Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On September 9, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a roughly $190,000 settlement with a Texas-based company for allegedly knowingly exporting goods, technology, and services in violation of the Iranian Transactions and Sanctions Regulations. According to OFAC’s web notice, between December 2013 and May 2018, the company exported 49 products from the U.S. to two third-country distributors with prior knowledge, or reason to know, that its products were intended specifically for a reseller in Iran. The Iranian reseller then sold three of the exported products to an entity on OFAC’s SDN List, at the time of the relevant exports. On at least three occasions, the company also allegedly provided support, software updates, reseller training, or other services in support of sales to customers located in Iran.
In arriving at the settlement amount, OFAC considered various aggravating factors, including, among other things, that the company: (i) demonstrated reckless disregard for U.S. sanctions regulations by authorizing distribution and support of its goods; (ii) possessed knowledge of the conduct; and (iii) “caused harm to U.S. sanctions objectives by facilitating access to the bank’s products and support services by resellers and users in Iran.”
OFAC also considered various mitigating factors, including, among other things, that the: (i) “volume and total amount of payments underlying the Apparent Violations was not significant compared to [the company’s] overall revenue”; (ii) the company demonstrated remedial actions, including establishing export controls and sanctions compliance policies and procedures; and (iii) the company cooperated with OFAC’s investigation.
On September 7, the Financial Industry Regulatory Authority (FINRA) entered into a Letter of Acceptance, Waiver, and Consent, with a New York-based broker-dealer subsidiary of a global financial services company to resolve allegations that it distributed reports to the firm’s institutional customers that omitted required disclosures or included inaccurate disclosures. Among other things, FINRA alleged that the firm’s failure to implement a supervisory system reasonably designed to achieve compliance with the disclosure requirements and failure to enforce the supervisory procedures it had in place, led to the publication of 60 debt research reports with a total of 333 disclosure omissions. The letter reports that after identifying the issue and reporting it to FINRA, the firm “immediately ceased the production of all debt research and suspended the issuance of equity research.” The firm neither admitted nor denied the findings set forth in the AWC letter but agreed to pay a $175,000 fine.
On September 1, the FTC announced that a data monitoring application and its CEO (collectively, “defendants”) will be permanently banned from the surveillance industry for failing to provide reasonable data security for consumers’ personal information by allegedly “secretly harvesting and sharing data on people’s live location, web use, and online activities through their product’s hidden device hack.” The defendants allegedly sold real-time access to their surveillance system, which allowed stalkers and domestic abusers to “stealthily track” unknowing victims.
According to the complaint, the defendants violated Section 5 of the FTC Act by committing unfair or deceptive business practices in using unauthorized personal information and failing to secure such data in which “victims continue to experience substantial harm, including injury in the form of depression, anxiety, and ongoing fear for one’s safety,” even after the stalking or domestic abuse ended. The complaint detailed the covert monitoring products and services offered by defendants once their application is installed, including capturing and logging: email, SMS messages, call history, GPS location and live location, web history, contacts, pictures, calendar, video chats, files downloaded on the device, notifications, among other functions depending on cost.
Under the terms of the proposed settlement, the defendants are: (i) banned from offering, promoting, selling, or advertising any surveillance app, service, or business; (ii) required to delete any information illegally collected from their apps; and (iii) required to notify owners of devices that their devices might have been monitored and the devices may not be secure. This is the agency’s second case “brought against stalkerware apps, and the first where the FTC is obtaining a ban.” According to a statement released by FTC Commissioner Rohit Chopra, the agency is also “seeking public comment on banning [the defendants] from licensing, marketing, or offering for sale surveillance products,” which is “a significant change from the agency’s past approach.”
On August 26, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a roughly $2.3 million settlement with a UK subsidiary of a Chinese financial institution for allegedly processing transactions in violation of the Sudanese Sanctions Regulations, “which prohibited the exportation, directly or indirectly, to Sudan of any goods, technology, or services from the United States.” According to OFAC’s web notice, between September 2014 and February 2016, the bank processed 111 commercial transactions totaling more than $40 million through U.S. correspondent banks on behalf of parties in Sudan. In conducting a lookback review to identify potential Sudan-related transactions, the bank identified two customers who processed transactions through the U.S. financial system. For both of these customers, the bank’s internal customer database did not reference Sudan in the name or address fields, and messages processed on behalf of these customers by the bank through U.S. banks also failed to include any references to Sudan.
In arriving at the settlement amount, OFAC considered various aggravating factors, including, among other things, that (i) the bank demonstrated reckless disregard for U.S. sanctions regulations by processing the transactions “despite having account and transactional information indicating the Sudanese connection to the accounts and in contravention of the bank’s existing policies and procedures”; (ii) certain bank personnel responsible for processing the transactions knew that the payments were related to entities in Sudan; (iii) the bank conferred economic benefit to a comprehensively sanctioned country; and (iv) the bank “is a commercially sophisticated financial institution that processes transactions internationally.”
OFAC also considered various mitigating factors, including, among other things, that the bank (i) has not received a penalty notice from OFAC in the preceding five years; (ii) self-identified the alleged violations, cooperated with OFAC’s investigation, conducted a lookback, and entered into a tolling agreement; and (iii) has undertaken remedial measures, including enhancing policies and procedures to improve compliance with U.S. sanctions when processing payments through the U.S.
On August 19, the U.S. District Court for the District of Maryland granted preliminary approval of a proposed class action settlement claiming a mortgage company engaged in an allegedly illegal kickback scheme with a title company. According to the memorandum in support of the plaintiffs’ motion for preliminary approval, the title company paid, and the mortgage company received and accepted, kickbacks in exchange for the mortgage company’s “assignment and referral of residential mortgage loans, refinances, and reverse mortgages to [the title company] for title and settlement services.” This conduct, the plaintiffs contended, violated RESPA and RICO. While the mortgage company denied all substantive allegations and liability, the parties reached a proposed settlement, in which class members (defined as borrowers with federal mortgage loans originated by the mortgage company for which the title company provided settlement services) will each receive approximately $3,200 from a $990,000 settlement fund. The preliminarily approved settlement also provides for class counsel fees and expenses and class representative service awards for a total not to exceed roughly $1.27 million.
District Court preliminarily approves $12 million class action settlement over automated mortgage errors
On August 17, the U.S. District Court for the Southern District of Ohio granted preliminary approval of a proposed settlement in a class action that claimed a national bank’s automated mortgage loan modification tools failed to approve borrowers due to technical issues. Class members (defined as borrowers who qualified during a specified time period for a home loan modification or repayment plan pursuant to the requirements of government-sponsored enterprises, FHA, or the Department of Treasury’s Home Affordable Modification Program that “were not offered a home loan modification or repayment plan by [the bank] because of excessive attorneys’ fees being included in the loan modification decision process” and whose homes were not sold in foreclosure) sued the bank alleging it “failed to detect or ignored multiple systematic errors in it automated decision-making software.” This software, class members claimed, is used to create automated calculations and determine whether consumers in default are eligible for loan modifications. According to class members, the bank allegedly “failed to adequately test, audit, and verify that its software was correctly calculating whether customers met threshold requirements for a mortgage modification” and failed to regularly and properly audit its software for compliance with government requirements, thus allowing errors to remain uncorrected. Class members further claimed that the bank apparently took several years to implement new controls and disclose the error. Under the terms of the preliminarily approved settlement, the bank must pay $12 million in relief to the settlement class.
On August 16, the U.S. District Court for the Northern District of Illinois granted preliminary approval of a class action settlement, resolving allegations that a call center hired by a national bank and its merchant processing servicer (collectively, “defendants”) violated California’s Invasion of Privacy Act by recording calls without receiving customers’ permission. Class members, comprised of California businesses who did not sign a contract for merchant processing services with the servicer, filed suit against the defendants in 2016 claiming the call center placed sales appointment calls to the businesses without disclosing that the calls were being recorded. The defendants denied any liability or knowledge of the alleged conduct, and continued to maintain “that there was no principal-agent relationship with [the call center] and, even if there were such a relationship, [the call center] acted outside the scope of its authority by illegally recording calls.” The preliminarily approved settlement will require the defendants to pay $28 million, of which up to $5,000 will be paid for each eligible call that a class member received during the class period.
On July 26, the U.S. District Court for the Northern District of California granted preliminary approval of a proposed supplemental class settlement, adding new class members who were not part of the list of borrowers included in the court’s October 2020 original settlement order. The supplemental settlement provides more than $21.8 million for additional class members who lost their homes after allegedly being denied loan modifications from a national bank. Class members include borrowers who allegedly should have qualified for loan modifications but were not offered a home loan modification or repayment plan “due to excessive attorney’s fees being included in the loan modification decisioning” and “whose home[s] [the bank] sold in foreclosure.” According to the court’s order granting class certification, a software glitch allegedly caused a calculation error, which resulted in certain fees being misstated and led to incorrect mortgage modification denials. The original settlement set aside $1 million to compensate borrowers who endured “severe emotional distress” as a result of the error, and the supplemental settlement will provide new class members the same opportunity to apply for additional settlement amounts.
On July 21, the Mississippi attorney general announced a settlement with an auto finance company to resolve alleged violations of the Mississippi Consumer Protection Act. The AG claimed the auto finance company, among other things, allegedly placed consumers into loans with a high probability of default and engaged in aggressive collection practices. Under the terms of the settlement, the auto finance company will pay $3.7 million to the state, including $1.8 million in consumer restitution, and will stop collecting on loans allegedly extinguished under Mississippi law. Additionally, the auto finance company (i) will account for a borrower’s ability to pay and set a reasonable debt-to-income threshold; (ii) may not require dealers to sell any ancillary products; (iii) will “monitor dealers for possible inflation, power booking, or expense deflation”; (iv) may “not misrepresent a consumer’s prospect of redeeming a vehicle that has been repossessed”; (v) may not require borrowers to make payments through methods requiring additional third-party fees; and (vi) will notify all relevant credit reporting agencies that the borrowers’ debts have been extinguished.
On July 21, the U.S. District Court for the Central District of Illinois granted final approval to a class action data breach settlement, resolving allegations that a grocery chain was responsible for a data breach that exposed the credit card information of consumers. The final settlement (which was preliminarily approved in January) allows class members representing consumers who used a payment card to make a purchase at an impacted point-of-sale device during the security incident to receive reimbursement of up to $225 for out-of-pocket expenses related to the breach, including (i) unreimbursed bank, overdraft, and late fees; (ii) telecommunication charges; (iii) payday loan interest; and (iv) costs related to credit monitoring, identity theft protection, and time spent replacing credit cards and addressing fraudulent charges. Additionally, class members may be awarded up to $5,000 for “extraordinary expenses” resulting from the compromise of personal information. The grocery chain also agreed to “establish and maintain security enhancements that are estimated to cost more than $20 million.” However, the court reduced the attorneys’ fees to $739,000 in the final settlement after determining the initial fee request was too high compared to the overall relief for class members.
- Jonice Gray Tucker to discuss “Updates on Artificial Intelligence Regulations - the U.S. and EU” at the American Bar Association Busines Law Section Meeting
- Jonice Gray Tucker to discuss “Government investigations, and compliance 2021 trends” at the Corporate Counsel Women of Color Career Strategies Conference
- APPROVED Webcast: California debt collection license requirement: Overview and analysis
- Max Bonici to discuss “BSA/AML trends: What to expect with the implementation of the AML Act of 2020” at the American Bar Association Banking Law Fall Meeting
- Jeffrey P. Naimon to discuss “Regulators are gearing up: Are you ready?” at HousingWire Annual
- Amanda R. Lawrence and Elizabeth E. McGinn discuss “U.S. state privacy legislation – Are you compliant?” at the Privacy+Security Forum
- H Joshua Kotin to discuss “Modifications and exiting forbearance” at the National Association of Federal Credit Unions Regulatory Compliance Seminar
- Jonice Gray Tucker and Kari K. Hall to discuss “Consumer Protection Priorities in the Biden Administration and Beyond" at the SWABC and TBA 2021 Legal Conference
- Jonice Gray Tucker to discuss “Fintech trends” at the BIHC Network Elevating Black Excellence Regional Summit
- Jeffrey P. Naimon to discuss "Truth in lending” at the American Bar Association National Institute on Consumer Financial Services Basics
- John R. Coleman and Amanda R. Lawrence to discuss “Consumer financial services government enforcement actions – The CFPB and beyond” at the Government Investigations & Civil Litigation Institute Annual Meeting
- Jonice Gray Tucker to discuss "Consumer financial services" at the Practising Law Institute Banking Law Institute
- Jonice Gray Tucker to discuss “Regulators always ring twice: Responding to a government request” at ALM Legalweek