Skip to main content
Menu Icon Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations


Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • Design firm to settle False Claims Act allegations related to cybersecurity failures

    Privacy, Cyber Risk & Data Security

    On March 14, the DOJ announced a $293,771 settlement with a design company to resolve alleged False Claims Act (FCA) violations related to failures in its cybersecurity practices. According to the DOJ, the company failed to secure personal information on a federally-funded Florida children’s health insurance website that was created, hosted, and maintained by the company. “Government contractors responsible for handling personal information must ensure that such information is appropriately protected,” Principal Deputy Assistant Attorney General Brian M. Boynton, head of the Justice Department’s Civil Division, said in the announcement. “We will use the [FCA] to hold accountable companies and their management when they knowingly fail to comply with their cybersecurity obligations and put sensitive information at risk.” In this case, the Florida entity (which receives federal Medicaid funds, as well as state funds to provide children’s health insurance programs) contracted with the design company for the provision of a hosting environment that complied with HIPPA’s personal information protection requirements. The company also agreed to adapt, modify, and create code on the webserver to support the secure communication of data. However, between January 1, 2014, and Dec. 14, 2020, the company allegedly failed to provide secure hosting of applicants’ personal information and failed to implement necessary updates. In December 2020, the website experienced a data breach that potentially exposed more than 500,000 applicants’ personal identifying information and other data. In response to the data breach and the company’s cybersecurity failure, the Florida entity shut down the website’s application portal.

    Privacy, Cyber Risk & Data Security Federal Issues DOJ False Claims Act / FIRREA Enforcement Data Breach

  • Mortgage lender agrees to pay $38.5 million to settle False Claims Act underwriting allegations

    Federal Issues

    On December 14, the DOJ announced a $38.5 million settlement with a mortgage lender to resolve alleged False Claims Act (FCA) violations related to its origination and underwriting of mortgages insured by the Federal Housing Administration (FHA). According to the DOJ, a former underwriter filed a lawsuit under the FCA’s whistleblower provisions alleging the lender engaged in an underwriting process that allowed employees to disregard FHA rules and falsely certify compliance with underwriting requirements. These actions, the underwriter claimed, resulted in the government later paying insurance claims on loans that were improperly underwritten. Under the terms of the settlement, the lender will pay $38.5 million to the U.S., with the whistleblower receiving more than $11.5 million. Notably, not only did the DOJ not exercise its right to join the case and take over its prosecution, but also had sought unsuccessfully to have the case dismissed.  The Supreme Court heard oral argument in United States, ex rel. Polansky v. Executive Health Resources, Inc. regarding whether and when the government has authority to force such a dismissal of a False Claims Act brought by a whistleblower. 

    Federal Issues DOJ False Claims Act / FIRREA Enforcement Mortgages FHA

  • California mortgage lender to pay $1 million to settle fraud allegations

    Federal Issues

    Recently, the United States Attorney for the Eastern District of Washington announced a settlement with a California-based mortgage lender to resolve allegations that it “improperly and fraudulently” originated government-backed mortgage loans insured by FHA, resulting in losses to the government when borrowers defaulted on their mortgages. The settlement concludes a joint investigation conducted by the U.S. Attorney’s Office and the Offices of Inspector General for the Department of Veterans Affairs and HUD, which commenced as required by the False Claims Act after a whistleblower (a former loan processor) filed a qui tam complaint against the lender in 2019. The whistleblower claimed that between December 2011 and March 2019, the lender knowingly underwrote certain FHA mortgages and approved some mortgages for insurance that failed to meet FHA requirements or qualify for insurance. The whistleblower further alleged that the lender “knowingly failed to perform quality control reviews that it was required to perform.”

    “By improperly originating ineligible mortgages, lenders take advantage of the limited resources of the FHA program and unfairly pass the risk of loss onto the public,” the U.S. Attorney said. According to the announcement, the lender agreed to pay more than $1.03 million under the terms of the settlement agreement. The whistleblower will receive $228,172 of the settlement proceeds, plus attorney’s fees, expenses, and costs.

    Federal Issues Courts DOJ FHA Mortgages HUD Department of Veterans Affairs False Claims Act / FIRREA Qui Tam Action

  • FDIC releases process for MDI designation requests

    On May 19, the FDIC released a process for insured institutions or applicants for deposit insurance to submit requests for recognition as a minority depository institution (MDI). As previously covered by InfoBytes, last June the FDIC approved and released an updated Statement of Policy Regarding Minority Depository Institutions to enhance the agency’s efforts to preserve and promote MDIs. 

    The updated statement of policy details the framework by which the FDIC implements objectives set forth in Section 308 of FIRREA and describes agency initiatives for fulfilling its MDI statutory goals. According to the FDIC, “supervised institutions or applicants for deposit insurance that seek to be recognized as an MDI may submit a written request, signed by a duly authorized officer or representative of the institution or applicant, at any time to the appropriate regional office.” Supervised institutions are also able to submit requests in connection with a merger application or a change in control notice. Requests should contain sufficient information in support of the designation, and the FDIC will send a letter acknowledging recognition of the institution as an MDI if an institution has met the eligibility requirements.

    Bank Regulatory Federal Issues FDIC Minority Depository Institution Supervision False Claims Act / FIRREA

  • DOJ announces $31,000 FCA settlement for duplicative PPP loans

    Federal Issues

    On February 11, the DOJ announced a $31,000 settlement with an IT services company to resolve allegations that it violated the False Claims Act (FCA) by obtaining more than one Paycheck Protection Program (PPP) loan in 2020. According to the settlement agreement, in April 2020 the company received two SBA-guaranteed PPP loans through two different banks. The company agreed to repay the duplicative PPP loan in full to its lender, relieving the SBA of liability. The settlement press release also noted that the settlement with the company resolved a lawsuit filed under the whistleblower provision of the FCA, which permits private parties to file suit on behalf of the U.S. for false claims and share in a portion of the government’s recovery.

    Federal Issues Covid-19 CARES Act SBA DOJ Enforcement False Claims Act / FIRREA

  • District Court partially grants summary judgment to defendants in FCA case


    On February 1, the U.S. District Court for the Eastern District of California denied a relator’s (plaintiff’s) motion for summary judgment on an allegation of promissory fraud in violation of the False Claims Act (FCA) in a case against a rocket manufacturer and its subsidy (defendants). The court similarly denied the defendants’ cross-motion for summary judgment on the promissory fraud violation, but granted the defendants’ motion for summary judgment with respect to allegations of false certification in violation of the FCA. According to the opinion, the plaintiff, who was briefly employed by defendants as the senior director for Cyber Security, Compliance, and Controls, alleged that the defendants fraudulently induced the government to contract with the defendants in 18 contracts, while knowingly out of compliance with Defense Federal Acquisition Regulation 48 C.F.R. § 252.204– 7012 and NASA Federal Acquisition Regulation 48 C.F.R. § 1852.204-76, which impose cybersecurity and confidentiality requirements applicable to persons who receive government contracts. The court noted that plaintiff’s claims were based in part on allegations that defendants failed to disclose data breaches when required to do so. Conversely, defendants argued that they had disclosed their non-compliance with the identified regulations to the DoD and to NASA on multiple occasions and had been working with the government to obtain a waiver. In light of this, the court denied summary judgment on the promissory fraud violation, holding that “[a] genuine dispute of material fact exists as to the sufficiency of the disclosures[.]” The court also decreased the number of contracts the court will assess from 18 to 7, holding that the court will only rule on allegations that pertain to events before the case was filed in 2015. Similarly, the court granted defendants’ motion for summary judgment with respect to allegations of false certification on the grounds that “relator’s claim for false certification is based solely on an invoice payment under a NASA contract that was entered into after relator brought this action and is therefore not a proper basis for his false certification claim.”

    Courts Data Breach False Claims Act / FIRREA Privacy/Cyber Risk & Data Security Relator

  • DOJ announces $7.9 million FCA settlement with student loan contractor

    Federal Issues

    On January 14, the DOJ announced a $7.9 million settlement with a contractor that serviced student loans for lenders under the Federal Family Education Loan Program to resolve allegations that it violated the False Claims Act by submitting or causing the submission of false claims to the Department of Education. According to the settlement agreement, from 2006 to 2016, the contractor allegedly knowingly failed to make required financial adjustments to borrower accounts and improperly treated some borrowers as eligible for military deferments, which resulted in incorrect reporting to the Department of Education and losses to the United States. The settlement press release noted that the contractor paid $1.4 million to the Department of Education under a remediation plan to partially resolve the allegations and received a credit for that payment under the settlement agreement.

    Federal Issues DOJ Student Lending False Claims Act / FIRREA Enforcement Department of Education

  • Court dismisses FCA action against national bank


    On October 29, the U.S. District Court for the Eastern District of Missouri dismissed a False Claims Act (FCA) suit against a national bank, concluding the relator failed to prove the inapplicability of the public disclosure bar. According to the opinion, the relator filed an action against the national bank alleging that from 2009 to 2013, as an employee of the bank, she witnessed “numerous violations of [the bank]’s obligations under [government] loan modification programs.” The bank moved to dismiss the action on five separate grounds, including statute of limitations and public disclosure bar. The court first addressed the statute of limitations claims, applying the six-year limitation after the violation and holding that because the relator filed her action against the bank on June 2, 2018, any claims occurring before June 2, 2012 are barred as untimely.

    The court then addressed the public disclosure bar, which requires courts to dismiss an action under the FCA “if substantially the same allegations or transactions as alleged in the action or claim were publicly disclosed….” The bank argued, and the relator did not contest, that the relator’s allegations “had already been publicly disclosed through the news media, a federal lawsuit, and federal reports.” The court rejected the relator’s claims that she should qualify as an original source of the information. Specifically, the court concluded that while the relator may have independent knowledge of the information provided in her complaint by virtue of her employment, she did not “materially add[] to” the public disclosures and thus, did not carry “her burden to prove the inapplicability of the public disclosure bar.” Accordingly, the court dismissed all remaining allegations postdating July 2, 2012.

    Courts False Claims Act / FIRREA Mortgages Loan Modification

  • DOJ reaches $25 million settlement with mortgage lender to resolve false claims allegations

    Federal Issues

    On October 20, the DOJ announced a nearly $25 million settlement with a California-based mortgage lender in connection with alleged violations of the False Claims Act (FCA) related to originating and underwriting mortgages insured by the Federal Housing Administration (FHA). According to the DOJ, the lender “knowingly approved ineligible loans that later defaulted and resulted in claims to FHA for mortgage insurance,” failed to comply with material program rules requiring lenders to maintain quality control programs to prevent underwriting deficiencies, and failed to self-report identified materially deficient loans. The mortgage lender agreed to pay the DOJ $24.9 million to resolve the FCA claims. In addition, a whistleblower will receive nearly $5 million under the settlement. The DOJ’s press release noted that the claims “are allegations only, and [that] there has been no determination of liability.”

    Federal Issues False Claims Act / FIRREA DOJ FHA Mortgages

  • DOJ: Lender allegedly violated FIRREA, False Claims Act by forging certifications and using unqualified underwriters

    Federal Issues

    On September 25, the DOJ filed a complaint against a lender alleging that it forged certifications and used unqualified underwriters to approve FHA-insured Home Equity Conversion Mortgages (HECMs) to increase its loan production in violation of the Financial Institutions Reform, Recovery and Enforcement Act and the False Claims Act. In addition, the DOJ claims that, because the lender allegedly did not employ enough direct endorsement underwriters to review each HECM loan endorsed for FHA mortgage insurance, it bypassed FHA’s underwriter requirements and (i) allowed “unqualified temporary contractors to underwrite, approve, and sign certifications for HECM loans”; (ii) “[f]orged signatures of qualified underwriters on certifications for other HECM loans” to create the appearance that they had been reviewed and approved by a qualified underwriter; (iii) pre-signed blank certifications representing that appraisals had been reviewed and approved; and (iv) used these forms and certifications to insure HECM loans that did not meet the underwriting requirements. The DOJ alleges that, accordingly, the FHA insured overvalued and underwater properties, which increased borrower expenses and raised the chances of default. The DOJ also asserts that the lender’s purported false claims for FHA mortgage insurance payments were material, as it led to the government making payments it would otherwise not have been required to make.

    Federal Issues DOJ False Claims Act / FIRREA Underwriting FHA Mortgages HECM