InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
CFPB Issues Advisory Regarding Recent Retailer Data Breaches; Congressional Activity Increases
On January 28, the CFPB issued a consumer advisory in response to recent reports of data breaches at several large retailers. In addition to providing tips for consumers in the wake of a retail breach, the advisory encourages card holders to submit complaints about debit and credit card issuers’ inadequate responses to consumer charge disputes related to data breaches.
The advisory is the first public response from the CFPB on data breach issues. It follows a request last month from Senator Chuck Schumer (D-NY), a member of the Senate Banking Committee, that the CFPB conduct an investigation of the data breach and issue a “full report on the findings of its investigation -- informing the public of how this breach occurred, how consumers can protect themselves from similar attacks, and any further recommendations the CFPB may have for retailers to minimize the occurrence of similar breaches.” Schumer also asked Director Cordray to “take a closer look at whether retailers systems should be required to transfer credit and debit card information as encrypted data. . . . The CFPB must ensure that necessary rules and standards for retailers are in place to validate consumers’ trust in the transaction process.”
Numerous congressional committees share jurisdiction over data breach issues. The Senate Banking Committee will be among the first to act with a hearing scheduled for February 3, 2014 that will feature governmental witnesses, as well as the views of the retailer and banking industries.
DOJ Announces Anti-Bribery Charges Against Oil Services Company's Former Executives
On January 6, the DOJ announced that two former CEOs of an oil and gas services company had been charged for their alleged involvement in a scheme to violate the anti-bribery provisions of the Foreign Corrupt Practices Act (FCPA), and for other related offenses. The DOJ also revealed that the company’s former General Counsel (GC) had entered a guilty plea on bribery and fraud charges related to the alleged schemes. According to two separate Criminal Complaints that were filed in the U.S. District Court for the District of New Jersey, the former CEOs allegedly paid bribes to a Colombian official for his assistance in securing approval of a contract valued at approximately $39 million. They were also charged with attempting to defraud members of the company’s board through their attempts to secure kickbacks for themselves as part of an effort to acquire another firm. The Information filed against the former GC provided further details on the bribery and kickback schemes.
OFAC Announces Sanctions Settlement With Securities Intermediary
On January 23, the Treasury Department’s OFAC announced that a Luxembourg bank agreed to pay $152 million to resolve potential civil claims that the bank concealed the interest of the Central Bank of Iran (CBI) in certain securities held in one of the Luxembourg bank’s custody accounts. OFAC claims that from December 2007 through June 2008, the bank held an account at a U.S. financial institution through which the CBI maintained a beneficial ownership in 26 securities valued at nearly $3 billion. After assuring OFAC of its intention to terminate all business with its Iranian clients, the bank allegedly transferred the securities to another European bank’s custody account at the Luxembourg bank. Though the transfer changed the record ownership of the securities, the custody account allowed CBI to retain beneficial ownership. OFAC alleged that in acting as the channel through which the CBI held interests in the securities, the Luxembourg bank exported custody and related securities services in violation of the Iranian Transactions and Sanctions Regulations. OFAC highlighted the bank’s “strong remedial response” after learning of the alleged lapse mitigated the penalty amount. Although OFAC did not identify the specific enhanced controls implemented by the bank, it encouraged other firms operating as securities intermediaries to implement certain specific measures: (i) make customers aware of the firm’s U.S. sanctions compliance obligations and have customers agree in writing not to use their account(s) with the firm in a manner that could cause a violation of OFAC sanctions; (ii) conduct due diligence, including through the use of questionnaires and certifications, to identify customers who do business in or with countries or persons subject to U.S. sanctions; (iii) impose restrictions and heightened due diligence requirements on the use of certain products or services by customers who are judged to present a higher risk; (iv) attempt to understand the nature and purpose of non-proprietary accounts, including requiring information regarding third parties whose assets may be held in the accounts; and (v) monitor accounts to detect unusual or suspicious activity.
New York AG Settles Suit Against Internet Payday Lenders
On January 24, New York Attorney General (AG) Eric Schneiderman announced the resolution of a lawsuit filed in August 2013 against Native American tribe-affiliated payday lending firms and their owners for allegedly violating the state’s usury and licensed lender laws in connection with their issuing of personal loans over the Internet. The AG claims that the companies charged New York consumers annual interest rates on payday loans far in excess of the 16% rate cap set by state law. According to the announcement, the defendants agreed to modify the terms of all outstanding loans made to New York borrowers and to not collect interest on outstanding loans. The defendants also must provide refunds to borrowers who have paid back more than the principal of their loan plus the state-capped interest rate of 16%, and pay $1.5 million in penalties. The companies also must become licensed in New York before offering new loans in the state.
Report Criticizes Auto Dealer Compensation, Add-On Product Practices
On January 23, the Center for Responsible Lending (CRL) released a report titled “Non-Negotiable: Negotiation Doesn’t Help African-Americans and Latinos on Dealer-Financed Car Loans.” The report provides the results of CRL’s investigation of whether racial disparities occur in auto financing, “considering the consumer’s attempt to negotiate their interest rates and comparison-shop at other institutions.” The CRL also examined “other aspects of car buying by race and ethnicity, including the purchase of ancillary ‘add-on’ products and the accuracy of information provided by the dealer to the customer during the buying experience.” CRL states that its research “supports the likelihood that dealer practices, such as interest rate markups, have a discriminatory impact on borrowers of color.” Specifically, the CRL states its investigation revealed (i) African-American and Latino consumers attempt to negotiate pricing on car dealer loans just as much as white consumers, if not more, and their levels of comparison shopping are similar to those of white buyers; (ii) more borrowers of color reported receiving misleading information about their loans from car dealers, which served to negate the impact of negotiations or comparison shopping; and (iii) African Americans and Latinos are nearly twice as likely to be sold multiple add-on products as white consumers. The CRL recommends that policymakers (i) prohibit dealer compensation that varies based on the interest rate or other material, other than the loan’s principal balance; (ii) require dealers to disclose the actual costs of every add-on product sold during the financing process and to reveal the cost of the car with and without add-on products; and (iii) prohibit dealers from representing that the buyer is required to purchase ancillary products in order to obtain financing.
Ninth Circuit Affirms Dismissal Of Credit Card Fee Constitutional Challenge
On January 21, the U.S. Court of Appeals for the Ninth Circuit affirmed a district court’s dismissal of a constitutional challenge to certain credit card fees. In re Late Fee and Over-Limit Fee Litig., No. 08-15218, 2014 WL 211729 (9th Cir. Jan. 21, 2014). A group of credit card holders filed a class action suit claiming that credit card overlimit fees and late fees are analogous to punitive damages imposed in the tort context, and therefore such fees are subject to substantive due process limits. The card holders asserted that because banks are compensated through high penalty interest rates for the lost time value and collection costs associated with any breach of the credit contract, the other charges are duplicative and therefore punitive. The court explained that its decision hinged on the similarities and differences between liquidated damages and punitive damages, and determined that the penalty clauses at issue originate from the parties’ private credit card contracts, and are distinct from the jury-determined punitive damages awards. The court held, therefore, that the “jurisprudence developed to limit punitive damages in the tort context does not apply to contractual penalties, such as the credit card fees at issue in this case.”
California Appellate Court Holds State Regulators Lack Authority To Regulate Tribe-Affiliated Lenders
On January 21, the California Court of Appeal, Second District, held that short-term, small-dollar credit businesses owned by certain federally recognized Indian tribes are sufficiently related to their respective tribes to be protected under the doctrine of tribal immunity from state regulation. California v. Miami Nation Enterprises, No. B242644, 2014 WL 212220 (Cal. Ct. App. Jan. 21, 2014). The court affirmed a trial court’s dismissal of a civil action filed by the Commissioner of the California Department of Corporations seeking to enforce an order directing five tribe-affiliated lenders to cease providing payday loans over the Internet to California residents allegedly in violation of several provisions of the California Deferred Deposit Transaction Law. The two tribes had entered into management agreements with a non-tribal payday marketing company to direct and operate their lending activities. The court rejected the Commissioner’s argument that tribal immunity does not apply because under those agreements the day-to-day operations of the businesses have been effectively delegated to a nontribal entity, and that the tribes do not participate in the net income from the businesses, receiving instead only a “modest percentage” of the gross revenues. The court held that a business functions as an arm of the tribe if it (i) has been formed by tribal resolution and according to tribal law, for the purpose of tribal economic development and with the clearly expressed intent by the sovereign tribe to convey its immunity to that entity; and (ii) has a governing structure both appointed by and ultimately overseen by the tribe. The court added that “[n]either third-party management of day-to-day operations nor retention of only a minimal percentage of the profits from the enterprise (however that may be defined) justifies judicial negation of that inherent element of tribal sovereignty.”
FTC Actions Allege Violations Of International Safe Harbor Privacy Framework
On January 21, the FTC announced agreements with 12 companies to resolve allegations that the companies falsely claimed compliance with an international privacy framework. The FTC complaints explain that the U.S.-EU Safe Harbor Framework provides a method for U.S. companies to transfer personal data outside of the EU that is consistent with the requirements of the European Union Directive on Data Protection. The Directive sets forth EU requirements for privacy and the protection of personal data and requires EU Member States to implement legislation that prohibits the transfer of personal data outside the EU unless the European Commission has made a determination that the recipient jurisdiction’s laws ensure the protection of such personal data. To participate in the Framework, a U.S. company must self-certify to the U.S. Department of Commerce that it complies with seven principles and related requirements that have been deemed to meet the EU’s adequacy standard. The FTC claimed that the companies indicated compliance with the Safe Harbor principles, for example through privacy policies or certification marks, when the companies had allowed their self-certifications to lapse. The FTC alleged that this conduct violated Section 5 of the FTC Act. The companies did not admit the allegations, and the FTC acknowledged that the allegations do not necessarily mean that the companies committed any substantive violations of the privacy principles of the Safe Harbor framework. The proposed settlement agreements would prohibit the companies from misrepresenting the extent to which they participate in any privacy or data security program sponsored by the government or any other self-regulatory or standard-setting organization.
HUD Implements New Manual Underwriting Standards
On January 21, HUD issued Mortgagee Letter 2014-02, which implements new manual underwriting standards announced in December 2013. The new standards and guidance will be effective for all case numbers assigned on or after April 21, 2014, and will apply to (i) loans involving borrowers without a credit score which were not scored against FHA’s TOTAL Scorecard; (ii) loans receiving a “Refer” scoring recommendation from FHA’s TOTAL Scorecard; and (iii) loans receiving an “Accept” scoring recommendation from FHA’s TOTAL Scorecard but which have been downgraded to a “Refer” by the underwriter. In addition, the standards apply when a loan receiving an “Accept” scoring recommendation is downgraded to a “Refer.” The HUD guidance addresses (i) maximum qualifying ratios for all manually underwritten loans based on the minimum decision credit score; (ii) revised compensating factors that must be used in order to exceed FHA’s standard qualifying ratios; and (iii) the requirement for cash reserves equal to one or more total monthly mortgage payments for manually underwritten loans involving one and two unit properties.
New York Launches Student Protection Unit, Investigation Of Debt Relief Companies
On January 22, New York Governor Andrew Cuomo launched a new Student Protection Unit within the New York Department of Financial Services dedicated to investigating potential consumer protection violations in the student loan industry. Its first public investigation is focused on companies the unit believes are charging “high, improper fees without adequate notice for enrolling students in debt relief programs that are available for free through the federal government.” The Student Protection Unit issued subpoenas to 13 debt relief companies seeking advertising materials, contracts, consumer disclosures, and fee schedules among other materials.