Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • FTC settles with technology service provider on data security issues

    Federal Issues

    On November 12, the FTC announced a proposed settlement, which requires a technology service provider to implement a comprehensive data security program to resolve allegations of security failures, which allegedly allowed a hacker to access the sensitive personal information of about one million consumers. According to the complaint, the FTC asserts that the service provider and its former CEO violated the FTC Act by engaging in unreasonable data security practices, including failing to (i) have a systematic process for inventorying and deleting consumers’ sensitive personal information that was no longer necessary to store on its network; (ii) adequately assess the cybersecurity risk posed to consumers’ personal information stored on its network by performing adequate code review of its software and penetration testing; (iii) detect malicious file uploads by implementing protections such as adequate input validation; (iv) adequately limit the locations to which third parties could upload unknown files on its network and segment the network to ensure that one client’s distributors could not access another client’s data on the network; and (v) implement safeguards to detect abnormal activity and/or cybersecurity events. The FTC further alleges in its complaint that the provider could have addressed each of the failures described above “by implementing readily available and relatively low-cost security measures.”

    The FTC alleges more particularly that, between May 2014 and March 2016, an unauthorized intruder accessed the service provider’s server over 20 times, and in March 2016, “accessed personal information of approximately one million consumers, including: full names; physical addresses; email addresses; telephone numbers; SSNs; distributor user IDs and passwords; and admin IDs and passwords.” Because the information obtained can be used to commit identity theft and fraud, the FTC alleged that the service provider’s failure to implement reasonable security measures violated the FTC’s prohibition against unfair practices.

    The proposed settlement requires the service provider to, among other things, create certain records and obtain third-party assessments of its information security program every two years for the 20 years following the issuance of the related order that would result from the settlement.

    Federal Issues FTC Settlement Privacy/Cyber Risk & Data Security Data Breach Enforcement FTC Act

  • VA encourages relief for Tropical Storm Imelda-affected borrowers

    Federal Issues

    On November 8, the Department of Veterans Affairs (VA) issued Circular 26-19-29, encouraging mortgagees to provide relief for VA borrowers affected by Tropical Storm Imelda. Among other forms of assistance, the Circular encourages loan holders and servicers to (i) extend forbearances to borrowers in distress because of the disaster; (ii) establish a 90-day moratorium from the disaster declaration date on initiating new foreclosures on affected loans; (iii) waive late charges on affected loans; and (iv) suspend credit reporting related to affected loans. The Circular is effective until January 1, 2021. Mortgage servicers and veteran borrowers are also encouraged to review the VA’s Guidance on Natural Disasters.

    Find continuing InfoBytes coverage on disaster relief guidance here.

    Federal Issues Disaster Relief Department of Veterans Affairs Consumer Finance Mortgages

  • Jury convicts former French power company executive of multiple FCPA, money laundering and conspiracy offenses

    Financial Crimes

    On November 8, the DOJ announced that a jury had returned a guilty verdict against a British national and former French power and transportation company executive who was accused of bribing Indonesian officials to secure a power contract. Following a two-week trial, the jury convicted the former executive on six counts of violating the FCPA, three counts of money laundering, and two counts of conspiracy. As previously covered by InfoBytes, while the French company pleaded guilty in 2014, and three other executives—each of whom worked for the French company’s U.S.-based subsidiary—entered guilty pleas, the trial for the former executive (originally indicted in 2013) was delayed as he challenged the reach of the FCPA. The U.S. Court of Appeals for the Second Circuit held in 2018 that a non-resident foreign national lacking sufficient ties to a U.S. entity could not be charged with conspiring or aiding and abetting something that he could not be directly charged with, because he was “not an agent, employee, officer, director, or shareholder of an American issuer or domestic concern” within the scope of the FCPA’s jurisdictional provision and had not himself committed a crime inside the U.S. The 2nd Circuit also determined, however, that the former executive could still be charged with FCPA offenses, as the DOJ had signaled its intention to prove he “was an agent of a domestic concern,” which would place him “squarely within the terms of the statute.”

    According to the DOJ’s press release, it presented evidence at the trial to show that the former executive violated the FCPA by overseeing and supporting the U.S.-based subsidiary’s efforts to win the contract with the bribery scheme, including pressing the U.S. subsidiary to structure the payment terms to a consultant used as an intermediary in the scheme to “get the right influence.” The former executive and his co-conspirators allegedly helped arrange the payment of bribes to Indonesian officials by assisting in the U.S. subsidiary’s retention of two consultants, purportedly to provide legitimate consulting services on behalf of the subsidiary but with the intention of employing them to pay and conceal the bribes. The DOJ observed in its release that the former executive and his co-conspirators were successful in securing the contract from Indonesia’s state-owned and state-controlled electricity company and “subsequently made payments to the consultants for the purpose of bribing the Indonesian officials.”

    Sentencing is scheduled for January 31, 2020 in the U.S. District Court for the District of Connecticut.

    Financial Crimes DOJ FCPA Bribery Of Interest to Non-US Persons

  • CFPB argues private class action settlement interferes with its CFPA enforcement authority

    Courts

    On November 6, the CFPB filed an amicus brief with the Court of Appeals of Maryland in a case challenging a private class action settlement against a structured settlement company, which purports to “release the Bureau’s claims in a pending federal action, to enjoin class members from receiving benefits from the Bureau’s lawsuit, and to assign any benefits the Bureau might obtain for class members to the class-action defendants.” As previously covered by InfoBytes, in 2017, the U.S. District Court for the District of Maryland allowed a UDAAP claim brought by the CFPB to move forward against the same structured settlement company, where the Bureau alleged the company employed abusive practices when purchasing structured settlements from consumers in exchange for lump-sum payments. A similar action was also brought by the Maryland attorney general against the company. In addition to the state and federal enforcement actions, the plaintiffs filed a private class action against the company, and a trial court approved a settlement. The Court of Special Appeals reversed the lower court’s approval of the settlement, concluding that it “interferes with the [state’s] and Bureau’s enforcement authority.” The company appealed.

    In its brief to the Maryland Court of Appeals, the Bureau argues that the Court of Special Appeals decision should be affirmed because the settlement provisions “threaten to interfere with the Bureau’s authority under the [Consumer Financial Protection Act] in two significant ways.” Specifically, the Bureau argues that the settlement (i) could interfere with the Bureau’s statutory mandate to remediate consumers harmed through the Civil Penalty Fund; and (ii) would interfere with the Bureau’s authority to use restitution to remediate consumer harm. The Bureau states that “the risk of windfalls to such wrongdoers could force the Bureau to decline to award Fund payments to victims,” and would “threaten to offend basic principles of equity.”

    Courts CFPB CFPA Civil Money Penalties Enforcement Class Action Settlement State Attorney General UDAAP

  • DOJ charges short-sale negotiators with fraud

    Federal Issues

    On November 8, the DOJ announced that it charged the principals and co-founders (collectively, “defendants”) of a mortgage short sale assistance company with allegedly defrauding mortgage lenders and investors out of half a million in proceeds from short sale transactions. The DOJ also alleged the defendants’ actions defrauded Fannie Mae, Freddie Mac, and HUD. According to the announcement, from 2014 to 2017, the defendants negotiated with lenders for approval of short sales in lieu of foreclosure, and falsely claimed during settlement that the lenders had agreed to pay loss mitigation service fees from the proceeds of short sales. The defendants allegedly obtained around 3 percent of the short sale price from the settlement agent, which was separate from fees paid to real estate agents and closing attorneys, among others. In order to further deceive lenders, the defendants would then file fabricated documents to justify or conceal the additional fees being paid to the company. The defendants were charged with conspiracy to commit wire fraud, and one co-founder was also charged with aggravated identity theft.

    Federal Issues DOJ Mortgages Fraud Enforcement Fees

  • 2nd Circuit denies three petitioners seeking whistleblower awards for SEC settlement

    Courts

    On November 8, the U.S. Court of Appeals for the Second Circuit denied petitions from three whistleblowers seeking awards following a $55 million settlement between the SEC and a global financial institution, which the SEC previously denied. According to the opinion, multiple individuals disclosed information to the SEC during an investigation into the financial institution’s financial statements. In 2015, the SEC reached a settlement with the institution, and nine whistleblower claimants filed applications to receive awards based on the information they provided. The SEC granted the applications for two claimants and denied the rest. The three individuals involved in this action were denied the awards because the SEC concluded that the individuals “did not provide ‘original information that led to a successful enforcement action,’” as required by the Securities and Exchange Act’s whistleblower provisions. Specifically, for the two named individuals, the SEC determined that it had already received the information they provided through an individual known as “Claimant 2,” who had previously submitted an expert report prepared by the two individuals to the SEC. The appellate court agreed with the determination made by the SEC, concluding that “their [] submission did not significantly contribute to the success of the [] action; Claimant 2ʹs submissions did.” The appellate court noted that the individual’s expert report did not qualify for Rule 21F‐4’s “original source exception,” which was designed to treat information submitted to another federal agency as though it had been submitted to the SEC directly.

    As for the third, unnamed individual, the appellate court also denied the petition, concluding that the unnamed individual’s interpretation of the whistleblower program would “disincentivise whistleblowers from curating their submissions.” Specifically, the SEC asserted that the unnamed individual “‘appeared to be very disjointed and had difficulty articulating credible and coherent information concerning any potential violation of the federal securities laws’” and “‘brought with him to the meeting a wet brown paper bag containing what he claimed to be evidence.’” The SEC further noted that the documents were “jumbled and disorganized” and ultimately used similar information brought by a subsequent whistleblower. The appellate court noted that “[a] whistleblower might still be rewarded for being the first to bring incriminating information to the SECʹs attention, but only if that information is contained in a credible, and ultimately useful submission.”

    Courts SEC Whistleblower Second Circuit Appellate

  • CFTC reaches $14 million settlement with bank over swap dealer standards

    Securities

    On November 8, the CFTC announced a $14 million settlement with a national bank to resolve allegations that the bank violated swap dealer business conduct standards in its foreign exchange trading business. Among other things, the bank allegedly failed to properly price a $4 billion foreign exchange forward contract with a counterparty when it selected a rate it “believed would be in the range of the true weighted average and thus acceptable to the counterparty,” instead of calculating a “weighted average rate based on actual spot trades.” According to the CFTC, at the time the bank did not have a system in place to accurately track trades used to fill the counterparty’s order and ensure compliance with policies and procedures regarding communicating with counterparties in a fair and balanced manner. (The bank has since cured these deficiencies.) The bank, which has neither admitted nor denied the findings, agreed to pay a $10 million civil money penalty and $4.47 million in restitution (previously paid to the counterparty) under the terms of the settlement order.

    Securities CFTC Foreign Exchange Trading

  • FDIC, OCC approve final rule revising Volcker Rule

    Agency Rule-Making & Guidance

    On November 14, the OCC, FDIC, Federal Reserve Board, CFTC, and SEC published a final rule, which will amend the Volcker Rule to simplify and tailor compliance with Section 13 of the Bank Holding Company Act’s restrictions on a bank’s ability to engage in proprietary trading and own certain funds. As previously covered by InfoBytes, the five financial regulators released a joint notice of proposed rulemaking in July 2018 designed to reduce compliance costs for banks and tailor Volcker Rule requirements to better align with a bank’s size and level of trading activity and risks. The final rule clarifies prohibited activities and simplifies compliance burdens by tailoring compliance obligations to reflect the size and scope of a bank’s trading activities, with more stringent requirements imposed on entities with greater activity. The final rule also addresses the activities of foreign banking entities outside of the United States.

    Specifically, the final rule focuses on the following areas:

    • Compliance program requirements and thresholds. The final rule includes a three-tiered approach to compliance program requirements, based on the level of a banking entity’s trading assets and liabilities. Banks with total consolidated trading assets and liabilities of at least $20 billion will be considered to have “significant” trading activities and will be subject to a six-pillar compliance program. Banks with “moderate” trading activities (total consolidated trading assets and liabilities between $1 billion and $20 billion) will be subject to a simplified compliance program. Finally, banks with “limited” trading activities (less than $1 billion in total consolidated trading assets and liabilities) will be subject to a rebuttable presumption of compliance with the final rule.
    • Proprietary trading. Among other changes, the final rule (i) retains a modified version of the short-term intent prong; (ii) eliminates the agencies’ rebuttable presumption that financial instruments held for fewer than 60 days are within the short-term intent prong of the trading account; and (iii) adds a rebuttable presumption that financial instruments held for 60 days or longer are not within the short-term intent prong of the trading account. Additionally, banks subject to the market risk capital prong will be exempt from the short-term intent prong.
    • Proprietary trading exclusions. The final rule modifies the liquidity management exclusion to allow banks to use a broader range of financial instruments to manage liquidity. In addition, exclusions have been added for error trades, certain customer-driven swaps, hedges of mortgage servicing rights, and certain purchases or sales of instruments that do not meet the definition of “trading assets and liabilities.”
    • Proprietary trading exemptions. The final rule includes changes from the proposed rule related to the exemptions for underwriting and market making-related activities, risk-mitigating hedging, and trading by foreign entities outside the U.S.
    • Covered funds. Among other things, the final rule incorporates proposed changes to the covered funds provision concerning permitted underwriting and market making and risk-mitigating hedging with respect to such funds, as well as investments in and sponsorships of covered funds by foreign banking entities located solely outside the U.S.
    • Application to foreign banks. The final rule aligns the methodologies for calculating the “limited” and “significant” compliance thresholds for foreign banking organizations by basing both thresholds on the trading assets and liabilities of the firm’s U.S. operations. The final rule includes changes to the exemptions from the prohibitions for underwriting and market making-related activities, risk mitigating hedging, and trading by foreign banking entities solely outside the U.S. Additionally, the final rule also includes changes to the covered funds provisions, including with respect to permitted underwriting and market making and risk-mitigating hedging with respect to a covered fund, as well as investment in or sponsorship of covered funds by foreign banking entities solely outside the U.S. and the exemption for prime brokerage transactions.

    FDIC board member Martin J. Gruenberg voted against the rule, stating the “final rule before the FDIC Board today would effectively undo the Volcker Rule prohibition on proprietary trading by severely narrowing the scope of financial instruments subject to the Volcker Rule. It would thereby allow the largest, most systemically important banks and bank holding companies to engage in speculative proprietary trading funded with FDIC-insured deposits.” Gruenberg emphasized that the final rule “includes within the definition of trading account only one of these categories of fair valued financial instruments—those reported on the bank’s balance sheet as trading assets and liabilities. This significantly narrows the scope of financial instruments subject to the Volcker Rule.”

    The final rule will take effect January 1, 2020, with banks having until January 1, 2021, to comply. Prior to the compliance date, the 2013 rule will remain in effect. Alternatively, banking entities may elect to voluntarily comply, in whole or in part, with the final rule’s amendments prior to January 1, 2021, provided the agencies have implemented necessary technological changes.

    Agency Rule-Making & Guidance FDIC Federal Reserve OCC CFTC SEC Bank Holding Company Act Volcker Rule Of Interest to Non-US Persons

  • FinCEN renews GTOs covering 12 metropolitan areas; legal entities that are U.S. publicly-traded companies not required to report

    Financial Crimes

    On November 8, the Financial Crimes Enforcement Network (FinCEN) announced the renewal of its Geographic Targeting Order (GTO), which requires U.S. title insurance companies to identify the natural persons behind shell companies that pay “all cash” (i.e., the transaction does not involve external financing) for residential real estate in 12 major metropolitan areas. While the purchase amount threshold for the beneficial ownership reporting requirement remains set at $300,000 for residential real estate purchased in the 12 covered areas, FinCEN modified the renewed GTO to note that it “will not require reporting for purchases made by legal entities that are U.S. publicly-traded companies. Real estate purchases by such entities are identifiable through other business filings.”

    The renewed GTO takes effect November 12 and covers certain counties within the following areas: Boston; Chicago; Dallas-Fort Worth; Honolulu; Las Vegas; Los Angeles; Miami; New York City; San Antonio; San Diego; San Francisco; and Seattle.

    FinCEN FAQs regarding GTOs are available here.

    Financial Crimes FinCEN GTO Of Interest to Non-US Persons

  • OFAC announces settlement with aviation investment company for sanctions violations

    Financial Crimes

    On November 7, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a $210,600 civil settlement with a U.S. aviation investment company to resolve 12 alleged violations of the Sudanese Sanctions Regulations (SSR), which prohibit U.S. persons from dealing in property and interests in property of the Government of Sudan. The settlement addressed allegations that the company leased three aircraft engines to a United Arab Emirates-incorporated entity, which then subleased the engines to a Ukrainian airline that had the engines installed on an aircraft that was “wet leased” to a Sudanese airline. According to OFAC, the company violated SSR regulations because OFAC’s List of Specially Designated Nationals and Blocked Persons identified the Sudanese airline as meeting the definition of “Government of Sudan” at the time of the alleged transactions.

    In arriving at the settlement amount, OFAC considered various mitigating factors, including that (i) company personnel were not aware of the conduct leading to the alleged violations; (ii) OFAC has not issued a violation against the company in the five years preceding the earliest date of the transactions at issue; and (iii) the company cooperated with the investigation. OFAC also noted that the company undertook several remedial measures in response to the alleged violations, including implementing additional compliance processes such as improving its “Know-Your-Customer screen procedures” and employee training, and obtaining “U.S. law export compliance certificates from lessees and sublessees.”

    OFAC also considered various aggravating factors, including that the violations harmed U.S. sanctions program objectives, and that the company failed to properly monitor the precise whereabouts of the engines during the life of the leases.

    Financial Crimes Department of Treasury OFAC Settlement Of Interest to Non-US Persons Sanctions

Pages

Upcoming Events