InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
German bank to pay $16.2 million for allegedly concealing corrupt hiring practices
On August 22, a German-based bank entered into an administrative order with the SEC agreeing to pay $16.2 million to settle the SEC’s claims that it allegedly concealed corrupt hiring practices. According to the SEC, the bank allegedly violated U.S. laws—including the internal controls and books and records provisions of the FCPA—by offering jobs to relatives of Chinese and Russian government officials in an attempt to secure business or other benefits. Employees then created false books and records that concealed the practices and circumvented internal controls in place to prevent the activities. The SEC stated that the bank’s failure to properly enforce its written global anti-corruption policy allowed the bank to provide jobs in China and Russia from at least 2006 to 2014 based on how much business the candidate’s connections could bring to the bank.
In entering into the administrative order, the SEC considered the company’s cooperation efforts and compliance efforts. Without admitting or denying wrongdoing, the bank agreed to pay a $3 million civil money penalty and more than $13.1 million in disgorgement and interest.
Brokers to pay $4.5 million to settle ADR mishandling claims
On August 16, the SEC announced a settlement with two brokers to resolve allegations concerning the improper handling of pre-released American Depositary Receipts (ADRs), or “U.S. securities that represent shares of a foreign companies.” According to the SEC, both brokers improperly “obtained pre-released ADRs when they should have known that the pre-release transactions were not backed by foreign shares.” The SEC asserted the brokers improperly obtained the pre-released ADRs from other broker-dealers—with one of the brokers also obtaining the pre-released ADRs from depository banks—which “resulted in an inflated total number of foreign issuer’s tradeable securities and short selling and dividend arbitrage.” The SEC further alleged the brokers violated the Securities Act of 1933 and failed to reasonably supervise their securities lending desk personnel. While neither broker admitted nor denied the SEC’s findings, the orders require them to pay, combined, more than $4.5 million in disgorgement, prejudgment interest, and penalties. The orders acknowledge the brokers’ cooperation in the investigation.
OFAC announces settlement with trade credit insurer for sanctions violations
On August 16, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a $345,315 settlement with a Maryland-based trade credit insurer for two alleged violations of the Foreign Narcotics Kingpin Sanctions Regulations. The settlement resolves potential civil liability for the company’s receipt of payment from the liquidation of assets belonging to a company that was added to the List of Specially Designated Nationals and Blocked Persons in 2016. According to OFAC, by accepting the assignment to collect debt owed by the designated company and receiving payment, the company violated sanctions regulations.
In arriving at the settlement amount, OFAC considered various mitigating factors, including (i) the company has not received a penalty or finding of a violation in the five years preceding the transactions at issue; (ii) the company voluntarily conducted a full internal review, cooperated with OFAC during the investigation, and undertook remedial efforts to minimize the risk of similar violations from occurring in the future; and (iii) the company agreed to implement certain compliance commitments to ensure the strength of its sanctions compliance program.
OFAC also considered various aggravating factors, including that the company did not voluntarily self-disclose the issue to OFAC and the company failed to undertake measures to confirm the assignment of debt and acceptance of payment was permitted under existing authorizations.
District Court approves TCPA class action settlement
On August 15, the U.S. District Court for the Northern District of California entered a final approval order and judgment to resolve class action allegations claiming a security system company and its third-party dealer violated the TCPA through the use of an automatic telephone dialing system and prerecorded messages. According to the claims, consumers—including those on the do-not-call registry—allegedly received telemarketing calls at their residences or on cellphones from the dealer or the dealer’s sub-dealers promoting goods or services offered by the company. The company argued it was not responsible for calls the dealer made on its behalf, but the district court denied summary judgment and set a trial date. However, prior to the trial’s commencement, the parties reached a settlement. Under the terms of the settlement, the company agreed to implement changes to its practices to ensure TCPA compliance and banned the dealer from marketing or activating new accounts for the company. The company also agreed to pay $28 million into a settlement fund for consumer redress, no more than $1.4 million towards settlement administrator costs and expenses, $30,000 total in service awards to class representatives, and combined attorneys’ fees and litigation costs of approximately $7.5 million.
CFPB and Arkansas AG settle with pension-advance brokers
On August 15, the CFPB and the Arkansas attorney general announced a proposed settlement with three loan brokerage companies, along with their owner and operator (collectively, “defendants”) for allegedly misrepresenting the contracts offered to veterans and other consumers. According to the complaint, from 2011 through 2016, the defendants offered high-interest credit to consumers, deceptively marketed as purchases of future pension or disability payments. The contracts allegedly required veterans to instruct that their pension direct deposits or monthly allotments be routed to the bank account controlled by the defendants or pay the contracted amounts from other sources, including purchasing life-insurance policies, to ensure the contract amount would be paid. The defendants allegedly did not disclose to consumers the interest rates associated with the products, marketing the contracts as sale of payments and not credit offers. The defendants also allegedly did not disclose that the contracts were void under federal and state law, which prohibit the assignment of certain benefits.
Under the proposed settlement, the defendants are: (i) prohibited from brokering or participating in agreements that sell future pension rights; (ii) required to pay a civil money penalty of $1 to the Bureau; and (iii) required to pay $75,000 to the Arkansas AG’s Consumer Education and Enforcement Fund. Additionally, the settlement imposes a judgment of $2.7 million in redress, which is suspended upon the owner paying $200,000 in redress and making the payments to the Bureau and the Arkansas AG.
Florida AG settles UDAP action with auto dealership
On August 5, the Florida attorney general announced a $1.2 million settlement with a Florida auto dealership and its owner (defendants) for allegedly violating the state’s Unfair and Deceptive Trade Practices Act by failing to pay off outstanding liens on vehicle trade-ins. According to a complaint filed in the Circuit Court of the 4th Judicial Circuit, the AG initiated an investigation alleging that the defendants, among other things, accumulated unpaid obligations of more than $1.2 million to lienholders on traded-in vehicles. As a result, consumers were held accountable for the debt and received invoices from the lienholders. For consumers who did not make payments on their trade-ins, the lienholders often reported the defaults to credit bureaus, with, in some instances, the adverse credit reporting affected service members’ security clearances. The AG also noted that in certain circumstances, the lienholder attempted to repossess vehicles that were no longer owned by the consumers. Additionally, the defendants also failed to process title transfers within the statutorily required time frame, which resulted in some consumers experiencing difficulty when trying to obtain financing and insurance on their other vehicles, and others being sold traded-in vehicles without having clear title. In 2018, the dealership was purchased and the outstanding liens paid by the acquiring company. Under the terms of the settlement, the defendants have agreed to pay approximately $1.2 million in equitable consumer restitution, $235,000 in civil penalties, and $15,000 for attorney’s fees and costs. The defendants are also permanently enjoined from owning, operating, or managing an auto or truck dealership in the state at any time in the future.
OFAC fines truck manufacturer for Iranian sanctions violations
On August 6, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a roughly $1.7 million settlement with a Washington-based truck manufacturer for 63 alleged violations of the Iranian Transactions and Sanctions Regulations. The settlement resolves potential civil liability for actions taken by a wholly-owned subsidiary of the company that allegedly sold or supplied trucks with a total transactional value of over $5.4 million to European customers, but knew or had reason to know the trucks were ultimately intended for buyers in Iran.
In arriving at the settlement amount, OFAC considered various mitigating factors, including that (i) neither the company nor the subsidiary have received a penalty or finding of a violation in the five years prior to the transactions at issue; (ii) the subsidiary had in place at the time of the alleged violations a trade sanctions compliance program with contractual prohibitions on dealers and service partners that were re-selling products in violation of U.S. trade sanctions; and (iii) the company and subsidiary voluntarily self-disclosed the issue to OFAC, cooperated with OFAC during the investigation, and undertook remedial efforts to minimize the risk of similar violations from occurring in the future.
OFAC also considered various aggravating factors, including that the subsidiary failed to exercise caution when alerted to warning signs regarding the potential sales, and that in each instance, a subsidiary employee was aware of the conduct leading to the alleged violations.
Visit here for additional InfoBytes coverage of actions related to Iran.
FTC and DOJ announce $5 billion privacy settlement with social media company; SEC settles for $100 million
On July 24, the FTC and the DOJ officially announced (see here and here) that the world’s largest social media company will pay a $5 billion penalty to settle allegations that it mishandled its users’ personal information. As previously covered by InfoBytes, it was reported on July 12 that the FTC approved the penalty, in a 3-2 vote. This is the largest privacy penalty ever levied by the agency, almost “20 times greater than the largest privacy or data security penalty ever imposed worldwide,” and one of the largest ever assessed by the U.S. government for any violation. According to the complaint, filed the same day as the settlement, the company allegedly used deceptive disclosures and settings to undermine users’ privacy preferences in violation of a 2012 privacy settlement with the FTC, which allowed the company to share users’ data with third-party apps that were downloaded by users’ “friends.” Moreover, the complaint alleges that many users were unaware the company was sharing the information, and therefore did not take the steps needed to opt-out of the sharing. Relatedly, the FTC also announced a separate action against a British consulting and data analytics firm for allegedly using deceptive tactics to “harvest personal information from millions of [the social media company’s] users.”
In addition to the monetary penalty, the 20-year settlement order overhauls the company’s privacy program. Specifically, the order, among other things, (i) establishes an independent privacy committee of the company’s board of directors; (ii) requires the company to designate privacy program compliance officers who can only be removed by the board’s privacy committee; (iii) requires an independent third-party assessor to perform biennial assessments of the company’s privacy program; (iv) requires the company to conduct a specific privacy review of every new or modified product, service, or practice before it is implemented; and (v) mandates that the company report any incidents in which data of 500 or more users have been compromised to the FTC.
In dissenting statements, Commissioner Chopra and Commissioner Slaughter asserted that the settlement, while historic, does not contain terms that would effectively deter the company from engaging in future violations. Commissioner Slaughter argues, among other things, that the civil penalty is insufficient and believes the order should have contained “meaningful limitations on how [the company] collects, uses, and shares data.” Similarly, Commissioner Chopra argues that the order imposes no meaningful changes to the company’s structure or financial incentives, and the immunity provided to the company’s officers and directors is unwarranted.
On the same day, the SEC announced that the company also agreed to pay $100 million to settle allegations that it mislead investors about the risks it faced related to the misuse of its consumer data. The SEC’s complaint alleges that in 2015, the company was aware of the British consulting and data analytics firm’s misuse of its consumer data but did not correct its disclosures for more than two years. Additionally, the SEC alleges the company failed to have policies and procedures in place during that time that would assess the results of internal investigations for the purposes of making accurate disclosures in public filings. The company neither admitted nor denied the allegations.
Credit reporting agency agrees to multi-agency settlement over 2017 data breach
On July 22, the CFPB, FTC, and 48 states, the District of Columbia and Puerto Rico announced a settlement of up to $700 million with a major credit reporting agency to resolve federal and state investigations into a 2017 data breach that reportedly compromised sensitive information for approximately 147 million consumers. According to the complaints (see here and here) filed in the U.S. District Court for the Northern District of Georgia, the company allegedly engaged in unfair and deceptive practices by, among other things, (i) failing to provide reasonable security for the sensitive personal information stored within its network; (ii) deceiving consumers about its data security program capabilities; and (iii) failing to patch its network after being alerted in 2017 to a critical security vulnerability.
Under the terms of the proposed settlements (see here and here), pending final court approval, the company will pay up to $425 million in monetary relief to consumers and provide credit monitoring to affected individuals, as well as six free credit reports each year for seven years to all U.S. consumers. The company must also pay $175 million to 48 states, the District of Columbia and Puerto Rico, and a $100 million civil money penalty to the Bureau. The $425 million fund will also compensate consumers who bought credit- or identity-monitoring services from the company and paid other expenses as a result of the breach. The company must also, among other things, implement a comprehensive information security program that will require annual assessments of security risks and safeguard measures, obtain third-party information security assessments, and acquire annual certifications from the board of directors that the company has complied with the settlements.
SEC settles with U.S. affiliate of Japanese financial institution for mortgage-backed securities failures
On July 15, the SEC announced an approximately $25 million settlement with the U.S. affiliate of a Japanese financial holding company, resolving allegations that the company failed to adequately supervise mortgage-backed securities traders. According to the orders, covering commercial mortgage-backed securities (CMBS) and residential mortgage-backed securities (RMBS), from approximately January 2010 through April 2014 several traders allegedly made false or misleading statements while negotiating the sales of CMBS and RMBS, including information about (i) the company’s purchase price of the securities; (ii) the compensation the company would receive on the trades; and (iii) the current ownership of the securities. The SEC alleges the company failed to reasonably supervise traders to prevent the alleged violations of federal antifraud provisions. The orders acknowledge the company’s significant cooperation in the matter and require the company to reimburse customers the full amount of profits earned from the identified trades, totaling over $4.2 million to CMBS customers and over $20.7 million to RMBS customers. Additionally, the orders penalize the company $500,000 related to the CMBS trades and $1 million related to the RMBS trades.