Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On February 23, the CFPB released a supervisory designation over a nonbank, small-loan consumer finance company (the Company). This is the first time the CFPB has used its authority under Section 1024(a)(1)(C) of the Consumer Financial Protection Act (CFPA) to designate a company for supervision based on a determination that the company’s conduct poses “risk to consumers” after a contested proceeding. This provision of the CFPA only required the CFPB to have “reasonable cause to determine” that a covered person’s conduct posed risks to consumers––which the CFPB stated is a “less demanding” legal standard than the preponderance-of-the-evidence standard generally used in civil proceedings.
The CFPB described the relevant statutory framework of the proceeding with particularity since this proceeding was “one of the first” under Section 1024(a)(1)(C). The CFPB found the company to be a covered person and stated that the CFPB had reasonable cause to determine that the Company’s conduct poses risks to consumers, including its alleged bundling of loans with insurance coverage, harmful collection practices, inaccurate credit reporting, and serial refinancing. The CFPB alleged that consumer complaints are sufficient to establish reasonable cause that the Company’s actions put consumers at risk.
On August 25, the SEC announced a whistleblower award of $18 million to a whistleblower who provided new information and assistance that led to a successful SEC enforcement action. According to the redacted order, the whistleblower provided additional helpful information and substantial, continuing assistance that helped the SEC staff saved f time and resources during the investigation. In the same order, the Commission affirmed the denial of a second claimant’s award claims after claimant 2 argued that they were the source of the original information that led to the opening of the investigation. The SEC determined that they had insufficient evidence to support their claims and that the Commission’s staff used claimant 1’s information, not claimant 2’s. Moreover, the claimant 2 did not satisfy “Rule 21F-4(c)(3), as Claimant 2 did not submit information to the Commission within 120 days of reporting it to the Company. Claimant 2 submitted information to the Commission after the Covered Action was filed and settled.”
On August 4, the SEC announced awards totaling more than $104 million to seven whistleblowers whose information and assistance led to a successful SEC enforcement action, as well as two related actions brought by another agency. According to the Press Release, “the seven whistleblowers were composed of two sets of joint claimants and three single claimants, and each provided information that either prompted the opening of or significantly contributed to an SEC investigation.” The seven claimants contributed assistance including providing documentation to support the allegations, identifying potential witnesses, and sitting for interviews. According to the redacted order, Claimants 1 and 2, both foreign nationals, provided information that in part caused the SEC to open the investigation that led to the charges. The whistleblowers also provided substantial ongoing assistance, including providing multiple written submissions, communications, and interviews, the SEC said, finding also that the whistleblower satisfied the requirements under Rules 21-F-3(b) for related actions awards as the related successful enforcement actions were partly based on the same information provided to the Commission. However, in the same order, the SEC affirmed the denial of two other claimants’ award claims after determining, among other things, that the individuals did not submit information leading to the successful enforcement of the covered action.
On July 12, the SEC announced a whistleblower award totaling approximately $9 million to a claimant who provided information and assistance that led to a successful enforcement action. According to the redacted order, the claimant “repeatedly raised concerns internally” and “provided highly significant and detailed information that alerted enforcement staff to the underlying conduct, prompting the opening of the investigation.” The claimant then “provided critical and ongoing assistance throughout the investigation, including meeting with [e]nforcement staff multiple times.” As a result of that information and assistance, “millions of dollars have been returned to harmed investors.”
On May 5, the SEC announced the Commission’s largest-ever award—nearly $279 million—awarded to a whistleblower for providing information and assistance leading to the successful enforcement of SEC and related actions. The SEC noted that this award is more than double the previous record-holding $114 award issued in October 2020. According to the redacted order, the whistleblower voluntarily provided original information, which caused enforcement staff to expand the scope of the investigation and saved the SEC significant time and resources. The whistleblower also provided substantial ongoing assistance, including providing multiple written submissions, communications, and interviews, the SEC said, finding also that the whistleblower satisfied the requirements under Rules 21-F-3(b)(1) for related actions awards as the related successful enforcement actions were partly based on the same information provided to the Commission. However, in the same order, the SEC affirmed denial of two other claimants’ award claims after determining, among other things, that the individuals did not submit information leading to the successful enforcement of the covered action.
The CFPB recently denied a lender’s request to set aside or modify a civil investigative demand (CID) issued in January related to its short-term and small-dollar lending practices. The lender’s redacted petition asserted that it “is a small business that is barely getting by” and that it has already provided documents and information, as well as corporate testimony from the lender’s CEO/chief compliance officer. Maintaining that the CID is overly broad, unduly burdensome, and contains “many deficiencies,” the lender stated that requests made to the Bureau to withdraw the CID, narrow its focus, or raise specific concerns have not been answered. Rather, the lender claimed it was expected to incur further expenses to comply with requests that “it cannot be expected to make sense of” and that “would almost certainly result in financial ruin.”
In denying the request, the Bureau stated that the lender did not meaningfully engage in the required meet-and-confer process, and informed the lender that, by regulation, it “will not consider a petition to set aside a CID where the petitioner does not first attempt to resolve any objections it has through good-faith negotiation with the Bureau’s investigators.” According to the Bureau, during the meet-and-confer, the lender refused to submit requested information and did not propose any modifications to the CID that would reduce the burden while still ensuring the necessary information would be provided. The Bureau also refuted the lender’s claims that the CID was overly broad, stating that it was seeking information that was “reasonably relevant” to a lawful purpose, i.e. information about its business practices as a short-term and small-dollar lender, employees in possession of relevant information, employee performance metrics, and consumers who took out loans. Obtaining information on the lender’s servicing and collection practices will “shed light on whether the representations it made about the nature and true costs of the loans were deceptive and whether the company improperly induced consumers to renew loans,” the Bureau maintained. The Bureau also disagreed with the assertion that the CID was unduly burdensome, stating that the lender, among other things, failed to establish that complying with the CID would impose excessive financial costs.
The Bureau directed the lender to comply with the CID within 14 days of the order.
On January 19, the SEC announced three whistleblower awards totaling approximately $18 million to claimants who provided information and assistance that led to a successful enforcement action. According to the redacted order, the first whistleblower voluntarily provided detailed and significant information that prompted the opening of an investigation into a fraudulent scheme and had a significant impact on the overall success of the enforcement action. The whistleblower’s assistance saved staff time and resources, the SEC said, adding that the second and third whistleblowers voluntarily provided timely information later in the investigation that also significantly contributed to the enforcement action’s success.
On December 19, the SEC announced an award totaling nearly $37 million to a whistleblower whose new information and assistance led to a successful SEC enforcement and related action. According to the redacted order, the whistleblower was the initial source of the company’s internal investigation, as well as the source for investigations by the SEC and another agency. The order also noted that although the company reported the alleged conduct, the whistleblower received credit for initiating the investigations because the whistleblower provided the same information to the SEC within 120 days of providing it internally.
On October 3, the DOJ announced that the U.S.-UK Data Access Agreement (Agreement) is now in effect. According to the DOJ, the Agreement, authorized by the Clarifying Lawful Overseas Use of Data (CLOUD) Act, is the first of its kind and will allow investigators from each country to gain better access to vital data to combat serious crime in a manner “consistent with privacy and civil liberties standards.” Under the Agreement, “service providers in one country may respond to qualifying, lawful orders for electronic data issued by the other country, without fear of running afoul of restrictions on cross-border disclosures,” the DOJ said. The Agreement is intended to foster “more timely and efficient access to electronic data required in fast-moving investigations through the use of orders covered by the Agreement,” and will greatly improve the two countries’ ability “to prevent, detect, investigate, and prosecute serious crime, including terrorism, transnational organized crime, and child exploitation, among others.” U.S. and UK officials are required to meet numerous requirements in order to invoke the Agreement, such as orders must relate to a serious crime and may not target persons located in the country for which the order is submitted. Authorities in both countries must also follow agreed upon requirements, limitations, and conditions when obtaining and using data obtained under the Agreement. The DOJ’s Office of International Affairs has been selected as the designated authority responsible for implementing the Agreement in the U.S. and “has created a CLOUD team to review and certify orders that comply with the Agreement on behalf of federal, state, local, and territorial authorities located in the United States, transmit certified orders directly to UK service providers, and arrange for the return of responsive data to the requesting authorities.”
On March 11, the SEC announced that it awarded a whistleblower nearly $14 million for exposing ongoing fraud by publishing on online report. According to the redacted order, the whistleblower voluntarily provided original information and prompted the opening of an investigation, which resulted in a successful enforcement action against the company and its CEO and the return of millions of dollars to harmed investors.
The SEC has awarded approximately $1.2 billion to 249 individuals since issuing its first award in 2012.