InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Massachusetts announces consent judgment against debt-collection company
On August 31, the Massachusetts attorney general announced a “first-of-its-kind” consent judgment against a Massachusetts-based debt-settlement company and its chief operating officer for allegedly violating the Massachusetts Consumer Protection Act, among other things. The consent judgment settled a lawsuit in which the AG alleged that the company charged inflated and premature fees, knowingly and regularly enrolled consumers who were not able to benefit from its program, and failed to communicate the harms that consumers could encounter after enrolling in its program. According to the AG, the company “directed consumers to stop paying their debts and to stop communicating with creditors, and to instead make payments into a dedicated ‘savings’ account administered by [a] payment processor.” The AG also alleged the company “engaged in the unauthorized practice of law by continuing to represent consumers after they were sued in relation to an enrolled debt.” Under the terms of the AG’s consent order, the company is required to pay $1 million to the Commonwealth.
As previously covered by InfoBytes, in May, the CFPB announced a settlement with the same company for allegedly violating the Telemarketing Sales Rule and the Consumer Financial Protection Act.
OFAC settles with Romanian bank for Iranian and Syrian sanctions violations
On August 27, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a $862,318 settlement with a Romania-based bank and its U.S. parent company to resolve 98 apparent violations of OFAC’s Iran and Syria sanctions programs. According to OFAC’s web notice, the bank processed 98 commercial transactions totaling more than $3.5 million through U.S. banks on behalf of parties located in Iran and Syria. OFAC considered various aggravating factors in arriving at the settlement amount, including that the bank (i) demonstrated “a reckless disregard for U.S. sanctions regulations by failing to implement appropriate controls to comply with applicable U.S. regulations with respect to payments it processed” that had a “sanctions nexus that transited the U.S. financial system” or “after the bank became a foreign subsidiary of a U.S. person”; (ii) knew, or had reason to know, “it was processing payments on behalf of persons in Iran and Syria because of underlying finance and trade documents in its possession that referenced those countries”; and (iii) conveyed more than $3.5 million in economic benefit to Iranian and Syrian persons, thus causing harm to the integrity of U.S. sanctions programs and their associated policy objectives.
OFAC also considered various mitigating factors, including that the bank voluntarily self-disclosed the apparent violations and the apparent violations constitute a non-egregious case. OFAC also determined that the bank (i) has not received a penalty notice from OFAC in the preceding five years; (ii) cooperated with OFAC’s investigation, conducted a lookback, and entered into a tolling agreement; and (iii) has undertaken remedial measures to ensure sanctions compliance. As such, OFAC noted that under its Economic Sanctions Enforcement Guidelines, the base civil money penalty amount is applicable in this matter with the final settlement amount reflecting OFAC’s consideration of general factors.
DOJ, OCC settle redlining allegations
On August 30, the DOJ and the OCC announced coordinated efforts to resolve allegations of lending discrimination by a Georgia-based bank for violations of the Fair Housing Act and ECOA by allegedly redlining predominantly Black and Hispanic neighborhoods in Texas from 2013-2017. The OCC, which referred the matter to DOJ, ordered the bank to pay a $3.3 million civil money penalty. Under the DOJ’s settlement, the bank will invest more than $5.5 million to increase credit opportunities for residents of those neighborhoods.
FDIC releases July enforcement actions
On August 27, the FDIC released a list of administrative enforcement actions and one Notice of Charges taken against banks and individuals in July. During the month, the FDIC issued nine orders consisting of “three Orders to Pay Civil Money Penalties, two Orders of Prohibition from Further Participation, three Section 19 Orders, and one Order Terminating Consent Order.” Among the orders is a civil money penalty imposed against a Kansas-based bank concerning alleged violations of the Flood Disaster Protection Act. Among other things, the FDIC claimed that the bank “made, increased, extended, renewed, sold, or transferred a loan secured by a building or mobile home located or to be located in a special flood hazard area without properly notifying the Administrator of FEMA or their designee.” The order requires the payment of a $9,500 civil money penalty.
The FDIC also imposed a civil money penalty against a Missouri-based bank related to alleged violations of the Flood Disaster Protection Act. Among other things, the FDIC claimed that the bank (i) “[m]ade, increased, extended or renewed loans secured by a building or mobile home located or to be located in a special flood hazard area without requiring that the collateral be covered by flood insurance”; (ii) “[m]ade, increased, extended or renewed a loan secured by a building or mobile home located or to be located in a special flood hazard area without providing timely notice to the borrower and/or the servicer as to whether flood insurance was available for the collateral”; and (iii) “[f]ailed to comply with proper procedures for force-placing flood insurance in instances where the collateral was not covered by flood insurance at some time during the term of the loan.” The order requires the payment of a $4,000 civil money penalty.
SEC issues whistleblower awards totaling nearly $2.6 million
On August 27, the SEC announced whistleblower awards to five individuals totaling nearly $2.6 million for information provided in three separate enforcement actions. According to the first redacted order, the SEC awarded a whistleblower nearly $1.2 million for voluntarily providing an “’independent analysis’ by creating and applying a complex algorithm to publicly available data,” which saved resources and time for Commission staff, and assisted the staff during settlement negotiations. In the second redacted order, the SEC awarded approximately $1 million to three individuals for providing original information and assistance that led to a successful enforcement action. According to the order, though the whistleblowers held compliance roles at the company, they are eligible for an award since they submitted information to the Commission more than 120 days after the alleged conduct was internally reported. The first whistleblower who received the highest award provided extraordinary assistance and comprehensive information that was vital to the successful enforcement action. In the third redacted order, the SEC awarded a whistleblower over $350,000 for providing independent analysis based on an unusual effort and expertise developed over many years. The whistleblower identified patterns among publicly available information that allowed the Commission to quickly identify and prevent wrongdoing and to preserve assets, which led to a successful enforcement action.
OFAC reaches $2.3 million settlement with Chinese bank
On August 26, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a roughly $2.3 million settlement with a UK subsidiary of a Chinese financial institution for allegedly processing transactions in violation of the Sudanese Sanctions Regulations, “which prohibited the exportation, directly or indirectly, to Sudan of any goods, technology, or services from the United States.” According to OFAC’s web notice, between September 2014 and February 2016, the bank processed 111 commercial transactions totaling more than $40 million through U.S. correspondent banks on behalf of parties in Sudan. In conducting a lookback review to identify potential Sudan-related transactions, the bank identified two customers who processed transactions through the U.S. financial system. For both of these customers, the bank’s internal customer database did not reference Sudan in the name or address fields, and messages processed on behalf of these customers by the bank through U.S. banks also failed to include any references to Sudan.
In arriving at the settlement amount, OFAC considered various aggravating factors, including, among other things, that (i) the bank demonstrated reckless disregard for U.S. sanctions regulations by processing the transactions “despite having account and transactional information indicating the Sudanese connection to the accounts and in contravention of the bank’s existing policies and procedures”; (ii) certain bank personnel responsible for processing the transactions knew that the payments were related to entities in Sudan; (iii) the bank conferred economic benefit to a comprehensively sanctioned country; and (iv) the bank “is a commercially sophisticated financial institution that processes transactions internationally.”
OFAC also considered various mitigating factors, including, among other things, that the bank (i) has not received a penalty notice from OFAC in the preceding five years; (ii) self-identified the alleged violations, cooperated with OFAC’s investigation, conducted a lookback, and entered into a tolling agreement; and (iii) has undertaken remedial measures, including enhancing policies and procedures to improve compliance with U.S. sanctions when processing payments through the U.S.
FCC proposes largest TCPA robocall fine
On August 24, the FCC released a proposed total fine of more than $5.1 million against two consultants and their firm for allegedly violating the TCPA by making 1,141 unlawful robocalls to wireless phones without prior express consent. According to the FCC, the robocalls utilized messages informing “potential voters that, if they vote by mail, their ‘personal information will be part of a public database that will be used by police departments to track down old warrants and be used by credit card companies to collect outstanding debts.’” As previously covered by InfoBytes, the Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act amended the TCPA to not require the FCC to warn robocallers before violations could be counted toward a proposed fine. The recent action is the first the agency has taken regarding the amendment. According to a statement by the FCC acting Chairwoman Jessica Rosenworcel, the agency is “stepping up its efforts to combat illegal robocalls.”
Virginia announces consent judgment against investment firm
On August 24, the Virginia attorney general announced a consent judgment entered on August 16 against a Virginia-based investment company and its managing member (collectively, "defendants") to resolve allegations that they violated Virginia’s consumer finance statutes. The consent judgment settled a lawsuit in which the AG alleged that defendants “made loans to distressed homeowners and charged interest or other compensation greatly exceeding an effective annual interest rate of 12 percent, without being licensed as a consumer finance company or coming within another exemption to Virginia’s usury laws.” According to the AG, the complaint alleged that a representative of the defendant investment company approached a Virginia Beach homeowner facing foreclosure and presented her with an agreement in which the defendants would provide the amount needed to stop the foreclosure in exchange for permission to list and sell the homeowner’s separate Virginia Beach property at an above-market commission rate or, if the sale did not occur, to purchase that property at a significantly below market price. Under the terms of the consent judgment, the defendants, among other things are: (i) permanently enjoined from violating specific consumer finance statutes, including by “making any loan requiring a collateral sale and/or purchase to Virginia consumers”; (ii) required to pay $11,000 in attorneys’ fees and costs; and (iii) required to provide certain restitution and/or forbearance relief to consumers identified by the defendants pursuant to the consent judgment as well as “to any Virginia consumer who comes forward within two (2) years after entry of the Consent Judgment with evidence establishing that he or she received a loan requiring a collateral sale and/or purchase from [defendants]” during the period from January 1, 2018 to the present.
District Court denies request to set aside $120.2 million judgment in Belizean real estate scheme
On August 24, the U.S. District Court for the District of Maryland denied a request to set aside a more than $120.2 million judgment against several defaulted defendants involved in an international real estate investment development scheme. As previously covered by InfoBytes, the FTC initiated the action in 2018 against several individuals and corporate entities, along with a Belizean bank, asserting that the defendants violated the FTC Act and the Telemarketing Sales Rule by advertising and selling parcels of land that were part of a luxury development in Belize through the use of deceptive tactics and claims. In 2019, a settlement was reached with the Belizean bank requiring payment of $23 million in equitable relief, and in 2020, the district court ordered the defaulted defendants to pay over $120.2 million in redress and granted the FTC’s request for permanent injunctions (covered by InfoBytes here and here).
In their motion, the defaulted defendants argued that the U.S. Supreme Court’s decision in AMG Capital Management, LLC v. FTC (which unanimously held that Section 13(b) of the FTC Act “does not authorize the Commission to seek, or a court to award, equitable monetary relief such as restitution or disgorgement”—covered by InfoBytes here) nullified the judgment. The district court disagreed, stating that the AMG Capital decision does not render his judgments in the case void and that “[i]n its Opinion rendered before the Supreme Court reached its decision, the Court considered the effect that a decision in AMG Capital adverse to the FTC might have, reasoning that: ‘this Court’s findings of fact and determinations as to liability—including contempt of court and violations of the Telemarketing Services Rule []—would not be affected by a decision in AMG.’” Moreover, the court pointed out that immediate denial of the motion is also warranted because the defaulted defendants failed to comply with a local rule requiring submission of a memorandum of law in support of their motion. The court asked, “In failing to do so, they have skirted among other fundamental questions: What authority do they, as defaulted defendants, involved as part of a common enterprise with virtually all other [d]efendants, have to upset a final and valid judgment against them after willfully defaulting?”
SEC settles with company over data breach
On August 16, the SEC announced charges against a London-based educational publishing company for its role in allegedly misleading investors regarding a cyber breach that involved millions of student records and had inadequate disclosure controls and procedures in place. According to the SEC’s order, the company made material misstatements and omissions about a 2018 cyber intrusion that affected millions of rows of data across 13,000 school, district, and university customer accounts in the U.S. According to a 2019 report furnished to the Commission, the company’s risk factor disclosure implied that the company faced the hypothetical risk that a “data privacy incident” “could result in a major data privacy or confidentiality breach” but did not disclose that a data breach involving the company had previously taken place. In response to an inquiry by a media outlet, the company sent a breach notification to its affected customers and issued a previously prepared statement that included misstatements regarding the breach and data involved. The order found that the company failed “to maintain disclosure controls and procedures designed to analyze or assess such incidents for potential disclosure in the company’s filings.” The SEC charged the company with violating, among other things, Rule 13a-15(a) of the Securities Act, which requires every issuer to maintain disclosure controls and procedures, and Section 13(a) of the Exchange Act which requires “every foreign issuer of a security registered pursuant to Section 12 of the Exchange Act to furnish the Commission with periodic reports containing information that is accurate and not misleading.” The order, which the company consented to without admitting or denying the findings, imposes a civil money penalty of $1 million and provides that the company must cease and desist from committing or causing any future violations of the Securities Act and the Exchange Act.