Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On March 15, the FTC filed an administrative complaint against an independent sales organization and its owners (collectively, “respondents”) for allegedly opening merchant accounts for fictitious companies on behalf of a business opportunity scam previously sued by the FTC in 2013. According to the complaint, the scammers promoted business opportunities to consumers that falsely promised they would earn thousands of dollars. From its previous 2013 lawsuit, the FTC obtained judgments and settlements of over $7.3 million (covered by InfoBytes here). The complaint alleged that respondents violated the FTC Act and the Telemarketing Sales Rule by helping the scammers launder millions of dollars of consumers’ credit card payments from 2012 to 2013 and ignoring warning signs that the merchants were fake. The FTC claimed that the respondents, among other things, (i) opened merchant accounts based on “vague” business descriptions; (ii) ignored the fact that for most of the merchants, the principals or business owners had poor credit ratings, which should have raised questions about the financial health of the merchants; (iii) neglected to obtain merchants’ marketing materials or follow up on signs that the merchants were engaged in telemarketing; and (iv) ignored inconsistencies related to the bank accounts listed on several of the merchants’ applications. The FTC further claimed that the respondents created 43 different merchant accounts for fictitious companies on behalf of the scam and even provided advice to the organizers of the scam on how to spread out the transactions among different accounts to evade detection.
Under the terms of the proposed consent order (which is subject to public comment and final FTC approval), the respondents would be prohibited from engaging in credit card laundering, as well as any other tactics to evade fraud and risk monitoring programs. The respondents would also be banned from providing payment processing services to any merchant that is, or is likely to be, engaged in deceptive or unfair conduct, and to any merchant that is flagged as high-risk by credit-card industry monitoring programs. Furthermore, the respondents would be required to screen potential merchants and monitor the sales activity and marketing practices of current merchants engaged in certain activities that could harm consumers. The FTC noted that it is unable to obtain a monetary judgment due to the U.S. Supreme Court’s decision in AMG Capital Management v. FTC, which held that the FTC does not have statutory authority to obtain equitable monetary relief under Section 13(b) of the FTC Act. (Covered by InfoBytes here.)
On March 2, the U.S. Court of Appeals for the Ninth Circuit affirmed the dismissal of a class action suit for failure to state a claim, concluding that investors had failed to adequately allege that statements about the defendant company’s cybersecurity practices in the company’s 2018 Form 10-K amounted to securities fraud. The plaintiffs asserted that certain statements, including statements that the company maintained “a comprehensive security program,” “were misleading because they created the impression that [the company] implemented the data security best practices described in those statements no later than 2016, when in fact, the company did not implement those practices until later.” The plaintiffs argued that based on these statements, “a reasonable investor could have concluded that any data security improvements [the company] described would have been put in place in response to the two public hacks [the company] had experienced in the past, one in 2013 and one in 2016.” The 9th Circuit determined that the plaintiffs had failed to show that the company had misled investors into believing that it had made data security improvements specifically in response to the 2013 and 2016 data breaches and had “plead no facts supporting a reasonable inference that either of those hacks was a prominent enough milestone in company history that the average investor would be led to believe every data security improvement directly followed them.”
The plaintiffs further alleged that other statements in the 10-K were misleading because they “created the impression that it was unlikely [the company] had suffered an undetected data breach in the past, when in reality it was somewhat likely.” The appellate court rejected the plaintiffs’ argument and noted that “these statements would not give an ordinary investor reason to believe that [the company] was asserting that the risk that an undetected breach had occurred was particularly high or low, or that it had changed over time.” The 9th Circuit further agreed with the district court that the plaintiffs had failed to specifically allege that the company acted with the intent to deceive, manipulate, or defraud, or engage in “deliberate recklessness.”
On February 23, a coalition of state attorneys general sent a letter to FTC Chair Lina M. Khan, responding to the Commission’s advance notice of proposed rulemaking and urging the FTC to target “impersonation scams” to ensure consumers are protected from harm. As previously covered by InfoBytes, last December the FTC issued a request for comments on a wide range of questions related to government and business impersonation fraud. According to the FTC, reported losses due to impersonation fraud have spiked during the Covid-19 pandemic, with data from the Social Security Administration reporting $2 billion in total losses between October 2020 and September 2021. The AGs commented that overall, they “believe there is a pressing need for FTC rulemaking to address the scourge of impersonation scams impacting consumers across the United States,” noting that “[a] national rule that encompasses and outlaws such commonly experienced scams discussed [within the letter] would assist attorneys general and their partners in reducing consumer harm, maximizing consumer benefits, and holding bad actors to account.” Among other things, the letter discussed state-specific consumer complaints related to business impersonation, document preparation, regulatory compliance, and lead generation scams, and warned that the FTC should explore the means and instrumentalities used in these types of fraud. One example, the AGs pointed out, is impersonators using third-party payment processing services to effectuate their scams, often times requiring certain payment methods for fictitious overdue mortgage, utility, and student loan debts. In stressing the “burgeoning need for a robust standard outlawing impersonation scams,” the AGs stated that “[w]hen a specific type of unfair or deceptive business practice becomes so prevalent, Commission rulemaking is appropriate.” They further added that these efforts are welcomed as part of their ongoing collaborative relationship with the FTC.
On January 28, the SEC announced a settlement subject to court approval with a private technology company to resolve allegations that the company, through its former CEO, falsely inflated key financial metrics and doctored internal sales records. The complaint, which alleged violations of the antifraud provisions of the Securities Act of 1933 and the Securities Exchange Act of 1934, claimed that the CEO significantly inflated the value of numerous customer deals, and then masked the inflation by creating fake invoices and altering real invoices to make it seem as if customers had been billed higher amounts. The company’s board of directors conducted an internal investigation, which led to the removal of the CEO, a revised company valuation, and remedial efforts including repaying investors. The company also hired new senior management, expanded its board, and implemented processes and procedures to ensure transparency and accuracy of deal reporting and associated revenues. While the company neither admitted nor denied the allegations, it agreed to be permanently enjoined from violations of the antifraud provisions. The SEC highlighted that the lack of a penalty in the settlement is significant, and demonstrates the Commission’s position that a company may receive credit if it makes significant remedial efforts in the wake of an internal investigation. “For companies wondering what types of remedial actions and cooperation might be credited by the Commission after a company uncovers fraud, this case offers an excellent example,” stated Gurbir S. Grewal, Director of the SEC’s Division of Enforcement. “[The company’s] remediation and cooperation included not just its internal investigation and revised valuation, but also repaying harmed investors and improving its governance—all of which were factors that counseled against the imposition of a penalty in this case.”
On January 27, the FTC released a blog post regarding scam data usage on social media. Reports to the FTC showed that social media is increasingly used by scammers and “that social media was far more profitable to scammers in 2021 than any other method of reaching people.” The blog post, Social media a gold mine for scammers in 2021, reported that more than 95,000 people reported about $770 million in losses to fraud initiated on social media platforms in 2021. Additionally, the FTC noted that investment scams and romance scams had the most reported dollars lost.
On December 16, the FTC issued an advanced notice of proposed rulemaking (ANPR) seeking comments on a wide-range of questions related to government and business impersonation fraud. According to the FTC, reported losses due to impersonation fraud have spiked during the Covid-19 pandemic, with data from the Social Security Administration reporting $2 billion in total losses between October 2020 and September 2021. These impersonation scams include persons posing as government officials or employees or persons claiming they represent well-known businesses or charities, and may use “misleading domain names, URLs, and ‘spoofed’ contact information’” to create the illusion of legitimacy. The FTC added that scammers are looking for information that can be used to commit identity theft or seek monetary payment and often request that funds be paid through wire transfer, gift cards, or cryptocurrency. Government impersonators also often threaten consumers with severe consequences, while business impersonators regularly use ploys claiming they have identified suspicious activity on a consumer’s account or computer.
The ANPR - the FTC’s first action under its streamlined rulemaking procedures announced earlier this year (covered by InfoBytes here) - seeks feedback, data, and arguments from the public concerning the need for rulemaking to prevent this type of fraud.” Comments on the ANPR are due within 60 days of publication in the Federal Register.
On October 19, multiple agencies—the DOJ, SEC and UK’s FCA—announced a coordinated resolution with a European bank related to debt offerings for entities in Mozambique. (See here and here.) In total, fines to U.S. and U.K. authorities reached almost $475 million, and the institution also agreed to forgive $200 million of the debt.
In a related action, a London-based subsidiary of a Russian bank (bank) separately agreed to pay over $6 million to settle SEC charges related to its role in a second 2016 bond offering. According to the SEC’s order, the second offering as structured by the bank and reespondent permitted investors “to exchange their loan participation notes (LPNs) for a direct sovereign bond issued by the Republic of Mozambique” in an earlier bond offering. However, the SEC alleged that the offering materials distributed and marketed by the respondent and bank “failed to disclose the full nature of Mozambique’s indebtedness and, relatedly, its risk of default on the notes.” Furthermore, the SEC alleged that proceeds from the financing from the respondent and bank were supposed to be used exclusively for maritime projects, but in reality, without the bank’s knowledge, only a portion of the loan proceeds was applied towards maritime projects while the rest was diverted to pay kickbacks and make improper payments to Mozambican government officials. Mozambique later defaulted on the financings after the full extent of “secret” debt was revealed.
On October 15, the FTC released a staff report, Serving Communities of Color, that discusses the Commission’s enforcement and outreach efforts related to the impact of fraud on majority Black and Latino communities. The report details various studies and research. For example, one FTC study examined disparities related to payment methods received from consumers who live in communities of color compared to consumers who live in majority White communities. According to the study, consumers in communities of color more often reported a larger share of losing money when using payment methods that offer few legal protections—e.g. cash, cryptocurrency, money orders, and debit cards. In contrast, consumers living in majority White areas filed the largest share of reports about credit cards, which offer more robust fraud protection. Another study revealed that “different demographic populations reported different types of concerns at different rates,” with consumers living in majority Black communities filing a higher number of reports than consumers living in majority White communities related to credit bureaus, banks and lenders, used auto issues, and debt collection. According to FTC findings, consumers living in majority Latino communities also filed a larger share of reports about credit bureaus, banks and lenders, debt collection, auto issues and business opportunities. The report discusses, among other things, more than 25 enforcement actions where the FTC identified that the unlawful conduct either targeted or disproportionately affected communities of color. Examples include auto buying cases, for-profit colleges, student loan debt relief programs, prepaid card scams, fake Covid-19 products and services, business “opportunities” and pyramid schemes, payday lending, and credit and consumer reporting accuracy. The report also shares information about FTC outreach programs to consumers in these communities.
On October 5, the SEC filed a civil fraud complaint against a Canadian-based hemp company and its two co-founders (collectively, “defendants”), alleging that they fraudulently raised over $15 million from investors, and that they misappropriated a significant portion of the funds for personal and other unrelated uses. The SEC claims that the defendants made misrepresentations, including that the company was a fully integrated company that was processing hemp from its own farm. However, the SEC alleges that the company did not process any of its hemp, instead using products supplied by third parties. The complaint further contends that the financial information given to investors “misstated historical revenue numbers and included baseless projections about future revenue that were unsupported by the [c]ompany’s own internal forecasts.”
The SEC’s complaint, which was filed in U.S. District Court for the Southern District of New York, charges the defendants with violating antifraud provisions of federal securities laws. The complaint seeks a permanent injunction against the defendants, disgorgement with prejudgment interest, civil penalties, and an officer and director and penny stock ban against the co-founders. In addition, the U.S. Attorney’s Office for the Southern District of New York filed criminal charges against the co-founders in a parallel action.
On September 27, a proposed settlement was filed in the U.S. District Court for the Southern District of New York resolving allegations that a national bank (defendant) allegedly defrauded nearly 800 commercial customers by charging higher prices on foreign exchange (FX) transactions despite having fixed-pricing agreements. According to the complaint, from 2010 to 2017, the defendant allegedly defrauded customers who utilized its FX services, which violated the mail fraud, wire fraud, and bank fraud statutes of the Financial Institutions Reform, Recovery, and Enforcement Act (FIRREA), by: (i) falsely representing that the defendant would charge fixed FX spreads or sales margins on the customers’ FX transactions; (ii) financially incentivizing the FX sales specialists to overcharge while failing to certify that FX sales specialists comply with fixed-pricing agreements; and (iii) systematically charging “higher [FX] spreads or sales margins than [the bank] represented it would charge and/or was charging in fixed-pricing agreements or otherwise, while concealing the overcharges from the Customers.” Under the terms of the proposed settlement, the defendant must pay nearly $35.3 million plus interest, while an additional $2 million payment plus interest is subject to forfeiture to the U.S. The proposed settlement notes that the defendant paid $35.3 million in restitution to commercial customers who utilized the bank’s FX services. According to the order, the whistleblower who filed a declaration in 2016 with the U.S. under the Financial Institutions Anti-Fraud Enforcement Act will receive $1.6 million of the civil penalty. The DOJ sent a letter informing the court “that the United States and [the bank] have entered into a proposed Stipulation and Order of Settlement and Dismissal (the ‘Settlement’) resolving this action.”
- Buckley Webcast: Fifth Circuit muddles CFPB’s plans to use in-house judges in enforcement proceedings
- Steven vonBerg to discuss “Regulatory plenary” at the Information Management Network’s Non-QM Forum
- Jeffrey P. Naimon to discuss “Understanding the ESG impact on compliance” at the ABA’s Regulatory Compliance Conference