Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On January 10, a California-chartered finance company with its principal place of business in Manila, Philippines filed an action to enjoin the CFPB from, among other things, disclosing the existence of an investigation of the plaintiff and taking any action against the plaintiff unless and until the CFPB is constitutionally structured. John Doe Co. v. CFPB, D.D.C., No. 17-cv-00049 (D.D.C. Jan. 10, 2017). The action was prompted, in part, by the recent PHH v. CFPB decision in which the court held that the CFPB’s single director leadership structure is unconstitutional and, thus, that the agency must operate as an executive agency supervised by the President. Here, the John Doe plaintiff argues that because the CFPB has requested review of the PHH decision, the court’s remedy in regarding the CFPB’s structure has not taken effect and thus agency is operating in violation of the Constitution. Therefore, plaintiff asserts, the CFPB can take no further action against it—including publication of the CFPB’s investigation of plaintiff or initiation of enforcement action against plaintiff.
We note, that on the same day the plaintiff filed its complaint, the court issued an order reflecting its decision that the plaintiff be able to proceed in its action against the CFPB under a pseudonym. In so doing, the court noted that where a company has filed an action to protect against the government’s disclosure of its identity, it would be “counterintuitive that a court should require that same company to disclose its identity in the parallel court proceedings.” Judge Rudolph Contreras of the U.S. District Court for the District of Columbia has given the CFPB until Jan. 25 to respond to the company’s complaint and motion to proceed under a pseudonym.
On January 18, the CFPB initiated an enforcement action against the nation’s largest student loan servicer based upon alleged violations of the CPA, FCRA, and FDCPA. In a complaint filed with the Middle District of Pennsylvania, the Bureau charged that the student lender “systematically and illegally” created “obstacles to repayment” and “cheated” many borrowers out of their rights to lower repayments, causing them to pay much more than they had to for their loans. The CFPB “seeks to obtain permanent injunctive relief, restitution, refunds, damages, civil money penalties, and other relief.”
Later that day, the lender issued a statement categorically rejecting the CFPB's charges, explaining: “[T]he suit improperly seeks to impose penalties  based on new servicing standards applied retroactively and applied only against one servicer. The regulator-asserted standards are inconsistent with Department of Education regulations, and will harm student loan borrowers, including through higher defaults.” The company also noted that “the timing of this lawsuit—midnight action filed on the eve of a new administration—reflects their political motivations.”
On January 17, the Department of Justice (DOJ) announced a $7.2 billion settlement with Germany’s largest lender, resolving federal civil claims that a German global bank misled investors in the packaging, securitization, marketing, sale and issuance of residential mortgage-backed securities (RMBS) between 2006 and 2007. Under the terms of the settlement agreement, the bank must pay a $3.1 billion civil penalty under the Financial Institutions Reform, Recovery and Enforcement Act (FIRREA), and must provide $4.1 billion in consumer relief. The DOJ described the settlement as “one of the largest FIRREA penalties ever paid.”
As a part of the settlement, the bank acknowledged misleading investors in the packaging, securitization, marketing, sale, and issuance of RMBS. Pursuant to the agreement, an independent monitor will determine whether the bank has satisfied its consumer relief obligations. In connection with the settlement, the DOJ released an appendix containing credit and compliance due diligence results from a selection of the bank’s RMBS, along with a list of the RMBS at issue. The settlement— described by the DOJ as “one of the largest FIRREA penalties ever paid”—does not release any individuals from potential criminal or civil liability. The bank has agreed to fully cooperate with investigations related to the conduct covered by the agreement.
OFAC Settles with Canadian Bank for Apparent Violations of Cuban Assets Control Regulations and Iran Sanctions
On January 13, Treasury’s Office of Foreign Asset Control (OFAC) announced a $516,105 settlement agreement with a Canadian-based bank and its online-brokerage subsidiaries in connection with accounts held and transactions processed on behalf of certain Specially Designated Nationals and Blocked Persons located in Cuba, Iran and other locations in the Middle East. OFAC also identified general “shortcomings in the bank’s OFAC compliance policies, procedures, and programs” including the bank’s failure to screen for any potential nexus to an OFAC-sanctioned country or entity prior to processing related transactions through the U.S. financial system and occurring due to shortcomings in the banks policies and procedures. The settlement agreement does, however, note that the Apparent Violations constituted a non-egregious case, that the Bank voluntarily self-disclosed the Apparent Violations, and that the applicable total base penalty amount for the apparent violations was $955,750—well above the $516,105 amount OFAC assessed.
Notably, in the agreement’s concluding paragraph, OFAC highlights, as a general matter, the risks associated with both “subsidiaries in high-risk industries–such as securities firms” and, in particular “online payment platforms when the financial institution is unable to restrict access for individuals and entities located in comprehensively sanctioned countries.”
On January 9, the CFPB entered into a Consent Order and Stipulation against two medical debt-collection law firms and their president for alleged violations of the FDCPA and FCRA. Based on these allegations, the CFPB ordered the Respondents to provide $577,135 in relief to affected consumers, correct their business practices, and pay a $78,800 civil money penalty. According to the allegations set forth in the consent order, between January 2012 and August 2016, debt collectors working for the firms violated the FDCPA by giving the false impression that the firm’s “Demand Letters were from an attorney or that the firm’s attorneys were meaningfully involved in reviewing the consumer’s case or had reached a professional judgment that sending a Demand Letter or making a collection call was warranted.” The Bureau also found that the firms notarized consumer affidavits for use in debt-collection lawsuits without properly verifying the truth of the signature. The CFPB also alleged that the firms violated FCRA’s Regulation V by failing to establish, implement, and periodically review and update reasonable written policies and procedures regarding the accuracy and integrity of consumer information furnished to consumer reporting agencies.
On January 11, the OCC reported that it has ordered a large London-based bank to pay $32.5 million to settle claims that the bank failed to properly follow the regulator’s orders to improve mortgage foreclosure practices that led to borrowers being harmed after the 2008 credit crisis. Specifically, the OCC had accused the bank in 2015 of failing to meet the demands it had agreed to, and the agency imposed certain additional restrictions on the company’s mortgage-servicing abilities until it fixed the alleged shortcomings. The regulator also noted that the bank had failed to properly file documents in certain bankruptcy cases after the orders (for which it was ordered to pay $3.5 million in remediation to borrowers). The OCC confirmed, however, that the bank is now in compliance with all OCC orders related to the alleged foreclosure practices.
On January 12, Treasury’s Office of Foreign Asset Control (OFAC) announced a $17,500 settlement agreement with Aban Offshoe Limited ("Aban") of Chennai, India, in connection with an alleged violation of Iranian Transactions and Sanctions Regulations. The alleged violation arises out of events that occurred in June 2008, when Aban's Singapore subsidiary allegedly placed an order for oil rig supplies from a vendor in the United States with the intended purpose of re-exporting these supplies from the United Arab Emirates to a jack-up oil drilling rig located in the South Pars Gas Fields in Iranian territorial waters. OFAC noted, among other things, that the alleged violation constitutes a non-egregious case, but that Aban did not voluntarily self-disclose the apparent violation.
On December 30, the FDIC announced new regulatory actions against a Florida-based bank. Along with the Florida Office of Financial Regulation, the FDIC issued a new Consent Order against the $121.5 million-asset bank, based on allegations that the bank had engaged in “unsafe or unsound” banking practices, or practices which constituted a violation of law or regulation in the following areas: (i) weakness in asset quality, (ii) capital adequacy, earnings, (iii) management effectiveness, (iv) liquidity, (v) sensitivity to market risk, and (vi) compliance with the Bank Secrecy Act (BSA).
Among other things, the Order notes that the bank currently falls short of FDIC requirements for qualifying as “well capitalized,” qualifying merely as “adequately capitalized,” and therefore must boost its capital levels or face continued restrictions on its operations. The Order also states that the bank—which consented to the Order without admitting or denying the charges—now has 120 days to meet its capital requirements and 60 days to submit a capital plan to both: (i) achieve and maintain the capital requirements; and (ii) provide for a contingency plan to sell or merge the bank.
On December 28, FINRA entered into an acceptance, waiver, and consent (AWC) agreement with a Puerto-Rican-based brokerage firm based upon allegations that the firm’s anti-money laundering (AML) program “was not reasonably designed to achieve and monitor compliance with the requirements of the Bank Secrecy Act.” In deciding to levy a $5.75 million fine, FINRA noted, among other things, that the firm improperly “relied on manual supervisory review of securities transactions” that was “not sufficiently focused on AML risks.” The firm neither admitted nor denied the findings set forth in the AWC agreement, but agreed to address deficiencies in their AML program within 180 days. According to a firm spokeswoman, the firm is “pleased to have this matter from 2013 resolved and we continue to improve, manage and monitor our AML efforts.”
FTC Files Complaint Against Device Maker Concerning Alleged Failures to Reasonably Secure Routers and Internet Protocol (IP) Cameras
On January 5, the FTC announced that it was initiating and enforcement action against a Taiwanese computer networking equipment manufacturer and its U.S. subsidiary. In a complaint filed with the Northern District of California, the FTC charged that the device-manufacturer failed to take reasonable steps to secure its routers and Internet Protocol (IP) cameras, potentially compromising sensitive consumer information, including live video and audio feeds from D-Link IP cameras. Specifically, the FTC alleged that hackers could exploit these vulnerabilities using any of several “simple methods.”
According to its press release, the complaint filed today is part of broader FTC’s efforts to protect consumers’ privacy and security in the “Internet of Things” (IoT), which includes cases the agency has brought against a computer hardware manufacturer, and a marketer of video cameras. In a statement, Jessica Rich, director of the FTC’s Bureau of Consumer Protection, explained “[h]ackers are increasingly targeting consumer routers and IP cameras -- and the consequences for consumers can include device compromise and exposure of their sensitive personal information.” Accordingly, Ms. Rich explained further, “[w]hen manufacturers tell consumers that their equipment is secure, it’s critical that they take the necessary steps to make sure that’s true.” The FTC has provided guidance to IoT companies on how to preserve privacy and security in their products while still innovating and growing IoT technology.
- Sherry-Maria Safchuk to speak on the "California Consumer Privacy Act (CCPA) Workshop" panel at the California Mortgage Banker's 2019 Legal Issues & Regulatory Compliance Conference
- Jon David D. Langlois to discuss "Legal and operational considerations" at the Mortgage Bankers Association's Whole Loan Trading Workshop
- Daniel P. Stipano to discuss “Connecting the dots on your CDD program” at the ABA/ABA Financial Crimes Enforcement Conference
- Daniel P. Stipano to discuss “Beneficial Ownership: You have questions – We have quick answers” at the ABA/ABA Financial Crimes Enforcement Conference
- Daniel P. Stipano to discuss "Risk management in enforcement actions: Managing risk or micromanaging it" at an American Bar Association webinar
- Kari K. Hall and Christopher M. Walczyszyn to speak on the "Understanding updates to Regulation CC to ensure effective check processing" at a National Association of Federal Credit Unions webinar