the FTC alleged that individuals associated with multiple limited liability companies engaged in unfair or deceptive business practices in violation of 15 U.S.C. § 45(a). The FTC also filed a motion for a temporary restraining order the same day against the corporate defendants, seeking to freeze their assets, place the entities into a receivership, and enjoin all the parties from materially misrepresenting their services or from releasing consumer information obtained through the limited liability company. The district court granted the motion for a temporary restraining order in full in December 2019, and in January 2020, the district court granted a preliminary injunction against the limited liability company, extending the asset freeze, receivership, and injunction for the duration of the lawsuit.
On appeal, the 11th Circuit affirmed those parts of the preliminary injunction enjoining the appellants from misrepresenting their services and releasing consumer information. The panel upheld the portion of the order that enjoined one of the investor entities and its principal, who was the former chairman of the corporate defendant’s board, from misrepresenting services on allegedly deceptive websites or releasing any customer information allegedly gathered through the websites. While the appeal was pending, however, the Court held in AMG Capital Management that 15 U.S.C. § 53(b) does not allow an award of “equitable monetary relief such as restitution or disgorgement,” leading the 11th Circuit to reverse the asset freeze and receivership aspects of the preliminary injunction. Additionally, the 11th Circuit noted that the principal from one of the entities “was individually responsible for the actions of [the corporate defendants],” and “likely knew that [the corporate defendants] made over eighty million dollars in two years selling 'guides' on government services, and it almost beggars belief that he would be completely unaware of how [the corporate defendants’] websites were raising that quantity of money.”
District Court grants SEC motion for default judgment
On November 2, the U.S. District Court for the Middle District of Georgia granted the SEC’s motion for default judgement in its suit accusing a Georgia-based investment firm and three of its officers of defrauding investors out of approximately $3 million. In July, the SEC filed a complaint against the defendants for allegedly defrauding investors through a prime bank scheme by falsely promising that their funds would remain in a purported escrow account and earn lucrative returns without any risk of loss, which violated the antifraud provisions of Section 17(a) of the Securities Act of 1933 and Section 10(b) of the Securities Exchange Act of 1934 and Rule 10b-5 thereunder. In its memorandum of law in support of its motion for default judgment, the SEC alleged that none of the defendants filed answers or responsive pleadings with the district court and had “engaged in egregious misconduct, acted with scienter, failed to admit their wrongdoing, were thoroughly dishonest with authorities, and have not demonstrated their financial means.” The district court granted the motion, approved permanent injunctions barring the defendants from committing future violations of securities laws, and required the defendants to return the investors' money with interest, in addition to the profits obtained through the alleged scheme. According to the order, the defendants are required to pay approximately $2.7 million total in disgorgement, exclusive of prejudgment interest, and pay a civil penalty of approximately $192,000.
NYDFS provides affiliate cybersecurity program guidance
Recently, NYDFS issued an industry letter to regulated entities advising that a covered entity may adopt the cybersecurity program of an affiliate. New York’s Cybersecurity Regulation (23 NYCRR Part 500) requires regulated entities (Covered Entities) to implement risk-based cybersecurity programs to protect their information systems as well as the nonpublic information maintained on them. (See continuing InfoBytes coverage on 23 NYCRR Part 500 here.) Specifically, 23 NYCRR Part 500 allows “Covered Entities to adopt ‘the relevant and applicable provisions’ of the cybersecurity program of an affiliate provided that such provisions satisfy the requirements of the Cybersecurity Regulation.” NYDFS is also permitted to fully examine the adopted portions of the affiliate’s cybersecurity program to ensure compliance, even if that affiliate is not covered or regulated by NYDFS otherwise. Covered Entities are reminded that while they may adopt an affiliate’s cybersecurity program in whole or in part, the Covered Entity may not delegate compliance responsibility to the affiliate, and is responsible for ensuring it cybersecurity program complies with 23 NYCRR Part 500, “regardless of whether its cybersecurity program is its own or was adopted in whole or in part from an affiliate.” Additionally, a Covered Entity’s compliance obligations are the same whether it adopts an affiliate’s cybersecurity program or implements its own cybersecurity program. Among other things, Covered Entities are required to provide, upon request, all “documentation and information” related to their cybersecurity programs, including evidence that an adopted affiliate’s cybersecurity program meets the requirements of 23 NYCRR Part 500. At a minimum, NYDFS requires access to an affiliate’s “cybersecurity policies and procedures, risk assessments, penetration testing and vulnerability assessment results, and any third party audits that relate to the adopted portions of the cybersecurity program of the affiliate.” NYDFS also explained that foreign bank branches and representative offices often have head offices located outside the U.S. that are not directly regulated by NYDFS. For these entities, all documentation and information relevant to the adopted portions of their head offices’ cybersecurity programs must be provided to NYDFS examiners to evaluate the Covered Entities’ compliance with 23 NYCRR Part 500.
District Court grants MTD in CFPB, NY AG debt collector case
On October 27, the U.S. District Court for the Western District of New York denied a motion to dismiss an action brought by the CFPB and the New York attorney general against the operators of a debt-collection scheme, rejecting the defendants’ argument that they did not have fraudulent intent and their actions were taken for legitimate reasons. As previously covered by InfoBytes in April, the CFPB and the AG filed a complaint against the defendants for allegedly transferring ownership of his $1.6 million home to his wife and daughter for $1 shortly after he received a civil investigative demand and learned that the Bureau and the AG were investigating his debt-collection activities. The complaint further alleged that the transfer of the property was a fraudulent transfer under the FDCPA and made with the intent to defraud (a violation of the New York Debtor and Creditor Law), and that the owner-defendant “removed and concealed assets in an effort to render the Judgment obtained by the Government Plaintiffs uncollectable.” In 2019 the Bureau and the AG settled with the debt collection operation to resolve allegations that the defendants established and operated a network of companies that harassed and/or deceived consumers into paying inflated debts or amounts they may not have owed (covered by InfoBytes here).
The court denied the defendants’ motion to dismiss, concluding that the CFPB and AG raised sufficient allegations that the debtor’s transfers and mortgage on his property were knowingly fraudulent. The court determined that fraudulent intent under the FDCPA may be determined by several factors, sometimes called “badges of fraud,” including whether “‘the transfer or obligation was to an insider,’ ‘the debtor retained possession or control of the property transferred after the transfer,’ ‘before the transfer was made or obligation was incurred, the debtor had been sued or threatened with suit,’ ‘the value of the consideration received by the debtor was reasonably equivalent to the value of the asset transferred or the amount of the obligation incurred,’ and ‘the transfer occurred shortly before or shortly after a substantial debt was incurred.’” The court held it was reasonable to infer that the defendant was aware “that he would likely face civil prosecution” and judgments “would be beyond his ability to pay.” The court noted that the defendant engaged in transferring a personally significant asset—his $1.6 million residence—to two insiders for nominal consideration, which was considered to be “highly unusual.” Additionally, the defendant alleged that he continued to “’reside at and exercise control over’ the property and is now unwilling or unable to pay off the judgment,” which indicated the conveyance was also part of a sham divorce. Further, the court noted that “the complaint plausibly alleges that the mortgage ‘was not granted in good faith’ and was ‘made with the intent to make it appear that the Property was encumbered.’”
CFPB resolves UDAAP allegations with debt collection company
On November 1, the U.S. District Court for the Western District of Missouri ordered a Missouri-based company to pay a $30,000 civil money penalty to resolve allegations that it used district-attorney letterhead to threaten consumers with criminal prosecution. As previously covered by InfoBytes, the CFPB filed a complaint against the company claiming it allegedly engaged in deceptive and otherwise unlawful debt collection acts and practices in the course of operating “bad-check pretrial-diversion programs on behalf of more than 90 district attorneys’ offices throughout the United States.” The complaint claimed that the company not only failed to include required FDCPA disclosures in the letters it sent to consumers, it also failed to identify itself in the letters and did not inform consumers that it was a debt collector and not a district attorney. Moreover, in most cases the company did not refer cases for prosecution, even if the check writer failed to respond to the collection letter, did not pay the alleged outstanding debt and fees, or failed to complete the financial-education course. Under the terms of the settlement, the company is, among other things, permanently banned from engaging in debt collection activities and is prohibited from disclosing, using, or benefiting from customer information obtained before the order’s effective date in connection with a Pre-Trial Bad Check Diversion Program. Additionally, the company may not “attempt to collect, sell, assign, or otherwise transfer any right to collect payment from any consumer who purchased or agreed to purchase services or products in connection” with the company’s program. The company is ordered to pay more than $1.4 million in redress to harmed consumers; however, full payment of this amount is suspended upon satisfaction of certain obligations due to the company’s financial condition. The $30,000 penalty also reflects the company’s limited ability to pay.
SEC awards $2 million to whistleblower
On October 29, the SEC announced that it awarded a whistleblower more than $2 million for providing information and assistance leading to a successful SEC enforcement action, as well as an action by the DOJ. According to the redacted order, the whistleblower voluntarily provided the same original information to the SEC and the DOJ, which prompted the opening of the investigations, as well as extensive ongoing assistance throughout the investigations. According to the SEC, the whistleblower had previously received an award for contributing to an SEC enforcement action based on the same information that supported the award for the related action, and was eligible for this award as a result of the recent amendments clarifying the types of actions that may be considered “related” under the whistleblower rules.
The SEC has awarded approximately $1.1 billion to 224 individuals since issuing its first award in 2012.
CFPB reaches $850,000 settlement with debt collectors
On October 26, the U.S. District Court for the District of Maryland entered a stipulated final judgment and order against defendants (a debt collection entity, its subsidiaries, and their owner) in an action alleging FCRA and FDCPA violations. As previously covered by InfoBytes, the Bureau filed a complaint against the defendants in 2019 with alleged violations that included, among other things, the defendants’ failure to ensure accurate reporting to consumer-reporting agencies (CRAs), failure to conduct reasonable investigations and review relevant information when handling indirect disputes, and failure to conduct investigations into the accuracy of information after receiving identity theft reports before furnishing such information to CRAs. The Bureau separately alleged that the FCRA violations constitute violations of the CFPA, and that the defendants violated the FDCPA by attempting to collect on debts without a reasonable basis to believe that consumers owed those debts.
Under the terms of the order, the defendants—who neither admitted nor denied any of the allegations except as specified in the order—are required to, among other things, (i) update existing policies and procedures to ensure information is accurate before it is furnished to a CRA or before commencing collections on an account; (ii) ensure policies and procedures are designed to address trends in disputes; and (iii) hire an independent consultant, subject to the CFPB Enforcement Director’s non-objection, to conduct a review to ensure management-level oversight and FCRA and FDCPA compliance. The defendants must also submit a compliance plan and pay an $850,000 civil money penalty.
FDIC releases September enforcement actions
On October 29, the FDIC released a list of administrative enforcement actions taken against banks and individuals in September. During the month, the FDIC made public six orders consisting of “one Consent Order, two terminations of Consent Orders, one Order to Pay Civil Money Penalty, one Order Terminating Decision and Order to Cease and Desist, and one Order of Termination of Insurance.” Among the orders is an order to pay a civil money penalty imposed against a Nebraska-based bank related to alleged violations of the Flood Disaster Protection Act. Among other things, the FDIC claimed that the bank “[m]ade, increased, extended, or renewed loans secured by a building or mobile home located or to be located in a special flood hazard area without requiring that the collateral be covered by flood insurance,” and also allegedly “[f]ailed to comply with proper procedures for force-placing flood insurance in instances where the collateral was not covered by flood insurance at some time during the term of the loan.” The order requires the payment of a $24,000 civil money penalty.
The FDIC also issued a consent order to a Utah-based bank, which requires the bank to take measures to correct current alleged violations (and prevent future violations) of TILA, RESPA, E-Sign Act, ECOA, CRA, and TISA, as well as the statutes’ implementing regulations. The bank neither admitted nor denied the alleged violations but agreed to, among other things, develop a sound risk-based compliance program and implement an effective training program to ensure compliance.
FTC issues warning regarding false money-making claims
On October 26, the FTC announced that it is putting businesses on notice that pitch money-making ventures that deceive or mislead consumers regarding potential earnings. According to the announcement, the FTC utilized its Penalty Offense Authority to remind businesses of the law and deter them from breaking it by sending a Notice of Penalty Offenses to over 1,100 companies. The notice puts these businesses on notice that they may incur significant civil penalties if they or their representatives make claims regarding money-making opportunities that run counter to FTC administrative cases. The Notice of Penalty Offenses permits the FTC to seek civil penalties against a company that engages in conduct it knows is unlawful and has been determined to be unlawful in an FTC administrative order, other than a consent order. The FTC added that the Notice highlighted a number of practices that the FTC determined to be unfair or deceptive in prior administrative actions. In general, the cases determined that it was unlawful to make false, misleading, or deceptive representations regarding the profits or earnings that may be anticipated by a participant in a money-making opportunity, including representations that participants will make a profit. The Notice also outlined other practices that the FTC has decided to be unfair or deceptive, such as falsely telling consumers they do not need experience to earn income or that they must act immediately to participate. Companies receiving the Notice also received a copy of the recently issued Notice of Penalty Offenses concerning endorsements and testimonials, as companies frequently use testimonials to advertise money-making opportunities. The FTC also pointed out that “[a] recipient’s presence on this list does not in any way suggest that it has engaged in deceptive or unfair conduct.”