Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On September 5, NYDFS announced a new investigation into the student debt relief industry. NYDFS is issuing subpoenas to eight student debt relief companies to investigate deceptive practices in the industry, including misrepresenting the ability to achieve debt relief and charging improper fees. According to NYDFS, “deceptive” student debt relief companies charge borrowers high fees to consolidate their multiple student loans, while the U.S. Department of Education will offer the same programs free of charge. NYDFS estimates that New York residents collectively owe over $86 billion in student loans.
On February 25, the CFPB petitioned the U.S. District Court for the Southern District of New York for an order requiring a debt collection law office to comply with a civil investigative demand (CID) issued by the Bureau in June 2017. The CID requested information from the debt collection firm as part of a Bureau investigation into whether debt collectors, furnishers, or other persons associated with the collection of debt and furnishing of information have engaged or are engaging in unfair, deceptive, or abusive acts or practices in violation of the CFPA, FDCPA, and FCRA. According to the petition, the firm partially responded but withheld several responses asserting that doing so would require the firm's principal to violate professional responsibility rules in the states of New York and New Jersey. Withheld information, the Bureau claims, includes telephone calls and written correspondence with indebted consumers, disputes with consumers over the firm's credit reporting activities to third party agencies, and service contracts with creditors on whose behalf the firm collects debt. The Bureau argued that the court should direct the law firm to comply with the CID because, aside from following all applicable procedural requirements for the issuance of a CID contained within the CFPA, it “has shown that the investigation is being conducted for a legitimate purpose, that the inquiries may be relevant to that purpose, that the information sought is not already within the Bureau's possession, and that the administrative steps required by the [CFPA] and its implementing regulations have been followed. . . .” The Bureau further requested an order that the firm show cause and explain why it should not be compelled to comply with the CID.
On December 18, NYDFS announced a $15 million settlement with an international bank and its New York branch resolving allegations stemming from an investigation into the governance, controls, and corporate culture relating to the bank’s whistleblower program. According to the announcement, NYDFS’ investigation determined that several members of senior management failed to follow or apply the bank’s whistleblower policies and procedures, which allegedly allowed the bank’s CEO to attempt to identify the author(s) of two whistleblowing letters criticizing his and bank’s management’s roles in recruiting and employing a recently hired senior executive. Additionally, the investigation found that, in alleged violation of New York Banking Law, the bank (i) failed to devise and implement effective governance and controls with respect to the whistleblower program; and (ii) failed to submit a report to NYDFS immediately upon discovering misconduct.
NYDFS acknowledged the bank’s substantial cooperation in the investigation, including engaging an outside consultant to perform an independent review of the whistleblowing policies, processes, and controls. Additionally NYDFS stated the bank has already addressed certain deficiencies noted in the Consent Order, including implementing (i) procedures which recognize that concerns raised outside whistleblowing channels may nevertheless constitute whistleblows; (ii) procedures which would avoid escalating a whistleblow to the subject of the concern; and (c) procedures to preserve whistleblower anonymity. In addition to the $15 million penalty, the bank must create a written plan to improve compliance and oversight of the whistleblower program and submit a report to NYDFS that contains all instances of whistleblower complaints since January 2017, attempts to identify whistleblowers, and any reported or sustained instances of whistleblower retaliation.
On April 18, the New York Attorney General’s office announced the launch of an initiative designed to protect virtual currency investors and increase transparency and accountability within the cryptocurrency industry. Attorney General Eric T. Schneiderman sent questionnaires to 13 virtual currency trading platforms, requesting information on their operations, policies, and internal controls as part of a “fact-finding inquiry.” “[T]oo often, consumers don't have the basic facts they need to assess the fairness, integrity, and security of these trading platforms,” the Attorney General stated. The Virtual Markets Integrity Initiative asks the trading platforms to disclose several categories of information, including ownership and control information, operation and fees, trading policies and procedures, internal controls, and privacy and money laundering risks and safeguards. Responses will be analyzed, compared across platforms, and presented to the public. Questionnaires are due May 1.
Global Securities Firm Agrees to Pay Million Dollar Penalty Related to Alleged Securities Fraud Scheme
On October 26, the United States Attorney for the District of Connecticut announced a non-prosecution agreement between the office and a global securities firm. The resolution was a result of a government investigation, which concluded that the firm perpetrated a scheme to defraud its customers in trades of residential mortgage-backed securities (RMBS) and collateralized loan obligations (CLOs) between 2008 and 2013. Specifically, the investigation alleges that the firm, (i) misrepresented material facts in trades and monetarily benefited from the misrepresentations; (ii) instructed traders to use fraudulent trading practices; (iii) lied to affected customers who suspected the fraudulent activity; (iv) ignored complaints from its own employees regarding the fraudulent activity; (v) deceived rival broker-dealers in trades by using a purportedly independent propriety trading operation; and (vi) concealed the fraudulent conduct from customers and employees in order to prevent or delay discovery.
The agreement, which was entered into on October 25, requires that the firm pay a $35 million monetary penalty and pay around $9 million in restitution to affected customers.
House Financial Services Committee Issues Second Interim Report on Bureau’s Role in Fraudulent Accounts Scandal Investigation
On September 19, the Majority Committee Staff of the House Financial Services Committee (Committee) released a second interim report and supporting documents on the investigation of the role the CFPB played in detecting and remedying a major national bank’s practice of opening unauthorized bank accounts. As previously covered in InfoBytes, the first interim report, issued June 6, accused Director Richard Cordray, among other things, of failing to cooperate with the Committee’s “comprehensive investigation.” The second interim report claims the CFPB and Director Cordray failed to comply with the Committee’s repeated requests for documents related to the investigation into the bank’s practices, never conducted its own independent investigation (but, instead, “relied primarily, if not exclusively,” on a third party report), and withheld a crucial Recommendation Memorandum from the Committee for over a year that disclosed analysis of the legal and factual components of the Bureau’s investigation, as well as an evaluation of whether to enter into a settlement. The Committee’s accusations also include claims that Director Cordray allegedly misled Congress about the agency's investigation into the bank’s illegal sales practices and may have “rushed” a settlement with the bank, which resulted in a $100 million fine when it was potentially liable for a statutory civil monetary penalty exceeding $10 billion. Chairman Jeb Hensarling (R-Tex.) said in a press release that “[t]he premature suspension of its investigation means that the CFPB also potentially lost the opportunity to discover recently revealed instances of further consumer harm.”
On July 17, FTC Acting Chairman Maureen K. Ohlhausen announced process reforms designed to reduce burden and improve transparency in investigations conducted by its Bureau of Consumer Protection (BCP). The initiative, which is part of the FTC’s reform efforts announced in April of this year, is designed to “protect consumers and promote competition without unduly burdening legitimate business activity.” To streamline information requests for CIDs in consumer protection cases, the BCP intends to:
- Provide plain language descriptions of the CID process and develop business education materials to help small businesses understand how to comply;
- Add detailed descriptions of the scope and purpose of investigations to assist companies in better understanding the information the FTC seeks;
- Limit relevant time periods to minimize undue burden on companies when possible;
- Significantly reduce the length and complexity of CID instructions for providing electronically stored data; and
- Increase response times (for example, 21 days to 30 days for targets, and 14 days to 21 days for third parties) to improve the quality and timeliness of compliance by recipients.
BCP will continue its current practice of communicating with investigation targets at least every six months once the CID has been complied with to provide investigation status updates.
FinCrimes Webinar Series Recap: Conducting an Effective Financial Crimes-Related Internal Investigation
BuckleySandler hosted a webinar, Conducting an Effective Financial Crimes-Related Internal Investigation, on April 23, 2015 as part of their ongoing FinCrimes Webinar Series. Panelists included John Mackessy, Anti-Money Laundering & Trade Sanctions Officer at MasterCard and Saverio Mirarchi, Senior Director at Treliant Risk Advisors and former Chief Compliance and Ethics Officer at Northern Trust. The following is a summary of the guided conversation moderated by Jamie Parkinson, partner at BuckleySandler, and key take-aways you can implement in your company. To request a recording of this webinar, please email Nicole Steckman at firstname.lastname@example.org.
Key Tips and Take-Aways:
- Make sure that the organization has appropriate policies and procedures in place to quickly and efficiently react when an investigation begins.
- Have systems in place to quickly identify the veracity of any allegations and be prepared to begin the internal investigation as soon as possible.
- Be prepared for, and understand the impact of having, a compliance monitor as part of any settlement agreement.
The session began with a discussion of what an organization can do to prepare for an internal investigation. The panel focused on the benefits of preparation and having established policies and procedures in place before an investigation begins. Specifically, the panelists noted the importance of having individual roles and responsibilities outlined and understood at the outset, in order to make the response more efficient. The panelists further noted that with the significant time constraints associated with such an investigation, it is critical that the team be prepared to act immediately. Finally, the panelists highlighted the significance of having effective routes of communication established in the policies and procedures, to ensure that all parties involved know how to proceed when an investigation is initiated. All of this can be in place in the absence of a concern triggering an internal investigation, so the panelists emphasized the steps to take before any concerns arise.
Internal Investigation Leadership and Logistics
The panelists then discussed the variety of approaches an organization can take when it comes to who leads the internal investigation. Specifically, the panelists noted that while there is no one-size fits all approach, the leadership of an internal investigation needs to be transparent from the outset, even if that role is transitioned during the investigation. The panelists suggested numerous approaches to who should run the investigation, including having either a business unit, outside counsel, or the organization’s general counsel be in charge of the investigation.
Conducting the Internal Investigation
Panelists next shifted to discussing the steps involved in conducting an internal investigation. The panel noted that the first critical component of running an internal investigation is obtaining the key information related to the problem, and identifying whether there is any information that the organization does not have. Specifically, the panel highlighted the importance of validating the initial allegations quickly, in order to fully engage with the investigation. The panel also noted the importance of quickly initiating a document hold, especially if the allegation is coming from a reputable source. The panelists highlighted the fact that putting out a document hold too soon is generally a minor problem, whereas any inadvertent destruction of relevant information could pose significant problems down the line. Financial crimes investigations are extremely data-analytics-intensive and may involve vast amounts of data covering many years, so the panelists focused on the role of a data analytics team.
The panelists then discussed the importance of being prepared to deal with a monitor. The panelists noted that with the recent increase in situations where a monitor will be required, it is key for an organization to know how to implement any agreements regarding the monitorship. Specifically, the panelists noted that the organization needs to make sure that they understand the scope of the monitor’s role and how the organization will be able to interact with the monitor. The panel suggested that before signing any monitoring agreement, the document needs to be discussed with compliance, operations, information technology, and any other departments that may be impacted by the monitorship, so that all parties are aware of the operational implications of a monitorship. Finally, the panel added that organizations should make sure to have a contact person or team that handles interactions with the monitor and is able to manage the monitor’s access to documents, in order to establish an effective relationship with the monitor.
Role of Senior Management and the Board
The panel also discussed the role of senior management and the Board of Directors in the internal investigation process. The panelists noted that in all internal investigations, it is important to make sure senior management and the Board are involved. Specifically, the panelists noted that senior management and the Board need to know the severity of the allegations, any related risks, the costs associated with the investigation, and that the investigation is being run properly. Finally, the panelists noted that if the investigation is being run by the general counsel, any communications to senior management and the Board need to be drafted so as to protect privilege.
FTC Settles Suit Against Tribe-Affiliated Lenders; Dispute Over CFPB Investigation Of Tribe-Affiliated Lenders Moves To Federal Court
On April 11, the FTC announced that a tribe-affiliated payday lending operation and its owner agreed to pay nearly $1 million to resolve allegations that they engaged in unfair or deceptive acts or practices and violated the Credit Practices Rule in the collection of payday loans. The FTC alleged that the lenders illegally tried to garnish borrowers’ wages and sought to force borrowers to travel to South Dakota to appear before a tribal court, and that the loan contracts issued by the lenders illegally stated that they are subject solely to the jurisdiction of the Cheyenne River Sioux Tribe. The announced settlement payment includes a $550,000 civil penalty and a court order to disgorge $417,740. The companies and their owner also are prohibited from further unfair and deceptive practices and are barred from suing any consumer in the course of collecting a debt, except for bringing a counter suit to defend against a suit brought by a consumer.
Also on April 11, in a separate matter related to federal authority over tribe-affiliated lending, a group of tribe-affiliated lenders responded in opposition to a recent CFPB petition to enforce civil investigative demands (CIDs) the Bureau issued to the lenders. In September 2013, the CFPB denied the lenders’ joint petition to set aside the CIDs, rejecting the lenders’ primary argument that the CFPB lacks authority over businesses chartered under the sovereign authority of federally recognized Indian Tribes. The lenders subsequently refused to respond to the CIDs, which the CFPB now asks the court to enforce. The CFPB argues that the lenders fall within the CFPB’s investigative authority under the terms of the Consumer Financial Protection Act, which the CFPB argues is a law of general applicability, including with regard to Indian Tribes and their property interests. The lenders continue to assert that they are sovereign entities operating beyond the CFPB’s reach.
On February 26, Senators Jeff Merkley (D-OR), Elizabeth Warren (D-MA), and other Democratic Senators, together with Representatives Elijah Cummings (D-MD), Maxine Waters (D-CA), and other Democratic House members, sent a letter to Attorney General Eric Holder encouraging the DOJ to “continue a vigorous review of potential payment fraud, anti-money-laundering violations, and other illegal conduct involving payments by banks and third-party payment processors.” The lawmakers highlighted a number of specific issues on which the DOJ should focus: (i) know-your-customer obligations, which they believe should include a review of whether a lender holds all required state licenses and follows state lending laws; (ii) use of lead generators, including those that auction consumer data; (iii) high rates of returned, contested, or otherwise failed debits or the regular use of remotely created checks, which they state may indicate payment fraud; and (iv) lenders’ failure to incorporate or maintain a business presence in the U.S., which they assert can be indicative of fraud and other payment system violations, including money-laundering.
- Amanda R. Lawrence to discuss "Data privacy litigation" at the Mortgage Bankers Association Regulatory Compliance Conference
- Brandy A. Hood to discuss "How to ace your TRID exam" at the Mortgage Bankers Association Regulatory Compliance Conference
- Katherine L. Halliday to discuss "UDAP, UDAAP & the Map rule compliance basics" at the Mortgage Bankers Association Regulatory Compliance Conference
- Daniel P. Stipano to discuss "Lessons learned from recent enforcement actions and CMPs" at the ACAMS AML & Financial Crime Conference
- Daniel P. Stipano to discuss "Assessing the CDD final rule: A year of transitions" at the ACAMS AML & Financial Crime Conference
- Jonice Gray Tucker to discuss "HMDA data is out, now what?" at the Mortgage Bankers Association Regulatory Compliance Conference
- Melissa Klimkiewicz to discuss "Navigating FHA rules and regs" at the Mortgage Bankers Association Regulatory Compliance Conference
- Jeffrey P. Naimon to discuss "Washington regulatory overview" at the Mortgage Bankers Association Regulatory Compliance Conference
- Daniel P. Stipano to discuss "Consenting views: Achieving positive outcomes from consent order recovery" at the ACAMS AML & Financial Crime Conference
- APPROVED Webcast: Preparing for 2020 license renewals
- Kathryn L. Ryan to discuss "The state’s role in fintech: Providing an industry framework for innovation" at Lend360
- Daniel P. Stipano to discuss "AML developments: The latest trends, challenges and opportunities" at the American Conference Institute Financial Crime Executive Roundtable
- Marshall T. Bell and Jeffrey P. Naimon to discuss "Truth in lending" at the American Bar Association National Institute on Consumer Financial Services Basics
- Amanda R. Lawrence and Michael A. Rome to discuss "California Consumer Privacy Act compliance" at the Capital Area Compliance Roundtable
- Daniel P. Stipano to discuss "Lessons learned from recent enforcement actions" at the Institute of International Bankers Risk Management and Regulatory Examination/Compliance Seminar
- Daniel P. Stipano to discuss "Customer identification program/customer due diligence/enhanced due diligence" at a National Association of Federal Credit Unions webinar
- Jonice Gray Tucker to discuss "MCCA's blueprint for selling & buying - A pitch workshop for outside counsel" at the Minority Corporate Counsel Association Creating Pathways to Diversity Conference
- Kathryn L. Ryan and Moorari K. Shah to discuss "Today's regulatory environment - Are you in the know?" at the Equipment Leasing and Finance Association Annual Convention
- Kathryn L. Ryan and Tim Lange to discuss "Temporary authority to operate - Are you prepared? Hear what the states are doing" at the RegList Annual Workshop
- Jonice Gray Tucker to discuss "Fintech regulatory developments, crypto-assets, blockchain and digital banking, and consumer issues" at the Practising Law Institute Banking Law Institute
- Amanda R. Lawrence to discuss "How to balance a successful (and stressful) career with greater personal well-being" at the American Bar Association Women in Litigation Joint CLE Conference