Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Court preliminarily approves $80 million settlement for shareholders after global internet company data breach
On May 9, the U.S. District Court for the Northern District of California granted a preliminary approval of a settlement between a global internet media company and its shareholders over alleged securities law violations related to cybersecurity breaches in 2013 and 2014. The $80 million settlement resolves a consolidated shareholder action accusing the company of making misleading statements to shareholders about the company’s data security. According to the order, the settlement applies to all shareholders who acquired the company’s securities between April 30, 2013 and December 14, 2016. As previously covered by InfoBytes, the company was recently ordered by the SEC to pay $35 million to resolve allegations related to the same cybersecurity incidents.
On April 24, the SEC ordered a global internet media company, acquired in 2017 by a global communications company, to pay $35 million to settle claims alleging that the company failed to disclose a 2014 cybersecurity breach in which Russian hackers stole data from over 500 million user accounts. Compromised private user information included usernames, email addresses, phone numbers, birthdates, passwords, and security questions and answers. According to the SEC’s cease-and-desist order, during the two years following the breach, the internet media company (i) failed to inform outside counsel or auditors of the breach in order to assess public filing disclosure obligations; (ii) failed to maintain internal disclosure controls and procedures designed to guarantee that the company’s information security team reports addressing actual data breaches, or the risk of such breaches, were properly and timely assessed for potential disclosure; and (iii) made misleading statements in its public filings that warned investors only of the “risk of potential future data breaches” without disclosing the 2014 data breach. The SEC claimed that the disclosure violations continued as acquisition discussions were held in 2016 and resulted in renegotiation of the terms of the company’s sale, including a 7.25 percent reduction in price. The company ultimately disclosed the breach to the public in September of 2016. In agreeing to the settlement, the company neither admitted nor denied the SEC’s findings, except as to the SEC’s jurisdiction over the matter.
New Mexico Attorney General announces settlement with payment card companies to resolve excessive interchange fees
On April 18, the New Mexico Attorney General’s office announced a $3.4 million settlement with the country’s two largest payment card networks to resolve allegations that the companies charged excessive interchange fees during credit and debit card transactions. In 2014, the state filed a lawsuit claiming that the companies’ conduct violated New Mexico’s Antitrust Act and Unfair Practices Act along with various common law theories, including unjust enrichment and civil conspiracy. According to the terms of the settlement, the companies are required to pay a total of $3.4 million into the state’s settlement fund for “law enforcement efforts to prevent and prosecute financial fraud or unfair or deceptive acts or practices, including anti-competitive behavior, and to investigate, enforce, and prosecute other illegal conduct related to financial services or consumer protection and antitrust laws.” In agreeing to the terms of the settlement, the companies did not admit any liability or wrongdoing, did not admit the truth of any allegations or circumstances, and did not waive any defenses.
On April 20, the CFPB, in coordination with the OCC, announced a $1 billion settlement with a national bank for certain auto and mortgage lending practices the bank had previously discontinued and for which voluntary consumer remediation was initiated by the bank. According to the CFPB consent order, the Bureau alleged the bank inappropriately (i) charged fees for mortgage rate-lock extensions, and (ii) operated a force-placed insurance program in connection with auto loans. Specifically, the CFPB alleged that the bank sometimes charged rate lock extension fees to consumers when it should have absorbed the fees. With respect to auto loans, the Bureau alleged that, due to issues with the vendor employed to monitor for insurance and issue insurance if not maintained by the consumer, certain consumers paid for force-placed insurance premiums and interest that may not have been required resulting in potential consumer harm. The CFPB consent order acknowledges that the bank voluntarily discontinued the above practices and has voluntarily begun consumer remediation. Under the terms of both of the consent orders, the bank will remediate affected consumers and will implement necessary changes to its compliance risk-management program.
U.S. imposes denial of export privileges on Chinese telecom giant for violating prior settlement agreement
On April 16, the U.S. Department of Commerce imposed a denial of export privileges on Chinese telecommunications equipment corporation for violating a previous settlement relating to illegally shipping telecommunications equipment to Iran and North Korea. As previously covered in InfoBytes, in March 2017, the company agreed to a combined civil and criminal penalty and to forfeiture of over $1.1 billion for shipping the equipment, making false statements, and obstructing justice. As part of the settlement, the company agreed to a seven-year suspended denial of export privileges, which would trigger if the agreement was not met or if the company committee further violations.
The Department imposed the denial after determining that the company made false statements during the 2016 settlement negotiations and again during the probationary period in 2017 related to disciplinary actions against senior employees that the company said it was taking or had already taken. The false statements covered up the fact that the company had actually failed to issue letters of reprimand and paid full bonuses to the employees who had engaged in illegal conduct.
On March 30, a regional bank reached a $13 million settlement with a group of its shareholders over allegations of misleading statements and omissions regarding the bank’s compliance with fair lending laws, and Bank Secrecy Act (BSA) and Anti-Money Laundering (AML) regulations. The shareholders—purchasers of the bank’s stock between July 2013 and July 2014—allege that the bank’s misrepresentations regarding their compliance with BSA/AML laws, as well as other laws and regulations, artificially inflated the price of the bank’s stock. According to the settlement, both parties’ decisions to enter into the agreement were partially due to the length and expense of continued litigation, which began in 2014. The shareholders initiated the class action litigation in July 2014; however, the U.S. Court of Appeals for the 6th Circuit vacated the initial class certification in September 2016, remanding to the district court for further proceedings. The class was recertified by the district court in June 2017 with the 6th Circuit denying the bank’s petition for appeal of the recertification. The bank denies all allegations of wrongdoing and liability in the settlement.
International bank agrees to pay $2 billion in civil penalties to settle allegations of RMBS misconduct
On March 29, the DOJ announced a $2 billion settlement with an international bank and several of its affiliates to resolve allegations of misrepresentation in the sale of residential mortgage-backed securities, in violation of the Financial Institutions Reform, Recovery, and Enforcement Act. The bank agreed to pay the civil monetary penalty in exchange for dismissal of a civil action filed in 2016. According to the settlement agreement, the investigation focused on 36 securitizations by the bank between 2005 and 2007. In addition to the alleged misrepresentations in the offering documents, the bank allegedly misled investors about the quality of the mortgage loans backing the deals. Separately, two former bank executives agreed to pay a combined $2 million to resolve claims brought against them individually. The bank did not admit to any liability or wrongdoing.
FTC and New York Attorney General announce orders banning debt collection operations from related activities
On March 22, the New York Attorney General’s office and the FTC announced settlements with the operators of an allegedly abusive debt collection scheme, resolving lawsuits filed in 2015. (See previous InfoBytes coverage here.) According to the FTC, the operators and associated companies allegedly violated the FTC Act, the Fair Debt Collection Practices Act, and New York state laws prohibiting deceptive acts and practices by using abusive language and making false threats that consumers would be arrested or sued in order to collect the supposed debts. The stipulated final orders impose combined judgments of over $48.7 million to be partially suspended upon the surrender of certain assets, including more than $1 million in corporate and individual assets. In addition to barring the operators from the debt collection business and from buying or selling debt, the orders further prohibit them from misrepresenting financial products and services or benefiting from consumers’ personal information collected in connection with the challenged practices.
On March 16, the FTC and three Utah-based movie companies (defendants) agreed to a proposed stipulated final order settling charges that they violated the FTC Act and the Telemarketing Sales Rule (TSR). In 2011, the DOJ filed a complaint on behalf of the FTC, which alleged defendants engaged in abusive telemarketing practices by making more than 117 million deceptive and unlawful calls to consumers to pitch movies and induce DVD sales in violation of the TSR, including 99 million calls to numbers on the Do Not Call Registry. In 2016, a federal court jury found the defendants guilty of six TSR violations and collectively responsible for the more than 117 million unlawful calls alleged in the complaint. The jury additionally found that the defendants had “actual or implied knowledge of the TSR violations,” meaning that the court was allowed to assess civil penalties under the FTC Act. According to the FTC’s press release, this was the first-ever jury verdict in an action to enforce the TSR and DNC Registry rules.
The proposed stipulated final order bans the defendants from engaging in the alleged misconduct, orders the defendants to train and monitor its solicitors to ensure compliance with the TSR, and imposes a $45.5 million civil money penalty, of which $487,735 is suspended unless it is determined that the financial statements defendants submitted to the FTC contain any inaccuracies.
On March 12, the California Department of Business Oversight (DBO) announced a $160,000 settlement with the California subsidiary of a payday lender for allegedly adding improper fees to installment loan principle amounts in order to avoid the California Finance Law’s (CFL) interest rate cap. The settlement resulted from a DBO examination in which the DBO issued a finding that: (i) the lender failed to exclude fees payable to the California DMV when calculating the principal amount of certain vehicle title loans; (ii) excluding the DMV fees, the bona fide principal amount of the loans at issue was less than $2,500; and (iii) the loans were, therefore, subject to the CFL interest rate cap on loans with a principal amount of less than $2,500, which was exceeded on 591 loans. Without admitting to any wrongdoing, the lender agreed to pay an administrative penalty of approximately $78,000 to the DBO and to refund approximately $82,000 to allegedly affected borrowers.
- John R. Coleman to discuss “CFPB update” at the MBA Legal Issues and Regulatory Compliance Conference
- Kathryn L. Ryan to discuss "State licensing and NMLS challenges" at MBA’s Legal Issues and Regulatory Compliance Conference
- Jonice Gray Tucker to discuss “Fair lending and equal opportunity laws” at the MBA Legal Issues and Regulatory Compliance Conference
- Jeffrey P. Naimon to discuss “Contemplating the boundaries of UDAAP” at the MBA Legal Issues and Regulatory Compliance Conference
- Steven vonBerg to speak at closing “super session“ on compliance topics at MBA Legal Issues and Regulatory Compliance Conference
- Buckley Webcast: Fifth Circuit muddles CFPB’s plans to use in-house judges in enforcement proceedings
- Jeffrey P. Naimon to discuss “Understanding the ESG impact on compliance” at the ABA’s Regulatory Compliance Conference