Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On September 7, the Financial Industry Regulatory Authority (FINRA) entered into a Letter of Acceptance, Waiver, and Consent, with a New York-based broker-dealer subsidiary of a global financial services company to resolve allegations that it distributed reports to the firm’s institutional customers that omitted required disclosures or included inaccurate disclosures. Among other things, FINRA alleged that the firm’s failure to implement a supervisory system reasonably designed to achieve compliance with the disclosure requirements and failure to enforce the supervisory procedures it had in place, led to the publication of 60 debt research reports with a total of 333 disclosure omissions. The letter reports that after identifying the issue and reporting it to FINRA, the firm “immediately ceased the production of all debt research and suspended the issuance of equity research.” The firm neither admitted nor denied the findings set forth in the AWC letter but agreed to pay a $175,000 fine.
On September 1, the FTC announced that a data monitoring application and its CEO (collectively, “respondents”) will be permanently banned from the surveillance industry for failing to provide reasonable data security for consumers’ personal information by allegedly “secretly harvesting and sharing data on people’s live location, web use, and online activities through their product’s hidden device hack.” The respondents allegedly sold real-time access to their surveillance system, which allowed stalkers and domestic abusers to “stealthily track” unknowing victims.
According to the complaint, the respondents violated Section 5 of the FTC Act by committing unfair or deceptive business practices in using unauthorized personal information and failing to secure such data in which “victims continue to experience substantial harm, including injury in the form of depression, anxiety, and ongoing fear for one’s safety,” even after the stalking or domestic abuse ended. The complaint detailed the covert monitoring products and services offered by respondents once their application is installed, including capturing and logging: email, SMS messages, call history, GPS location and live location, web history, contacts, pictures, calendar, video chats, files downloaded on the device, notifications, among other functions depending on cost.
Under the terms of the proposed settlement, the respondents are: (i) banned from offering, promoting, selling, or advertising any surveillance app, service, or business; (ii) required to delete any information illegally collected from their apps; and (iii) required to notify owners of devices that their devices might have been monitored and the devices may not be secure. This is the agency’s second case “brought against stalkerware apps, and the first where the FTC is obtaining a ban.” According to a statement released by FTC Commissioner Rohit Chopra, the agency is also “seeking public comment on banning [the defendants] from licensing, marketing, or offering for sale surveillance products,” which is “a significant change from the agency’s past approach.”
On August 26, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a roughly $2.3 million settlement with a UK subsidiary of a Chinese financial institution for allegedly processing transactions in violation of the Sudanese Sanctions Regulations, “which prohibited the exportation, directly or indirectly, to Sudan of any goods, technology, or services from the United States.” According to OFAC’s web notice, between September 2014 and February 2016, the bank processed 111 commercial transactions totaling more than $40 million through U.S. correspondent banks on behalf of parties in Sudan. In conducting a lookback review to identify potential Sudan-related transactions, the bank identified two customers who processed transactions through the U.S. financial system. For both of these customers, the bank’s internal customer database did not reference Sudan in the name or address fields, and messages processed on behalf of these customers by the bank through U.S. banks also failed to include any references to Sudan.
In arriving at the settlement amount, OFAC considered various aggravating factors, including, among other things, that (i) the bank demonstrated reckless disregard for U.S. sanctions regulations by processing the transactions “despite having account and transactional information indicating the Sudanese connection to the accounts and in contravention of the bank’s existing policies and procedures”; (ii) certain bank personnel responsible for processing the transactions knew that the payments were related to entities in Sudan; (iii) the bank conferred economic benefit to a comprehensively sanctioned country; and (iv) the bank “is a commercially sophisticated financial institution that processes transactions internationally.”
OFAC also considered various mitigating factors, including, among other things, that the bank (i) has not received a penalty notice from OFAC in the preceding five years; (ii) self-identified the alleged violations, cooperated with OFAC’s investigation, conducted a lookback, and entered into a tolling agreement; and (iii) has undertaken remedial measures, including enhancing policies and procedures to improve compliance with U.S. sanctions when processing payments through the U.S.
On August 19, the U.S. District Court for the District of Maryland granted preliminary approval of a proposed class action settlement claiming a mortgage company engaged in an allegedly illegal kickback scheme with a title company. According to the memorandum in support of the plaintiffs’ motion for preliminary approval, the title company paid, and the mortgage company received and accepted, kickbacks in exchange for the mortgage company’s “assignment and referral of residential mortgage loans, refinances, and reverse mortgages to [the title company] for title and settlement services.” This conduct, the plaintiffs contended, violated RESPA and RICO. While the mortgage company denied all substantive allegations and liability, the parties reached a proposed settlement, in which class members (defined as borrowers with federal mortgage loans originated by the mortgage company for which the title company provided settlement services) will each receive approximately $3,200 from a $990,000 settlement fund. The preliminarily approved settlement also provides for class counsel fees and expenses and class representative service awards for a total not to exceed roughly $1.27 million.
District Court preliminarily approves $12 million class action settlement over automated mortgage errors
On August 17, the U.S. District Court for the Southern District of Ohio granted preliminary approval of a proposed settlement in a class action that claimed a national bank’s automated mortgage loan modification tools failed to approve borrowers due to technical issues. Class members (defined as borrowers who qualified during a specified time period for a home loan modification or repayment plan pursuant to the requirements of government-sponsored enterprises, FHA, or the Department of Treasury’s Home Affordable Modification Program that “were not offered a home loan modification or repayment plan by [the bank] because of excessive attorneys’ fees being included in the loan modification decision process” and whose homes were not sold in foreclosure) sued the bank alleging it “failed to detect or ignored multiple systematic errors in it automated decision-making software.” This software, class members claimed, is used to create automated calculations and determine whether consumers in default are eligible for loan modifications. According to class members, the bank allegedly “failed to adequately test, audit, and verify that its software was correctly calculating whether customers met threshold requirements for a mortgage modification” and failed to regularly and properly audit its software for compliance with government requirements, thus allowing errors to remain uncorrected. Class members further claimed that the bank apparently took several years to implement new controls and disclose the error. Under the terms of the preliminarily approved settlement, the bank must pay $12 million in relief to the settlement class.
On August 16, the U.S. District Court for the Northern District of Illinois granted preliminary approval of a class action settlement, resolving allegations that a call center hired by a national bank and its merchant processing servicer (collectively, “defendants”) violated California’s Invasion of Privacy Act by recording calls without receiving customers’ permission. Class members, comprised of California businesses who did not sign a contract for merchant processing services with the servicer, filed suit against the defendants in 2016 claiming the call center placed sales appointment calls to the businesses without disclosing that the calls were being recorded. The defendants denied any liability or knowledge of the alleged conduct, and continued to maintain “that there was no principal-agent relationship with [the call center] and, even if there were such a relationship, [the call center] acted outside the scope of its authority by illegally recording calls.” The preliminarily approved settlement will require the defendants to pay $28 million, of which up to $5,000 will be paid for each eligible call that a class member received during the class period.
On July 26, the U.S. District Court for the Northern District of California granted preliminary approval of a proposed supplemental class settlement, adding new class members who were not part of the list of borrowers included in the court’s October 2020 original settlement order. The supplemental settlement provides more than $21.8 million for additional class members who lost their homes after allegedly being denied loan modifications from a national bank. Class members include borrowers who allegedly should have qualified for loan modifications but were not offered a home loan modification or repayment plan “due to excessive attorney’s fees being included in the loan modification decisioning” and “whose home[s] [the bank] sold in foreclosure.” According to the court’s order granting class certification, a software glitch allegedly caused a calculation error, which resulted in certain fees being misstated and led to incorrect mortgage modification denials. The original settlement set aside $1 million to compensate borrowers who endured “severe emotional distress” as a result of the error, and the supplemental settlement will provide new class members the same opportunity to apply for additional settlement amounts.
On July 21, the Mississippi attorney general announced a settlement with an auto finance company to resolve alleged violations of the Mississippi Consumer Protection Act. The AG claimed the auto finance company, among other things, allegedly placed consumers into loans with a high probability of default and engaged in aggressive collection practices. Under the terms of the settlement, the auto finance company will pay $3.7 million to the state, including $1.8 million in consumer restitution, and will stop collecting on loans allegedly extinguished under Mississippi law. Additionally, the auto finance company (i) will account for a borrower’s ability to pay and set a reasonable debt-to-income threshold; (ii) may not require dealers to sell any ancillary products; (iii) will “monitor dealers for possible inflation, power booking, or expense deflation”; (iv) may “not misrepresent a consumer’s prospect of redeeming a vehicle that has been repossessed”; (v) may not require borrowers to make payments through methods requiring additional third-party fees; and (vi) will notify all relevant credit reporting agencies that the borrowers’ debts have been extinguished.
On July 21, the U.S. District Court for the Central District of Illinois granted final approval to a class action data breach settlement, resolving allegations that a grocery chain was responsible for a data breach that exposed the credit card information of consumers. The final settlement (which was preliminarily approved in January) allows class members representing consumers who used a payment card to make a purchase at an impacted point-of-sale device during the security incident to receive reimbursement of up to $225 for out-of-pocket expenses related to the breach, including (i) unreimbursed bank, overdraft, and late fees; (ii) telecommunication charges; (iii) payday loan interest; and (iv) costs related to credit monitoring, identity theft protection, and time spent replacing credit cards and addressing fraudulent charges. Additionally, class members may be awarded up to $5,000 for “extraordinary expenses” resulting from the compromise of personal information. The grocery chain also agreed to “establish and maintain security enhancements that are estimated to cost more than $20 million.” However, the court reduced the attorneys’ fees to $739,000 in the final settlement after determining the initial fee request was too high compared to the overall relief for class members.
On July 23, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a $1.4 million settlement with a New York-based online money transmitter for 2,260 apparent violations of multiple sanctions programs. According to OFAC’s web notice, between February 4, 2013 and February 20, 2018, the company allegedly processed 2,241 payments for parties located in sanctioned jurisdictions and regions, including the Crimea region of Ukraine, Iran, Sudan, and Syria, as well as 19 payments on behalf of sanctioned persons identified on OFAC’s List of Specially Designated Nationals and Blocked Persons. Identified deficiencies in the company’s sanctions compliance program related to screening, testing, auditing, and transaction review procedures allowed persons in these jurisdictions and regions and those on the SDN List to engage in roughly $802,117.36 worth of transactions, OFAC stated. The apparent violations—related to commercial transactions that the company processed on behalf of its corporate customers and card-issuing financial institutions—allegedly occurred as a result of weak algorithms, business identifier code screening failures, backlogs, and a failure to monitor IP addresses or flag addresses in sanctioned locations.
In arriving at the settlement amount, OFAC considered various aggravating factors, including that (i) the company failed to exercise sufficient caution or care for its sanctions compliance obligations; (ii) the company had reason to know users were located in sanctioned jurisdictions and regions based on common indications it had within its possession; and (iii) the apparent violations harmed six different sanctions program.
OFAC also considered various mitigating factors, including that (i) senior management quickly self-disclosed the apparent violations upon discovery and provided substantial cooperation during the investigation; (ii) the company has not received a penalty notice from OFAC in the preceding five years; and (iii) the company has taken remedial measures to minimize the risk of recurrence, including terminating the conduct leading to the apparent violations, retraining compliance employees, enhancing screening software, putting flagged transactions into a pending status rather than completing them, and conducting a daily review of customers’ and counter-parties’ identification documents.
- Jonice Gray Tucker to discuss “Getting your company ready: Managing fair lending for IMBs” at the Mortgage Bankers Association Independent Mortgage Bankers Conference
- Jonice Gray Tucker to discuss “Be Your Compliance Best in 2022” at the California Mortgage Bankers Association webinar
- Lauren R. Randell to discuss “Significant legal developments in the Northeast” at the 37th Annual National Institute on White Collar Crime
- Jonice Gray Tucker to discuss “Small business & regulation: How fair lending has evolved & where it is heading?” at the Consumer Bankers Association Live program
- Jonice Gray Tucker to discuss “Regulators always ring twice: Responding to a government request” at ALM Legalweek
- Jonice Gray Tucker and Kari Hall to discuss “Equity, equality, regulation and enforcement – The evolving regulatory landscape of fair lending, redlining, and UDAAP” at the ABA Business Law Committee Hybrid Spring Meeting