InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Michigan Federal Court Addresses Personal Jurisdiction Based On Online Sales Through Hyperlinked Third-Party Website
On April 15, the U.S. District Court for the Western District of Michigan exercised personal jurisdiction in a trademark infringement suit after determining that an out-of-state company’s website was sufficiently interactive such that the exercise of personal jurisdiction comports with Due Process. Mor-Dall Enters. v. Dark Horse Distillery, LLC, No. 1:13-cv-915, (W.D. Mich. Apr. 15, 2014). In assessing personal jurisdiction, the court relied on the sliding scale framework established in Zippo Mfg. Co. v. Zippo Dot Com, Inc., 952 F. Supp. 1119 (W.D. Pa. 1997) to assess whether a website has minimum contacts with a forum state. The court determined that the company’s website, which does not allow customers to make purchases directly but rather links customers to a third-party vendor to complete a sale, is interactive and demonstrates that the company “clearly does business over the internet.” Because the website solicits customers from across the country, including Michigan, the company purposefully availed itself of the privilege of acting in Michigan, the court explained. In so holding, the court declined to follow a Northern District of Iowa decision that a company’s website’s use of a hyperlink to a third-party vendor does not give rise to personal jurisdiction over that company. Instead, the court relied on a Sixth Circuit copyright infringement case which held that a record label whose website directed customers to Amazon.com to make purchases availed itself of the privilege of acting in the forum state. The court further held that the cause of action arises in Michigan, and that the exercise of personal jurisdiction is reasonable given the quality and quantity of contacts. The court denied the defendant’s motion to dismiss.
OFAC Announces $6 Million Settlement To Resolve Alleged Cuba Sanctions Violations
On April 18, OFAC announced that a privately held travel services provider based in the Netherlands but majority-owned by U.S. persons agreed to pay nearly $6 million to resolve allegations that over a roughly six-year period the company’s business units mostly outside the U.S. provided services related to travel to or from Cuba, which assisted 44,430 persons. OFAC states that such business activities constitute alleged violations of the Cuban Assets Control Regulations. The company voluntarily self-disclosed the alleged violations to OFAC, the vast majority of which occurred prior to such disclosure. OFAC claims that the company (i) failed to exercise a minimal degree of caution or care regarding its obligations to comply with OFAC sanctions against Cuba by processing unauthorized travel related transactions for more than four years before recognizing that it was subject to U.S. jurisdiction; (ii) processed a high volume of transactions and assisted a large number of travelers, which caused significant harm to the objectives of the Cuban Assets Control Regulations; and (iii) failed to implement an adequate compliance program. OFAC’s Cuba Penalty Schedule sets a base penalty for the alleged violations at $11,093,500, which was reduced given that (i) the conduct at issue was the company’s “first violation”; (ii) the company provided substantial cooperation during OFAC’s investigation of the alleged violations, including by agreeing to toll the statute of limitations and by providing OFAC with detailed and well-organized documents and information; and (iii) the company already has taken significant remedial action in response to the alleged violations.
DOJ, SEC Announce More Charges In Broker-Dealer Foreign Bribery Case
On April 14, the DOJ and the SEC announced additional charges in a previously announced case against employees of a U.S. broker-dealer related to an alleged “massive international bribery scheme.” The DOJ announced the arrest of the CEO and a managing partner of the New York-based U.S. broker-dealer on felony charges arising from an alleged conspiracy to pay bribes to a senior official in Venezuela’s state economic development bank in exchange for the official directing financial trading business to the broker-dealer. The SEC, whose routine compliance examination detected the allegedly illegal conduct, announced parallel civil charges against the same two executives. Broker-dealer employees charged earlier in the case pleaded guilty last August for conspiring to violate the FCPA, the Travel Act, and anti-money laundering laws, as well as for substantive counts of those offenses, relating, among other things, to the scheme involving bribe payments. In November 2013, the Venezuelan bank senior official pleaded guilty in Manhattan federal court for conspiring to violate the Travel Act and anti-money laundering laws, as well as for substantive counts of those offenses, for her role in the scheme.
International Financial Services Association Launches AML Working Group
On April 15, BAFT, an international financial services association for organizations engaged in international transaction banking, announced the creation of a new Anti-Money Laundering and Know Your Customer Trade Finance Sound Practices working group. The group will focus on the needs of the transaction banking industry’s heightened focus on maintaining compliance with increasing regulatory expectations involving AML, combating the financing of terrorism, and KYC practices. The group will review “red flags” identified in different jurisdictions, identify common challenges, and develop best practices, which it will consolidate and publish for use by other trade practitioners.
Special Alert: CFPB Supports Mortgage eClosings and Announces Pilot Program
On April 23, in conjunction with its “Know Before You Owe” initiative, the CFPB hosted a mortgage closing process forum, which featured remarks from Richard Cordray, HUD Secretary Shaun Donovan, consumer advocates, and industry representatives. The Bureau published a report summarizing the results of its Request for Information about the challenges consumers face when closing on a home. The Bureau identified several “pain points” consumers regularly experience during the closing process. Consumers reported being frustrated by:
- The short amount of time they have to review a large number of closing documents, even when they did not understand the terms;
- The lack of resources capable of providing explanations about closing documents, which are often full of legalese and technical jargon; and
- Minor errors in paperwork resulting in long delays affecting multiple parties.
The CFPB’s Know Before You Owe rule, which combines the current TILA and RESPA mortgage disclosures, seeks to address several of these concerns by requiring that the new closing disclosure be provided at least three business days prior to closing. The new rule will be effective August 1, 2015.
At the forum, the CFPB expressed the view that more comprehensive use of electronic records and signatures in residential mortgage closings, or “eClosings”, also have the potential to significantly ameliorate these “pain points.” To that end, the Bureau released guidelines for an upcoming eClosing pilot project to study how eClosings can benefit consumers and address some of the challenges borrowers face at closing. Because eClosings offer both benefits and risks, the CFPB’s pilot project will evaluate whether they can increase efficiency and consumer understanding while minimize surprises and delays at the closing table. The guidelines list the minimum functional requirements of an eClosing platform including capabilities related to data security, workflow, and electronic signature collection. The Bureau is also interested in testing advanced functionality that will empower consumers to better understand and engage in the closing process, enable and reward early document review, and facilitate the detection and correction of errors in closing documents. Potential pilot participants must submit proposals as a partnership between a technology vendor providing an eClosing platform and a lender that has contracted to close loans utilizing that platform.
The CFPB was joined at the forum by representatives by the VA, FHA, FHFA, USDA, Ginnie Mae, Freddie Mac and Fannie Mae, all of whom voiced support for expanding the use of electronic records and signatures in mortgage closings. All of the agencies and GSEs expressed their willingness to collaborate with industry and the CFPB on the eClosing pilot project.
An audio and video recording of the forum will be available at consumerfinance.gov shortly.
For more information about the TILA-RESPA integrated disclosures rule, please see BuckleySandler's Special Alert.
CFPB Issues Integrated Mortgage Disclosure Rule Compliance Resources
On April 17, the CFPB issued a guide to completing the disclosure forms required by its November 2013 TILA-RESPA integrated disclosures rule, which generally applies to transactions for which a creditor or broker receives an application on or after August 1, 2015. The guide provides instructions for completing the Loan Estimate and Closing Disclosure and highlights common situations that may arise when completing the forms. The CFPB states in addition to serving as a resource to creditors, the guide also may assist settlement service providers, software providers, and other service providers. The disclosure forms guide follows the release last month of a small entity compliance guide, which summarizes the rule and highlights issues that small creditors, and their partners or service providers, might find helpful to consider when implementing the rule.
Comptroller Curry Takes Vendor Management Message To Third-Party Providers
On April 16, Comptroller of the Currency Thomas Curry spoke to attendees of the Consumer Electronics Show Government Conference, taking his concerns about banks’ vendor relationships and cybersecurity risks to potential third-party technology service providers. Comptroller Curry explained the banking system’s vulnerability to cyberattacks given its significant reliance on technology and telecommunications, and expressed particular concern about potential attacks on community banks. He reiterated several of the specific risk issues he recently discussed with community bankers. Comptroller Curry (i) outlined risks related to the consolidation of bank vendors; (ii) identified as a “special problem” banks’ reliance on foreign vendors, and cautioned banks to consider the legal and regulatory implications of where their data is stored or transmitted; and (iii) expressed concern about vendors’ access to important and confidential bank and customer data. He assured attendees that the OCC is not trying to discourage the use of third-party vendors, but in explaining the OCC’s particular focus on controls and risk management practices employed by vendors that provide services to banks and thrifts, Comptroller Curry advised vendors of the OCC’s authority under the Bank Service Company Act to issue enforcement actions and its authority to examine vendors designated as Technology Service Providers. He reported that banks have asked the OCC to more actively supervise critical service providers and stated that in working to protect the banking system the OCC will have to “look beyond individual financial institutions to the range of vendors and customers that have access to some part of its infrastructure and systems.”
SEC Announces Cybersecurity Examination Initiative
On April 15, the SEC’s Office of Compliance Inspections and Examinations announced that it will be conducting cybersecurity examinations of more than 50 registered broker-dealers and registered investment advisers. The examinations will assess each firm’s cybersecurity preparedness and collect information about the industry’s recent experiences with certain types of cyber threats. Specifically, examiners will focus on (i) cybersecurity governance; (ii) identification and assessment of cybersecurity risks; (iii) protection of networks and information; (iv) risks associated with remote customer access and funds transfer requests; (v) risks associated with vendors and other third parties; (vi) detection of unauthorized activity; and (vii) and experiences with certain cybersecurity threats. The SEC included with the announcement a sample document and information request it plans to use in this examination initiative.
OMB Reviewing Significant AML Proposed Rule
On April 11, the Treasury Department submitted to the OMB's Office of Information and Regulatory Affairs (OIRA) FinCEN’s long-awaited proposed rule to establish customer due diligence requirements for financial institutions. Under executive order, each agency is required to submit for regulatory review rules resulting from “significant regulatory actions,” and OIRA has 90 days to complete or waive the review. The public portion of the FinCEN rulemaking has been ongoing since February 2012 when FinCEN released an advance notice of proposed rulemaking to solicit comment on potential requirements for financial institutions to (i) conduct initial due diligence and verify customer identities at the time of account opening; (ii) understand the purpose and intended nature of the account; (iii) identify and verify all customers’ beneficial owners; and (iv) monitor the customer relationship and conduct additional due diligence as needed. FinCEN subsequently held a series of roundtable meetings, summaries of which it later published.
Kentucky Enacts Data Breach Notice Law
On April 10, Kentucky Governor Steve Beshear signed into law HB 232 to establish a data breach notice requirement. The new law requires any person or business that operates in the state to provide written or electronic notice to affected state residents of any breach of a security system that exposes unencrypted personally identifiable information. The law requires notification “in the most expedient time possible and without unreasonable delay” upon discovery or notification of a breach, and permits certain substitute forms of notice if the person or business subject to the breach demonstrates that the notice exceeds certain cost or scope thresholds. The law does not require separate notice to the state attorney general, nor does it apply to entities subject to Title V of the Gramm-Leach-Bliley Act or HIPAA. The bill takes effect July 14, 2014. Kentucky’s adoption of a data breach notice law leaves only three states—Alabama, New Mexico, and South Dakota—without such a statutory requirement.