InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Financial services firm fined $400 million for risk-management deficiencies
On October 7, the OCC and Federal Reserve Board announced enforcement actions against a financial services firm and its national bank subsidiary (bank) to resolve alleged enterprise-wide risk management, data governance, and internal controls deficiencies. According to the OCC’s announcement, the bank allegedly engaged in unsafe or unsound banking practices by failing to “establish effective risk management and data governance programs and internal controls.” While neither admitting nor denying the allegations, the bank has agreed to pay a $400 million civil money penalty. Additionally, under the terms of the OCC’s cease and desist order, the bank must implement corrective measures to improve its risk management, data governance, and internal controls. The agency’s announcement states that the order further requires the bank “to seek the OCC’s non-objection before making significant new acquisitions and reserves the OCC’s authority to implement additional business restrictions or require changes in senior management and the bank’s board should the bank not make timely, sufficient progress in complying with the order.”
In conjunction with the OCC’s action, the Fed also announced a cease and desist order against the financial services firm, which identified ongoing deficiencies with respect to areas of compliance risk management, data quality management, and internal controls. Among other things, the Fed claims the firm also failed to adequately remediate “longstanding” deficiencies identified in previously issued consent orders, including in areas such as anti-money laundering compliance. The order requires the firm to enhance firm-wide risk management and internal controls, and imposes a series of deadlines for the firm to take measures to ensure compliance with the OCC’s order, enhance its compliance risk management programs, devise a plan to hold senior management accountable, and improve data quality management.
CFPB outlines application process for early termination of consent orders
On October 5, the CFPB issued a policy statement outlining the application process for entities seeking to terminate a consent order before the original expiration date. Generally, consent orders issued by the Bureau carry five-year terms, although the term may be extended in certain circumstances. While reiterating the essential role consent orders play in the Bureau’s enforcement work, the Bureau recognizes that consent orders can impose costly and resource-intensive reporting and record-keeping requirements, and may impact a regulated depository institution’s ability to open new branches or merge or acquire other financial institutions. Acknowledging that there may be “exceptional circumstances” where early termination may be appropriate, the policy statement sets forth eligibility criteria that entities must meet, and lays out the standards that the Bureau intends to use when evaluating early termination applications. It also notes that only entities are permitted to apply for early termination of a consent order. Individuals are not eligible do so.
Among other things, an entity applying for early termination must demonstrate that it (i) has fully complied with the consent order’s terms and conditions; and (ii) has a “satisfactory” compliance management system in its institutional product line or compliance area under which the consent order was issued. Entities must also meet certain timing and threshold eligibility criteria. The policy statement further specifies that an entity may not apply if it has been banned from participating in a certain industry, if the consent order involves violations of an earlier order, or if any criminal activity is involved. Once an application is determined to be complete, the Bureau states that it “generally intends to complete [its] compliance review within six months.”
The policy statement takes effect October 8.
CFTC charges cryptocurrency derivatives platform and owners with AML violations
On October 1, the CFTC filed charges against five entities and three individuals for allegedly owning and operating an unregistered cryptocurrency derivatives platform and failing to implement required anti-money laundering procedures. The complaint alleges that the platform “illegally offer[ed] leveraged retail commodity transactions, futures, options, and swaps” on cryptocurrencies without implementing key safeguards required by the Commodity Exchange Act and several CFTC regulations compliance measures, such as know-your-customer procedures or actions designed to detect and prevent illicit activities. The CFTC also claims that the exchange operated as an unregistered futures commission merchant and did not have CFTC approval to operate as a designated contract market or swap execution facility. The complaint requests civil monetary penalties and remedial ancillary relief in the form of (i) permanent trading and registration bans; (ii) disgorgement; (iii) restitution; (iv); pre- and post-judgment interest; and (v) a permanent injunction from future violations.
In a parallel action, the U.S. Attorney for the District of New York indicted the three individuals along with a fourth individual on federal charges of violating, and conspiring to violate, the Bank Secrecy Act “by willfully failing to establish, implement, and maintain an adequate anti-money laundering [] program” at the exchange.
Fed issues enforcement order for BSA/AML and OFAC regulation compliance
On October 1, the Federal Reserve announced an enforcement action against a Pennsylvania state-chartered bank for deficiencies in the bank’s Bank Secrecy Act (BSA), anti-money laundering (AML), and U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) regulations. The order requires the bank to submit, among other things, (i) a board-approved, written plan to improve oversight of BSA/AML requirements and OFAC regulations; (ii) a written BSA/AML compliance program; (iii) a revised customer due diligence program; (iv) a written suspicious activity monitoring and reporting program; and (iv) a written plan for independent testing of compliance with BSA/AML requirements. The bank was not assessed any monetary penalties.
SEC has “record-setting” whistleblower fiscal year
On September 30, the SEC announced six new whistleblower awards to finish a “record-setting” fiscal year. In the first announcement, the SEC details an award of nearly $30 million to two whistleblowers. The first, received approximately $22 million for providing information that led SEC staff to open and investigation and subsequently “provided substantial, ongoing assistance.” The second whistleblower received approximately $7 million for providing “additional valuable information” during the investigation.
In the second announcement, the SEC details four whistleblower awards totaling nearly $5 million. In the first order, the SEC awarded a whistleblower almost $2.9 million for alerting the agency of “alleged wrongdoing, which would have been difficult to detect in the absence of [the information.” The second order awards a whistleblower more than $1.7 million for providing “ongoing and extensive assistance” to SEC staff. And the third order, awards nearly $400,000 to two whistleblowers for providing a joint tip and “continu[ed] corporation and assistance, including having numerous meetings and discussions with staff.”
Earlier on September 28, the SEC announced an over $1.8 million award to a whistleblower in connection with a successful agency enforcement action. The whistleblower—an unaffiliated company outsider—“expeditiously reported significant information to the Commission about ongoing securities law violations.” According to the SEC, the award illustrates the important role company outsider intelligence can play in halting ongoing violations.
The SEC announced on September 25 two separate whistleblower awards, totaling over $2.5 million, for information regarding overseas conduct. The first, an award for over $1.8 million, was given to a whistleblower for taking “personal and professional risks” by using an internal compliance system at a company to report information. The tip resulted in an internal investigation, revealing overseas conduct that “would otherwise have been hard to detect.” The company then subsequently reported the findings to the SEC. The second whistleblower was awarded $750,000 for reporting concerns internally about securities violations occurring overseas that led to a successful enforcement action.
The SEC has now paid a total of $562 million to 106 individuals since the inception of the program.
Bank settles spoofing charges with CFTC, SEC, and DOJ for nearly $1 billion
On September 29, a global bank and several of its subsidiaries agreed to resolve investigations into allegations that their traders engaged in manipulative trading of metals futures and U.S. Treasury securities using a practice known as spoofing. The CFTC’s order settled charges that numerous bank traders violated federal commodities laws over a period of at least eight years by allegedly placing hundreds of thousands of spoof orders in precious metals and Treasury futures contracts. According to the CFTC announcement, a broker-dealer subsidiary of the bank—a registered futures commission merchant—also allegedly failed to identify, investigate, and stop the misconduct, despite numerous red flags. While neither admitting nor denying any wrongdoing in connection with the CFTC’s allegations, “except to the extent that Respondents admit those findings in any related action against Respondents by, or any agreement with, the [DOJ] or any other governmental agency or office,” the bank and its subsidiaries have agreed to pay a $920 million penalty.
In a parallel matter, the SEC announced the same day that it had reached a settlement with the broker-dealer subsidiary for fraudulently engaging in manipulative trading of Treasury securities. The SEC alleged that the subsidiary traders place non-bona fide orders to buy or sell a particular Treasury security in order “to create a false appearance of buy or sell interest” to “induce other market participants to trade against the bona fide orders at prices that were more favorable to [the broker-dealer subsidiary] than [the broker-dealer subsidiary] otherwise would have been able to obtain.” The broker-dealer subsidiary agreed to the entry of the SEC’s cease-and-desist order, in which it admitted to the SEC’s factual findings and agreed to pay disgorgement of $10 million and a civil penalty of $25 million, which will be offset by amounts paid by the bank and its subsidiaries in parallel DOJ and CFTC actions.
Additionally, the DOJ announced it had entered into a three-year deferred prosecution agreement with the bank to resolve criminal charges of two counts of wire fraud related to the aforementioned allegations. The agreement imposes a payment of more than $920 million, which consists of a criminal monetary penalty, criminal disgorgement, and victim compensation, with the criminal penalty credited towards the equal amount in penalties imposed by the CFTC. The bank and its subsidiaries must also continue to cooperate with any ongoing or future investigations and prosecutions, and it must report evidence or allegations of misconduct that could further violate federal anti-fraud, securities, or commodities statutes. Furthermore, the bank and its subsidiaries are required to enhance internal compliance programs as appropriate.
CFPB, FTC, and states announce debt collection enforcement operation
On September 29, the CFPB, FTC, and more than 50 federal and state law enforcement partners announced a nationwide enforcement and outreach effort titled “Operation Corrupt Collector” to address illegal debt collection practices. As of the date of the announcement, according to the CFPB, the operation includes five cases by the FTC, two cases by the CFPB, and three criminal cases by the DOJ and the U.S. Postal Inspection Service. Moreover, 16 states have also reported actions as part of the operation. Among the five cases brought by the FTC, two were announced in conjunction with the operation. In the first, the FTC brought charges in the U.S. District Court for the District of South Carolina alleging that a debt collection operation (consisting of five entities and three persons) used deceptive tactics to threaten false legal action through the use of robocalls in order to collect debts consumers did not owe or the operation did not have the legal right to collect. In the second, filed with the same district court, FTC alleges a company and its operators, with the assistance of the defendants in the first action, falsely claimed to represent a law firm and threatened consumers with arrest if the debts were not paid. According to the FTC, the district court granted temporary restraining orders against the defendants in both actions.
Virginia AG reaches $1.2 million settlement with internet lender
On September 29, the Virginia attorney general announced a roughly $1.2 million settlement with a Nashville-based online lender to resolve allegations that it violated the Virginia Consumer Protection Act by misrepresenting the method through which consumer disputes would be resolved. According to the AG, the lender offers short-term loans in the form of open-end cash advances carrying periodic interest rates as high as 360 percent. The contracts borrowers sign require the lender to resolve disputes through either arbitration or small claims court; however, the AG claimed that the lender hired counsel, filed nearly 2,000 collection cases against borrowers in general district courts throughout Virginia, and obtained default judgments and accepted payments from garnishees. Under the terms of the settlement, the lender—which does not admit liability—is required to (i) pay restitution of approximately $359,000; (ii) credit “attorney’s fees and costs awarded as part of the judgments, which total in excess of $830,000”; and (iii) pay $10,000 in civil penalties and $10,000 in attorney’s fees. The lender has also agreed to a permanent injunction to prevent the occurrence of future violations.
CFTC reaches $4.5 million settlement with bank over lost audio files
On September 28, the CFTC announced a $4.5 million settlement with a national bank and two affiliated entities to resolve allegations that they failed to preserve audio files, including trader recordings that were subpoenaed in 2017. According to the CFTC, in early 2018 the bank stated that it had directed staff to preserve the recordings and asked for an extension to turn over the requested audio files. The Commission granted the request. In late 2018, the bank, however, said the audio files had been deleted due to a design flaw in its audio preservation system. The CFTC claimed that the bank was aware of the audio-preservation issue as early as 2014. As such, according to the CFTC, the bank “did not maintain adequate internal controls with respect to its preservation of audio and thus failed to diligently supervise matters related to its business as a CFTC registrant.” The entities did not admit or deny the CFTC’s findings, but have agreed to pay the $4.5 million civil penalty plus post-judgment interest.
FDIC releases August enforcement actions
On September 25, the FDIC released a list of administrative enforcement actions taken against banks and individuals in August. During the month, the FDIC issued 13 orders, consisting of “one consent order under 8(b), four orders of prohibition under 8(e), and eight Section 19 orders.” The consent order, issued against a Kansas-based bank, relates to alleged violations of the Bank Secrecy Act (BSA). Among other things, the bank was ordered to (i) terminate all activity related to its foreign financial institution customers, including such activity as funds transfers, remote deposit capture, money service business remittances, Automated Clearing House transfers, and funds transfers to or from any foreign central bank accounts; (ii) establish a directors’ BSA/anti-money laundering (AML) compliance committee; (iii) implement a revised BSA compliance program to address BSA/AML deficiencies, including incorporating internal controls to assure ongoing compliance, as well as training for appropriate personnel; (iv) maintain a BSA/AML internal control structure, including suspicious activity monitoring and reporting, risk assessment, and customer due diligence; (v) contract with a third-party consulting firm to conduct an independent test of the bank’s BSA/AML compliance program; (vi) implement an effective, comprehensive BSA training program for appropriate personnel regarding specific compliance responsibilities; and (vii) conduct a look-back review to ensure certain reportable transactions and suspicious activities were appropriately identified and reported.