InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FinCEN Director Highlights the Significance of SAR Filings
On December 9, FinCEN Director Calvery highlighted at a joint FBIIC-FSSCC meeting the role of FinCEN in gathering and analyzing financial intelligence and the value of Suspicious Activity Reports (SARs) in curtailing malicious cyber activity. Calvery noted the importance of attribution information, such as IP addresses, timestamps, e-mail addresses, and the nature of the suspicious activity, when included in SAR filings, in helping FinCEN and law enforcement agencies deflect cyber-attacks, detect the source of such attacks, and identify members of money laundering networks. “For example, SARs filed by several different financial institutions played a vital role in furthering an investigation where a regional Florida bank had nearly $7 million fraudulently wired out of one of its accounts,” Calvery explained. Calvery emphasized the importance of including cyber-derived information (such as IP addresses and bitcoin wallet addresses) in SAR filings, noting that while less than two percent of filed SARs contain IP addresses, the information is “incredibly important to FinCEN analysts and law enforcement investigators working to combat cyber-crimes.”
DOJ Announces Racketeering Indictment Alleging Money Laundering Schemes
On December 10, the DOJ announced three unsealed indictments of a total of 20 defendants in connection with various money laundering schemes. Fifteen of the defendants were arrested and taken into custody, while the remaining individuals are still being sought by authorities.
The first indictment alleges that the former president and CEO of an Orange County, California bank and five other individuals, as members of a narcotics trafficking and international money laundering organization, violated the Racketeer Influenced and Corrupt Organizations Act (RICO) by participating in schemes to launder drug proceeds. According to the DOJ, the former bank official used his position, insider knowledge, and connections to “promote and facilitate money laundering transactions involving members and associates of the enterprise.” The DOJ alleges that the six defendants (i) arranged to convert purported drug proceeds, in the form of cash provided by an undercover informant, into cashier’s checks made out to a company the informant claimed to own; (ii) proposed to an informant that the informant and his boss purchase a controlling interest in the Orange County bank to more easily facilitate money laundering operations; and (iii) proposed to set up a foundation in Liechtenstein to be used, in part, to launder the informant’s drug sale proceeds. The DOJ also asserts that the bank official introduced the five other defendants to operatives of a drug cartel aspiring to launder millions of dollars monthly and discussed plans to purchase the bank with the drug cartel operatives. In addition to the RICO count, the indictment charges a total of 16 defendants with 27 additional counts, including conspiracy, money laundering, structuring transactions to avoid federal reporting requirements, and evidence tampering.
The two additional unsealed indictments charge a total of four defendants with conspiring to launder money they believed to be proceeds from narcotics trafficking.
The CFPB's Mortgage Originations Agenda in 2016
Now more than ever, financial services firms need to proactively focus on issues of concern identified by the CFPB and ensure that they are engaged in industry best practices that are clearly identified and carefully monitored. In the mortgage originations sphere, the new TRID/ KBYO rule, MSAs, LO compensation, UDAAP, and fair lending are all issues for companies to focus on in the coming year.TRID/KBYO
Compliance with the new TILA-RESPA Integrated Disclosure/Know Before You Owe (TRID/KBYO) rule will likely be an area of Bureau concern in 2016. The rule took effect on October 3, 2015 and does not include a “hold harmless” period for errors as lenders implement the new disclosure requirements, although letters from the OCC, FDIC, and CFPB have clarified that regulators will focus in the beginning on institutions’ implementation plans, training, and handling of early technical problems. It is likely that the CFPB will require remediation back to the rule’s compliance date when it identifies tangible consumer harm, but it is unlikely that the Bureau will bring enforcement actions initially based on technical issues where there is no tangible consumer harm.
GSEs have also issued letters stating they will not perform TRID/KBYO compliance file reviews at the beginning of the implementation period. The GSEs further stated that it will not exercise its repurchase and other remedies unless (1) a required form is not used or (2) a practice would impair its enforcement of its rights against borrowers. In contrast, the FHA has stated that it expects lenders to comply with “all federal, state, and local laws, rules, and requirements applicable to the mortgage transaction as outlined in [the] FHA Handbook….”
MSAs and RESPA Enforcement
The CFPB set forth a strong position in October 2015 regarding Section 8 of RESPA, which generally prohibits kickbacks in connection with the referral of settlement services. Through enforcement actions, the CFPB has taken a broad interpretation of the term “thing of value,” finding that the opportunity to participate in a business—even if market rates are paid for services—can itself constitute a thing of value sufficient to create Section 8 liability for kickbacks.
This calls into question the legality of marketing services agreements (MSAs) generally. While the CFPB has stated that it does not view MSAs as per se illegal and has acknowledged that it does not have the authority to declare them per se illegal without a formal rulemaking process, it is possible that the Bureau may pursue further public enforcement actions regarding MSAs if it does not see institutions pulling back from using them. State examiners are also aware of the issue and may refer nonbank entities that they supervise to the CFPB if they see issues with MSA usage. Courts are getting the opportunity to weigh in on these RESPA issues, through the appeal to the D.C. Circuit of the PHH enforcement action and the 9th Circuit’s reversal of the district court’s refusal to certify the class in Edwards v. FAC.
LO Compensation Rule
The CFPB has been aggressive in applying the Federal Reserve Board’s LO Compensation rule, as amended by the CPFB. While the rule was passed to avoid steering of borrowers into certain products, the CFPB does not need to establish steering to prove a violation and instead tends to build cases based on technical non-compliance with the rule. In bringing cases under the rule, the CFPB often names individuals as well as companies. It should be noted that the CFPB views payments to LLCs controlled by producing branch managers based on mortgage profits as illegal compensation under the rule. In examinations, the CFPB typically looks for a written compensation plan and cites institutions that do not reflect their compensation practices in their plan, even if those practices are legal.
Examination Enforcement Trends and UDAAP
The CFPB has heighted its focus on vendor management, scrutinizing vendor products and services during examinations (including the marketing of these products and services as well as the value they add), and will bring enforcement actions or court cases where it finds issues. Biweekly payments are one area of heighted scrutiny, as the CFPB has been skeptical of the value added by this service. The Bureau has also focused on loss mitigation contracts that suggest that a borrower has waived rights in connection with receiving the modification.
Fair Lending
“What’s old is new again” in 2016 fair lending – issues such as pricing, discretion, and the charging or waiving of fees remain important. Regulators will remain focused on redlining and access to credit. The September 24, 2015 Hudson City Savings Bank enforcement action, requiring the bank to pay $27 million, focused on the role of brokers in redlining. The CFPB’s Office of Fair Lending and Equal Opportunity is a hybrid examination and enforcement division, which provides insight into the CFPB’s approach to fair lending. The CFPB also will look at nonbanks’ fair lending and bring enforcement actions against these institutions to the extent it finds problems.
FHA Loan Limits for Forward Mortgages to Increase in 2016
On December 9, FHA announced new maximum loan limits for forward mortgages for 2016 in 188 counties due to changes in housing prices. The new loan limits for forward mortgages are effective for case numbers assigned on or after January 1, 2016 through the end of the year. FHA noted that no areas saw a decrease in the maximum loan limits for forward mortgages and that, as detailed in Mortgagee Letter 2015-30, the national standard loan limits for low cost and high cost areas remain unchanged at $271,050 and $625,500, respectively.
Lawsuits Alleging Digital Barriers on Websites Continue
Recently, a legally blind plaintiff filed a class action complaint against a leading home improvement and construction products and services retailer alleging that the company violated state law and the American Disabilities Act (ADA) by denying blind individuals equal access to products, services, and opportunities offered on its website. Diaz v. Home Depot, Inc., No. 15-cv-09178 (S.D.N.Y. Nov. 20, 2015). The complaint asserts that the company’s website contains barriers that “make it impossible for blind users to even complete a transaction on the website . . . thus exclude[ing] the blind from the full and equal participation in the growing Internet economy that is increasingly a fundamental part of the common marketplace and daily living.” The complaint further alleges that the company chooses “to rely on an exclusively visual interface” despite having access to technology that could make the website more accessible, such as limiting the use of tables and javascript and making use of alternative text, descriptive links, and resizable text. The plaintiff seeks (i) a permanent injunction requiring the company to take the necessary steps to ensure its website fully complies with ADA requirements so that it is accessible and usable by blind individuals; and (ii) compensatory damages to the plaintiff and a proposed subclass of blind customers.
The lawsuit is one of a number filed in 2015 – including a November 6 complaint against the NBA – under the ADA against companies operating websites with alleged digital barriers preventing blind individuals from accessing the electronic marketplace. According to a DOJ statement regarding its regulatory plans, rulemaking initiatives regarding the accessibility of web information and services provided by public accommodations are not scheduled to be included in the agency’s long-term actions until fiscal years 2017 and 2018.
European Commission Announces Agreement on New Cybersecurity Rules
On December 8, the European Commission announced that European Union lawmakers reached an agreement regarding cybersecurity and breach reporting legislation. The rules are intended to improve cybersecurity capabilities in Member States as well as their cooperation on cybersecurity, and will “require operators of essential services in the energy, transport, banking and healthcare sectors, and providers of key digital services like search engines and cloud computing, to take appropriate security measures and report incidents to national authorities.” The text of the agreement is subject to formal approval by the European Parliament and the EU Council of Ministers; once officially published in the EU Official Journal, Member States will have 21 months to adopt the directive into their national laws and an additional 6 months to identify which internet providers it will affect.
Massachusetts-Based Imaging Company Discloses Settlement Offer to End FCPA Investigations
In a quarterly securities filing made on December 9, a Massachusetts-based manufacturer of airport security equipment, disclosed that the SEC and DOJ have made separate proposals to end their FCPA investigations into the company that would include payments totaling approximately $15 million. The company had previously announced in a September 2015 press release that it had offered the SEC $1.6 million to settle the SEC’s FCPA investigation of the company. The company’s 10-Q disclosed that the SEC rejected that offer. The company stated that it remains in discussion with the SEC and DOJ about settlement and is also discussing a settlement with the Danish government concerning a resolution of these matters.
The company previously reported that the DOJ and SEC had “substantially” completed their investigations of potential bribery involving transactions by the company’s Danish subsidiary. The transactions at issue involved distributors paying the subsidiary more than was owed, and the subsidiary then allegedly transferring the excess money to third parties identified by the distributors. At the time of its 2011 disclosure of the potentially problematic transactions, the company stated that it had not ascertained the ultimate beneficiaries or purpose of the transfers.
FinCEN Extends Deadline for Report of Foreign Bank and Financial Accounts Filings
On December 8, FinCEN issued a notice extending the deadline for certain filers to submit the Report of Foreign Bank and Financial Accounts (FBAR) because filers continue to submit questions to FinCEN that require additional consideration and possible regulatory changes. The notice extends the filing deadline for FinCEN Form 114 – FBAR from June 30, 2016 to April 15, 2017 for “certain individuals with signature authority over but no financial interest in one or more foreign financial accounts.” FinCEN issued notices announcing identical extensions the past four years, and the extension applies to the reporting of signature authority held during the 2015 calendar year, as well as to the reporting deadlines extended by previous notices.
FTC Settles with Hotel and Resort Chain Over Data Security Practices
On December 9, the FTC announced a settlement with a leading United States-based hotel and resort chain to resolve charges that the company’s data security practices were unfair and deceptive under Section 5 of the FTC Act. The settlement follows the Third Circuit’s August 24 ruling affirming the FTC’s authority to take action against companies with deficient cybersecurity practices that fail to protect consumer data against hackers. The settlement terms require the company for the next 20 years to establish, implement, and maintain a comprehensive information security program that is designed to protect the security, confidentiality, and integrity of cardholder data. In addition, the company must obtain annual written assessments of its information security program. The assessments must certify (i) the “untrusted” status of franchisee networks that may store, process, or transmit cardholder data; (ii) the extent of the company’s compliance with the risk management protocol; and (iii) that the assessments were completed by a qualified and independent auditor free from any conflicts of interest. The settlement also requires that in the event of another data breach affecting more than 10,000 consumers, the company must obtain an assessment of the breach within 180 days and report the findings of the assessment to the FTC within 10 days of its completion.
New York Attorney General Announces Joint Initiative to Protect Consumers from Foreclosure Rescue Scams
On December 7, New York Attorney General Eric Schneiderman announced a joint initiative with three New York media associations to curtail unlawful advertisements for foreclosure rescue scams. The three media associations sent letters to their members requesting that each member participate in the joint initiative and encouraged community media outlets “to review ads placed by foreclosure rescue companies to ensure that they comply with state disclosure laws.” Noting that scammed homeowners have frequently reported to the Attorney General’s office and local housing counseling partners that they were lured by ads placed in local media outlets, Schneiderman emphasized that foreclosure rescue ads often violate state and federal laws that “require individuals who advertise foreclosure prevention or loan modification services to include specific disclosures in their advertisements.”
