InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Mobile App Developer Settles with FTC and New Jersey AG Over Virtual Currency Mining
On June 29, a mobile app developer entered into an agreement with the FTC and the New Jersey AG to settle allegations that the developer engaged in deceptive and unfair practices by marketing its rewards app, called “Prized,” as being free of malicious software, also known as “malware.” However, according to the FTC, the true purpose of the mobile app was to uploaded malware onto consumers’ mobile devices capable of mining virtual currencies for the software developer. This process allegedly reduced the battery life of consumers’ devices and caused consumers to burn through their monthly data plans. Under terms of settlement, the developer and accompanying mobile app are (i) prohibited from creating and distributing malicious software, and (ii) required to pay $50,000 to the state of New Jersey, with $5,200 due immediately, and the remaining $44,800 payable if the developer fails to comply with the terms of the consent order or the New Jersey Consumer Fraud Act within three years of the order.
Special Alert: Disparate Impact Under the Equal Credit Opportunity Act After Inclusive Communities
On June 25, the Supreme Court in Texas Department of Housing and Community Affairs v. Inclusive Communities Project, Inc. held that disparate-impact claims are cognizable under the Fair Housing Act (FHA). The Court, in a 5-4 decision, concluded that the FHA permits disparate-impact claims based on its interpretation of the FHA’s language, the amendment history of the FHA, and the purpose of the FHA.
Applicability to ECOA
When certiorari was granted in Inclusive Communities, senior officials from the CFPB and DOJ made clear that they would continue to enforce the disparate impact theory under the Equal Credit Opportunity Act (ECOA) even if the Supreme Court held that disparate-impact claims were not cognizable under the FHA. It is reasonable to expect that the Court’s decision will embolden the agencies, as well as private litigants, to assert even more aggressively the disparate impact theory under ECOA.
But just as the federal officials had stated that they would continue to assert disparate impact under ECOA if Inclusive Communities invalidated disparate impact under the FHA, lenders still have a number of arguments that the Inclusive Communities Court’s analysis does not apply to ECOA, given the material differences between the text and history of the FHA and ECOA. First, the Court principally based its textual arguments on the use of “otherwise make unavailable” in Section 804 of the FHA—a section that applies to the sale and rental of housing but not to lending. The Court stated that this effects-based language “is of central importance” to its analysis. Although the Court also stated that it had construed statutory language similar to FHA Section 805—which applies to lending—the discussion of Section 805 is so brief as to suggest it was merely an afterthought. The Court repeatedly states its textual analysis focused on the text “otherwise make unavailable.” But ECOA contains no similar effects-based language.
Second, the Court’s analysis of the FHA’s amendment history is inapplicable to ECOA. The Court focused principally on three provisions which it characterized as “exemptions” from disparate-impact liability, and concluded that such exemptions made sense only if Congress were acknowledging the validity of disparate impact claims. But ECOA contains no similar “exemptions” from disparate-impact liability that might otherwise lead to the conclusion disparate impact is cognizable under ECOA.
Finally, while the Court also notes that disparate-impact claims are “consistent with the FHA’s central purpose,” this justification appears merely to support the Court’s textual and historical arguments. The Court has repeatedly cautioned that a statute’s purpose does not trump its text. Whatever similarities may exist between the purpose of the FHA and ECOA, the material textual and historical differences weigh heavily against treating the two statutes the same for disparate-impact purposes.
Burden Shifting Framework
Even if the Inclusive Communities analysis could apply to ECOA, the Court’s emphasis on rigorous application of the three-step burden-shifting framework to analyze disparate impact claims—and protect against “abusive disparate-impact claims” —is likely to impose significant burdens on regulators and plaintiffs seeking to bring disparate impact claims under ECOA. The Court’s articulation of the steps in the burden-shifting framework are materially different—and more friendly to lenders—than those applied by federal agencies (e.g., in HUD’s disparate impact rule). While it is possible that the government and private plaintiffs will argue that the burden shifting framework outlined in Inclusive Communities applies only to the FHA, the Court’s reasoning supports applying the same framework to other civil rights laws—including ECOA.
First, the Court has reaffirmed the significant burden plaintiffs must bear in satisfying the first step of the burden-shifting framework: establishing a prima facie case. The Court noted that a “robust causality requirement” must be satisfied to show that a specific policy caused a statistical disparity to “protect[] defendants from being held liable for racial disparities they did not create.” “[A] disparate-impact claim that relies on a statistical disparity must fail if the plaintiff cannot point to a defendant’s policy or policies causing that disparity.” The Court emphasized that “prompt resolution of these cases [by courts] is important.” This, when taken together with the Court’s decision in Wal-Mart Stores, Inc. v. Dukes, may make maintaining a disparate impact claim under ECOA particularly difficult when addressing such practices as discretionary pricing (e.g., dealer markup in the auto finance context).
Second, with respect to the second step of the framework, the Court explained that “[g]overnmental or private policies are not contrary to the disparate-impact requirement unless they are ‘artificial, arbitrary, and unnecessary barriers.’” The Court noted that this is critical to ensure that defendants “must not be prevented from achieving legitimate objectives.” Specifically, the Court endorsed the importance of considering “practical business choices and profit-related decisions that sustain a vibrant and dynamic free-enterprise system” in determining whether a company’s policy is supported by a legitimate business justification. The Court further explained that “entrepreneurs must be given latitude to consider market factors,” as well as other “objective” and “subjective” factors.
Third, the Court emphasized that before rejecting a “business justification,” a court “must determine that a plaintiff has shown that there is an available alternative practice that has less disparate impact and serves the entity’s legitimate needs.” (internal quotations and alterations omitted). Significantly, and in contrast to previous interpretations by federal agencies, the Court clarified that the plaintiff bears the burden of showing a less discriminatory alternative in the third step of the burden-shifting framework.
The Court cautioned that a rigorous application of the burden-shifting framework is necessary to prevent disparate-impact liability from supplanting nondiscriminatory private choice: “Were standards for proceeding with disparate-impact suits not to incorporate at least the safeguards discussed here, then disparate-impact liability might displace valid governmental and private priorities, rather than solely removing artificial, arbitrary, and unnecessary barriers. And that, in turn, would set our Nation back in its quest to reduce the salience of race in our social and economic system.” (internal citations and alterations omitted).
DOJ Assistant AG Caldwell Delivers Remarks at the ABA's National Institute on Bitcoin and Other Digital Currencies
Today, Assistant Attorney General Leslie Caldwell delivered remarks at the ABA’s National Institute on Bitcoin and Other Digital Currencies. Speaking on the DOJ Criminal Division’s approach to the developing landscape of virtual currency, Caldwell acknowledged the legitimate uses of virtual currencies, such as having the ability to lower costs for brick and mortar businesses and its potential to promote a more efficient online marketplace, while also addressing the Department’s concern for the criminal activity surrounding virtual currencies, noting, “virtual currency facilitates a wide range of traditional criminal activities as well as sophisticated cybercrime schemes.” Citing recent actions against various individuals and groups involved in criminal activities that “sought to exploit decentralized systems such as Bitcoin” – specifically, Silk Road and Ross Ulbricht; and Carl Force and Shaun Bridges, both involved in the Baltimore Silk Road Task Force – Caldwell stressed that there are “many exchanges that don’t concern themselves with following the law.” She explained that the primary legal bases for enforcement are money services business, money transmission, and anti-money laundering statutes, as well as state money transmitter licensing laws and, in some states like New York, virtual-currency specific licensing requirements. Caldwell also noted the Department’s partnership with FinCEN, summarizing its involvement in the Ripple Labs resolution to show that “compliance and remediation can lead to a more favorable resolution of criminal investigations.” Further, Caldwell observed that while there is no “one-size-fits-all” compliance program, the adherence to regulations and state licensing laws by those involved in virtual currency businesses will reduce liability and complying with anti-money laundering guidelines will allow “the legitimate use of virtual currency to grow and be responsive to infiltration and abuse by criminal elements.”
FinCEN Fines MSB and Its Owner for Alleged BSA Violations
Today, FinCEN announced the assessment of a civil money penalty against a Los Angeles-based Money Services Business (MSB) and its owner for alleged violations of the Bank Secrecy Act (BSA). During a 2011 examination of the MSB, FinCEN determined that, from October 1, 2010 through the present, the MSB knowingly violated the BSA by failing to (i) establish and ensure ongoing compliance with an adequate AML program; (ii) provide adequate training; and (iii) conduct independent testing of its compliance program. In addition, the MSB violated the BSA’s reporting requirements by failing to “file required currency transaction reports (“CTRs”) on all of its reportable transactions during the examination scope period,” and continued to file untimely CTRs even after the examination scope period ended on March 31, 2011. Finally, FinCEN expressed concern over the MSB owner’s failure to disclose that the MSB “frequently exchanged check for cash with another MSB, an arrangement known as ‘wholesaling’ or ‘bulk check cashing.’” According to the assessment document, the MSB’s owner, who was also the designated AML compliance officer, participated in the BSA violations by failing to accept his responsibility to “ensure that [an] AML program was in place, was effective, and was followed.” To resolve FinCEN’s allegations, the MSB and its owner admitted to violating the BSA program and its reporting requirements and will pay a civil money penalty of $60,000.
Fed Governor Discusses Payment Security
On June 25, Federal Reserve Governor Jerome Powell delivered remarks at a payments conference hosted by the Federal Reserve Bank of Kansas to discuss improvements to the U.S. payments system. Specifically, Powell advised that payment system participants must work together to improve the payment system, stating “[A]t a minimum, banks, merchants, and other institutions that process or store sensitive financial information need to keep their hardware and software current to the latest industry standards.” He noted that the Federal Reserve has established two task forces regarding the U.S. payment system, one geared towards faster payments and the other geared towards payment security. Powell cited the use of EMV chip cards and tokenization technology as examples of effective payment security measures. In addition, Powell discussed the importance of proactive efforts to implement preventative measures to prepare for potential cyber-attacks or data breaches.
August 10 Deadline Set for New York Virtual Currency Firms to Apply for BitLicense
On June 24, the New York State Register published the Department of Financial Services’ BitLicense framework, requiring companies and individuals who provide virtual currency services involving New York or a New York Resident to apply for a BitLicense by August 10, 2015. Virtual currency firms must submit the 31-page application providing information including, among other things, (i) written policies and procedures including, but not limited to BSA/AML, cybersecurity, privacy and information security, (ii) company information, (iii) biographical information on company directors and stockholders, and (iv) an explanation of the methodology used to calculate the value of virtual currency in fiat currency. In addition, the NYDFS released a set of FAQs to help clarify the BitLicense requirements.
Special Alert: Supreme Court Upholds Disparate Impact Under Fair Housing Act, But Emphasizes Limits on Such Claims
Today, the Supreme Court in Texas Department of Housing and Community Affairs v. Inclusive Communities Project, Inc. held that disparate-impact claims are cognizable under the Fair Housing Act (FHA). In a 5-4 decision, the Court concluded that the use of the phrase “otherwise make available” in Section 804 of the Fair Housing Act supports disparate-impact claims. The Court also held that Section 805 of the Fair Housing Act (which applies to lending) permits disparate impact, reasoning that the Court “has construed statutory language similar to § 805(a) to include disparate-impact liability.” The Court also wrote that the 1988 amendments to the Fair Housing Act support its conclusion because (1) all the federal Courts of Appeals to have considered the issue at that time had held that the FHA permits disparate-impact claims; and (2) the substance of the amendments, which the Court characterized as exceptions from disparate impact, “is convincing support for the conclusion that Congress accepted and ratified the unanimous holdings of the Courts of Appeals finding disparate-impact liability.”
The Court emphasized, however, that “disparate-impact liability has always been properly limited in key respects . . . .” Specifically, the Court explained disparate-impact liability must be limited so companies “are able to make the practical business choices and profit-related decisions that sustain a vibrant and dynamic free-enterprise system.” “Entrepreneurs must be given latitude to consider market factors,” the Court explained. The Court clarified further that a variety of factors, including both “objective” and “subjective” factors, are “legitimate concerns.”
To prevent what the Court characterized as “abusive disparate-impact claims,” the Court emphasized that the three-step burden-shifting framework used to analyze disparate-impact claims must be applied rigorously by courts and government agencies. At the first step in the framework, the Court noted that a “robust causality requirement” must be satisfied to show that a specific policy caused a statistical disparity to “protect[] defendants from being held liable for racial disparities they did not create.” “[A] disparate-impact claim that relies on a statistical disparity must fail if the plaintiff cannot point to a defendant’s policy or policies causing that disparity.” The Court emphasized that “prompt resolution of these cases [by courts] is important.”
With respect to the second step of the framework, the Court, citing the seminal Title VII case of Griggs v. Duke Power, further explained that “[g]overnmental or private policies are not contrary to the disparate-impact requirement unless they are ‘artificial, arbitrary, and unnecessary barriers.’” The Court stated that this is critical to ensure that defendants “must not be prevented from achieving legitimate objectives.”
Finally, under the third step of the framework, the Court emphasized that before rejecting a “business justification,” a court “must determine that a plaintiff has shown that there is an available alternative practice that has less disparate impact and serves the entity’s legitimate needs.” (internal quotations and alterations omitted). Significantly, the Court clarified that the plaintiff bears the burden of showing a less discriminatory alternative in the third step of the burden-shifting framework.
Without a rigorous application of this burden shifting framework, the Court cautioned that disparate-impact liability could be used to replace nondiscriminatory private choice: “Were standards for proceeding with disparate-impact suits not to incorporate at least the safeguards discussed here, then disparate-impact liability might displace valid governmental and private priorities, rather than solely removing artificial, arbitrary, and unnecessary barriers. And that, in turn, would set our Nation back in its quest to reduce the salience of race in our social and economic system.” (internal citations and alterations omitted).
Although the Court did not expressly address whether its decision invalidates HUD’s disparate impact rule with its expansive burden shifting framework, the decision also does not rely on or defer to the discussion of the burden shifting framework contained in HUD’s disparate impact rule, notwithstanding the HUD rule’s extensive treatment of the burden shifting framework for disparate-impact claims under the FHA. The dissenting justices, however, concluded that given what they called “this unusual pattern” regarding the promulgation of the HUD rule, “there is an argument that deference may be unwarranted.”
CFPB Consumer Complaints Database Goes Live with Option to Publish Narratives
Today, the CFPB expanded its consumer complaint database, publishing for the first time over 7,700 consumer narratives which provide descriptive details of issues consumers face with respect to mortgages, bank accounts, credit cards, and debt collection, among other topics. As previously covered in InfoBytes, the Bureau finalized its Policy earlier this year requiring consumers who file complaints to “opt-in” to have the actual narrative of the complaint disclosed in the CFPB consumer complaint database. In addition, the Bureau issued a Request For Information seeking feedback on how complaint information contained within the database can be more easily identified and “normalized.” The Bureau also announced that it had received more than 627,000 complaints as of June 1, with mortgages and debt collection among the most frequent sources of complaints.
Alleged Ringleader of Global Cybercrimes Extradited to United States to Face Charges
Today, the DOJ unsealed an eighteen-count indictment in Brooklyn, New York charging a Turkish citizen (Defendant) with organizing worldwide cyberattacks against at least three U.S. payment processors’ computer networks. The Defendant’s organization allegedly used “sophisticated intrusion techniques” to hack the computer systems, stealing prepaid debit card data and subsequently using the stolen data to make ATM withdrawals in which standard withdrawal limits were manipulated to allow for greater withdrawals. According to the indictment, the Defendant managed a group of co-conspirators responsible for distributing the stolen card information to “cashing crews” around the world, who then used the information to conduct tens of thousands of fraudulent ATM withdrawals and fraudulent purchases. Within two days – February 27 and 28, 2011 – the DOJ alleges that the “cashing crews withdrew approximately $10 million through approximately 15,000 fraudulent ATM withdrawals in at least 18 countries.” The remaining two operations, occurring in late 2012 and early 2013, resulted in ATM withdrawals of roughly $5 million and $40 million, respectively. The Defendant, along with other high-ranking members of the conspiracy, received the funds from the fraudulent operations via wire transfer, electronic currency, and personal delivery of U.S. and foreign currency. The Defendant was arrested in Germany on December 18, 2013, and was extradited to the United States on June 23, 2015. The charges against the Defendant follow previous charges against members of the conspiracy, including the arrest of a member of the New York cashing crew.
Federal Reserve Orders Community Bank to Improve its BSA/AML Program
On June 23, the Board of Governors announced the execution of an enforcement action against a California-based community bank over BSA/AML deficiencies. According to the Cease and Desist Order, the deficiencies were identified by the Federal Reserve Bank of San Francisco and the California Department of Business Oversight, and directs the Bank to submit written plans outlining their efforts to strengthen their BSA/AML risk management program, including customer due-diligence and suspicious activity monitoring and reporting policies and procedures. In addition, the Bank must retain an independent third party to conduct a review of account and transaction activity affiliated with any high-risk customer and foreign branch accounts conducted at, by, or through the Bank from July 2014 through December 2014. No civil money penalty was imposed on the Bank.