InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
SEC sues mutual fund for diverting investor funds into shell companies
On June 21, the SEC filed a complaint against a Cayman Islands-registered mutual fund and its operators (collectively, “defendants”) in the U.S. District Court for the Southern District of New York alleging they diverted millions of dollars in investor funds to shell companies under the defendants’ control through uncollateralized loan transactions, and issued “false or misleading statements of material facts to investors to disguise their misconduct.” According to the SEC, the defendants have also blocked investors from redeeming the roughly $106 million they invested in the fund, and have transferred $64 million of the investors’ deposits into the fund’s brokerage account, from which the assets were allegedly “subject to further dissipation and misappropriation.” The SEC’s complaint alleges violations of the antifraud provisions of the Securities Act of 1933 and the Securities Exchange Act of 1934, and seeks a permanent injunction against the defendants, a permanent ban prohibiting the participation in future securities offerings through entities owned or controlled by the defendants, disgorgement of ill-gotten gains, civil penalties, and an asset freeze.
SEC settles with blockchain company over unregistered ICO
On June 22, the SEC announced a settlement with an intellectual property search software platform provider and its CEO resolving allegations that the company made materially false and misleading statements in connection with an unregistered initial coin offering (ICO) of digital asset securities. According to the order, the company raised $7.6 million from investors by offering and selling digital tokens. In promoting the ICO, the company and its CEO made multiple materially false statements to investors and potential investors, including false statements about the company’s revenues, number of employees, and the platform’s user base. The SEC alleges that the company violated Section 5(a) and 5(c) of the Securities Act because the digital assets it offered and sold were securities under federal securities laws, and the company did not have the required registration statement filed or in effect, nor did it qualify for an exemption from registration. The order, which the company consented to without admitting or denying the findings, imposes a $7.6 million penalty, and requires the company to “destroy all [of the digital tokens] in their possession or control,” publish notice of the order on the company’s social media accounts, request removal of the tokens from trading platforms, and refrain from participating in future offerings of a digital asset security.
SEC issues whistleblower awards totaling nearly $5.3 million
On June 21, the SEC announced whistleblower awards to four individuals totaling nearly $5.3 million for information provided in separate enforcement actions. According to the first redacted order, the SEC awarded a whistleblower nearly $4 million for voluntarily providing original information to the Commission, leading to a successful enforcement action. The whistleblower also “provided extraordinary assistance,” participated in interviews, identified key witnesses, and provided documents to staff which led to a successful enforcement action. In the second redacted order, the SEC awarded three individuals a total of approximately $1.3 million. The first whistleblower, who received the largest award, provided substantial ongoing assistance that “saved the Enforcement staff considerable time and resources.” The other two whistleblowers provided important information concerning misconduct but did not provide any investigative leads.
The SEC has awarded approximately $937 million to 178 individuals since issuing its first award in 2012.
FTC settles with fertility-tracking app
On June 22, the FTC issued a decision and order against a company operating a fertility-tracking mobile app. The order resolved claims that the company shared user’s sensitive health data with various marketing and analytics service providers to the company. The FTC filed a complaint in January claiming, among other things, that the company repeatedly promised to protect users’ personal health data but instead disclosed the data to third parties for years and did not contractually limit how those third parties could use the data. These actions, the FTC claimed, violated the FTC Act as well as frameworks under the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield, which the company represented to users that it participated in, and require companies to provide notice, choice, and accountability for the transfer of personal data to third parties. Under the terms of the decision and order, the company is required to provide notice to users about the disclosure of their health data, obtain users’ affirmative express consent to share the information, and instruct any third party that received users’ health information to destroy the data. Additionally, the company is prohibited from misrepresenting: (i) the purposes for which it (or any entity to whom it discloses personal data) collects, maintains, uses, or discloses the data; (ii) the extent to which consumers can control the use of the data; (iii) its adherence to any privacy, security, or compliance program; and (iv) the extent to which it “collects, maintains, uses, discloses, deletes, or permits or denies access to any” users’ personal information. The FTC further noted in its announcement that it is “currently undertaking a review of the Health Breach Notification Rule and is actively considering public comments regarding the application of the Rule to mobile applications and other direct-to-consumer technologies that handle consumers’ sensitive health information.”
FinCEN recognizes law enforcement agencies for use of BSA data
On June 24, the Financial Crimes Enforcement Network (FinCEN) honored the recipients of its 2021 Law Enforcement Awards Program, which recognizes agencies that use Bank Secrecy Act (BSA) data provided by financial institutions to successfully pursue and prosecute criminal investigations. The awards were presented in eight different categories related to: (i) Covid-19 fraud; (ii) cyber threats; (iii) transnational organized crime; (iv) transnational security threats; (v) state and local law enforcement; (vi) third-party money launderers; (vii) a suspicious activity review team; and (viii) significant fraud. Awards work included investigation into Paycheck Protection Program fraud that resulted in the seizure of case over $3 million, seizure of over $47 million dollars in narcotics proceeds, and seizure of 300 cryptocurrency accounts, among other work. FinCEN acting Director Michael Mosier stated that “[t]he law enforcement work that we recognize today highlights both the importance of an effective partnership between FinCEN, financial institutions, and our law enforcement agencies, and the value of BSA reporting in protecting the American people from fraud, cybercrime, and the illicit finance threats confronting our nation.”
FTC tackles illegal pyramid scheme
On June 16, the FTC and the Arkansas attorney general filed a complaint against the operators of a “blessing loom” investment program (defendants), alleging that they acted as an illegal pyramid scheme that bilked millions of dollars from thousands of consumers. The joint complaint alleges that the defendants violated the FTC Act, Consumer Review Fairness Act, and the Arkansas Deceptive Trade Practices Act by: (i) participating in a pyramid scheme, which constitutes a deceptive act; (ii) prohibiting the ability of an individual to engage in a covered communication; and (iii) falsely representing goods and services. The complaint alleges that the defendants lured people into enrolling in their program by falsely guaranteeing investment returns as high as 800 percent, with some members allegedly paying as much as $62,700 to participate in the program. In addition, the defendants allegedly, among other things, (i) targeted Black communities and stated in the “[program’s] Bible,” which contains program membership bylaws, that all program members must, with no exceptions, be of African-American descent; (ii) targeted financially distressed consumers; (iii) falsely claimed the program provided “a means to achieve financial freedom and generational wealth”; (vi) attempted to hide their illegal activity from law enforcement and payment processors by forbidding certain payment applications to be used by members; and (v) prohibited members from publishing material related to the program online, such as comments and reviews. The complaint seeks to permanently enjoin the defendants’ illegal operation and requests that the court award redress for injured consumers. The complaint also seeks to impose civil penalties on the defendants under Arkansas state law.
SEC charges settlement company with cybersecurity disclosure violations
On June 15, the SEC announced charges against a real estate settlement services company for its role in allegedly failing to disclose controls and procedures related to a cybersecurity vulnerability that exposed sensitive customer information. According to the SEC’s order, an independent cybersecurity journalist warned the company in May 2019 of a vulnerability concerning its system for sharing document images that exposed over 800 million images dating back to 2003, including images containing sensitive personal data such as social security numbers and financial information. In response, the company allegedly issued a press release for inclusion in the cybersecurity journalist’s report published in May 2019 and furnished a Form 8-K to the Commission on May 28, 2019. However, according to the order, the company’s senior executives responsible for these kinds of releases “were not apprised of certain information that was relevant to their assessment of the company’s disclosure response to the vulnerability and the magnitude of the resulting risk.” Specifically, the order states that senior executives were not informed that the company’s information security personnel had identified a vulnerability several months earlier, in January 2019, but failed to remediate the vulnerability in accordance with the company’s policies. The order finds that the company “failed to maintain disclosure controls and procedures designed to ensure that all available, relevant information concerning the vulnerability was analyzed for disclosure in the company’s public reports filed with the Commission.” The SEC charged the company with violating Rule 13a-15(a) of the Exchange Act and ordered the company, who agreed to a cease-and-desist order, to pay a $487,616 penalty.
SEC awards $3 million in whistleblower awards
On June 14, the SEC announced whistleblower awards to two individuals totaling an initial combined payment of approximately $3 million for information and assistance provided in a successful enforcement action. According to the redacted order, the SEC awarded the first whistleblower for providing assistance early in the investigation and helping enforcement staff focus its resources and theories. The second whistleblower was rewarded for helping to uncover misappropriated funds and fraudulent transfers. The SEC noted that both whistleblowers provided ongoing assistance in the investigation, including participating in interviews and providing helpful documents involved in the investigations.
The SEC has awarded approximately $932 million to 172 individuals since issuing its first award in 2012.
District Court approves new settlement in student debt-relief action
On June 15, the U.S. District Court for the Central District of California entered a stipulated final judgment and order against one of the defendants in an action brought by the CFPB, the Minnesota and North Carolina attorneys general, and the Los Angeles City Attorney in 2019, which alleged a student loan debt relief operation deceived thousands of student-loan borrowers and charged more than $71 million in unlawful advance fees. As previously covered by InfoBytes, the complaint alleged that the defendants violated the Consumer Financial Protection Act, the Telemarketing Sales Rule, and various state laws by charging and collecting improper advance fees from student loan borrowers prior to providing assistance and receiving payments on the adjusted loans. In addition, the complaint asserts the defendants engaged in deceptive practices by misrepresenting (i) the purpose and application of fees they charged; (ii) their ability to obtain loan forgiveness; and (iii) their ability to actually lower borrowers’ monthly payments.
The finalized settlement issued against the relief defendant—who acted in an individual capacity and also as trustee of a trust, and who neither admits nor denies the allegations—requires the liquidation of certain assets up to but not exceeding $3 million as monetary relief to go to the CFPB and the People of the State of California. If the liquidation value of the asset is less than $3 million, the relief defendant “will be additionally liable for the difference between the liquidation value of the [asset] and $3,000,000, up to but not exceeding $500,000.” The relief defendant is also liable to all plaintiffs for $88,381.80. In addition, the relief defendant must comply with certain reporting and recordkeeping requirements and fully cooperate with the plaintiffs.
The court previously entered final judgments against four of the defendants, as well as a default judgment and order against two other defendants (covered by InfoBytes here and here). Orders have yet to be entered against the remaining defendants.
FTC adds charges against small-business financer
On June 14, the FTC announced additional charges against two New York-based small-business financing companies and a related entity and individuals (collectively, “defendants”). Last June, the FTC filed a complaint against the defendants for allegedly violating the FTC Act and engaging in deceptive and unfair practices by, among other things, misrepresenting the terms of their merchant cash advances, using unfair collection practices, and making unauthorized withdrawals from consumers’ accounts (covered by InfoBytes here). The amended complaint alleges that the defendants also violated the Gramm-Leach-Bliley Act’s prohibition on using false statements to obtain consumers’ financial information, including bank account numbers, log-in credentials, and the identity of authorized signers, in order “to withdraw more than the specified amount from consumers’ bank accounts.” Additionally, the FTC’s press release states that the defendants “engaged in wanton and egregious behavior, including laughing at consumer requests for refunds from [the defendants’] unauthorized withdrawals from customer bank accounts; abusing the legal system to seize the business and personal assets of their customers; and threatening to break their customers’ jaws or falsely accusing them of child molestation during collection calls.” The amended complaint seeks a permanent injunction against the defendants, along with civil money penalties and monetary relief including “rescission or reformation of contracts, the refund of monies paid, and other equitable relief.”