Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On October 1, sixteen Democratic Senators sent a letter to CFPB Director Kathy Kraninger, expressing concern over the Bureau’s failure to obtain restitution in eight recent settlements with mortgage lenders for allegedly mailing consumers advertisements for Department of Veterans Affairs (VA) mortgages that contained misleading statements or lacked required disclosures (covered by InfoBytes here). The letter states that while the Bureau collected approximately $2.8 million in civil penalties over the eight settlements, it did not require any company to pay restitution to harmed consumers. The letter argues that the failure to obtain restitution in these matters was a departure from the Bureau’s practice in previous cases where it obtained restitution for consumers who enrolled in a service connected to allegedly deceptive advertising. The letter notes that, if the Bureau was not able to determine a restitution amount based on the “millions of advertisements” that were sent, it had the authority to seek disgorgement as a remedy. The letter requests the Bureau elaborate on, among other things, its decision not to seek restitution for consumers in the cited actions and to provide information about the standard the Bureau uses to determine when to provide restitution.
On October 6, the Financial Crimes Enforcement Network (FinCEN) issued a notice extending the deadline to December 31, 2020, for victims of certain recent natural disasters to file their reports of Foreign Bank and Financial Accounts (FBAR) for the 2019 calendar year. The expanded relief is offered to victims impacted by the California wildfires, Iowa Derecho, Hurricane Laura, Oregon wildfires, and Hurricane Sally. If FEMA later designates additional areas as eligible for individual assistance, FBAR filers in those locations will automatically receive the same filing relief. FinCEN will also work with FBAR filers who live outside the designated disaster areas but may have trouble meeting their filing obligations because their records are located in the affected areas.
On October 8, the Small Business Administration (SBA), in consultation with the U.S. Treasury Department, announced a more streamlined loan forgiveness application for Paycheck Protection Program (PPP) loans of $50,000 or less. According to the interim final rule released with the application and application instructions, lenders may rely on the borrower representations of the forgiveness amount, stating that a “lender does not need to independently verify the borrower’s reported information if the borrower submits documentation supporting its request for loan forgiveness and attests that it accurately verified the payments for eligible costs.” Moreover, should a borrower apply for forgiveness of costs exceeding the borrower’s PPP loan amount, the lender should confirm the borrower’s calculations on the loan forgiveness application, “up to the amount required to reach the requested [f]orgiveness [a]mount.” The SBA notes that it began approving PPP forgiveness applications and remitting payments to lenders on October 2 and “will continue to process all PPP forgiveness applications in an expeditious manner.”
Additionally, on October 7, the SBA updated the PPP FAQs to add a question on the payment deferral extension granted by the PPP Flexibility Act. As previously covered by InfoBytes, the PPP Flexibility Act extends the six-month payment deferral period to at least 10 months after the program expires. Specifically, the FAQs confirm that the extension of the deferral period will automatically apply to all PPP loans, requiring lenders to “give immediate effect to the statutory extension and  notify borrowers of the change to the deferral period.” Moreover, the FAQs emphasize that the SBA does not require a formal modification of the promissory note.
On October 1, the U.S. Treasury Department’s Office of Terrorism and Financial Intelligence issued two advisories to aid U.S. individuals and businesses in combating ransomware scams and attacks. In issuing the advisories, Treasury emphasized that “[e]fforts to detect and report ransomware payments are vital to prevent and deter cyber actors from deploying malicious software to extort individuals and businesses, and to hold ransomware attackers accountable for their crimes.” The advisory released by FinCEN, titled the Advisory on Ransomware and the Use of the Financial System to Facilitate Ransom Payments, provides information on the role of financial intermediaries in payments, ransomware trends and typologies, and related financial red flags indicators. Among other things, the advisory urges financial institutions to file suspicious activity reports when handling any transfer of funds related to a ransomware-related activity, and provides information on effectively reporting and sharing information related to ransomware attacks.
The advisory released by Treasury’s Office of Foreign Assets Control (OFAC), titled the Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments, cautions that companies that facilitate ransomware payments to cyber actors on behalf of victims targeted by ransomware activities may face potential sanctions risks. Among other things, the advisory encourages financial institutions and other companies that engage with victims of ransomware attacks to implement risk-based compliance programs “to mitigate exposure to sanctions-related violations,” and to report such attacks to law enforcement. These sanctions compliance programs, OFAC emphasizes, “should account for the risk that a ransomware payment may involve [a specially designated national] or blocked person, or a comprehensively embargoed jurisdiction.” OFAC also cautions companies to consider whether they also need to comply with FinCEN’s regulatory obligations. Furthermore, the advisory provides U.S. government resources for reporting ransomware attacks, as well as guidance on factors OFAC generally considers when determining an appropriate enforcement response to an apparent violation.
On October 1, the Federal Reserve announced an enforcement action against a Pennsylvania state-chartered bank for deficiencies in the bank’s Bank Secrecy Act (BSA), anti-money laundering (AML), and U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) regulations. The order requires the bank to submit, among other things, (i) a board-approved, written plan to improve oversight of BSA/AML requirements and OFAC regulations; (ii) a written BSA/AML compliance program; (iii) a revised customer due diligence program; (iv) a written suspicious activity monitoring and reporting program; and (iv) a written plan for independent testing of compliance with BSA/AML requirements. The bank was not assessed any monetary penalties.
On October 1, the CFPB released the assessment report required by Section 1022(d) of the Dodd-Frank Act for the TILA-RESPA Integrated Disclosure Rule (TRID), concluding that the TRID Rule “made progress towards several of its goals.” The assessment report was conducted using the Bureau’s own research and external sources. In opening remarks, Director Kraninger noted that the Bureau was “unable to obtain or generate the data necessary” to include a cost-benefit analysis, but documented the benefits and costs when possible. In addition to studying the effectiveness of the TRID Rule, the report also summarized the public comments the Bureau received from its November 2019 request for information (covered by InfoBytes here).
The Bureau issued the TRID Rule in November 2013, and the Rule took effect on October 3, 2015. Among other things, the TRID Rule integrated TILA’s Good Faith Estimate (GFE) and RESPA’s settlement statement (HUD-1), as well as other Dodd-Frank required disclosures, into the “Loan Estimate” and “Closing Disclosure” forms. Key findings of the assessment include:
- The TRID disclosure forms improved borrower abilities to locate key mortgage information, and compare costs and features of different mortgage offers;
- Evidence was mixed as to whether the TRID disclosure forms improved borrower abilities to understand loan estimates and transactions, and the TRID Rule increased consumer shopping for mortgages;
- The median response for one-time costs for lenders of implementing the rule was roughly $146 per mortgage originated in 2015;
- Evidence was unclear regarding ongoing costs for lenders, noting that over the last decade, lenders’ costs have increased steadily, but the data does not show a clear increase from the time the TRID Rule took effect; and
- Purchases and refinances dropped notably (around 14 percent and eight percent, respectively) in the first two months after the effective date, and purchase closing times lengthened by about 13 percent. However, both changes returned to pre-TRID Rule amounts and durations.
Additionally, the Bureau released a Data Point report titled, “How mortgages change before origination,” which details how the terms and costs of a mortgage loan may change during the origination process. The Bureau examined about 50,000 mortgages originated between March 2016 and November 2017, and found, among other things, that (i) APR changes occurred in more than 40 percent of mortgages; (ii) loan amount and the loan to value ratio changed for nearly 25 percent of mortgages; and (iii) interest rate changed for eight percent of mortgages.
On October 5, the SEC released issued a report addressing the economic effects of the Covid-19 pandemic on the U.S. credit markets. The report concludes that the immediate and multi-faceted actions taken by the Federal Reserve and under the CARES Act were instrumental in relieving stress in the credit market, stabilizing housing prices and sustaining consumer spending. The SEC will hold roundtable discussion with U.S. and international regulators on October 14 to discuss the report and related policy issues.
On October 2, the Small Business Administration issued a procedural notice providing guidance for Paycheck Protection Program (PPP) lenders when a recipient of a PPP loan experiences a change in ownership. According to the guidance, a “change of ownership” occurs when (i) at least 20 percent of common stock or other ownership interest of a PPP borrower is sold or transferred; (ii) the PPP borrower sells or transfers at least 50 percent of its assets; or (iii) the PPP borrower merges with or into another entity. Borrowers must notify their PPP lenders in writing before the closing of any change in ownership. The guidance specifies that, regardless of the change of ownership circumstances, the loan terms still apply and PPP lenders are “required to continue submitting the monthly 1502 reports until the PPP loan is fully satisfied.” Among other things, the guidance explains that the PPP borrower remains responsible for performing all PPP loan obligations and PPP-related certifications (including the certification of economic necessity), as well as complying with all other applicable PPP requirements. Additionally, PPP borrowers are still required to obtain, prepare, retain, and provide all required documentation to their PPP lender or lender responsible for servicing the PPP loan or to the SBA upon request.
On September 29, a global bank and several of its subsidiaries agreed to resolve investigations into allegations that their traders engaged in manipulative trading of metals futures and U.S. Treasury securities using a practice known as spoofing. The CFTC’s order settled charges that numerous bank traders violated federal commodities laws over a period of at least eight years by allegedly placing hundreds of thousands of spoof orders in precious metals and Treasury futures contracts. According to the CFTC announcement, a broker-dealer subsidiary of the bank—a registered futures commission merchant—also allegedly failed to identify, investigate, and stop the misconduct, despite numerous red flags. While neither admitting nor denying any wrongdoing in connection with the CFTC’s allegations, “except to the extent that Respondents admit those findings in any related action against Respondents by, or any agreement with, the [DOJ] or any other governmental agency or office,” the bank and its subsidiaries have agreed to pay a $920 million penalty.
In a parallel matter, the SEC announced the same day that it had reached a settlement with the broker-dealer subsidiary for fraudulently engaging in manipulative trading of Treasury securities. The SEC alleged that the subsidiary traders place non-bona fide orders to buy or sell a particular Treasury security in order “to create a false appearance of buy or sell interest” to “induce other market participants to trade against the bona fide orders at prices that were more favorable to [the broker-dealer subsidiary] than [the broker-dealer subsidiary] otherwise would have been able to obtain.” The broker-dealer subsidiary agreed to the entry of the SEC’s cease-and-desist order, in which it admitted to the SEC’s factual findings and agreed to pay disgorgement of $10 million and a civil penalty of $25 million, which will be offset by amounts paid by the bank and its subsidiaries in parallel DOJ and CFTC actions.
Additionally, the DOJ announced it had entered into a three-year deferred prosecution agreement with the bank to resolve criminal charges of two counts of wire fraud related to the aforementioned allegations. The agreement imposes a payment of more than $920 million, which consists of a criminal monetary penalty, criminal disgorgement, and victim compensation, with the criminal penalty credited towards the equal amount in penalties imposed by the CFTC. The bank and its subsidiaries must also continue to cooperate with any ongoing or future investigations and prosecutions, and it must report evidence or allegations of misconduct that could further violate federal anti-fraud, securities, or commodities statutes. Furthermore, the bank and its subsidiaries are required to enhance internal compliance programs as appropriate.
On September 29, the CFPB, FTC, and more than 50 federal and state law enforcement partners announced a nationwide enforcement and outreach effort titled “Operation Corrupt Collector” to address illegal debt collection practices. As of the date of the announcement, according to the CFPB, the operation includes five cases by the FTC, two cases by the CFPB, and three criminal cases by the DOJ and the U.S. Postal Inspection Service. Moreover, 16 states have also reported actions as part of the operation. Among the five cases brought by the FTC, two were announced in conjunction with the operation. In the first, the FTC brought charges in the U.S. District Court for the District of South Carolina alleging that a debt collection operation (consisting of five entities and three persons) used deceptive tactics to threaten false legal action through the use of robocalls in order to collect debts consumers did not owe or the operation did not have the legal right to collect. In the second, filed with the same district court, FTC alleges a company and its operators, with the assistance of the defendants in the first action, falsely claimed to represent a law firm and threatened consumers with arrest if the debts were not paid. According to the FTC, the district court granted temporary restraining orders against the defendants in both actions.
- Thomas A. Sporkin to discuss "Managing internal investigations and advanced government defense" at the Securities Enforcement Forum
- Jeffrey P. Naimon to discuss "2021 - A new beginning/what's to come" at the QuestSoft Lending Compliance & Risk Management Virtual Conference
- H Joshua Kotin to discuss "Mortgage servicing in a recession: Early intervention, loss mitigation and more" at the NAFCU Virtual Regulatory Compliance Seminar
- Daniel R. Alonso to discuss "Independent monitoring in the United States" at the World Compliance Association Peru Chapter IV International Conference on Compliance and the Fight Against Corruption
- Jonice Gray Tucker to discuss "Cyber security, incident response, crisis management" at the Legal & Diversity Summit
- Jonice Gray Tucker to discuss "The future of fair lending" at the Mortgage Bankers Association Regulatory Compliance Conference
- Michelle L. Rogers to discuss "Major litigation" at the Mortgage Bankers Association Regulatory Compliance Conference
- Kathryn L. Ryan to discuss "Pandemic fallout – Navigating practical operational challenges" at the Mortgage Bankers Association Regulatory Compliance Conference
- Jonice Gray Tucker to discuss "Consumer financial services" at the Practising Law Institute Banking Law Institute
- Daniel P. Stipano to discuss "BSA/AML - Covid impact and regulatory/guidance roundup" at an NAFCU webinar