InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
British Columbia Labour Relations Board Accepts Application Using E-Signed Union Membership Cards
Recently, the British Columbia Labour Relations Board (Board) issued a decision accepting a trade union’s application under the Labour Relations Code, which was submitted using electronically signed membership cards. Although the Board found that the union’s use of the Adobe E-Sign software was in compliance with the Electronic Transactions Act, it only accepted three of the four e-signed cards that were submitted. The three cards it approved were completed using the “draw function” of Adobe E-Sign, which allows the user to use a finger or stylus to physically sign a touch screen device. In contrast, the Board did not accept the fourth card because it used the “type function” of the software instead, analogizing it to “a pen and paper printed block signature in quotation marks.”
According to the Board, the fact that the E-sign software contained mandatory fields for the employee’s name, signature, and date provided assurance that the cards were signed and dated at the time of signature. In the event that E-sign programs other than Adobe are used, the Board cautioned that it “will expect a similar demonstration of [membership signatures’] reliability and authenticity with regard to date and signing of the cards before the application for certification process is completed.” It further cautioned that e-sign applicants will be expected to identify the audit trail for electronic signatures at the time applications are filed.
FTC Announces Agenda for Ransomware Event
On September 7, the FTC will host its first in a series of events to look at emerging technologies raising consumer privacy and security concerns. Scheduled to take place in Washington, D.C., the first event will focus on ransomware, “one of the most challenging cybersecurity problems affecting consumers and businesses.” Panelists will discuss the scope and state of ransomware, the best defenses against it, and how victims should respond to hacker demands. The FTC will host the second and third events in the series on October 13 and December 7 with emphases on drones and smart TVs, respectively.
Houston-Based Company Disgorges $5 Million to Settle SEC Enforcement Action
In an SEC cease and desist order filed on August 11, Key Energy Services, Inc., a Houston-based provider of rig-based oil well services, agreed to disgorge $5 million to settle charges that the company violated the books and records and internal control provisions of the FCPA. According to the order, from August 2010 through at least April 2013, Key Energy’s Mexican subsidiary paid bribes of at least $229,000 to a contract employee at Petroleos Mexicanos (Pemex), the Mexican state-owned oil and gas company. In exchange, the subsidiary received Pemex non-public information, advice and assistance on contracts with Pemex, and lucrative amplifications or amendments to those contracts. The funds were allegedly funneled through an entity purporting to provide consulting services, but for which there was no evidence of appropriate authorization of the relationship, and no supporting documentation regarding the purported consulting work performed. According to the SEC, the subsidiary improperly recorded the transfers to the consulting firm as legitimate business expenses, which were consolidated into Key Energy’s books and records. Key Energy allegedly failed to implement and maintain sufficient internal controls, including within the subsidiary relating to interactions with Pemex officials, and failed to respond to indications that the subsidiary was improperly using consultants.
It is notable that Key Energy was not required to pay a civil fine in addition to disgorgement. The SEC identified three reasons for accepting Key Energy’s offer of settlement and not imposing a separate civil penalty. First, the SEC praised Key Energy for cooperating with and assisting in its investigation. Key Energy was first contacted by the SEC in January 2014 concerning possible FCPA violations. In April 2014, Key Energy was informed by employees of its subsidiary of possible bribes, at which time the company reported the allegations to the SEC and “undertook a broad internal investigation and risk assessment of [its] international operations.” The SEC specifically noted that, “to the extent the internal investigation identified additional issues of concern, Key Energy provided updates to the Commission staff.”
Second, the SEC considered not only the “cooperation Key Energy afforded to the Commission staff,” but also the “remedial acts undertaken by [the company].” The SEC noted that Key Energy, during its internal review, “promptly and simultaneously undertook significant remedial measures including … a renovation and enhancement of [its] compliance program.” Specific remedial measures included (i) stronger vendor oversight; (ii) enhanced financial controls; (iii) increased training of all international employees; (iv) developing and/or reviewing policies and procedures pertaining to the FCPA, codes of business conduct, and more; and (v) a coordinated wind-down and exit from all markets outside of North America, including a commitment to exit Mexico by the end of 2016.
Finally, “in determining the disgorgement amount and not to impose a penalty,” the SEC “considered Key Energy’s current financial condition and its ability to maintain necessary cash reserves to fund its operations and meet its liabilities.” This third justification indicates the SEC is not only aware of the current financial strains within the oil and gas services sector, but is uninterested in unnecessarily putting companies out of business. It is also possible that Key Energy’s cooperation and remediation, coupled with its tenuous financial condition, factored into the DOJ’s decision in April to close its investigation of the same conduct without bringing charges.
GAO Report Finds CFPB Meets Requirements for Conducting SBREFA Panels; Panelists Say There's Room for Improvement
On August 10, the GAO released a report titled “Consumer Financial Protection Bureau: Observations from Small Business Review Panels.” The report summarizes the findings from the GAO’s review of the four Small Business Regulatory Enforcement Fairness Act (SBREFA) panels that resulted in final rulemakings as of April 2016. Specifically, GAO conducted a performance audit from October 2015 through August 2016 to examine the “extent to which CFPB solicited, considered, and incorporated small entity inputs into its rulemakings.” GAO interviewed 57 of the 69 small entity representatives who participated in the SBREFA panels. Although the report concludes that the CFPB completed the statutory requirements for conducting SBREFA panels, it also identifies certain areas where panelists voiced needs for improvement. While panelists voiced a panoply of concerns, including concerns that they did not have adequate time to prepare responses to CFPB information requests, a majority of representatives felt like their views were at least partially considered in the rulemaking process. However, according to the report, only seven of the 57 expressed satisfaction with the CFPB’s final rules.
HUD OIG Sends Letter to House Committee on Financial Services Regarding Funding Arrangements in Certain Housing Finance Agency Down Payment Assistance Programs
On July 26, HUD OIG (OIG) Inspector General David A. Montoya sent a letter to Jeb Hensarling, chairman of the House Committee on Financial Services, regarding OIG’s continuing opposition to certain down payment assistance (DPA) programs. The letter reiterates OIG’s previously stated position that certain DPA programs used for loans sold on the secondary market violate the National Housing Act (NHA) and the Housing Economic and Recovery Act (HERA) by reimbursing prohibited parties for providing part of the required minimum investment funds. According to the letter, more than 60,000 FHA loans are originated per year using this borrower-reimbursed funding arrangement. HUD had previously investigated the OIG criticisms of these loans made in conjunction with local HFAs and had determined that these programs do not violate relevant HUD requirements. In the letter, Montoya critiques that determination and attempts to continue this disagreement between HUD program officials and the OIG.
DOJ Files Suit Against Military Housing Provider for Alleged SCRA Violations
On August 10, the DOJ announced that a private military housing provider agreed to pay $200,000 to settle allegations that it violated the SCRA by obtaining default judgments against active-duty servicemembers and their families and subsequently evicting them. According to the DOJ, the company violated the SCRA when it requested default judgments against active-duty servicemembers without filing the appropriate affidavits “to alert the court of the tenants’ military status.” Under the terms of the proposed consent order, the company must (i) pay each servicemember affected by its actions $35,000 and vacate the judgment; (ii) forgive deficiency balances and request that the credit bureau remove evictions from effected credit reports; and (iii) pay a civil penalty of $60,000 to the United States. The consent order is pending approval by the U.S. District Court for the Southern District of California. The DOJ noted that this is the first case it has filed alleging illicit eviction of servicemembers from their homes.
California AG Harris filed a parallel suit against the defendants, arguing that the evictions violated the California Military and Veterans Code, the SCRA, state debt collection laws, and state privacy laws.
New York AG Schneiderman Announces $100,000 Settlement Over Data Security Practices
On August 5, New York AG Schneiderman announced that an online retailer will pay $100,000 in penalties to settle allegations that its weak security practices led to a data breach that potentially exposed more than 25,000 credit card numbers and cardholder data. According to AG Schneiderman, after a third party accessed the retailer’s website on August 7, 2014, a merchant bank notified the retailer on June 5, 2015 that customers’ credit card accounts were showing fraudulent charges. The retailer subsequently hired a company to conduct a forensic investigation, during which malware was found on and subsequently removed from the retailer’s website. AG Schneiderman contends that the retailer violated various sections of the New York State General Business Law by failing to notify its customers or law enforcement of the breach and by misrepresenting the safety and security of its website, also in breach of Executive Law § 63(12). In addition to the $100,000 penalty, the settlement requires that the retailer (i) conduct thorough and efficient investigations of future data security breaches; (ii) promptly notify New York law enforcement and affected customers of data security breaches; (iii) “maintain reasonable security policies and procedures designed to protect the personal information of consumers in accordance with New York State General Business laws”; (iv) remediate security vulnerabilities on its websites; and (v) train its employees with the most current data security practices.
State Attorneys General Settle with London-based Financial Institution over Alleged LIBOR Manipulation
On August 9, Massachusetts AG Healey announced, in coordination with more than 40 state attorneys general, a $100 million settlement with a London-based financial institution and related international investment bank (collectively, defendants) to resolve allegations that the defendants manipulated the U.S. Dollar London InterBank Offered Rate (LIBOR) and defrauded government and non-profit entities across the nation. According to AG Healey, from 2007-2009, defendants’ managers instructed its LIBOR submitters to lower their LIBOR rate setting. LIBOR submitters allegedly agreed to these instructions. State attorneys general further allege that, at various times beginning in 2005 and continuing at least into 2009, the defendants’ traders asked LIBOR submitters “to change their LIBOR submissions in order to benefit their trading positions.” LIBOR submitters allegedly often agreed to the traders’ requests. The defendants are the first of “several USD-LIBOR-setting panel banks under investigation by the state attorneys general to resolve the claims against it.”
SFO Announces Criminal Investigation of International Aircraft Manufacturer
On August 8, the UK Serious Fraud Office (SFO) announced that it is conducting an investigation of an international aircraft manufacturer. The SFO stated that the investigation centers on the use of third party consultants. The SFO’s brief announcement asked for individuals with information to contact the agency through its confidential reporting system.
Federal Banking Agencies Seek Comment on Call Report Proposal for Small Financial Institutions
On August 5, the FFIEC announced that the OCC, the FDIC, and the Federal Reserve are seeking public comment on a proposal for a new Consolidated Reports of Condition and Income for Eligible Small Institutions (FFIEC 051/Call Report). The proposed Call Report is a streamlined version of the Consolidated Reports of Condition and Income for a Bank with Domestic Offices Only (FFIEC 041), and would be applicable to financial institutions with domestic offices only and total assets of less than $1 billion. Intended to ease the reporting requirements for smaller institutions, the proposed Call Report would remove approximately 40% of about 2,400 data items in FFIEC 041. FFIEC 041 would remain applicable to institutions with domestic offices only that do not file the proposed Call Report. The banking agencies are also seeking public comment on proposed revisions to the FFIEC 041 and the Consolidated Reports of Condition and Income for a Bank with Domestic and Foreign Offices (FFIEC 031). Comments are due 60 days after Federal Register publication, which has not yet occurred.