Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On March 2, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) issued cyber-related General License (GL) 1B, “Authorizing Certain Transactions with the Federal Security Service,” which authorizes certain transactions and activities that are “necessary and ordinarily incident” to the “[r]equesting, receiving, utilizing, paying for, or dealing in licenses, permits, certifications, or notifications issued or registered by the Federal Security Service for the importation, distribution, or use of information technology products in the Russian Federation,” provided certain criteria are met. OFAC also published three amended FAQs related to GL 1B (see 501, 502, and 503). Effective March 2, GL 1B supersedes and replaces GL 1A, which was issued in 2018 and covered by InfoBytes here.
On February 25, the U.S. District Court for the Northern District of New York approved a roughly $9.7 million class action settlement resolving claims that a New York credit union improperly assessed banking fees, including overdraft fees, when members had sufficient funds in their checking accounts to pay for the transactions presented for payment. The plaintiffs also alleged, among other things, that the credit union (i) improperly charged fees on a variety of transactions for members who did not opt-in to the credit union’s protection programs; (ii) assessed fees in instances where there was no contractual basis to assess the fees; (iii) transferred money from members’ savings accounts into checking accounts to avoid negative balances and resulting fees, but still imposed the fee; and (iv) violated the terms of its contracts and various laws by imposing non-sufficient funds fees more than once on the same transaction. The settlement requires the credit union to pay approximately $5.85 million into a settlement fund, plus nearly $2.53 million in attorneys’ fees, $168,030 in costs, and $15,000 service awards to each of the three named plaintiffs. The settlement amount also includes the value of the policy changes to be made by the credit union.
On February 25, the U.S. District Court for the District of Maryland granted a motion for entry of monetary remedy filed by the CFPB and the Consumer Protection Division of the Maryland Attorney General’s Office (collectively, “Regulators”) in an action concerning the disgorgement calculation for a banker found in contempt of a 2015 consent order. As previously covered by InfoBytes, in 2020, the U.S. Court of Appeals for the Fourth Circuit found that while the district court properly determined that the banker violated the terms of the consent order (which previously settled RESPA and state law mortgage-kickback allegations), the court relied on an overbroad interpretation of the consent order and lacked the causal connection between the banker’s profits and a violation when it ordered the banker to pay over $526,000 in disgorged income. The 4th Circuit vacated the disgorgement order and remanded the case to the court to reassess the disgorgement calculation based on the banker’s more limited conduct that did not comply with the order.
On remand, the court reduced the sanctions amount to approximately $270,000, which represents the banker’s earned income (after taxes) “during the period in which he defied the three express provisions of the Consent Order.” Noting that the 4th Circuit rejected the banker’s argument that the Regulators were required to prove a specific monetary harm arising from his violations, the court wrote that in instances “[w]here harm is difficult to calculate, ‘a court is wholly justified in requiring the party in contempt to disgorge any profits it may have received that resulted in whole or in part from the contemptuous conduct,’” particularly where the party engaged in a “pattern or practice” of such conduct.
On March 1, the SEC announced a more than $500,000 whistleblower award in connection with a successful enforcement action. According to the redacted order, two whistleblowers provided timely tips that revealed an ongoing fraud and formed the basis for the SEC’s action, as well as a related action from another government agency. The SEC noted that both whistleblowers provided “substantial, ongoing assistance” that conserved the agencies’ time and resources.
Earlier on February 25, the SEC announced whistleblower awards totaling more than $1.7 million in two separate enforcement actions. According to the first redacted order, the SEC awarded a whistleblower over $900,000 for providing significant information and documents, including “a critical declaration,” that helped expedite an investigation and allowed the SEC to “shut down an ongoing. . .scheme preying on retail investors.” In the second redacted order, a whistleblower was awarded over $800,000 for providing “important evidence of false and misleading statements made to investors,” which led to the “return [of] millions of dollars to harmed investors.”
The SEC has now paid approximately $753 million to 140 individuals since the inception of the program in 2012.
On February 25, the U.S. District Court for the District of Kansas granted in part and denied in part a plaintiff’s motion for summary judgment in an action concerning whether a state statute that bans credit card surcharges violates the First Amendment. Kansas law prohibits merchants from imposing a surcharge on customers who pay with credit cards instead of cash, and allows merchants to offer discounts to consumers who pay with cash. The plaintiff, a payment processing technology company, provides “software that allows merchants to display prices, including cost surcharges on purchases made by credit card,” which “allows consumers to comparison shop among payment types.” The plaintiff challenged the constitutionality of the law, claiming it is an unconstitutional restriction on commercial speech since it “effectively limits” what the plaintiff and merchants “can treat as the ‘regular price’ of an item and the corresponding information about prices and credit card fees that can be conveyed to consumers.” The Kansas attorney general—who has the authority to enforce the state’s no-surcharge statute—countered, among other things, that the statute furthers substantial state interests by (i) encouraging merchants to charge lower prices to customers who pay with cash; (ii) lowering the amount of consumer credit card debt through the use of cash discounts; and (iii) providing benefits to merchants by encouraging cash purchases, thereby allowing them to receive immediate payments, avoid credit card fees, and incur lower costs.
The court disagreed, ruling that none of the AG’s arguments advanced a substantial state interest—a requirement in order to not be considered a violation of the First Amendment. “Plaintiff's desire to display a single price while informing customers that credit card purchasers will be charged an additional fee would logically tend to support whatever interest the state may have in encouraging lower prices for cash customers,” the court wrote. “The statute nevertheless effectively prohibits this type of disclosure. Clearly, this restriction on speech is more extensive than necessary to further the asserted state interest.” Moreover, the court noted that “‘surcharges and discounts are nothing more than two sides of the same coin; a surcharge is simply a ‘negative’ discount, and a discount is a ‘negative’ surcharge.”
On February 25, the U.S. District Court for the Northern District of West Virginia ruled that a satellite TV company cannot avoid class claims that it made unwanted calls to stored numbers using an automatic telephone dialing system (autodialer). The company filed a motion to dismiss plaintiff’s claims that it violated Section 227 of the TCPA when it made illegal automated and prerecorded telemarketing calls to her cellphone using an autodialer. The company argued, among other things, that the “statutory definition of an [autodialer] covers only equipment that can generate numbers randomly or sequentially,” and that “nothing in the complaint plausibly alleges that any of the calls were sent using that type of equipment.” According to the company, list-based dialing cannot be subject to liability under the TCPA. The court disagreed, stating that the TCPA makes it clear that it covers autodialers using stored lists. The court referenced a 6th Circuit decision in Allan v. Pennsylvania Higher Education Assistance Agency, which determined that “the plain text of [§ 227], read in its entirety, makes clear that devices that dial from a stored list of numbers are subject to the autodialer ban.” (Covered by InfoBytes here.) The court also referenced decisions issued by the 2nd, 6th, and 9th Circuits, which all said that the TCPA’s definition of an autodialer includes “autodialers which dial from a stored list of numbers.” However, these appellate decisions conflict with holdings issued by the 3rd, 7th, and 11th Circuits, which have concluded that autodialers require the use of randomly or sequentially generated phone numbers, consistent with the D.C. Circuit’s holding that struck down the FCC’s definition of autodialer in ACA International v. FCC (covered by a Buckley Special Alert). Currently, the specific definition of an autodialer is a question pending before the U.S. Supreme Court in Duguid v. Facebook, Inc. (covered by InfoBytes here). The court further ruled that three out-of-state consumers should be removed from the case as they failed to meet the threshold for personal jurisdiction, and also reiterated that the case could not be arbitrated as the company’s arbitration clause was “unconscionable.”
On February 26, the U.S. District Court for the Northern District of California granted final approval of a $650 million biometric privacy settlement between a global social media company and a class of Illinois users. The settlement resolves consolidated class action claims that the social media company violated the Illinois Biometric Information Privacy Act (BIPA) by allegedly developing a face template that used facial-recognition technology without users’ consent. A lesser $550 million settlement deal filed in May (covered by InfoBytes here), was rejected by the court in August due to “concerns about an unduly steep discount on statutory damages under the BIPA, a conduct remedy that did not appear to require any meaningful changes by [the social media company], over-broad releases by the class, and the sufficiency of notice to class members.” (See InfoBytes coverage here.) The final settlement requires the social media company to pay $650 million in a settlement fund, plus $97.5 million for attorneys’ fees and expenses and $5,000 service awards to each of the three named plaintiffs. The social media company is also required to provide nonmonetary injunctive relief by setting all default face recognition user settings to “off” and by deleting all existing and stored face templates for class members unless class members provide their express consent after receiving a separate disclosure on how the face template will be used. Face templates for class members who have not had any activity on the social media platform will also be deleted. The court called the settlement a “landmark result,” noting it is one of the largest settlements ever for a privacy violation, and will provide each claimant at least $345.
On March 3, the CFPB released a notice of proposed rulemaking (NPRM) to delay the mandatory compliance date of the General Qualified Mortgage (QM) Final Rule from July 1, 2021 to October 1, 2022. As previously covered by InfoBytes, last December the Bureau issued the General QM Final Rule to amend Regulation Z and revise the definition of a “General QM” by eliminating the General QM loan definition’s 43 percent debt-to-income ratio (DTI) limit and replacing it with bright-line price-based thresholds. The new General QM definition became effective on March 1, 2021. The General QM Final Rule also eliminates QM status resulting solely from loans meeting qualifications for sale to Fannie or Freddie Mac (GSEs), known as the “GSE Patch.” In issuing the NPRM, the Bureau expressed concerns “that the potential impact of the COVID-19 pandemic on the mortgage market may continue for longer than anticipated at the time the Bureau issued the General QM Final Rule, and so could warrant additional flexibility in the QM market to ensure creditors are able to accommodate struggling consumers.” Extending the compliance date will allow lenders to offer QM loans based on either the old or new QM definitions, including the GSE Patch (unless the GSEs exit conservatorship), until October 1, 2022. Comments on the NPRM must be received by April 5.
The NPRM follows a statement issued last month (covered by InfoBytes here), in which the Bureau said it is considering whether to revisit final rules issued last year that took effect March 1 concerning the definition of a Qualified Mortgage and the establishment of a “Seasoned QM” category of loans. In the NPRM, the Bureau stated “this rulemaking does not reconsider the merits of the price-based approach adopted in the General QM Final Rule. . . .Rather, this proposal addresses the narrower question of whether it would be appropriate in light of the continuing disruptive effects of the pandemic to help facilitate greater creditor flexibility and expanded availability of responsible, affordable credit options for some struggling consumers” by keeping both the old and new rule until October 1, 2022.
On February 26, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions against Saudi Arabia’s former Deputy Head of General Intelligence Presidency and Saudi Arabia’s Rapid Intervention Force in connection with the death of a Saudi journalist. The sanctions are taken pursuant to Executive Order 13818, which implements the Global Magnitsky Human Rights Accountability Act and “targets perpetrators of serious human rights abuse and corruption around the world.” As a result of the sanctions, all of the property and interests in property of the designated persons that are in the United States or in the possession or control of U.S. persons, as well as any entities that are owned 50 percent or more by the designated persons, are blocked and must be reported to OFAC. Additionally, OFAC regulations prohibit U.S. persons from participating in transactions with the designated persons unless exempt or otherwise authorized by an OFAC general or specific license.
On February 25, the U.S. Treasury Department announced that the Financial Action Task Force (FATF) concluded another plenary meeting, in which it “advanced its work on several important issues, including finalizing a non-public report on terrorist financing and agreeing to seek public comment on updated guidance documents on virtual assets and proliferation finance.” Among other things, FAFT finalized three non-public reports outlining best practices for investigating and prosecuting terrorist financing for FATF member states, as well as an internal ISIS/Al Qaeda financing update and internal guidance designed “to assist investigative authorities trace financial flows between illicit arms traffickers and terrorists.” FATF also approved new guidance (to be published early March) intended to clarify and improve the adoption of risk-based supervision, which outlines ways supervisors should apply risk-based approaches to their activities, highlights common implementation challenges to risk-based supervision, and provides examples of effective strategies. Additionally, FAFT noted it has agreed to seek public consultation on amendments to its 2019 guidance concerning anti-money laundering/countering the financing of terrorism obligations concerning virtual assets and virtual asset service providers, and expects to release final updated guidance this summer. FATF also stated it intends to issue new guidance this summer on ways countries and the private sector can understand and mitigate proliferation financing threats, vulnerabilities, and risks.
- Daniel R. Alonso to discuss "How to become an AUSA" at the New York City Bar Association Minorities in the Courts Committee “How To” series
- Michelle L. Rogers and Kathryn L. Ryan to discuss “Fintech U.S. expansion” at the Tech Nation 3.0 cohort meeting
- Melissa Klimkiewicz to discuss "Flood insurance basics" at the NAFCU Virtual Regulatory Compliance School
- Jonice Gray Tucker to discuss "Compliance under Biden" at the WSJ Risk & Compliance Forum