InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Legally Blind Individual Sues the NBA Over Digital Barriers on Website
On November 6, a legally blind individual filed a complaint against the NBA, alleging a violation of the Americans with Disabilities Act and seeking a permanent injunction requiring the NBA to (i) implement corporate policies that ensure website accessibility for the blind; and (ii) format its website so that it is compatible with screen reading or text-to-audio software, upon which the visually impaired rely to use the internet. Jahoda v. National Basketball Association No. 2:15-cv-01462 (W.D. Pa. Nov. 6, 2015). The complaint asserts that merely formatting the website so that it is compatible with a screen reader will not solve the larger issue: “Web-based technologies have features and content that are modified on a daily, and in some instances an hourly, basis, and a one time ‘fix’ to an inaccessible website will not cause the website to remain accessible without a corresponding change in corporate policies related to those web-based technologies.” According to the complaint, the defendant’s website denies blind individuals equal access to the site because (i) information provided by scripting language is not identified with functional text that can be read by assistive technology; and (ii) people using assistive technology do not have access to the information, field elements, and functionality required to complete and submit an electronic form.
CFPB Director Delivers Remarks on Financial Literacy at Annual ABA Convention
On November 10, CFPB Director Richard Cordray delivered remarks at the annual American Bankers Association convention. Cordray addressed efforts by the CFPB and financial institutions to collaborate in strengthening financial education, identifying the following areas of focus: (i) working with schools and teachers to provide young people with the knowledge and skills necessary to become financially successful adults; (ii) encouraging workplace financial education; and (iii) educating older Americans and those who care for them on how to avoid financial scams. Cordray called on community banks to implement financial education programs in school systems, urging bank leaders to “set the goal of making sure that financial education is required learning in all 50 states.” Cordray encouraged banks to lead by example in promoting financial education in the workplace, and to “make it a priority to educate their own employees and help them develop and use sound financial strategies, including savings for both emergencies and retirement.” Finally, Cordray applauded banks for launching the “Safe Banking for Seniors” campaign and urged them to do more to protect older consumers from financial exploitation, noting that bankers are often the first to spot red flags and should act quickly to report any suspected abuse.
Federal Reserve and New York DFS Take Action Against Canadian Bank for Deficiencies Relating to AML Compliance
On November 10, the Federal Reserve and the New York DFS announced an enforcement action against a Canadian bank for alleged deficiencies relating to its BSA/AML compliance program. In order to resolve the allegations, the bank agreed to prepare various written policies and procedures, including (i) a written plan that provides for a sustainable governance framework, including improving the management information systems reporting of compliance with BSA/AML requirements, OFAC regulations, and State Regulations; (ii) a revised written BSA/AML compliance program; (iii) a revised written program for conducting customer due diligence; (iv) a written program that ensures that any suspicious activity is timely reported; and (v) a written plan to improve compliance with OFAC regulations. All policies must be submitted for approval within 60 days of the agreement’s issuance date.
New York DFS Submits Letter to Federal Regulators Regarding Potential Cybersecurity Regulations
On November 9, the New York DFS sent a letter to federal regulators and other interested parties, including the CFPB, Federal Reserve Board, and the OCC, regarding potential new regulations aimed at increasing cybersecurity efforts within the financial sector. The letter references recent DFS reports that covered key findings from surveys given to regulated banking organizations on their cybersecurity programs, costs, and future plans. The reports raised the following concerns: (i) the speed of technological change and the increasingly sophisticated nature of threats; (ii) third-party service providers tend to have access to sensitive information and companies’ IT systems, providing potential hackers with a point of entry; and (iii) the “scale and breadth of the most recent breaches and incidents.” In light of these concerns, the DFS asserts that it would be beneficial to coordinate with state and federal regulators to “develop a comprehensive [cybersecurity] framework that addresses the most critical issues, while still preserving the flexibility to address New York-specific concerns.” According to the letter, the DFS expects to propose regulations requiring entities to set specific requirements in areas such as: (i) cybersecurity policies and procedures; (ii) third-party service provider management; (iii) cybersecurity personnel and intelligence, including implementing mandatory cybersecurity training programs; and (iv) notice of cybersecurity breaches.
FinCEN Issues Final Civil Money Penalty Against U.S.-based Casino Over BSA Violations
On November 6, FinCEN issued a final assessment of civil money penalty against a Las Vegas-based casino and its branch offices for violating the BSA by failing to develop and implement a sufficient AML program and report suspicious activity in connection with its private gaming areas. As FinCEN previously announced on September 8, the terms of the assessment require the casino to pay an $8 million civil monetary penalty, hire an independent auditor to test its BSA/AML compliance program, and conduct a look-back review of all transactions through branch offices in Asia and California for recordkeeping and reporting compliance. FinCEN’s final assessment follows approval on October 19 of the settlement from the Bankruptcy Court for the Northern District of Illinois, as the casino remains a debtor in its bankruptcy case.
SEC Announces Bryan Bennett as Head of Los Angeles Exam Program
On November 5, the SEC announced Bryan Bennett as head of its Los Angeles examination program. Bennett will oversee examiners, accountants, and attorneys based in Southern California, Nevada, Arizona, Hawaii, and Guam. Bennett joined the SEC in 2008 and was later named manager, leading various teams in the investment adviser and investment company examination program. In January 2015, the SEC named Bennett the assistant director of the Los Angeles examination program. Prior to joining the SEC, Bennett was a litigator in private practice.
D.C. District Court Rules in Favor of Anonymity When Challenging a CFPB Civil Investigative Demand
Recently, the District Court for the District of Columbia issued an opinion recognizing a company’s right to maintain privacy when challenging a CFPB Civil Investigative Demand (CID). John Doe Company No. 1 v. CFPB, No. 1:15-cv-1177 (D.D.C. Oct. 16, 2015). After receiving a CID from the Bureau, the Plaintiffs requested that the CFPB allow counsel to be present at a voluntary investigative hearing; the Plaintiffs’ request and subsequent petition to the CFPB were denied. On July 22, 2015, Plaintiffs filed a complaint against the CFPB seeking a temporary restraining order (TRO) and a motion to seal the case, arguing that sealing was appropriate because (i) CFPB investigations are normally nonpublic; and (ii) sealing the case would protect Plaintiffs from the harm that an ongoing investigation would cause if it were disclosed to the public. The court applied a six-factor test established by the D.C. Circuit in United States v. Hubbard to determine whether the court records should be released, considering the need for public access to the documents, the strength of the property and privacy interests involved, the possibility of prejudice against the Plaintiffs, and other factors. In a “compromise [to maximize] the amount of information available to the public while still protecting the privacy interest Plaintiffs assert,” the court ruled to unseal the case but ordered Plaintiffs to file redacted versions of all files pertaining to the case, omitting the names of Plaintiffs and “any other information reasonably likely to lead to the disclosure of Plaintiffs’ identities.”
CFPB Reports on Underserved Consumers' Use of Mobile Financial Services
On November 5, the CFPB published a report titled "Mobile Financial Services" to summarize the results of its June 2014 Request for Information on the opportunities and challenges associated with the use of mobile financial services (MFS) by traditionally underserved consumers. With 44% of unbanked individuals owning a smartphone, the report notes that MFS has the potential to be a promising tool for underbanked and unbanked consumers to manage their finances. According to the report, consumers using MFS save time and money because they can check their balances any time and have access to certain tools that help them manage their money. The report highlights mobile Remote Deposit Capture as particularly attractive to unbanked consumers because it allows them to take a picture of and deposit checks remotely, reducing the limitations of branch hours and locations. Additional key takeaways from the report include: (i) MFS would likely be most effective for underserved consumers if paired with consultative or assistance services; (ii) privacy and security concerns remain a significant risk; and (iii) digital access and digital financial literacy need improvement, such as enhancing affordable access to technology and educating consumers and intermediaries about safe and effective use of the technology.
FCC Settles with Company Over Alleged Data Protection Failures
On November 5, the FCC resolved its first ever data security action against a cable company with a $595,000 settlement. According to the FCC, the company did not have adequate data security measures in place for employees and contractors with access to the company’s electronic data systems. In 2014, the company’s electronic data systems were breached by a third party who, by pretending to be from the company’s IT department, convinced a customer service representative and a contractor to enter their account information into a fake website. The third party hacker allegedly used the information to gain access to customers’ personally identifiable information, subsequently sharing the information with another hacker and posting the information on social media sites. The cable company did not use the FCC’s breach-reporting portal to report the breaches. In addition to the civil money penalty, the settlement requires the company to: (i) identify and notify all customers affected by the breach and provide them with one year of free credit report monitoring; (ii) designate a senior corporate manager who is a certified privacy professional; (iii) conduct privacy risk assessments; (iv) implement a written information security program; (v) maintain reasonable oversight of third party vendors and implement multi-factor authentication; (vi) implement a more robust data breach response plan; (vii) provide privacy and security training to third party vendors and employees; and (viii) regularly file compliance reports with the FCC.
Massachusetts AG Settles with Auto Lender Over Alleged "Excessive" Interest Rate Charges
On November 5, Massachusetts AG Maura Healey announced a settlement with a national auto lender to resolve allegations that the lender charged excessive interest rates on subprime auto loans. The company agreed to provide over $5 million – approximately $11,000 per consumer – in relief to those affected by its alleged practice of charging consumers excessive interest rates as a result of including fees from an add-on GAP insurance product. Under the terms of the assurance and discontinuance, the company will (i) eliminate the alleged excessive interest on certain loans as a result of the GAP fee; and (ii) forgive outstanding interest on loans. In addition, the company must pay $150,000 to Massachusetts and perform supervised audits of its existing loan portfolio to ensure that no additional consumers were overcharged because of GAP fees.