InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
OFAC announces settlement with aviation investment company for sanctions violations
On November 7, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a $210,600 civil settlement with a U.S. aviation investment company to resolve 12 alleged violations of the Sudanese Sanctions Regulations (SSR), which prohibit U.S. persons from dealing in property and interests in property of the Government of Sudan. The settlement addressed allegations that the company leased three aircraft engines to a United Arab Emirates-incorporated entity, which then subleased the engines to a Ukrainian airline that had the engines installed on an aircraft that was “wet leased” to a Sudanese airline. According to OFAC, the company violated SSR regulations because OFAC’s List of Specially Designated Nationals and Blocked Persons identified the Sudanese airline as meeting the definition of “Government of Sudan” at the time of the alleged transactions.
In arriving at the settlement amount, OFAC considered various mitigating factors, including that (i) company personnel were not aware of the conduct leading to the alleged violations; (ii) OFAC has not issued a violation against the company in the five years preceding the earliest date of the transactions at issue; and (iii) the company cooperated with the investigation. OFAC also noted that the company undertook several remedial measures in response to the alleged violations, including implementing additional compliance processes such as improving its “Know-Your-Customer screen procedures” and employee training, and obtaining “U.S. law export compliance certificates from lessees and sublessees.”
OFAC also considered various aggravating factors, including that the violations harmed U.S. sanctions program objectives, and that the company failed to properly monitor the precise whereabouts of the engines during the life of the leases.
District Court approves $12.5 million settlement in TCPA class action
On October 28, the U.S. District Court for the Northern District of Illinois granted final approval of a $12.5 million TCPA class action settlement between a group of consumers and three cruise lines and their marketing group (collectively, “defendants”). According to the opinion, a consumer filed the action against the defendants alleging they violated the TCPA’s prohibition of the use of an autodialer without prior consent. While the motion for class certification was pending, the parties reached an agreement-in-principle for a class-wide settlement. The settlement requires the defendants to, among other things, set up a common fund of $12.5 million to permit each claimant to “recover for up to three calls per telephone number, with a maximum value for each call set at $300.” The court noted that after deducting attorneys’ fees, other costs, and an incentive award for the principal plaintiff, the nearly 275,000 class members will be eligible to receive an average of about $22 per claim. The court noted that while $22 is “significantly below the $500 recovery available under the statute for each call… a settlement does not need to provide the class with the maximum possible damages in order to be reasonable.” The court went on to state that the settlement “still serves the purpose of punishing [the cruise lines] for their role in the controversy,” and the total settlement fund is a “deterrent to potential future defendants who might think twice about violating the TCPA in an effort to boost business.”
U.K. ICO and social media company settle privacy investigation
On October 30, the U.K. Information Commissioner’s Office (ICO) announced an agreement reached between the ICO and a social media company that resolves an investigation into the company’s alleged misuse of personal data. The company has agreed to withdraw its appeal of the £500,000 penalty issued last year under section 55A of the Data Protection Act 1998 (DPA) and settle the case without an admission of guilt. The investigation stems from a data incident affecting upwards of 87 million users worldwide that included the processing of personal data about U.K. users in the context of a U.K. establishment. According to the ICO, the company violated principles of the DPA by (i) unfairly processing personal data; and (ii) failing “to take appropriate technical and organi[z]ational measures against unauthori[z]ed or unlawful processing of personal data.” The ICO published a statement by the company’s associate general counsel in which he noted that the company has “made major changes” to its platform that significantly restricts the information accessible to app developers, and that “[p]rotecting people’s information and privacy is a top priority for [the company].”
House report blames CFPB "politicization" for drop in consumer relief
On October 16, Maxine Waters, Chairwoman of the House Financial Services Committee, released a majority staff report titled, “Settling for Nothing: How Kraninger’s CFPB Leaves Consumers High and Dry,” which details the results of the majority’s investigation into the CFPB’s handling of consumer monetary relief in enforcement actions since Richard Cordray stepped down as director in November 2017. The report argues that, under the leadership of Acting Director Mick Mulvaney and Director Kathleen Kraninger, the Bureau’s enforcement actions “have declined in volume and failed to compensate harmed consumers adequately.” Specifically, the report states that under Cordray’s leadership, “the average enforcement action by the [Bureau] returned $59.6 million to consumers, as compared to an average $31.4 million per action under Mulvaney,” but notes that $335 million of the $345 million in consumer relief obtained during Mulvaney’s tenure resulted from one settlement with a national bank (previously covered by InfoBytes here). With respect to Director Kraninger, the report acknowledges that the pace of enforcement actions increased compared to Mulvaney; however, the Bureau ordered “only $12 million in consumer relief” during her first six months, as compared to “approximately $200 million in consumer relief” during a similar six months of Cordray’s tenure.
The report highlights specifics from the investigation into settlements announced in early 2019, which resulted in civil penalties but not consumer monetary relief. The report argues that, based on the review of the internal documents received from the Bureau, the lack of consumer relief was due to the “politicization of the [Bureau],” which “contributed to the decline in the [Bureau]’s enforcement activity” rather than the merits of the enforcement actions, notwithstanding that the internal documents reflect the assessment of certain weaknesses in the Bureau’s positions. The report attributes such politicization to the introduction of political appointee positions throughout the Bureau that oversee each of the divisions. The report concludes by urging Congress to pass the Consumers First Act (HR 1500), which, among other things, seeks to limit the number of political appointees at the Bureau.
OFAC settles with multinational corporation for Cuban sanctions violations
On October 1, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a settlement of more than $2.7 million with a multinational corporation, on behalf of three subsidiaries, to resolve potential civil liability for 289 alleged violations of the Cuban Assets Control Regulations (CACR). The settlement resolves allegations that between December 2010 and February 2014, the subsidiaries accepted payments on 289 occasions from an entity identified on OFAC’s List of Specially Designated Nationals and Blocked Persons “for goods and services provided to a Canadian customer.” OFAC alleged that although the subsidiaries negotiated and entered into contracts with the Canadian customer—and invoices were sent to the customer—the designated entity was approved as a third-party payer and paid more than 65 percent of the total transactions. OFAC asserted that the subsidiaries failed to undertake sufficient diligence into the activities of the Canadian customer, and noted that the sanctions screening software used by the subsidiaries was set to screen for only one version of the designated entity’s name.
In arriving at the settlement amount, OFAC considered various mitigating factors including that (i) OFAC has not issued a violation against the subsidiaries in the five years preceding the earliest date of the transactions at issue; (ii) the corporation identified the alleged violations by testing and auditing its compliance program, and implemented several remedial measures in response to the alleged violations, which included improvements to its compliance program; and (iii) the corporation entered into, and agreed to extend, multiple statute of limitations tolling agreements.
OFAC also considered various aggravating factors, including that (i) the subsidiaries “failed to take proper or reasonable care with respect to their U.S. economic sanctions obligations”; (ii) the subsidiaries’ actions allowed a large volume of high-value transactions to be conducted with the designated entity, causing “substantial harm” to the CACR objectives; and (iii) the corporation’s submissions to OFAC “leave substantial uncertainty about the totality of the benefits conferred” to the designated entity through the Canadian customer.
FTC settles with Belizean bank over real estate scheme
On September 24, the FTC announced a proposed $23 million settlement with a Belizean bank resolving allegations that it assisted various entities in deceiving U.S. consumers into purchasing parcels of land in a luxury development in Belize. As previously covered by InfoBytes, in November 2018, the FTC filed charges and obtained a temporary restraining order against the operators of an international real estate investment scheme, which allegedly violated the FTC Act and the Telemarketing Sales Rule by advertising and selling parcels of land through the use of deceptive tactics and claims. The FTC asserted that consumers who purchased lots in the development purchased them outright or made large down payments and sizeable monthly payments, including HOA fees, and that defendants used the money received from these payments to fund their “high-end lifestyles,” rather than invest in the development. The FTC argued that “consumers either have lost, or will lose, some or all of their investments.” At the time, the FTC filed separate charges against the Belizean bank for allegedly assisting and facilitating the scam.
According to the FTC, the bank has now agreed to the proposed consent order to settle the allegations. The consent order requires the bank to pay $23 million, which will be used to provide equitable relief, including consumer redress, and to cease all non-liquidation business activities permanently. Additionally, the consent order prohibits the liquidator or anyone else from seeking to re-license and operate the bank’s business. The consent order must be approved by the U.S. District Court for the District of Maryland.
OFAC settles with London bank for Sudanese sanctions violations
On September 17, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a $4,000,000 settlement with a London-based commercial bank for 72 alleged violations of the Sudanese Sanctions Regulations (SSR). The settlement resolves allegations that between September 2010 and August 2014, the bank processed 72 bulk funding payments totaling $190,700,000 related to Sudan, which involved transactions processed to or through U.S. financial institutions in apparent violation of the SSR, which prohibits U.S. persons, including U.S. financial institutions, from processing such transactions. OFAC notes that it lowered the penalty to $4,000,000 from the proposed $228,840,000, in light of the bank’s operating capacity and the fact that it represented that it ceased the conduct at issue.
In arriving at the settlement amount, OFAC considered various mitigating factors including that (i) OFAC has not issued a violation against the bank in the five years preceding the earliest date of the transactions at issue; (ii) the bank fully cooperated with the investigation into the alleged violations, including by entering into a statute of limitations tolling agreement and agreeing to extend the agreement; (iii) the bank provided significant investigative leads regarding a foreign financial institution that hosted an account involved in processing the transactions; and (iv) the bank undertook several remedial measures in response to the alleged violations, such as exiting the Sudanese market in 2014, hiring new senior management, and implementing improvements to its compliance program.
OFAC also considered various aggravating factors, including that (i) the bank exhibited “reckless disregard" for U.S. sanctions regulations when it entered the Sudanese market; (ii) the bank ignored warning signs that it may have been violating U.S. law; and (iii) several of the bank’s senior managers were aware of and involved in the conduct giving rise to the alleged violations.
District Court approves final Madden class action settlement
On September 10, the U.S. District Court for the Southern District of New York issued a final order and judgment to approve a class action settlement agreement, which ends litigation dating back to 2011 concerning alleged violations of state usury limitations. As previously covered by InfoBytes, the plaintiffs brought claims against a debt collection firm and its affiliate alleging violations of the FDCPA and New York state usury law when the defendants attempted to collect charged-off credit card debt with interest rates above the state’s 25 percent cap that was purchased from a national bank. In 2017, upon remand following the 2nd Circuit’s decision that a nonbank entity taking assignment of debts originated by a national bank is not entitled to protection under the National Bank Act from state-law usury claims (covered by a Buckley Special Alert here), the district court certified the class and allowed the FDCPA and related state unfair or deceptive acts or practices claims to proceed.
Following a fairness hearing, the court granted the parties’ joint motion for final approval, which divides the approximately 58,000 class members into two subclasses: claims alleging state-law violations, and claims alleging FDCPA violations. Under the terms of the settlement, the defendants are required to, among other things, (i) provide class members with $555,000 in monetary relief; (ii) provide $9.2 million in credit balance reductions; (iii) pay $550,000 in attorneys’ fees and costs; (iv) pay class representatives $5,000 each; and (v) agree to comply with all applicable laws, regulations, and case law regarding the collection of interest, including the collection of usurious interest.
FTC approves settlement with software provider over FTC Act and GLBA data security failures
On September 6, the FTC voted 5-0 to approve a final settlement under which a software provider agreed to better protect the data it collects, resolving allegations that the company failed to implement reasonable data security measures and exposed personal consumer information obtained from its auto dealer clients in violation of the FTC Act and the Standards for Safeguarding Customer Information Rule, issued pursuant to the Gramm-Leach-Bliley Act.
As previously covered by InfoBytes, in its complaint, the FTC alleged the company’s failure to, among other things, (i) implement an organization information security policy; (ii) implement reasonable guidance or training for employees; (iii) use readily available security measures to monitor systems; and (iv) impose reasonable data access controls, which resulted in a hacker gaining unauthorized access to the company’s database containing the personal information of approximately 12.5 million consumers. The approved settlement requires the company to, among other things, implement and maintain a comprehensive information security program designed to protect the personal information it collects, including implementing specific safeguards related to the FTC’s allegations. Additionally, the settlement requires the company to obtain third-party assessments of its information security program every two years and have a senior manager certify compliance with the order every year.
Cybersecurity company settles FCPA claims for $11.7 million
On August 29, a cybersecurity company agreed to pay over $11.7 million to settle SEC claims that certain subsidiaries operating in Russia and China violated the books and records and internal accounting controls provisions of the FCPA. The alleged misconduct included certain sales employees at the Russian subsidiary who misrepresented “the need for increased discounts to meet competition,” and—instead of passing the incremental discounts on to end-user customers—created “common funds” in off-book accounts that were diverted toward “excessive” travel and entertainment involving foreign officials, which the employees allegedly claimed served business purposes. According to the SEC, the company failed to (i) properly record the expenses; or (ii) implement or maintain an effective internal accounting system to prevent the violations from occurring. During approximately the same time period, sales employees at the Chinese subsidiary also paid for domestic trips and entertainment for foreign officials while allegedly understating the amount of entertainment involved and falsifying trip agendas to the company’s legal department to obtain approval.
In entering into the administrative order, the SEC considered the company’s cooperation and compliance efforts. Without admitting or denying wrongdoing, the company agreed to pay a $6.5 million civil money penalty and more than $5.2 million in disgorgement and interest.