Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On May 3, Ginnie Mae published a Request for Input (RFI) soliciting feedback on potential changes to the parameters governing loan eligibility for pooling into its mortgage-backed securities (MBS). As previously covered by InfoBytes, in May 2018, Ginnie Mae announced changes to pooling eligibility requirements for Department of Veterans Affairs (VA) loans “to address abnormal prepayment patterns in some mortgages pooled in Ginnie Mae MBS that negatively affect MBS pricing, to the detriment of home mortgage loan affordability.” In the RFI, Ginnie Mae notes its focus on adverse trends in the trading of some Ginnie Mae MBS relative to securities issued by Fannie Mae, and cites published commentary and analysis that its MBS are “believed to be susceptible to refinance activity out of proportion to what should be expected from prevailing economic conditions.” The RFI now seeks feedback on, among other things, the propensity of high-LTV VA cash-out refinances to prepay in comparison with those of other loan type categories, any related impact on MBS pricing, and whether a loan-to-value ceiling of 90 percent for cash-out refinance loans “is an appropriate threshold for identifying the loan type category that would be subject to an alternative securitization path.” Ginnie Mae is considering such an alternative securitization path to provide liquidity for excluded (or restricted) loan type categories, highlighting (i) single-issuer custom securities; (ii) securities that are restricted based on a de minimis standard; and (iii) shorter duration loan types as logical possibilities. Comments on the RFI must be received by May 22.
On May 2, the CFPB announced that it had filed a lawsuit against Utah-based credit repair telemarketers and their affiliates (defendants) for allegedly committing deceptive acts and practices in violation of the Telemarketing Sales Rule (TSR) and the Consumer Financial Protection Act (CFPA). According to the complaint filed in the U.S. District Court for the District of Utah, the CFPB alleges the defendants charged consumers a fee for telemarketed credit repair services when they signed up for the services, and then monthly thereafter, without (i) waiting for the timeframe in which they represented their services would be provided to expire; and (ii) demonstrating that the promised results have been achieved, in the form of a consumer report issued more than six months after those results were achieved, as required by the TSR. Additionally, the CFPB alleges that certain defendants made false and misleading claims constituting deceptive acts under the CFPA. Specifically, the CFPB alleges those defendants marketed that guaranteed, or high-likelihood, loans or rent-to-own housing offers would be available through affiliates after signing up for credit repair services when in actuality, the products were not available. The CFPB is seeking restitution, civil money penalties, and injunctive relief against the defendants.
On April 30, 2019, the Department of Justice Criminal Division released updated guidance on the Evaluation of Corporate Compliance Programs (the “Guidance”). The Guidance sets forth the non-binding factors that DOJ prosecutors utilize to evaluate a company’s compliance program and consequently determine the “(1) form of any resolution or prosecution; (2) monetary penalty, if any; and (3) compliance obligations contained in any corporate criminal resolution (e.g., monitorship or reporting obligation.” The Guidance is, therefore, significant to companies seeking to understand what the DOJ considers to be best practices for compliance programs, as well as to mitigate against criminal penalties resulting from potential wrongdoing.
The Guidance builds upon a prior version released in February 2017 and does not indicate any major policy changes. Instead, this update provides further explanation of the factors DOJ uses to evaluate companies’ compliance programs and contextualize those factors within the enforcement framework of the Justice Manual and Sentencing Guidelines.
* * *
Click here to read the full special alert.
If you have questions about the DOJ’s new guidance or other related issues, please visit our White Collar practice page or contact a Buckley attorney with whom you have worked in the past.
On April 24, the FTC announced separate settlements with the operators of an online rewards website and a dress-up games website to resolve allegations concerning poorly implemented data security measures and Children’s Online Privacy Protection Act (COPPA) violations. According to the FTC, the online rewards website operator collected personal information (PII) from users who participated in their online offerings and made promises that their account information was secure. However, the operator allegedly failed to implement data security measures or utilize encryption techniques, which granted hackers access to the network. In addition, the operator allegedly maintained PII in clear unencrypted text. As a result of the breach, hackers published and offered for sale PII for approximately 2.7 million consumers. Under the terms of the decision and order, the operator is, among other things, prohibited from misrepresenting the measures taken to protect consumers’ PII and is required to implement a comprehensive information security program for future collections of PII.
On the same day, the FTC reached a proposed settlement with a dress-up games website and its operators, who allegedly violated COPPA by failing to obtain parental consent before collecting personal information from children under 13 or provide reasonable and appropriate security for the collected data. According to the FTC, data security failures allowed hackers access to the company’s network, which stored information for roughly 245,000 users under age 13. As part of the proposed settlement filed in the U.S. District Court for the Northern District of California, the company and operators, among other things, (i) have agreed to pay $35,000 in civil penalties; (ii) will change their business practices to comply with COPPA; and (iii) are prohibited from selling, sharing, or collecting personal information until a comprehensive data security program is implemented and undergoes independent biennial assessments.
On April 30, the OCC released a proposed Innovative Pilot Program (and accompanying program FAQs), which is designed to support responsible innovation in the U.S. federal banking system by allowing eligible entities to test novel products, services, or processes that could present significant benefits to consumers, businesses, financial institutions, and communities. Under the program, the OCC would provide eligible entities with regulatory input, through tools such as interpretive letters during the development and implementation of proposed innovative activities. Any proposal the agency determines to have potentially predatory, unfair, or deceptive features; poses undue risk to consumers; or poses undue safety and soundness risk to an institution would be deemed as inconsistent with existing law and policy and not permitted in the program. Highlights of the proposed program include:
- Eligibility. OCC-supervised financial institutions may participate in the program independently or when partnered with a third-party entity to offer an innovative activity. Third-party entities, not supervised by the OCC, may not independently participate. Additionally, eligible entities seeking to participate in the program must establish an uncertainty (“perceived to be a barrier to development and implementation”) that justifies the need for the OCC’s involvement during development or implementation of the innovative product or service and must also show how the innovative activity has the potential to benefit the needs of consumers, businesses, and or communities.
- Parameters. The OCC anticipates participation in the program to last between three and 24 months, but the duration of each pilot will be on a case-by-case basis. The program may include the use of interpretive letters, supervisory feedback, and technical assistance, as well as potential determinations of legal permissibility before a live test. Notably, the program will not provide any statutory or regulatory waivers, and all participants must continue to comply with applicable laws and regulations.
- Evaluation Process. The four-step application process includes (i) a preliminary discussion with the OCC about the proposed pilot; (ii) submission of a tailored expression of interest (EOI) to the OCC’s Office of Innovation or assigned supervisory office; (iii) evaluation of the EOI by the OCC; and (iv) acceptance or declination of the request. If a proposal is accepted, the testing phase will begin and the entity will be required to submit periodic information and reports, including key performance indicators, issues identified, and any steps taken to address the issues.
The OCC will maintain the confidentiality of proprietary information, including the identity of any participating entities. Comments on the proposal must be submitted by June 14.
On May 1, the CFPB announced a $3.9 million settlement with a student loan servicing company. The settlement resolves allegations that the company engaged in unfair practices by failing to make adjustments to loans made under the Federal Family Education Loan Program to account for circumstances such as deferment, forbearance, or entrance into the Income-Based Repayment (IBR) program. According to the consent order, between 2005 and 2015, certain accounts requiring manual adjustments to principal loan balances based on program participation were allegedly placed in “queues” to process the adjustments, which took, in some cases, years to process. The servicer allegedly did not inform affected borrowers that it did not complete the processing of their principal balances associated with the deferment, forbearance, or IBR participation. The queues allegedly resulted in some borrowers paying off incorrect loan amounts and other borrowers experiencing delays in loan consolidation while waiting for the servicer to adjust principal balances. In addition to the $3.9 million civil money penalty, the consent order requires the servicer to make the proper adjustments to the principal balances of the affected accounts or pay restitution to borrowers who paid off loans with inaccurate loan balances. The servicer is also required to comply with certain compliance monitoring, reporting, and recordkeeping requirements.
On April 29, nine Democratic Senators, led by Sherrod Brown (D-Ohio), wrote to the CFPB expressing “deep concern” regarding the Bureau’s plan to retire its tools for public exploration of HMDA data—HMDA Explorer Tool and the Public Data Platform API. In the letter, the Senators argue that retiring the tools with no plan for adequate replacements “threatens to undermine the statutory purposes of HMDA and does not live up the commitments to transparency and accountability” that Director Kraninger promised to uphold during her nomination hearing. The Senators cite to the Bureau’s decision to move the Office of Fair Lending and Equal Opportunity from the Supervision and Enforcement section to the Office of the Director and argue that “[r]reductions in available data and its accessibility, combined with weakened [fair lending] enforcement, is a disservice to the consumers the CFPB was created to protect.” The letter urges the CFPB to reverse course and requests that the Bureau provide a “detailed briefing” on the decision by May 10.
In the notice regarding the tools’ retirement, the Bureau states that the FFIEC “will publish a query tool for the 2018 data in the coming months.”
On April 25, the Federal Reserve Board announced an enforcement action against a Japanese bank for alleged weaknesses in its New York branch’s anti-money laundering risk management and compliance programs, including a failure to comply with applicable rules and regulations, including the Bank Secrecy Act. Under the terms of the order, the bank is required to, among other things, (i) develop and implement a written plan to strengthen the board of directors’ oversight of Bank Secrecy Act/anti-money laundering (BSA/AML) compliance and Office of Foreign Assets Control (OFAC) regulations; (ii) submit an enhanced written compliance program that complies with BSA/AML requirements; (iii) submit an enhanced, written customer due diligence plan; (iv) submit a written program to ensure compliant, timely, and accurate suspicious activity monitoring and reporting; (v) submit a written plan to enhance OFAC regulation compliance; and (vi) submit a written plan for independent testing of the bank’s compliance with all applicable BSA/AML requirements. A civil money penalty was not assessed against the bank or the branch.
On April 26, the FDIC announced a list of administrative enforcement actions taken against banks and individuals in March. The 13 orders include “three consent orders; two orders terminating consent orders; four Section 19 orders; one removal and prohibition order; two voluntary terminations of insurance orders; and two orders to pay civil money penalty.” The FDIC assessed, among other things, a $200,000 civil money penalty against an Oklahoma-based bank for allegedly violating the FTC Act and the TCPA by (i) using telemarketers who misrepresented themselves as employees or affiliates of the federal government; and (ii) placing calls to consumers who appeared on the National Do Not Call Registry or who requested to be added to the bank’s internal Do Not Call List.
The FDIC also assessed a consent order against an Illinois-based bank related to alleged weaknesses in its Bank Secrecy Act (BSA) compliance program. Among other things, the bank is ordered to (i) designate a senior official to enforce and take corrective action related to its BSA compliance policy; (ii) implement a revised, comprehensive written BSA compliance program and system of internal controls to address provisions, including currency transaction reporting, customer identification program, beneficial ownership, and information sharing requirements; (iii) adopt a written Customer Due Diligence Program to assure the reasonable detection of suspicious activity, specifically for money services businesses and privately-owned ATM customers; (iv) implement a process for account transaction monitoring; (v) implement a comprehensive BSA training program for appropriate personnel; (vi) conduct a look back review to ensure certain transactions were appropriately identified and reported; and (vii) revise its internal control programs to correct the identified deficiencies.
Department of Defense updating data-sharing agreement with Department of Education to preserve servicemember benefit
On April 16, the Department of Defense (DoD) published a proposal in the Federal Register to amend its routine use policy to accommodate a new data-sharing agreement between DoD and the Department of Education (ED). The new agreement ensures that servicemembers with student loans under Part D, Title IV of the Higher Education Act of 1965 receive the “no interest accrual benefit” on eligible loans during the period in which they received imminent danger or hostile fire pay. Through the proposal and the new agreement, ED will be able to access information in the Defense Manpower Data Center Data Base to identify servicemembers eligible for “no interest accrual benefit.” The proposal will take effect after the comment period ends on May 16 “unless comments are received which result in a contrary determination.”
- APPROVED Webcast: Introducing Mogy — APPROVED’s licensing technology solution
- Hank Asbill to discuss "Pay no attention to the man behind the curtain: Addressing prosecutions driven by hidden actors" at the National Association of Criminal Defense Lawyers West Coast White Collar Conference
- Daniel P. Stipano to discuss "Mid-year policy update" at the ACAMS AML Risk Management Conference
- Daniel P. Stipano to discuss "Keep off the grass: Mitigating the risks of banking marijuana-related businesses" at the ACAMS AML Risk Management Conference
- Christopher M. Witeck and Moorari K. Shah to discuss "The latest in vendor management regulations" at a Mortgage Bankers Association webinar
- Buckley Webcast: Hot topics in debt collection — An analysis of recent federal FDCPA litigation
- Jonice Gray Tucker to discuss "How to succeed in law school" at the SEO Law DC Panel Discussions
- Amanda R. Lawrence to discuss "Navigating the challenges of the latest data protection regulations and proven protocols for breach prevention and response" at the ACI National Forum on Consumer Finance Class Actions and Government Enforcement
- Benjamin W. Hutten to discuss "Requirements for banking inherently high-risk relationships" at the Georgia Bankers Association BSA Experience Program
- Brandy A. Hood to discuss "RESPA Section 8/referrals: How do you stay compliant?" at the New England Mortgage Bankers Conference
- Daniel P. Stipano to discuss "Lessons learned from recent enforcement actions and CMPs" at the ACAMS AML & Financial Crime Conference
- Daniel P. Stipano to discuss "Assessing the CDD final rule: A year of transitions" at the ACAMS AML & Financial Crime Conference