InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
24 state attorneys general urge changes to the PPP
On May 6, twenty-four state attorneys general sent congressional leadership a letter urging changes to the Paycheck Protection Program (PPP) to ensure that funds are distributed fairly, equitably and efficiently. The letter asserts that while the PPP has helped many small businesses already by “rapidly inject[ing] the initial $349 billion in funding into our struggling economy,” larger, more “well-connected” companies were better able to take advantage of the process and the program “has suffered from a notable lack of transparency, technical savvy, and functionality.” Specifically, the letter argues that due to insufficient guidance to lenders, the first round of funding “left far too many small businesses empty handed.” In order to ensure any additional funding allocated to the program effectively supports small businesses, the letter requests certain issues be addressed by Congress, including, among other things, (i) prohibiting applications from publicly traded companies with access to alternative funding sources; (ii) ensuring lenders do not favor existing, larger, and more lucrative customers over other applicants; (iii) allocating a portion of future funding exclusively for minority-owned small businesses; (iv) improving communication and technical support; (v) adding flexibility to the loan forgiveness requirements to account for the variety of circumstances facing small businesses; and (vi) providing more direct guidance to lenders.
District Court enjoins Massachusetts AG from enforcing emergency debt collection regulation
On May 6, the U.S. District Court for the District of Massachusetts entered a temporary restraining order (TRO) enjoining the Massachusetts attorney general from enforcing an emergency regulation that made numerous standard debt collection actions an unfair or deceptive act or practice during the Covid-19 pandemic. As previously covered by InfoBytes, a debt collection trade association filed a complaint last month contending that the emergency regulation is a content-based restriction on free speech and unconstitutional because it, among other things, excludes six classes of collectors from the prohibition on placing collection calls, and does not treat all “communications” equally by excluding certain types of collections communications. The trade association argued that the emergency regulation, among other things, bars debt collectors from being able to initiate phone conversations with individuals who have unpaid debts. In granting the TRO, the court wrote that the measure violates debt collection agencies’ First Amendment rights without adding meaningful consumer protections, and that, “[w]hile the [r]egulation promises some relief from unwanted telephone calls, it does not pretend to offer any relief from the debt itself or the obligation to repay it in full.” The court also noted that the emergency regulation “singles out one group debt collectors and imposes a blanket suppression order on their ability to use what they believe is their most effective means of communication, the telephone. If what the Attorney General meant to accomplish by way of the [r]egulation was a strict liability ban on all deceptive and misleading debt collection calls, the [r]egulation is redundant as that is already the law, both state and federally.”
State AGs urge industry group develop better tools to fight illegal robocalls
On May 4, the National Association of Attorneys General published a letter to US Telecom, an industry group of telecommunications providers, and the Industry Traceback Group, an industry group dedicated to assist with the tracing of illegal robocalls. The letter noted that state attorneys general intend to intensify enforcement efforts against illegal robocallers, and urged US Telecom and the Industry Traceback Group to expand capabilities related to tracebacks in anticipation of growth in the need for data analysis and the number of civil investigative demands and subpoenas that will be issued directly to the Industry Traceback Group. The need for action has been tied to an increase in Covid-19 related robocalls.
4th Circuit: Disgorgement calculation lacks necessary casual connection between profits and violations
On April 27, the U.S. Court of Appeals for the Fourth Circuit held that a district court’s disgorgement calculation for a banker found in contempt of a consent order rested on “an erroneous legal interpretation of the terms of the underlying consent order” and “lacked the necessary causal connection” between profits and a violation. As previously covered by InfoBytes, the banker settled RESPA and state law allegations with the CFPB and the Maryland Attorney General concerning his participation in a mortgage-kickback scheme. The 2015 final judgment order banned the defendant from participating in the mortgage industry for two years but did not prohibit him “from acting solely as a personnel or human-resources manager for a mortgage business operated by a FDIC-insured banking institution. . . .” In 2018, the banker was held in civil contempt for violating the final judgment order, and the district court ordered the disgorgement of over half-a-million dollars of his contemptuous earnings. The banker appealed the contempt finding and disgorgement.
On appeal, the 4th Circuit first held that the district court properly found the banker in violation of the consent order, determining among other things that, while the final judgment order did not broadly prohibit his participation in the mortgage industry, there was sufficient evidence that he “continued to communicate impermissibly with third-party businesses engaged in settlement services” and that he failed to follow various reporting requirements, such as uploading the consent order to a national registry and notifying regulators of a change in residence and business activity. However, the 4th Circuit found that the district court erred in its approach to calculating disgorgement because it assumed that “managing the business was improper and set out identifying [the banker’s] profits from his business because any such profit was contemptuous income.” (Emphasis in the original.) Holding that the district court’s view relied on an overbroad interpretation of the consent order and lacked the causal connection between the banker’s profits and a violation, the 4th Circuit vacated the disgorgement order and remanded the case to the district court to reassess the disgorgement calculation based on the banker’s more limited conduct that did not comply with the order.
D.C. attorney general alerts residents about debt collection protection
On April 30, D.C. Attorney General Karl Racine issued an alert informing district residents about debt collection protection during the Covid-19 crisis. According to Racine, residents are protected from the majority of debt collection activities during the state of emergency in place for the district. The consumer protections are a result of a proposal passed by D.C. Council on April 10, and are valid throughout the state of emergency plus an additional 60 days afterwards.
Texas governor permits remote notarization of real estate instruments
On April 29, the governor of Texas temporarily permitted persons to appear before a notary public via videoconference when executing real estate instruments such as mortgages. The Office of the Attorney General issued a set of conditions that must be met when using remote methods of notarization. These include the use of two-way video and audio communication permitting contemporaneous interaction, verification of identity, recordkeeping requirements, and attestations of the signatory and notary that they are physically located in Texas.
State AGs, U.S. senators urge CRAs to protect credit scores during Covid-19 crisis
On April 28, New York Attorney General Letitia James and Pennsylvania Attorney General Josh Shapiro, along with the attorneys general of 19 other states and the District of Columbia sent letters to the three credit reporting agencies (CRAs) stating their intention to protect consumer credit and ensure fair and accurate reporting on consumer credit reports during the Covid-19 crisis. The letter calls attention to the obligations of the CRAs under the FCRA and state credit-reporting laws and further states that the attorneys general intend to enforce compliance of all related requirements. Notwithstanding the CFPB’s announcement that it will ease the FCRA’s 30 or 45-day time restrictions for CRAs to investigate consumer complaints, the letter insists that the attorneys general will enforce the FCRA deadlines. Pursuant to the CARES Act amendment of the FCRA—which requires that consumer accounts be reported by furnishers as current if the consumer was current prior to the grant of a CARES Act accommodation—the letter asserts that its signors will actively monitor for compliance to this amendment. Finally, the letter expresses appreciation for the CRAs’ compliance and cooperation.
On April 27, Senator Elizabeth Warren (D-MA) and Senator Brian Schatz (D-HI) sent letters to the same CRAs also urging the agencies to protect consumer credit reports by complying with the CARES Act amendment to the FCRA. In addition, the Senators request that the CRAs reply to six questions included in the letters to assist the Senators in understanding all efforts the CRAs are taking to protect consumer credit scores during the Covid-19 crisis.
Rhode Island attorney general: CARES Act recovery rebates exempt from seizure
On April 28, the attorney general of Rhode Island issued guidance to financial institutions, credit unions, creditors and debt collectors announcing that, in the attorney general’s view, all CARES Act recovery rebates are exempt from attachment and execution under Rhode Island law. The attorney general also warned that if a creditor attempts to attach a CARES Act recovery rebate, the attorney general’s office may bring a civil action or seek injunctive relief.
Multi-jurisdiction settlement reached with credit reporting agency over 2017 data breach
On April 17, the Massachusetts attorney general announced a settlement with a credit reporting agency (CRA) to resolve a state investigation into a 2017 data breach that reportedly compromised the personal information of nearly three million Massachusetts residents. According to the AG’s 2017 complaint (covered by InfoBytes here), the CRA ignored cybersecurity vulnerabilities for months before the breach occurred and failed to take measures to implement and maintain reasonable safeguards. Under the terms of the proposed settlement, pending final court approval, the CRA will pay Massachusetts $18.2 million and is required to take significant measures to strengthen its security practices to ensure compliance with Massachusetts law. These measures include (i) implementing a comprehensive information security program; (ii) minimizing the collection of sensitive personal information; (iii) managing and implementing specific technical safeguards and controls; (iv) providing consumer-related relief, such as credit monitoring services and security freezes; and (iv) allowing third-party assessments of its data safeguards.
Earlier, on April 14, the Indiana attorney general also announced that the CRA will pay the state $19.5 million to resolve allegations that it failed to protect Indiana residents whose personal information was exposed in the 2017 data breach. Under the terms of the final judgment and consent decree, in addition to paying $19.5 million in restitution, the CRA must take measures similar to those outlined in the Massachusetts settlement.
Massachusetts and Indiana were the only two states that chose not to participate in the 2017 multi-agency settlement that resolved federal and state investigations into the data breach and required the company to pay up to $700 million (covered by InfoBytes here).
Separately, on April 7, the City of Chicago announced a $1.5 million settlement to resolve allegations that the CRA’s failure to employ adequate data-security measures led to the breach.
Korean bank settles investigation into Iran transfers; resolves BSA/AML violations allegations
On April 20, the U.S. Attorney for the Southern District of New York and the New York attorney general announced that a Korean bank will pay $51 million in penalties to resolve a six-year investigation into the bank’s transfer of more than $1 billion to Iranian entities in violation of U.S. economic sanctions. According to the U.S. Attorney’s press release and deferred prosecution agreement and statement of facts (as well as a press release from the state attorney general), the bank violated the Bank Secrecy Act (BSA) by “willfully failing to establish, implement, and maintain an adequate anti-money laundering (‘AML’) program” at its New York branch—even though its compliance officer repeatedly asked it to do so—which led to the illegal transfer of approximately $1 billion in transactions to Iran in violation of the International Emergency Economic Powers Act. According to the government, the bank’s lack of an effective AML program resulted in its failure to detect and report $10 million in payments through the bank and other U.S. financial institutions from Korean entities to Iranian entities, as well as its failure to “report the balance of the $1 billion of such sanctioned transactions” between the parties. Furthermore, the bank also failed to self-report to the U.S. Treasury Department’s Office of Foreign Assets Control its wrongdoing in a timely manner or its willful violations of the BSA prior to the investigation. Under the terms of the deferred prosecution agreement, the bank will pay $51 million through a civil forfeiture action, half of which will go to the United States Victims of State Sponsored Terrorism Fund, and will undergo regular reviews of its AML and sanctions compliance programs.
The bank also reached a separate agreement with NYDFS for violating state regulations, under which it will pay an additional $35 million penalty for violations of BSA/AML laws. Among other things, NYDFS found that the compliance program of the bank’s New York branch failed to achieve satisfactory levels until its 2019 examination. “While the department applauds the bank for its ultimate efforts after eight examination cycles of noncompliance, one positive examination report does not equate to a sustainable, safe and sound financial institution,” NYDFS said in its consent order. Under the terms of the order, the bank is required to revise its BSA/AML compliance program and enhance its customer due diligence program to ensure compliance with relevant state laws and regulations. NYDFS acknowledged the bank’s substantial cooperation in the matter, including remediating identified shortcomings.