InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
10th Circuit affirms $5 million disgorgement in Kokesh
On December 6, the U.S. Court of Appeals for the Tenth Circuit affirmed a district court’s revised disgorgement order in SEC v. Kokesh. As previously covered by InfoBytes, in 2017, the U.S. Supreme Court handed down a unanimous ruling in Kokesh and rejected the SEC’s position that disgorgement is an equitable remedy and not a penalty. The Court’s decision limited the SEC’s disgorgement power to a five-year statute of limitations period applicable to penalties and fines under 28 U.S.C. § 2462. Following the Court’s ruling, in 2018, the 10th Circuit, on remand, directed the district court to enter an order for a lower disgorgement amount of $5 million (from nearly $35 million), holding that only a portion of the SEC’s claims were not time-barred by 28 U.S.C. § 2462. At the district court, the SEC also argued that prejudgment interest of more than $2.6 million should apply to the disgorgement penalty, as well as nearly $2.3 million in civil penalties, and the district court awarded such amounts, rejecting Kokesh’s argument that “the district court should reject any relief other than an order of disgorgement.” Kokesh again appealed, arguing, among other things, that “§ 2462 is jurisdictional and precludes this action in its entirety,” and that the permanent injunction and civil penalties were invalid.
On appeal, the 10th Circuit refused to address Kokesh’s jurisdictional argument, stating that, among other things, the appellate court had previously found that “each act of misappropriation should be considered separately” and that not all of the SEC’s claims were time-barred. The appellate court further concluded that because it had previously found that some alleged misappropriations happened within the five-year limit, the $5 million disgorgement calculation that the SEC requested was warranted. Moreover, the appellate court noted that Kokesh failed to show any reason that its 2018 decision was “clearly erroneous,” and during remand, “rather than. . .contesting timeliness or the SEC’s calculations, Kokesh conceded the district court should enter the disgorgement order and instead focused on the SEC’s new request for prejudgment interest.” Additionally, the appellate court refused to consider Kokesh’s challenges to the permanent injunction and the civil penalty ordered because they were first raised in Kokesh’s reply brief.
Senate holds hearing on privacy law proposals
On December 4, the Senate Commerce Committee held a hearing titled “Examining Legislative Proposals to Protect Consumer Data Privacy” to discuss how to “provide consumers with more security, transparency, choice, and control over personal information both online and offline.” Among the issues discussed at the hearing was how consumer privacy rights should be enforced. As previously covered by InfoBytes, some FTC commissioners, at a hearing earlier this year, expressed that authorization to enforce federal privacy laws should vest not only in the FTC, but also in the states’ attorneys general. At the Senate hearing, there was testimony suggesting that the FTC is spread too thin to be in charge of enforcing new privacy laws. At least one witness championed state privacy regulation, while other witnesses endorsed preemption of the state laws by the envisioned federal privacy law. Although different views were expressed regarding what the law should look like, the hearing participants generally seemed to agree that a federal privacy law may be needed now in light of recent state legislative agendas and, as one Senator raised, the growing use of artificial intelligence.
OFAC announces sanctions against Russia-based organization for malware attacks on financial institutions
On December 5, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions pursuant to Executive Order 13694 against a Russia-based cybercriminal organization for allegedly developing and distributing malware that infected financial institutions and resulted in more than $100 million in theft. OFAC’s action targets 17 individuals and seven entities and is “intended to disrupt the massive phishing campaigns orchestrated by [the organization],” Treasury Secretary Steven T. Mnuchin stated. According to OFAC, the organization used the malware to infect computers and harvest login credentials from roughly 300 banks and financial institutions in over 40 countries, resulting in millions of dollars of damage to U.S. and international financial institutions and their customers. As a result of the sanctions, all property and interests in property of these persons subject to U.S. jurisdiction are blocked, along with “any entities 50 percent or more owned by one or more designated persons.” OFAC noted that its regulations “generally prohibit” U.S. persons from participating in transactions with designated persons, and warned that “foreign persons may be subject to secondary sanctions for knowingly facilitating a significant transaction or transactions with these designated persons.”
In a concurrent action announced the same day, the DOJ unsealed criminal charges—including those related to international computer hacking and bank fraud schemes—against two of the organization’s members. In addition, Treasury’s Financial Crimes Enforcement Network and the Cybersecurity and Infrastructure Security Agency released a report providing a technical analysis of the malware and related variants, emphasizing that because the malware continues to target the financial services sector, financial institutions should review and incorporate the report’s techniques, tactics, and procedures into existing network defense capabilities and planning.
Michigan approves temporary authority to act as a licensed mortgage loan originator
On December 4, the Michigan governor signed HB 5084, which, among other things, includes provisions granting temporary authority for certain mortgage loan originators (MLOs) to originate loans in the state without a state license. Specifically, HB 5084 provides that, in order to be eligible for temporary authority to operate, the individual must be employed by an entity that is licensed or registered under applicable state laws and meets the following additional criteria: has no previous MLO application denials or MLO license suspensions or revocations in any state; has not been subject to, or served with, a cease and desist order in any state; has not been convicted of, or pled guilty or no contest to, a disqualifying crime; has submitted the required application and fee and meets the applicable surety bond requirement; was registered in the NMLS as a loan originator during the one-year period immediately preceding the date on which the applicant submitted the required information; and has not been subject to a prohibition order pertaining to any of the financial licensing acts. Individuals who were licensed as mortgage loan originators in another state the individual is eligible for temporary authority to act as a mortgage loan originator if the individual meets the criteria above and was licensed in another state during the 30 days immediately prior to submitting the required application information in Michigan.
Beginning November 24, HB 5084 permits qualifying MLO applicants to have temporary authority to act as a mortgage loan originator while their applications are pending for licensure for up to 120 days, or upon the withdrawal, denial, notice of intent to deny, or approval of the licensing application, whichever is sooner.
HUD increases FHA loan limits for 2020
On December 3, HUD announced the maximum FHA loan limits for 2020, issuing Mortgagee Letter 19-19 for FHA-insured forward mortgage case numbers and Mortgagee Letter 19-20 for FHA-insured Home Equity Conversion Mortgage (HECM) case numbers. The general one-unit property limits “floor” increased to $331,760, and the “ceiling” increased to $765,600, while the HECM claim amount also increased to $765,600, effective January 1, 2020.
TRO issued against VoIP service provider in card interest reduction scam
On December 5, the FTC and the Ohio attorney general announced that the U.S. District Court for the Western District of Texas issued a temporary restraining order (TRO) against a VoIP service provider and its foreign counterpart for facilitating (or consciously avoiding knowing of) a “phony” credit card interest rate reduction scheme committed by one of its client companies at the center of a joint FTC/Ohio AG action. As previously covered by InfoBytes, the original complaint alleged that a group of individuals and companies—working in concert and claiming they could reduce interest rates on credit cards—had violated the FTC Act, the Telemarketing Sales Rule, and various Ohio consumer protection laws. In addition to obtaining a TRO against the most recent alleged participants, the FTC and Ohio AG amended their July complaint to add the telecom companies as defendants alleging the companies “played a key role in robocalling consumers to promote a credit card interest reductions scheme.”
Swedish telecommunications company resolves FCPA allegations with DOJ, SEC
On December 6, the DOJ announced that it entered into a deferred prosecution agreement with a Swedish-based telecommunications company, in which the company agreed to pay more than $1 billion in criminal and civil penalties related to alleged violations of the FCPA’s anti-bribery, books and records, and internal control provisions. The company’s Egyptian subsidiary also pleaded guilty in New York federal court to a one-count criminal information that charged it with conspiracy to violate the FCPA’s anti-bribery provisions. The SEC simultaneously announced a resolution with the company. Under the terms of the agreements, the company agreed to pay a criminal fine of more than $520 million to the DOJ, and will cooperate with any ongoing investigations, enhance its compliance program, and be subject to an independent compliance monitor for three years. An additional $540 million in disgorgement and interest will be paid to the SEC. The announcements cited improper payments and accounting practices regarding five countries and various third party agents. The company received partial cooperation credit and a 15 percent criminal fine reduction for (i) “conducting a thorough internal investigation” and “making regular factual presentations to the [D]epartment”; (ii) voluntarily making foreign witnesses available to prosecutors; and (iii) “producing extensive documentation and disclosing some conduct of which the [D]epartment was previously unaware.” Additionally, the DOJ recognized the company’s measures to improve its anti-bribery compliance processes.
FinCEN report: SARs help prevent elder financial exploitation
On December 4, FinCEN announced the release of a Financial Trend Analysis titled, “Elders Face Increased Financial Threat from Domestic and Foreign Actors.” In compiling the report, FinCEN reviewed Bank Secrecy Act (BSA) elder financial exploitation suspicious activity reports (SARs) from 2013 to 2019 to detect patterns and trends. Among other things, the study found that (i) elder financial exploitation filings nearly tripled during the study period, from around 2,000 per month in 2013 to nearly 7,500 in 2019, the majority of which were filed by money services businesses (MSBs) and depository institutions; (ii) while the amount of SARs filed by MSBs ebbed and flowed from 2013 to 2019, those of depository institutions steadily increased; (iii) MSBs filed nearly 80 percent of all SARs describing financial scams, while securities and futures firms filed just over 70 percent of all SARs describing theft; (iv) financial theft from elders is most frequently perpetrated by family members or caregivers; (v) SARs indicated that the most common scams included lottery, person-in-need, and romance scams, the majority of which saw elder victims transferring funds through MSBs; and (vi) money transfer scam SARs were most commonly filed by MSBs who transferred money to a receiver located outside the U.S.
FDIC posts enforcement actions manual
On December 2, the FDIC announced the release of its full enforcement manual (manual). According to Financial Institution Letter (see FIL-76-2019), the manual, which was posted to the FDIC website, is meant to “support the work of field office, regional office, and Washington office staff involved in processing and monitoring enforcement actions.” The letter states that the manual was released to promote “greater transparency” to FDIC-insured institutions and other concerned parties as to the agency’s enforcement policies and procedures. Additionally, the letter cautions that the manual “does not interpret any law or regulation” nor does it “establish supervisory requirements” or “industry guidance.”
OFAC announces settlement with company that allegedly processed payments for sanctioned entity
On November 25, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a $466,912 civil settlement with a California-based technology company to resolve alleged violations of the Foreign Narcotics Kingpin Sanctions Regulations (FNKSR). According to OFAC, the company voluntarily disclosed that it hosted a sanctioned Slovenian software developer on its platform and collected more than $1 million in payments from customers who downloaded the developer’s apps. The company’s actions—which included hosting, selling, and facilitating the transfer of the developer’s software and associated content, as well as processing 47 payments between 2015 and 2017—were in violation of the FNKSR because OFAC’s List of Specially Designated Nationals and Blocked Persons identified the developer as a significant foreign narcotics trafficker (SDNTK).
In arriving at the settlement amount, OFAC considered various mitigating factors, including that (i) the company voluntarily disclosed the violations and continued to cooperate by promptly responding to information requests; (ii) the volume and payment amounts were not significant when compared to the company’s annual total volume of transactions; (iii) OFAC has not issued a violation against the company in the five years preceding the earliest date of the transactions at issue; and (iv) the company has strengthened its compliance program to minimize the risk of recurrence.
OFAC also considered various aggravating factors, including that (i) the alleged conduct demonstrated a “reckless disregard for U.S. sanctions requirements”; (ii) the company’s processing of payments conferred a significant economic benefit to the developer; and (iii) the company failed to timely take corrective actions after identifying the developer as a SDNTK and continued to process payments.