InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FTC and NY AG settle with phantom debt operation
On July 1, the FTC announced, together with the New York attorney general, a settlement with two New York-based phantom debt operations and their principals (collectively, “defendants”) resolving allegations that the operations bought, placed for collection, sold lists of, and collected on fake debts that consumers did not owe. As previously covered by InfoBytes, the June 2018 complaint alleged that the defendants ran a deceptive and abusive debt collection scheme in violation of the FTC Act, the FDCPA, and New York state law. The settlement order against one company and its owners bans the defendants from debt collection activities, including buying, placing for collection, and selling debt. The order requires the defendants to pay a combined $676,575, suspending the total judgment of $6.75 million, due to inability to pay. The settlement order against the other company and its owner prohibits the defendants from engaging in unlawful collection practices and requires the payment of $118,000, suspending the total judgment of $4.94 million, due to inability to pay.
OFAC sanctions Maduro regime officials in Venezuela
On June 27 and 28, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) designated two Maduro regime officials and the son of Maduro for engaging in significant corruption and fraud to the detriment of the people of Venezuela. Specifically, OFAC designated the two regime officials pursuant to Executive Order (E.O.) 13692, for having previously received bribes from two Venezuelan businessmen in exchange for awarding contracts for expensive equipment to maintain Venezuelan electrical infrastructure, which were incompatible with the Venezuelan electrical system. Continued corruption and mismanagement resulted in persistent countrywide blackouts, limiting the people’s access to basic goods, services, and potable water supplies, among other things.
Additionally, pursuant to E.O. 13692, OFAC designated the son of Maduro for being a current or former official of the Government of Venezuela and a member of Venezuela’s illegitimate National Constituent Assembly, “which seeks to rewrite the Venezuelan constitution and dissolve Venezuelan state institutions, [and] was created through an undemocratic process instigated by Maduro’s government to subvert the will of the Venezuelan people.”
FTC holds fourth annual PrivacyCon to address hot topics
On June 27, the FTC held its fourth annual PrivacyCon, which hosted research presentations on a wide range of consumer privacy and security issues. Following opening remarks by FTC Chairman Joseph Simons, the one-day conference featured four plenary sessions covering a number of hot topics:
- Session 1: Privacy Policies, Disclosures, and Permissions. Five presenters discussed various aspects of privacy policies and notices to consumers. The panel discussed current trends showing that privacy notices to consumers have generally become lengthier in recent years, which helps cover the information regulators require, but often results in information overload for consumers more generally. One presenter advocated the concept of a condensed “nutrition label” for privacy, but acknowledged the challenge of distilling complicated activities into short bullets.
- Session 2: Consumer Preferences, Expectations, and Behaviors. This panel addressed research concerning consumer expectations and behaviors with regard to privacy. Among other anecdotal information, the presenters noted that many consumers are aware that personal data is tracked, but consumers are generally unaware of what data collectors ultimately do with the personal data once collected. To that end, one presenter advocated prescriptive limits on data collection in general, which would take the onus off consumers to protect themselves. Separately, with regard to the Children’s Online Privacy Protection Act (COPPA), one presenter noted that the law generally aligns with parents’ privacy expectations, but the implementing regulations and guidelines are too broad and leave too much room for implementation variations.
- Session 3: Tracking and Online Advertising. In the third session, five presenters covered various topics, including privacy implications of free versus paid-for applications to the impact of the EU’s General Data Protection Regulation (GDPR). According to the presenters, current research suggests that the measurable privacy benefits of paying for an app are “tenuous at best,” and consumers cannot be expected to make informed decisions because the necessary privacy information is not always available in the purchase program on a mobile device such as a phone. As for GDPR, the panel agreed that there are notable reductions in web use, with page views falling 9.7 percent in one study, although it is not clear whether such reduction is directly correlated to the May 25, 2018 effective date for enforcement of GDPR.
- Session 4: Vulnerabilities, Leaks, and Breach Notifications. In the final presentation, presenters discussed new research on how companies can mitigate data security vulnerabilities and improve remediation. One presenter discussed the need for proactive identification of vulnerabilities, noting that the goal should be to patch the real vulnerabilities and limit efforts related to vulnerabilities that are unlikely to be exploited. Another presenter analyzed data breach notifications to consumers, noting that all 50 states have data breach notification laws, but there is no consensus as to best practices related to the content or timing of notifications to consumers. The presenter concluded with recommendations for future notification regulations: (i) incorporate readability testing based on standardized methods; (ii) provide concrete guidelines of when customers need to be notified, what content needs to be included, and how the information should be presented; (iii) include visuals to highlight key information; and (iv) leverage the influence of templates, such as the model privacy form for the Gramm-Leach-Bliley Act.
9th Circuit denies rent-to-own company’s arbitration bid
On June 28, the U.S. Court of Appeals for the 9th Circuit affirmed the denial of a rent-to-own company’s motion to compel arbitration in a putative class action alleging the company charged excessive prices. According to the opinion, three named plaintiffs filed suit against the company in 2017, alleging that the company structured its rent-to-own pricing in violation of California law, including the Karnette Rental-Purchase Act, the Unfair Competition Law, the Consumers Legal Remedies Act, and the state’s prohibitions against usurious loans. The plaintiffs sought public injunctive relief, as well as compensatory damages and restitution, among other things. The company moved to compel arbitration in accordance with the arbitration agreement executed in connection with the plaintiff’s rent-to-own air conditioner contract. The district court denied the motion to compel arbitration, concluding that the arbitration agreement violates the California Supreme Court decision in McGill v. Citibank, N.A (covered by a Buckley Special Alert here) because it constitutes a waiver of the plaintiff’s substantive right to seek public injunctive relief. Moreover, the court concluded that McGill was not preempted by the Federal Arbitration Act (FAA), and that the agreement’s severance clause allowed for the plaintiff’s Karnette Act, UCL, and CLRA claims to be severed from the arbitration.
On appeal, the 9th Circuit agreed with the district court, rejecting the company’s arguments that McGill was preempted by the FAA. The appellate court found that McGill does not interfere with the bilateral nature of a typical arbitration, stating “[t]he McGill rule leaves undisturbed an agreement that both requires bilateral arbitration and permits public injunctive claims.” Moreover, the appellate court noted that the severance clause in the agreement, which precludes an arbitrator from awarding public injunctive relief, is triggered by the McGill rule, and disagreed with the company that the arbitrator would still adjudicate liability first, concluding that the clause provides “the entire claim be severed for judicial determination.”
VA updates fee guidance for IRRRLs
On June 28, the Department of Veterans Affairs (VA) issued Circular 26-19-17, which provides new funding fee guidance to lenders and servicers concerning Interest Rate Reduction Refinancing Loans (IRRRLs). The new guidance, effective immediately, requires, among other things, that: (i) a Certificate of Eligibility (COE) be obtained for IRRRLs to ensure the funding fee exemption information is up to date at the time of closing; (ii) lenders ask active duty servicemembers if they have a pre-discharge claim pending, and, if so, contact the Regional Loan Center to request assistance in obtaining a proposed or memorandum rating in the event the servicemember is eligible for a funding fee exemption; and (iii) if a lender or servicer is notified by the VA or the veteran of an overpayment of a funding fee, such lender initiate a refund request in the Funding Fee Payment System (FFPS) within three business days.
CFPB updates Payday Rule Small Entity Compliance Guide
On June 28, the CFPB updated its Small Entity Compliance Guide for the Payday Lending Rule, which covers the payment-related requirements of the Rule. In addition to technical corrections, the update reflects the delayed compliance date for the mandatory underwriting provisions of the Rule. As previously covered by InfoBytes, on June 6, the Bureau released a final rule to delay the August 19, 2019 compliance date for the mandatory underwriting provisions of the Rule. Compliance with these provisions is now required by November 19, 2020.
FDIC announces centralized division for large, complex financial institution activities
On June 27, the FDIC announced that it will form a new division titled, “Division of Complex Institution Supervision and Resolution (CISR),” to centralize and consolidate the supervision and resolution activities for the largest banks and complex financial institutions. The division will be responsible for the supervision and monitoring of banks with assets greater than $100 billion for which the FDIC is not the primary federal regulator. It will also be responsible for planning and executing the FDIC's resolution mandates for such banks and for other financial companies if necessary to protect U.S. financial stability. FDIC Chairman McWilliams stated that the new division, which will consolidate functions currently handled by three separate areas of the FDIC, “will enable [the FDIC] to take a more holistic approach to the supervision and resolution of these institutions and the unique challenges they present.” The division is expected to be operational on July 21.
Federal Reserve releases Comprehensive Capital Analysis and Review results
On June 27, the Federal Reserve (Fed) released the results of the Comprehensive Capital Analysis and Review (CCAR) conducted for 18 banking firms. The Fed considers quantitative and qualitative factors in its evaluation, including projected capital ratios under hypothetical severe economic conditions and the strength of the firm’s capital planning process, including its risk management, internal controls, and governance practices. The Fed did not object to the capital plans of any of the 18 firms, but did require one to address “limited weaknesses” the test identified. The Fed noted that, “On balance, virtually all firms are now meeting the Federal Reserve's capital planning expectations, which is an improvement from last year's assessment. The firms in the test have significantly increased their capital since the first round of stress tests in 2009.”
Federal Judge denies Ukrainian billionaire’s motion to dismiss criminal charges, and Austrian Supreme Court grants U.S. extradition request
Judge Rebecca Pallmeyer of the United States District Court for the Eastern District of Illinois denied a motion to dismiss filed by Ukrainian billionaire Dmitry Firtash, allowing several criminal charges––including one count of aiding and abetting an FCPA violation––to proceed. Shortly thereafter, the Austrian Supreme Court reportedly agreed to extradite Firtash to the United States, subject to final review by Austria’s Justice Minister. For prior coverage of Firtash’s motion to dismiss, please see here.
Firtash’s motion argued, inter alia, that he could not be liable under the FCPA as a Ukrainian citizen who does not belong to any class of foreign nationals subject to that statute. Because the Seventh Circuit had not reached the precise question that Firtash raised, Firtash cited Second Circuit precedent holding that “foreign nationals may only violate the [FCPA] outside the United States if they are agents, employees, directors, or shareholders of an American issuer or domestic concern.” United States v. Hoskins, 902 F.3d 69, 97 (2d Cir. 2018). Because Firtash is none of these, he claimed to be exempt from FCPA liability.
Judge Pallmeyer disagreed. Putting aside Hoskins, the judge analyzed generally applicable Seventh Circuit and Supreme Court jurisprudence regarding secondary liability, and concluded that a defendant can be liable for aiding and abetting or conspiring to commit a crime even if he or she would be exempt from primary liability for that crime. Judge Pallmeyer acknowledged that the presumption against extraterritorial application “arguably undermined” the Seventh Circuit precedent upon which her opinion relied, but stated that she was “unwilling to disregard clear guidance from the Seventh Circuit” on the subject of secondary liability. In addition to conflicting with Hoskins, Judge Pallmeyer’s opinion supports the broader scope of FCPA liability for foreign nationals that the DOJ has been pushing for years, and marks the beginning of a potential circuit split on the issue of secondary liability under the FCPA.
CEO and director of investment firm convicted of conspiracy to bribe Haitian officials
After a two-week jury trial in the United States District Court for the District of Massachusetts, the CEO of an investment firm and one of its directors were convicted of conspiracy to violate the FCPA and the Travel Act. Joseph Baptiste, a retired U.S. Army Colonel, was also found guilty of violating the Travel Act and conspiracy to commit money laundering. For prior coverage of the charges against Baptiste and CEO Roger Richard Boncy, please see here.
The evidence that federal prosecutors presented against Boncy and Baptiste included intercepted phone calls in which they discussed their plan to bribe Haitian officials “at all levels of government” in order to obtain governmental approval of a proposed $84 million project to develop a port in northwestern Haiti. In a recorded conversation with undercover agents posing as investors, Boncy and Baptiste allegedly solicited funds and told agents that the funds would be used to bribe the aide of a high-level elected official in Haiti. To conceal the bribes, Boncy and Baptiste allegedly said that they would funnel the agents’ funds through a U.S.-based non-profit organization that Baptiste controlled, which purported to sponsor social programs for Haitian residents.
The case against Boncy and Baptiste began with a sting operation conducted by the FBI in 2017. Boncy and Baptiste are scheduled to be sentenced by Judge Allison D. Burroughs on September 12, 2019.