Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On April 29, the National Fair Housing Alliance (NFHA) announced a settlement agreement with a real estate company resolving allegations that the company perpetuated redlining practices through its policies and procedures. NFHA, along with nine other fair housing organizations, sued the company following an investigation into its practices. The fair housing organizations alleged that the company’s minimum home price policy violated the Fair Housing Act by discriminating against sellers and buyers of homes in communities of color. Limiting or denying services for homes priced under a certain value can “perpetuate racial segregation and contribute to the racial wealth gap” the organizations claimed in the press release. According to the complaint, the company disproportionately withheld its services to homebuyers and sellers in these communities at a higher rate than in White zip codes in multiple major cities across the U.S, thereby disincentivizing homebuying within these communities, reducing housing demand and values, and perpetuating residential segregation. Under the terms of the settlement, the company will make several national operational changes and enhancements, including (i) expanding housing opportunities for consumers in communities of color in major cities throughout the country; (ii) eliminating its minimum housing price policy for a period of five years; and (iii) appointing a fair housing compliance officer, adopting an equal opportunity in housing policy, and developing a fair housing training program. The company will also pay $4 million to go towards expanding homeownership opportunities in the covered cities and to cover conduct monitoring, compliance efforts, litigation fees and costs.
On April 21, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a $141,442 settlement with a Colorado-based multinational mining firm for allegedly violating the Cuban Assets Control Regulations (CACR). According to OFAC’s web notice, between June 2016 to November 2017, a wholly-owned subsidiary of the firm purchased Cuban-origin explosives and explosive accessories from a third-party vendor to be used in a mine construction. The distributor, on the subsidiary’s behalf, imported Cuban-origin explosives and explosive accessories for the mine on at least four separate occasions, despite the subsidiary being “generally prohibited from dealing in Cuban-origin goods.” According to OFAC, shipping documents clearly identified that the goods were sourced from Cuba. In addition, purchase orders failed to contain express statements that items provided to the subsidiary may not originate from embargoed jurisdictions, nor did the subsidiary ask for country-of-origin information for the goods acquired from its suppliers. Additionally, OFAC contended that the subsidiary’s failure to provide appropriate export and trade sanctions training led to the apparent violations.
In arriving at the settlement amount, OFAC considered various aggravating factors, including that (i) the parent firm and subsidiary failed to exercise reasonable due diligence to ensure it complied with U.S. Cuba sanctions requirements; and (ii) the firm and its subsidiaries and affiliates are “a large and sophisticated organization operating globally as a leading gold producer with experience and expertise in international transactions.” OFAC also considered various mitigating factors, including that (i) the apparent violations were self-disclosed and constituted a non-egregious case; (ii) the firm and subsidiary have not received a penalty notice from OFAC in the preceding five years; (iii) the amount of payments were not significant compared to the total volume of transactions undertaken on an annual basis; and (iv) the firm and its subsidiary cooperated with the investigation, signed a tolling agreement, and are currently implementing remedial measures to prevent future violations.
Separately, OFAC also announced a $45,908 settlement with a Florida-based company affiliated with a distributor of explosives and accessories for mining operations. According to the web notice issued in this action, on four occasions in 2016 and 2017, the company and certain affiliates procured Cuban-origin explosives and related accessories from a third-party vendor originating from Cuba on behalf of a U.S. company for the U.S. company’s mining project in Suriname in violation of the CACR. OFAC contended that the company was responsible for overseeing the processing of purchase orders and invoices for these transactions, and that in 2018, after the U.S. company customer learned of the goods’ Cuban origins, it was asked to no longer procure goods from Cuba. According to OFAC, the apparent violations occurred primarily because of the company’s failure “to understand U.S. prohibitions on dealings in Cuban property or engaging in transactions related to merchandise of Cuban origin outside the United States,” adding that the company did not have a compliance program in place when the four transactions occurred, nor did it realize the transactions were prohibited until they were flagged by the customer. The company immediately ceased all activities involving Cuba after learning of the sanctions implications but did not voluntarily self-disclose the violations, which OFAC deemed non-egregious.
In arriving at the settlement amount, OFAC considered various aggravating factors, including that (i) the company failed to “exercise a minimal degree of caution or care” when procuring Cuban-origin goods from its supplier; (ii) the company “had actual knowledge that it was financing the provision of Cuban-origin goods for export to Suriname”; and (iii) the company’s actions harmed the U.S. sanctions program. Mitigating factors included that the company is (i) small and largely overseen by one individual; (ii) the company has not received a penalty notice from OFAC in the preceding five years; and (iii) the company provided timely information and entered into a tolling agreement. Providing context for the settlement, OFAC stated that “[t]his case illustrates the risks facing companies of any size operating internationally that do not develop or maintain basic awareness of sanctions risks and do not institute appropriate measures to identify and prevent potential violations.”
On April 21, the U.S. District Court for the Northern District of California granted final approval of an $85 million class action settlement resolving privacy and data security allegations against a video conferencing provider. As previously covered by InfoBytes, consolidated class members claimed the company violated several California laws, including invasion of privacy, the “unlawful” and “unfair” prongs under the Unfair Competition Law, implied covenant of good faith and fair dealing, and unjust enrichment, among others. According to the more than 150 million class members (defined as individuals who “registered, used, opened or downloaded the [company’s] [m]eetings [a]pplication”), the company unlawfully shared their personal data with unauthorized third parties, failed to prevent unwanted and unauthorized meeting disruptions, and misrepresented the strength of its end-to-end encryption measures. Under the terms of the final settlement, the company will establish an $85 million fund to pay valid claims, fees and expenses, service payments, and taxes, and will make several major changes to its practices to “improve meeting security, bolster privacy disclosures, and safeguard consumer data.” Among other things, the settlement stipulates that the company will “provide in-meeting notifications to make it easier for users to understand who can see, save and share [their] information and content by alerting users when a meeting host or another participant uses a third-party application during a meeting.” Additionally, the company will educate users about available security features and ensure its privacy statement discloses the ability of users to share user data with third parties through integrated third-party software, record meetings, and/or transcribe meetings.
The court considered several objections raised by certain class members, including concerns argued on behalf of a subclass of users who used the meeting application “as part of a business that was legally or contractually required to maintain client confidentiality as part of the services the business provided.” According to these objectors, the individual payment amounts are inadequate for individuals who held sensitive meetings. The court countered that the objectors’ claims did not differ from other class members and that the recovery is intended to cover users who did not receive the benefit of their bargain with the company, and not for “special harm arising from a duty to maintain client confidentiality.”
On April 20, the U.S. District Court for the Southern District of California granted preliminary approval of a proposed class settlement, resolving claims against a medical supplier company after a data breach allegedly compromised personal information of its consumers in its database. According to the order, the plaintiffs’ alleged that between April 2019 and June 2019, hackers gained access to the defendant’s computer systems, which contained personal identifying information and protected health information of tens of thousands of individuals. Under the terms of the settlement, the defendants will pay $5 million, where each class member with a valid claim will receive between $100-$1000 in cash. The settlement also includes $2.3 million in attorneys’ fees and up to $4,000 for each of the class representatives. Additionally, the defendants will “be required to perform specified remedial measures for a minimum of the next two years and ‘perform either improved versions of such recommendations or the new industry standard thereafter for at least three additional years.’” The remedial measures include, among other things, conducting an AICPA and SOC Type 2 audit to be repeated until the defendant passes, engaging an independent third party to perform a HIPAA IT assessment, undergoing at least one cyber incident response test per year starting in 2022, requiring staff trainings about security and privacy at least twice a year, engaging a company to test its phishing and external facing vulnerabilities at least twice a year, and deploying a third-party enterprise SIEM tool with a 400-day look-back on logs.
On April 22, the U.S. District Court for the Northern District of New York preliminarily approved a $5.7 million class action settlement resolving allegations related to overdraft fees applied to certain bank account transactions. According to plaintiffs’ unopposed motion for preliminary approval, the bank was sued in 2020 for allegedly unfairly assessing and collecting overdraft fees on “Authorize Positive, Purportedly Settle Negative Transactions” (APPSN fees) as well as NSF fees. The bank denied the allegations and moved to dismiss, contending that the relevant account agreements are unambiguous, and that even if there were, “extrinsic evidence resolves the ambiguity in its favor on the whether the fees at issue are permitted.” In August 2021, the parties notified the court that they had reached an agreement. Under the terms of the preliminarily approved settlement, the bank will make a $4.25 million cash payment and will “forgive, waive, and agree not to collect an additional” $1.5 million in uncollected overdraft fees. Class members, defined as all current and former bank customers with consumer checking accounts who were charged a relevant fee between December 4, 2013, and November 30, 2021, will automatically receive their pro rata share of the settlement fund without having to prove they were harmed from the bank’s practices. There are no claim forms, and class members will be determined through the bank’s checking account data. A formula will be used to calculate each class member’s distribution. Under the terms of the settlement approximately $2.9 million will go towards customers who were charged APPSN fees, while roughly $1.3 million will be allocated for customers who were charged retry NSF fees.
District Court grants final approval to class action data breach settlement against national convenience store chain
On April 20, the U.S. District Court for the Eastern District of Pennsylvania granted final approval to a settlement in a class action against a national convenience store chain (defendant) for a 2019 data security incident that allegedly compromised consumers’ credit and debit card information. As previously covered by InfoBytes, class members claimed that “despite the foreseeability of a data breach” the defendant, among other things, “failed to implement adequate measures to protect the sensitive, non-public payment card information entrusted to it by its customers.” In May 2021, the court ruled that the defendant must face certain claims filed by a group of financial institutions (covered by InfoBytes here). In August, the court granted preliminary approval of the settlement, which required the defendant to provide monetary relief to class members totaling approximately $9 million, plus $3.2 million for attorneys’ fees and expenses and class representative service awards, in addition to requiring the defendant to take additional measures for a period of two years to prevent future unauthorized intrusions. The settlement includes three tiers of customers, who will receive gift cards for either $5 or $15, or $500 in cash, depending on the level of their injury caused by the data breach.
On April 16, the U.S. District Court for the Eastern District of Virginia granted preliminary approval of a class action settlement resolving a purported scheme to unlawfully use tribe-owned firms to make online short-term loans and charge triple-digit interest rates. According to the memorandum of law in support of plaintiffs’ motion for preliminary approval of class action settlement and the stipulation and agreement of settlement, the district court previously approved two class settlements related to the lending enterprise. The first resulted in the purported lender and others: (i) repaying over $53 million dollars in cash; and (ii) forgiving over $380 million dollars of debt owed by consumers who took out loans with three lending companies. However, these settlements did not resolve every claim surrounding the purported scheme, and did not resolve claims with the settling defendant. The plaintiffs claimed that the settling defendant assisted the purported lender’s operations despite a corporate spinoff in May 2014, alleging that “[b]ecause many [of the purported lender’s] employees with institutional knowledge of and involvement in the company’s rent-a-tribe lending business were quickly transferred to [the settling defendant], [the purported lender] required and depended on continued involvement by [the settling defendant] and its employees in operating its rent-a-tribe lending business, which involvement was freely and often provided.” Under the terms of the preliminarily approved settlement, the settling defendant must provide monetary relief to class members totaling approximately $45 million.
On April 11, the U.S. District Court for the Eastern District of New York granted final approval to a $10 million class action settlement resolving allegations that a defendant bank breached its payment card processing servicing contracts with merchants by imposing excessive fees without contractually required notice. Additionally, the plaintiffs alleged that the defendant was “unjustly enriched by imposing early termination fees that constituted unlawful penalties.” The settlement class includes over 200,000 merchants that entered into a payment card processing servicing contract with the defendant and who paid at least one of the fees underlying the litigation from October 2011 to the settlement date. Those fees include annual fees, early termination fees, and paper statement fees. According to the memorandum in support of the unopposed motion for preliminary approval of class settlement, the deal would provide $10 million in cash to the settlement class, and attorneys representing the class can seek up to one-third of that fund in attorneys’ fees. In addition, each of the three class representatives will be granted $10,000 service awards, per the motion.
On April 13, the Massachusetts attorney general announced a settlement with a California-based finance company (defendant) resolving allegations that it violated Massachusetts law by purchasing and collecting on dog leases – which are illegal in Massachusetts. The settlement also alleges that the company engaged in illegal debt collection practices such as calling debtors too frequently while attempting to collect on the leases. Under the terms of the settlement, the defendant must pay over $930,000, which includes $175,000 in restitution to approximately 200 consumers, and a $50,000 fine. The defendant is prohibited from collecting on any active leases involving dogs in Massachusetts and must transfer full ownerships of the dogs to the consumers. The defendant must also cancel any outstanding amount owed on the leases, totaling approximately $700,000.
The Massachusetts AG has been investigating financial companies who originate or purchase dog leases – calling the practice “exploitive” because it uses “dogs as emotional leverage” over debtors – and encouraged consumers who are victims of dog leases to call the AG’s office or to file a complaint online.
On April 7, the U.S. District Court for the Northern District of California granted preliminary approval for a $13 million settlement in a class action against an affiliate of a real estate services company for allegedly violating the TCPA by soliciting calls to consumers. According to the plaintiff’s motion for preliminary approval, the plaintiff alleged that he received unwanted telephone solicitations on behalf of the defendant to his residential telephone lines that he had previously registered on the “Do Not Call” registry, in addition to alleging that he received repeated unwanted telemarketing calls even after he had requested that the defendant and/or its agents to not to call him back. If the settlement is approved, each member of the settlement class, which consists of individuals in the U.S. who received two or more calls since September 13, 2014 on their residential telephone number from the defendant’s affiliate that promoted the purchase of the defendant’s goods and services, would receive $350.00. The proposed settlement also seeks an additional $2.77 million in attorney fees and costs.
- Kathryn L. Ryan and Jedd R. Bellman to discuss “Risk and compliance management: Are you covered?” at a Mortgage Bankers Association webinar
- Melissa Klimkiewicz and Daniel A. Bellovin to discuss “Things to know about flood insurance” at a NAFCU webinar
- Hank Asbill to discuss “Ethical issues at sentencing” at the 31st Annual National Seminar on Federal Sentencing
- Max Bonici will moderate a panel on “Enforcement risk and other regulatory and compliance issues related to crypto and digital assets” at the American Bar Association’s 2022 Annual Meeting
- John R. Coleman to provide a “CFPB Update” at MBA’s 2022 Regulatory Compliance Conference
- Amanda R. Lawrence to discuss “The shifting data privacy and data protection landscape” at MBA’s 2022 Regulatory Compliance Conference
- Jeffrey P. Naimon to provide “An update on key fair lending cases and the CRA and UDAAP rules” at MBA’s 2022 Regulatory Compliance Conference
- Benjamin W. Hutten to discuss “Fundamentals of financial crime compliance” at the Practicing Law Institute
- Benjamin W. Hutten to discuss “Ongoing CDD: Operational considerations” at NAFCU’s Regulatory Compliance & BSA Seminar
- James C. Chou to discuss ransomware at NAFCU’s Regulatory Compliance & BSA seminar