InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
District Court issues judgment against student debt relief operation
On June 10, the U.S. District Court for the Central District of California entered a stipulated final judgment and order against an individual defendant who participated in a deceptive debt-relief operation. As previously covered by InfoBytes, in 2019, the Bureau, along with the Minnesota and North Carolina attorneys general, and the Los Angeles City Attorney (together, the “states”), announced an action against the student loan debt relief operation for allegedly deceiving thousands of student-loan borrowers and charging more than $71 million in unlawful advance fees. In the third amended complaint, the Bureau and the states alleged that since at least 2015, the debt relief operation violated the CFPA, TSR, FDCPA, and various state laws by charging and collecting improper advance fees from student loan borrowers prior to providing assistance and receiving payments on the adjusted loans. In addition, the Bureau and the states claimed that the debt relief operation engaged in deceptive practices by, among other things, misrepresenting: (i) the purpose and application of fees they charged; (ii) their ability to obtain loan forgiveness for borrowers; and (iii) their ability to actually lower borrowers’ monthly payments. Moreover, the debt relief operation allegedly failed to inform borrowers that it was their practice to request that the loans be placed in forbearance and also submitted false information to student loan servicers to qualify borrowers for lower payments.
Under the terms of the final judgment, in addition to various forms of injunctive relief, the individual defendant must pay a $1 civil money penalty to the Bureau and $5,000 each to Minnesota, North Carolina, and California. The individual defendant is also “liable, jointly and severally, in the amount of $95,057,757, for the purpose of providing redress to Affected Consumers,” although his obligation to pay this amount is “suspended based on [his] inability to pay.”
DOJ: $4.5 million judgment in case targeting Hispanic homeowners
On June 10, the DOJ announced that the U.S. District Court for the Middle District of Florida entered a consent order against several defendants accused of violating the Fair Housing Act by targeting Hispanic homeowners for predatory mortgage loan modification services. After several Hispanic homeowners filed discrimination complaints with HUD, the agency conducted an investigation, issued charges of discrimination, and referred the matter to the DOJ for litigation. According to the DOJ’s complaint, the defendants targeted Hispanic homeowners with deceptive Spanish-language advertising “that falsely promised to cut their mortgage payments in half” and guaranteed “lower payments in a specific timeframe in exchange for thousands of dollars of upfront fees and continuing monthly fees of as much as $550, which defendants claimed were ‘non-refundable.’” The DOJ further contended that many of the targeted Hispanic homeowners (who had limited English proficiency) were told not to communicate with their lenders and were instructed to stop making monthly mortgage payments; however, the defendants allegedly “did little or nothing to obtain the promised loan modifications,” leading to defaults and foreclosures.
The consent order, reached in partnership with the Civil Rights Division’s Housing Section, enters a nearly $4.6 million judgment (which is mostly suspended) against the defendants to compensate harmed homeowners. Of this amount, $95,000 in total will go to three individuals who intervened as plaintiffs in the DOJ’s lawsuit. Defendants must also pay a $5,000 civil penalty. In addition to monetary relief, the consent order permanently enjoins defendants “from providing any mortgage relief assistance services, including, but not limited to, mortgage loan modification, foreclosure rescue, or foreclosure defense services.” The consent order also imposes training and reporting/recordkeeping requirements for defendants’ other real-estate activities.
District Court approves data breach settlement
On June 8, the U.S. District Court for the Southern District of New York granted a plaintiffs’ motion for final approval of a class action settlement resolving claims that several retail businesses failed to establish reasonable safeguards that led to a data breach. According to the opinion, the plaintiff alleged that a syndicate accessed cardholder information and sold it on the so-called dark web. The plaintiffs also claimed that the breach caused them to spend time monitoring their accounts, safeguarding account information, and, for some plaintiffs, resolving fraudulent charges and withdrawals. The settlement provides for two different levels of payments to affected consumers. Tier 1 claimants, who must provide proof of a payment transaction during the period of the breach and confirm that they spent time monitoring account information after the breach, will receive $30. Tier 2 claimants will be reimbursed for documented out-of-pocket expenses incurred as a result of the breach, such as costs and expenses related to identity theft or fraud, late fees, and unauthorized charges and withdrawals, in an amount not to exceed $5,000. The total amount to be paid to class members is approximately $278,000.
District Court granted final approval of a $63 million data breach settlement
On June 7, the U.S. District Court for the District of Columbia granted final approval of a class action settlement resolving claims that a government agency and its contractor (collectively, defendants) did not detect hackers because they failed to establish reasonable safeguards that led to a data breach. According to the memorandum of law in support of the plaintiff’s motion for preliminary approval, a data breach occurred in June 2015 that compromised financial records, Social Security numbers, and other personal information of anyone who underwent a background check at the agency since 2000. The agency allegedly controlled numerous electronic systems without valid authorizations, failed to implement multi-factor authentication for accessing systems, failed to patch, segment, and continuously monitor systems, and failed to implement centralized data security protocols. According to the plaintiff’s motion, the settlement (if granted final approval) would require the U.S. government to pay $60 million of the settlement fund and the contractor to pay $3 million. The settlement agreement provides that “[e]ach valid claim will be paid at $700, except that if the actual amount of documented loss exceeds $700, the claim will be paid in that amount, up to $10,000.”
OFAC reaches settlement with Puerto Rican bank to resolve Venezuela sanctions violations
On May 27, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a $225,937 settlement with a Puerto Rican bank for allegedly violating the Venezuela Sanctions Regulations. According to OFAC’s web notice, the bank allegedly processed 337 transactions totaling $853,126 on behalf of two low level employees of the Government of Venezuela (GoV). The apparent violations allegedly resulted from the bank’s maintenance of four personal accounts operated by these two employees that should have been blocked by Executive Order (E.O.) 13884 (which blocks property and interests in property of the GoV, including “‘any person owned or controlled, directly or indirectly,’ by the GoV, and ‘any person who has acted or purported to act directly or indirectly for or on behalf of’ any such entity”). OFAC stated that the two GoV individuals also did not meet the criteria for authorized transaction exemptions under General License 34A and found that the bank failed to identify the customers for 14 months following the issuance of E.O. 13884.
In arriving at the settlement amount, OFAC considered various aggravating factors, including, among other things, that (i) the bank maintained documentation showing that the two individuals were low-level GoV employees but delayed identifying them; and (ii) the bank has more than $61 billion in assets. OFAC also considered various mitigating factors, including that the bank (i) took remedial action to ensure compliance with OFAC sanctions; (ii) created more robust sanctions-related procedures; (iii) developed additional resources and guidance in connection to sanctions alert review and disposition; (iv) added staff to oversee OFAC sanctions matters; (v) reviewed policies and procedures for identifying, reviewing, and reporting transactions that violate OFAC’s regulations; and (vi) enhanced its sanctions screening trainings. The bank also voluntarily self-disclosed the apparent violations to OFAC and cooperated with OFAC’s investigation.
Providing context for the settlement, OFAC stated that this action “demonstrates the importance of financial institutions conducting timely due diligence…following the issuance of new sanctions prohibitions.”
District Court preliminarily approves $2 million debt collection settlement over garnishment issuance fees
On May 24, the U.S. District Court for the District of Oregon preliminarily approved a class action settlement resolving claims concerning a debt collection agency’s $45 garnishment “issuance fee.” According to the plaintiffs, the defendant issued garnishments to debtors’ employers and banks through its in-house attorneys to collect revenue for outstanding debts. While Oregon law allows debt collectors to charge fees as a means of compensating for the expense of hiring attorneys who issue such garnishments, the plaintiffs contended that the defendant’s “$45 fee is an abuse of the cost recovery statute because using in-house attorneys relieves defendant from ever incurring such an expense.” The plaintiffs alleged violations of the FDCPA, Oregon’s Unlawful Trade Practices Act, and Oregon’s Unlawful Debt Collection Practices Act. While the defendant denied any wrongdoing as part of the preliminarily approved settlement, it has agreed to pay $2 million to settle the claims. Class members, defined as more than 10,000 Oregonians allegedly injured by the $45 issuance fees between January 2018 and September 2019, will each receive “an amount three times greater than the actual damages caused originally by Defendant’s issuance fees.”
District Court enters consent order in 2016 CFPB structured settlement action
On May 18, the U.S. District Court for the District of Maryland approved a consent order against defendants in an action concerning allegedly unfair, abusive, and deceptive structured settlement practices. As previously covered by InfoBytes, in 2016 the Bureau initiated an enforcement action against the defendants alleging that they violated the CFPA by employing abusive practices when purchasing structured settlements from consumers in exchange for lump-sum payments. According to the Bureau, the defendants encouraged consumers to take advances on their structured settlements and falsely represented that the consumers were obligated to complete the structured settlement sale, “even if they [later] realized it was not in their best interest.” In July 2021, the court denied the defendants’ motions to dismiss the Bureau’s amended complaint, which argued that the enforcement action was barred by the U.S. Supreme Court’s decision in Seila Law LLC v. CFPB, which held that the director’s for-cause removal provision was unconstitutional (covered by a Buckley Special Alert). The defendants had also argued that that the ratification of the enforcement action “came too late” because the statute of limitations on the CFPA claims had already expired (covered by InfoBytes here). Under the terms of the May 18 consent order, the individual defendant, who “had an ownership interest in [the company] and served in executive positions at [the defendants] from their inception to their dissolution" is prohibited from, among other things, participating or assisting others in participating in transfer of payment streams from structured-settlement holders and referring consumers to a specific individual or for-profit entity for advice concerning any structured-settlement transaction, including for independent professional advice. The individual defendant must also pay a $5,000 civil money penalty.
Social media company to pay $150 million to settle FTC, DOJ data security probe
On May 25, the DOJ filed a complaint on behalf of the FTC against a global social media company for allegedly misusing users’ phone numbers and email addresses uploaded for security purposes to target users with ads. (See also FTC press release here.) According to the complaint, the defendant deceived users about the extent to which it maintained and protected the security and privacy of users’ nonpublic contact information. Specifically, from May 2013 to September 2019, the defendant asked users to provide either a phone number or an email address to improve account security. The defendant, however, allegedly failed to inform the more than 140 million users who provided phone numbers or email addresses that their information would also be used for targeted advertising. The FTC claimed the defendant used the collected information to allow advertisers to target specific ads to specific users by matching the phone numbers or email addresses with data they already had or obtained from data brokers. DOJ’s complaint alleged that the defendant’s conduct violated the FTC Act and the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield agreements, which require participating countries to adhere to certain privacy principles in order to legally transfer data from EU countries and Switzerland. This conduct also allegedly violated a 2011 FTC consent order with the defendant stemming from claims that the defendant deceived users and put their privacy at risk by failing to safeguard their personal information. According to DOJ’s complaint, the 2011 order “specifically prohibits the company from making misrepresentations regarding the security of nonpublic consumer information.”
Under the terms of the proposed order, the defendant would be required to pay a $150 million civil penalty and implement robust compliance measures to improve its data privacy practices. According to the FTC and DOJ announcements, these measures would (i) “allow users to use other multi-factor authentication methods such as mobile authentication apps or security keys that do not require users to provide their telephone numbers”; (ii) require the defendant to “notify users that it misused phone numbers and email addresses collected for account security to also target ads to them and provide information about [its] privacy and security controls”; (iii) require the defendant to implement and maintain a comprehensive privacy and information security program, including conducting “a privacy review with a written report prior to implementing any new product or service that collects users’ private information,” regularly testing its data privacy safeguards, and obtaining regular independent assessments of its data privacy program; (iv) limit employee access to users’ personal data; and (v) require the defendant to notify the FTC should it experience a data breach, and provide reports after any data privacy incident affecting 250 or more users. Additionally, the defendant would be banned from profiting from deceptively collected data.
District Court issues judgment against student debt relief operation
On May 24, the U.S. District Court for the Central District of California entered a stipulated final judgment and order against an individual defendant who participated in a deceptive debt-relief enterprise operation. As previously covered by InfoBytes, in 2019, the CFPB, along with the Minnesota and North Carolina attorneys general, and the Los Angeles City Attorney (together, the “states”), announced an action against the student loan debt relief operation for allegedly deceiving thousands of student-loan borrowers and charging more than $71 million in unlawful advance fees. In the third amended complaint, the Bureau and the states alleged that since at least 2015 the debt relief operation violated the CFPA, TSR, FDCPA, and various state laws by charging and collecting improper advance fees from student loan borrowers prior to providing assistance and receiving payments on the adjusted loans. In addition, the Bureau and the states claimed that the debt relief operation engaged in deceptive practices by misrepresenting, among other things: (i) the purpose and application of fees they charged; (ii) their ability to obtain loan forgiveness for borrowers; and (iii) their ability to actually lower borrowers’ monthly payments. Moreover, the debt relief operation allegedly failed to inform borrowers that it was their practice to request that the loans be placed in forbearance and also submitted false information to student loan servicers to qualify borrowers for lower payments. Under the terms of the final judgment, the individual defendant must pay a $483,662 civil money penalty to the Bureau.
CFPB, New York reach $4 million settlement with debt collection operation
On May 25, the U.S. District Court for the Western District of New York entered a stipulated final judgment and order in an action taken by the CFPB, in partnership with the New York attorney general, resolving allegations that a debt collection operation based near Buffalo, New York, which includes six companies, three owners, and two managers (collectively, “defendants”), engaged in deceptive tactics to induce consumer payments. (See also CFPB press release here.) As previously covered by InfoBytes, the CFPB filed a complaint in 2020 against the defendants for allegedly violating the CFPA, FDCPA, and various New York laws by using illegal tactics to induce consumer payments, such as (i) threatening arrest and imprisonment; (ii) claiming consumers owed more debt than they actually did; (iii) threatening to contact employers about the existence of the debt; (iv) harassing consumers and third parties by using “intimidating, menacing, or belittling language”; and (v) failing to provide debt verification notices. Under the terms of the settlement, the defendants must pay a $2 million penalty to the CFPB and a $2 million penalty to the New York AG. The judgment provides that if the defendants fail to make timely payments, each penalty amount would increase to $2.5 million. The judgment also permanently bans the defendants from engaging in debt collection operations and prohibits them from engaging in deceptive practices in connection with consumer financial products or services.