Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • Large bank agrees to proposed settlement agreement; to be decided in February

    Courts

    On November 27, 2023, a large Canadian bank agreed to pay $15.9 million to accountholders in a proposed settlement agreement stemming from a class action suit in which the bank allegedly charged improper non-sufficient fund (NSF) fees. NSF fees are charges by a financial institution when they decline to make a payment from an accountholder’s account after determining the account lacks sufficient funds. Plaintiffs alleged that from February 2, 2019, to November 27, 2023, the bank charged accountholders multiple NSF fees on a single attempted transaction. In the agreement, the bank continues to deny liability. While an agreement has been reached between the two parties, the agreement has yet to be approved by the courts. A hearing has been scheduled for February 13, 2024, in the Ontario Superior Court of Justice to approve the settlement and award the payouts. Accountholders will receive their payouts, “estimated to be in the range of approximately $88 CAD,” deposited directly to their account with the bank. Under the proposed settlement agreement, the representative plaintiff will receive an honorarium of $10,000. As previously covered by InfoBytes, the FDIC warned that supervised financial institutions that charge multiple NSF fees on re-presented unpaid transactions may face increased regulatory scrutiny and litigation risk.

    Courts Banking Canada Of Interest to Non-US Persons Settlement Class Action Enforcement NSF Fees Fees

  • Crypto platform to pay $22 million to resolve NY AG suit

    Securities

    On December 13, the New York State Supreme Court entered a stipulation and consent order resolving a suit brought in March against a crypto platform for operating as an unregistered broker-dealer, among other things. As previously covered by InfoBytes, the suit was brought by New York State Attorney General Letitia James who noted this was one of the first times a regulator claimed in court that one of the largest cryptocurrencies available in the market qualified as a security.

    As a result of the consent order, the platform is obligated to refund over $16.7 million worth of crypto in its control “by allowing users to withdraw those balances and transferring any remaining balances after ninety days to a third-party fund administrator,” to more than 150,000 investors in New York. In addition, the platform must pay an additional $5.3 million to the state. As part of the agreement, the platform is barred from trading securities and commodities in New York or from making its platform available to New York residents. 

    Securities New York State Attorney General Consent Order Settlement

  • FDIC agrees to settle with CEO and board members after District Court dismissal

    Courts

    On December 7, the U.S. District Court for the Eastern District of Louisiana dismissed a lawsuit brought by the FDIC against the chairman, president and CEO and board members of a state-chartered Louisiana bank after the parties reached a confidential settlement. In 2017, the State of Louisiana closed the bank and appointed the FDIC as the bank’s receiver. According to the DOJ’s press release, the bank’s former chairman, president and CEO was found guilty of 46 counts of bank fraud, conspiracy and other charges related to the bank’s collapse and has been sentenced to 14 years in prison and required to pay $214 million in restitution in August 2023. The FDIC also brought a civil action alleging that the bank’s chairman, president and CEO abused his incremental lending authority and the bank’s board loan committee approved improper credit extensions. The FDIC claimed it was entitled to recover $165 million from the bank in its capacity as its receiver: the loans consisted of $114 million for the bank’s chairman’s alleged commission of “gross negligence and breaches of fiduciary duty” and $51 million for the bank’s “gross negligence in approving other credit extensions.” More specifically, the bank’s chairman, president and CEO “recklessly” approved improper credit extensions, while the bank’s board loan committee violated “prudent business practices” by approving director loans. 

    Courts FDIC DOJ Settlement Loans

  • Healthcare providers reach $3.5 million settlement in FDCPA suit after eight years of litigation

    Courts

    On November 2, two healthcare providers settled with plaintiffs after eight years of litigation between the district court and the U.S. Court of Appeals for the 6th Circuit, stemming from alleged violations of the FDCPA, breach of contract, and violations of the Ohio Consumer Sales Practices Act, among other things. According to the order, the defendants allegedly contacted plaintiffs and their legal counsel, requesting that their legal counsel sign a letter to forego any legal settlement or judgment against the defendants to prevent plaintiffs’ accounts from being sent to collections, despite having plaintiffs’ health insurance information. While the defendants deny any fault, wrongdoing, or liability in connection with the claims, the parties agreed to a settlement amount of $3.5 million, with each claimant receiving a cash payment of $25. The class is comprised of 12,000 individuals with health insurance plans accepted by the healthcare provider who were patients at an Ohio facility from 2009 to 2023, and subsequently made payments or were asked to make payments for their treatment, excluding co-pays or deductibles. Additionally, certain class members will also receive a cash payment equal to fifty percent of the amount paid to the healthcare provider.

    Courts Class Action Debt Collection FDCPA Settlement Sixth Circuit

  • FTC sues fintech firm for deceiving users and making cancelations difficult

    On November 3, the FTC filed suit against a fintech firm within the U.S. Southern District Court of New York.  The FTC alleged the fintech mobile app misled customers, “violated Section 5 of the FTC Act[,] and made it hard to cancel services in violation of the Restore Online Shoppers’ Confidence Act (ROSCA).” However, the FTC and Defendant stipulated the entry of a proposed settlement order that includes a monetary judgment of $18 million for consumer refunds and requires Defendant to stop its deceptive marketing practices and end tactics that prevented customers from canceling services. The first time the FTC had collected civil penalties under ROSCA was in January 2023, as covered by InfoBytes here.

    The FTC’s complaint alleges that consumers were deceived into signing up for a $250 cash advance, but many users were unable to receive any money at all. Furthermore, consumers had to have first entered a $9.99 monthly membership––regardless of whether they qualified for the $250 or not. Further, if a user wished to cancel their monthly membership, the fintech firm employed “dark” and manipulative design tricks to “create a confusing and misleading cancellation process that prevented consumers from canceling their subscriptions.” The FTC’s proposed settlement order must first be approved by a federal judge before it can go into effect.

    Bank Regulatory FTC Consumer Finance Settlement

  • Healthcare clearinghouse settles for $1.4M over data breach

    Privacy, Cyber Risk & Data Security

    On October 17, a healthcare clearinghouse reached a $1.4 million settlement with a coalition of 33 state attorneys general for allegedly exposing the protected health information of approximately 1.5 million consumers. As a health care clearinghouse, the company facilitates transactions between health care providers and insurers. The states began investigating the company in 2019, when the U.S. Department of Health and Human Services discovered that personal health information maintained by the company was available through search engines, which appeared to be the result of a coding error by the company. According to the states, after the company was alerted to the breach, it delayed notification to impacted customers for over three months and sent notices to impacted consumers that were vague and confusing. Under the settlement, in addition to the $1.4 million payment, the company agreed to overhaul its data security and breach notification practices. The multistate coalition was led by the Indiana Attorney General’s Office.

    Privacy, Cyber Risk & Data Security Data Breach State Attorney General Settlement Indiana

  • Payments processor fined $20 million by State Money Transmission Regulators and State AGs

    State Issues

    On October 16, a national payment processor entered into two settlement agreements totaling $20 million with 44 state and territory money transmission regulators and 50 state and territory attorneys general to resolve issues stemming from alleged erroneous payment transactions.  The alleged erroneous payments involved the mistaken initiation of payments on behalf of almost 480,000 mortgage borrowers, with the total amount at issue totaling nearly $2.4 billion.

    According to the settlement entered into between the payment processor and the money transmission regulators, who were working through the Multi-State Money Service Business Examination Taskforce, the mistaken payments resulted from a breakdown of internal data security controls that allowed customer data intended for use in the testing of processing code to trigger actual payments.  The payment processor, who regularly provided payment processing services to a large residential mortgage lending and servicing company, was using actual customer mortgage payment data for test purposes.  As alleged in the settlement, it was determined that in the process of conducting testing on processing code to optimize the payment processors’ payment platform, more than 1.4 million payment entries were unintentionally and erroneously processed.  This erroneous payment processing was said to be primarily the result of “circumvention of internal data security controls and a lack of segregation between internal production and testing environments.”

    The settlement reached with the money transmission regulators requires the payment processor to maintain a comprehensive risk and compliance program and to provide regular reporting to a state regulator monitoring committee to ensure the adequacy of its risk management programs. 

    Under the terms of the settlement with the money transmission regulators, the payment processor is required to pay a total of $10 million, with approximately $9.5 million of that total being shared evenly by each participating state, with the remaining roughly $500,000 being used to cover the administrative costs of the investigating states.  Under the agreement with the state attorneys general, the payment processor is required to pay an additional $10 million to the various participating states and territories.  These amounts are in addition to the $25 million fine previously agreed to in the CFPB Consent Order, bringing the total amount to be paid by the payment processor to $45 million.

    State Issues Settlement DFPI Enforcement Mortgages

  • FTC settles with bankrupt crypto company and bans asset management

    Federal Issues

    On October 12, the FTC announced it has reached a settlement with a bankrupt crypto company, which will permanently ban the company from managing consumer assets. According to the federal court complaint, the FTC alleged that from at least 2018, respondent attracted customers by promising their deposits would be secure, but when the company failed, consumers lost access to significant assets, resulting in over $1 billion in cryptocurrency asset losses.  The FTC alleges violations of the FTC Act and the Gramm-Leach-Bliley Act's prohibition on obtaining financial information through false statements.  Respondent allegedly misled consumers by claiming their assets were safe on the platform, stating that "YOUR USD IS FDIC INSURED." However, respondent is not a bank and the deposits were not eligible for FDIC insurance. The FTC complaint also alleged that the FDIC does not insure cryptocurrency assets, and consumers' cash deposits were placed in an account held by respondent at a traditional bank. Consumers' funds were protected only if that bank failed, but their cryptocurrency was not protected at all.

    The proposed settlement with respondent and its affiliates permanently bans them from offering, marketing, or promoting any product or service related to depositing, exchanging, investing, or withdrawing assets. Respondent and its affiliates have agreed to a judgment of $1.65 billion, which will be suspended to allow the bankrupt company to return its remaining assets to consumers through bankruptcy proceedings. The proposed settlement also prohibits respondent and its affiliates from managing consumer assets, misrepresenting product benefits, making false representations to obtain financial information, and disclosing nonpublic personal information without consent.

    The FTC also announced that it is filing a lawsuit against the respondent’s CEO for making false claims that consumer accounts were FDIC-insured. Respondent’s CEO has not agreed to a settlement, and the FTC's case against him will proceed in federal court. “In a parallel action, on October 12, the Commodity Futures Trading Commission separately charged [respondent’s CEO] with fraud and registration failures,” the FTC added.

     

    Federal Issues Settlement FTC Cryptocurrency Bankruptcy FTC Act Deceptive Enforcement FDIC

  • Automotive management company settles with DOJ to resolve False Claims Act allegations

    Federal Issues

    On October 11, an automotive management company settled claims by the Department of Justice alleging that the company had violated the False Claims Act by knowingly providing false information in support of its Paycheck Protection Program (PPP) loan forgiveness application.

    According to the DOJ’s allegations, the automotive management company certified it was a small business with fewer than 500 employees when in fact it shared common operational control with dozens of automobile dealerships with more than 3,000 employees in total.

    Federal Issues DOJ False Claims Act / FIRREA Small Business Fees Consumer Finance PPP Settlement

  • Software provider settles allegations related to data breach

    Privacy, Cyber Risk & Data Security

    On October 5, a software provider serving nonprofit fundraising entities agreed to pay almost $50 million to settle claims with 49 states and the District of Columbia alleging that the provider maintained insufficient data security measures and inadequately responded to a 2020 data breach. Specifically, the settlement resolved claims that the software provider violated state consumer protection laws, breach-notification laws, and the Health Insurance Portability and Accountability Act (HIPAA).

    According to the allegations, the data breach exposed donor information, including Social Security numbers and financial records, of over 13,000 nonprofit groups and organizations and the provider waited two months before informing these clients of the breach.

    The settlement requires the provider to improve its cybersecurity protections and breach notification procedures.

    Earlier this year, the software provider also settled claims with the SEC for $3 million to address allegations of misleading disclosures relating to the same 2020 data breach.

     

    Privacy, Cyber Risk & Data Security SEC Data Breach HIPAA Consumer Protection Settlement

Pages

Upcoming Events