InfoBytes Blog

OFAC reaches $133,860 settlement in Iranian sanctions matter

On December 8, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a $133,860 settlement against an individual for allegedly facilitating four payments on behalf of an Iranian company using a personal bank account in the U.S., in violation of the Iranian Transactions and Sanctions Regulations (ITSR), 31. C.F.R. part 560. According to OFAC’s web notice, between February 2016 and March 2016, the individual accepted $133,860 in the U.S., which went to a personal bank account, on behalf of an Iran-based company selling Iranian-origin cement to another company for a project in a third country.

In arriving at the settlement amount, OFAC considered various aggravating factors, including, among other things, that the individual: (i) willfully was in violation of or recklessly ignored U.S. sanctions on Iran when receiving payments on behalf of an Iranian company; (ii) was aware of, and actively participated in, the violations; and (iii) “harmed the objectives of the ITSR by enabling the evasion of sanctions by an Iranian company.” OFAC also considered various mitigating factors, including that the individual did not receive a penalty notice, finding of violation, or cautionary letter from OFAC in the past five years, and is a natural person with a limited ability to pay.

Financial Crimes OFAC Department of Treasury Settlement Of Interest to Non-US Persons Enforcement Iran OFAC Sanctions

District Court grants preliminary approval in TCPA settlement

On November 23, the U.S. District Court for the Northern District of Illinois granted preliminary approval of a class action settlement, resolving allegations that a publishing company utilized a third party telemarketer to place newspaper delivery service advertising calls with individuals who had previously requested not to be contacted. According to the plaintiff’s unopposed motion for preliminary approval of class action settlement, the defendant, through a third-party telemarketer, sent repeated and unsolicited telemarketing calls after the plaintiff terminated his relationship with the defendant and asked not to be called. The plaintiff alleged that the defendant violated the TCPA by sending telemarketing calls to him and others, despite their phone numbers’ registration with the National Do Not Call Registry, as well as for violations of the TCPA’s internal do-not-call rules. According to the plaintiff’s motion, the settlement (if approved) would establish a settlement class of 28,412 individuals who were solicited by the defendant’s telemarketing vendor between December 11, 2017 and April 15, 2021. The settlement would provide that all class members with an identifiable address, who do not opt out, receive a distribution from the $1.7 million settlement fund, which after attorneys’ fees and costs, is estimated to be nearly $30 per person, according to the motion.

Courts Illinois Class Action TCPA Settlement Privacy/Cyber Risk & Data Security

CFPB agrees taskforce was illegally chartered

On November 29, the parties reached a stipulated settlement in an action filed by several consumer advocacy groups against the CFPB, which claimed that the Bureau’s Taskforce on Federal Consumer Financial Law established under former Director Kathy Kraninger was “illegally chartered” and violated the Federal Advisory Committee Act (FACA). The consumer advocacy groups’ complaint alleged that the taskforce—which was established by the Bureau in 2019 to examine the existing legal and regulatory environment facing consumers and financial services providers—lacks balance, and that the appointed members who “uniformly represent industry views” have worked on behalf of several large financial institutions or work as industry consultants or lawyers. (Covered by InfoBytes here.) This composition, the consumer advocacy groups argued, undermines the purpose of the taskforce and is a violation of FACA and the Administrative Procedure Act. The complaint also stated that while FACA requires advisory committee meetings to be open to the public and that records be disclosed, the taskforce has held closed-session meetings without providing public notice and has failed to make available any of the records related to these meetings or its other work.

Under the terms of the stipulated settlement filed in the U.S. District Court for the District of Massachusetts, the parties agreed that the taskforce “was subject to FACA because it was ‘established’ and ‘utilized’ by the Bureau ‘in the interest of obtaining advice or recommendations.’” The parties also stipulated that the Bureau failed to comply with FACA in its establishment and operation of the taskforce, including by releasing a two volume report in January containing recommendations for modernizing the consumer financial services marketplace (covered by InfoBytes here) without being produced by a FACA-compliant advisory committee. The stipulated settlement agreement requires the Bureau to, among other things, (i) release all taskforce records; (ii) amend the final report to include a disclaimer that the report was produced in violation of FACA; (iii) relocate the taskforce webpage and remove the current version of the report from its website; (iv) issue a press release by January 17, 2022, notifying the public of the settlement agreement; and (v) provide status reports until the Bureau has come into full compliance.

Courts CFPB Taskforce Federal Advisory Committee Act Settlement Administrative Procedures Act

District Court grants preliminary approval of privacy class action settlement

On November 19, the U.S. District Court for the Northern District of California granted preliminary approval of a $58 million settlement in a class action against a fintech company (defendant) alleged to have accessed the personal banking data of users without first obtaining consent, in violation of California privacy, anti-phishing, and contract laws. The plaintiffs alleged the defendant obtained data from class members’ financial accounts without authorization. The plaintiffs also claimed the defendant collected class members’ bank login information through a user interface that made it appear as if class members were interfacing directly with their financial institution, when they were actually interfacing with the defendant.

In granting preliminary approval of the settlement, the court determined it was unclear whether the plaintiffs would have prevailed on the merits at trial, particularly with regard to the “relatively untested” claim that the defendant practices breached California’s anti-phishing law. Several other claims originally brought by the plaintiffs were dismissed in May, including allegations that the defendant breached the Stored Communications Act, the Computer Fraud and Abuse Act, and California’s Unfair Competition Law. In addition to the $58 million settlement fund, the proposed settlement would also provide for injunctive relief.

Courts California Class Action Privacy/Cyber Risk & Data Security State Issues Settlement

New York reaches $1.2 million settlement with debt collectors

On November 16, the New York attorney general announced a settlement with an illegal debt collection scheme operation and its operator (collectively, “respondents”) to resolve allegations that the respondents used illegal tactics to collect consumer debt, which included false threats of criminal action, wage garnishment, driver’s license suspension, and lawsuits. According to the AG, the operator started his debt collection career collecting debts with a network of New York-based debt collectors that settled with the CFPB and New York AG in 2019 to resolve allegations that the defendants engaged in improper debt collection tactics in violation of the CFPA, the FDCPA, and various New York laws. (Covered by InfoBytes here.) Using different names, the operator allegedly continued to use deceptive and illegal threats to collect on consumer debts. In addition, the AG claimed the operator was a debt broker, “selling debts to and placing debts for collection with other collectors that engaged in egregious violations of the law.”

Under the terms of the settlement agreement, the respondents, among other things, must pay $1.2 million to the office of the AG in restitution and penalties and must dissolve all of the associated debt collection companies. The respondents are also permanently banned from engaging in consumer debt collection, consumer debt brokering, consumer lending, debt settlement, credit repair services, and payment processing.

State Issues New York Debt Collection Consumer Finance Enforcement State Attorney General Settlement

District Court enters final judgment in 2016 CFPB structured settlement action

On November 18, the U.S. District Court for the District of Maryland entered a stipulated final judgment and order against one of the individual defendants in an action concerning allegedly unfair, abusive, and deceptive structured settlement practices. As previously covered by InfoBytes, the Bureau claimed the defendants violated the CFPA by employing abusive practices when purchasing structured settlements from consumers in exchange for lump-sum payments. According to the Bureau, the defendants encouraged consumers to take advances on their structured settlements and falsely represented that the consumers were obligated to complete the structured settlement sale, “even if they [later] realized it was not in their best interest.” In July 2021, the court considered the defendants’ motion to dismiss the Bureau’s amended complaint, as well as the defendants’ motion for judgment on the pleadings on the grounds that the enforcement action was barred by the U.S. Supreme Court’s decision in Seila Law LLC v. CFPB, which held that that the director’s for-cause removal provision was unconstitutional (covered by a Buckley Special Alert), and that the ratification of the enforcement action “came too late” because the statute of limitations on the CFPA claims had already expired (covered by InfoBytes here). The court’s opinion allowed the Bureau to pursue its amended 2016 enforcement action, which alleged unfair, deceptive, and abusive acts and practices and sought a permanent injunction, damages, disgorgement, redress, civil penalties, and costs.

Under the terms of the settlement, the individual defendant—“an attorney who provided purportedly independent professional advice for almost all Maryland consumers who made structured-settlement transfers with [the defendants]” and who has neither admitted nor denied the allegations—is prohibited from, among other things, (i) participating or assisting others in participating in any structured-settlement transactions; (ii) owning, being employed by, or serving as an agent of any structured-settlement-factoring company; or (iii) providing independent professional advice concerning any structured-settlement transactions. The individual defendant is also prohibited from disclosing, using, or benefiting from affected consumers’ information, and must pay $40,000 in disgorgement and a $10,000 civil money penalty.

Courts CFPB Enforcement Settlement Structured Settlement CFPA UDAAP Unfair Deceptive Abusive Consumer Finance

Bank to pay $3.5 million to settle debt collection call suit

On November 15, a statewide team of California district attorneys announced a $3.5 million settlement to resolve allegations concerning a Utah-based bank’s debt collection activities. The California Debt Collection Task Force handled the investigation and charged the bank and its agents with allegedly placing harassing and unreasonably excessive collection calls, sometimes even after consumers informed the bank they no longer wished to receive the calls. While the bank did not admit to wrongdoing, it agreed to pay $3.5 million, including $2 million in civil penalties and $975,000 in investigation costs. The bank will also pay $525,000 to a charitable trust fund to go towards additional consumer protection efforts. Additionally, the judgment requires the bank to “implement and maintain policies and procedures to prevent unreasonable and harassing debt collection calls to California consumers, including limiting the total number of calls to each debtor and honoring consumer requests for calls to stop.”

State Issues Settlement Debt Collection Consumer Protection Consumer Finance

District Court approves e-commerce platform data breach settlement

On November 4, the U.S. District Court for the District of Massachusetts granted final approval to a settlement in a class action against an alcohol e-commerce platform stemming from a data breach that allegedly compromised customers’ personally identifiable information. The plaintiffs’ memorandum of law requested approval of the class action settlement, which included a settlement class of 2.5 million individuals whose information was compromised. Class members claimed that the company did not publicly report the data breach until July 2020, and that customers’ information was available for purchase on the dark web. A complaint was filed against the defendant asserting claims of negligence, negligence per se, breach of implied contract, unjust enrichment, and violations of several state consumer protection statutes. The defendant moved to compel arbitration, citing a provision in its terms of service, as well as a class action waiver that required customers to arbitrate their claims individually. However, the parties entered into settlement discussions and agreed to mediate their dispute. Under the terms of the settlement, which is valued between $3.35 million and $7.1 million, the defendant has agreed to pay all associated administration costs, attorneys’ fees and expenses, and incentive awards. Class members will receive individual cash payments and will also receive a pro rata portion of a pool of up to $447,750 in the form of a credit against the cost of service fees for future orders on the defendant’s platform. The defendant will also implement certain data security measures for two years.

Courts Privacy/Cyber Risk & Data Security Data Breach Class Action Settlement State Issues

District Court preliminarily approves TCPA class action settlement

On November 8, the U.S. District Court for the Eastern District of New York granted preliminary approval for a $38.5 million settlement in a class action against a national gas service company and other gas companies (collectively, defendants) for allegedly violating the TCPA by soliciting calls to cellular telephones. The plaintiff’s memorandum of law requested preliminary approval of the class action settlement. The proposed settlement sought to establish a settlement class of all U.S. residents who “from March 9, 2011 until October 29, 2021, received a telephone call on a cellular telephone using a prerecorded message or artificial voice” regarding several topics including: (i) the payment or status of bills; (ii) an “important matter” regarding current or past bills and other related issues; and (iii) a disconnect notice concerning a current or past utility account. Under the terms of the preliminarily approved settlement, the defendants will provide monetary relief to claiming class members in an estimated amount between $50 and $150. The settlement would additionally require the companies to implement new training programs and procedures to prevent any future TCPA violations. The settlement permits counsel for the proposed class to seek up to 33 percent of the settlement fund to cover attorney fees and expenses.

Courts TCPA Settlement Class Action Robocalls Consumer Finance

District Court grants $5 million settlement for alleged data breach

On November 5, the U.S. District Court for the Northern District of California granted preliminary approval of a class action settlement resolving claims against a grocery store chain after a data breach allegedly compromised personal information in its software. According to the plaintiffs’ notice of motion and motion for preliminary approval of class action settlement, a software vendor notified its clients, including the grocery store, that its software had been breached. As a result of the breach, hackers accessed personally identifiable information (PII) of approximately 3.82 million of the grocery store’s pharmacy customers and employees. Under the preliminary settlement, claimants may choose to receive either (i) a cash payment, with an estimated value between $18 and $91 for non-California residents and between $36 and $182 for California residents; (ii) two years of credit monitoring and insurance services; or (iii) reimbursement of any documented losses of up to $5,000. The proposed settlement also contains “robust injunctive relief,” including requirements that the grocery store chain (i) confirm that class members’ sensitive PII is secured; (ii) monitor the dark web for five years for fraudulent activity related to class members' PII; and (iii) enhance its third-party vendor risk management program. The district court also noted that any class member can appear at the fairness hearing to object to any aspect of the settlement, and that class members have 75 days after being notified of the deal to file their written objections or opt out of the settlement. The proposed settlement would not resolve any claims against the software vendor. Additionally, the court issued an order denying a motion to intervene by a group of objectors finding that they failed to “identify a protectable interest that will be impaired if they are unable to intervene.”

Courts Class Action California Privacy/Cyber Risk & Data Security Settlement Data Breach Consumer Protection