InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FTC Issues Guidance on Consumer Reporting Obligations under the FCRA
On May 10, the FTC released new guidance on consumer reporting obligations under the FCRA. The guidance is intended to assist companies in understanding whether or not they are subject to consumer reporting requirements under the FCRA. According to the FTC, a company that sells or provides “consumer reports” as defined in Section 603 of the FCRA, 15 U.S.C. § 1681a(d), is considered a “consumer reporting agency” bound by FCRA requirements: “even if you don’t think of your company as a consumer reporting agency, it may be one if it provides information about people to employers for use in hiring or other employment decisions.” The guidance further notes that employment background screening companies are typically subject to FCRA requirements, such as: (i) establishing and following “‘reasonable procedures to assure maximum possible accuracy of the information concerning the individual about whom the report relates’”; (ii) obtaining certifications that verify, among other things, their clients are legitimate and that the credit report will only be used for employment purposes; (iii) providing clients with information regarding their responsibilities under the FCRA, as well as a summary of consumer rights under the FCRA; and (iv) honoring certain rights of applicants and employees, including providing access to files upon request and conducting a reasonable investigation of consumer disputes.
OCC Updates Comptroller's Handbook to Include New Student Lending Booklet
On May 9, the OCC updated its Comptroller’s Handbook to include a new booklet titled “Student Lending.” Despite banks having to alter their private student lending strategies as a result of the 2008 financial crisis, the OCC’s booklet maintains that banks can still benefit from the wider array of consumer products and the broader business model that the private student lending industry offers. The new booklet contains information related to banks’ participation in the private student lending industry, including, but not limited to:
- Inherent credit, interest rate, liquidity, price, operational, compliance, strategic, and reputation risks in the industry.
- Unique aspects of private student loans, such as the “significant time lag between loan advances and repayment, and the student borrower’s lack of certainty in finding a stable, reliable primary source of repayment after graduation.”
- Regulatory expectations for safe and sound operations, cautioning that banks should adhere to the credit underwriting and documentation standards as stated in 12 CFR 30, appendix A, “Safety and Soundness Standards.”
- Risk management practices, reminding banks that use third parties to market, solicit, or originate private student loans to have in place risk management frameworks that include due diligence in selecting third parties, written contracts that have been vetted for duties, obligations, and responsibilities of all parties (compensation parameters included), and ongoing monitoring and quality assurance programs.
Designed for examiners to use in their examination and supervision of banks involved in the private student lending industry, the booklet outlines two sets of examination procedures: (i) primary examination, when an examiner’s objective is to “assess risk level, evaluate the quality of risk management, and determine the aggregate level and direction of risk of the bank’s student lending activities”; and (ii) supplemental examination, when examiners “determine whether student lending marketing activities are consistent with the bank’s business plans, strategic plans, and risk appetite, and that appropriate controls and systems are in place before the bank rolls out new products or new-product marketing initiatives.” Finally, the booklet advises examiners reviewing banks’ student lending activities to “remain alert for lending practices and product terms that could indicate discriminatory, unfair, deceptive, abusive, or predatory issues.”
Congressman Luetkemeyer Proposes Bill to Eliminate "Abusive" in CFPB's UDAAP Authority
Recently, Representative Blaine Luetkemeyer (R-MO) introduced H.R. 5112, the Unfair or Deceptive Acts or Practices Uniformity Act, to make the authority of the CFPB and FTC more consistent and similar, and to encourage greater communication among regulators. Specifically, the Act would amend Section 1031 of the Dodd-Frank Act by removing the CFPB’s ability to regulate “abusive” conduct from its current authority to regulate “unfair, deceptive or abusive” acts or practices (UDAAP). In addition, the bill would insert the following language at the end of Section 1031: “[i]n prescribing any rule under this subsection, the Bureau shall comply with the requirements of section 18 of the Federal Trade Commission Act (15 U.S.C. 57a) applicable to the Federal Trade Commission when the Commission prescribes rules and general statements of policy under that section with respect to unfair or deceptive acts or practices in or affecting commerce.”
Senate Judiciary Committee Holds Hearing to Discuss FCC's Proposed Privacy Rules
On May 11, the Subcommittee on Privacy, Technology and the Law of the Senate Judiciary Committee held a hearing titled “Examining the Proposed FCC Privacy Rules.” Present at the hearing were witnesses FCC Chairman Thomas Wheeler, FCC Commissioner Ajit Pai, FTC Chairwoman Edith Ramirez, and FTC Commissioner Maureen Ohlhausen. The focal point of the hearing was the FCC’s proposed rule (which comes after its Open Internet Order released in February 2015, designed to preserve net neutrality) on broadband internet services, which is, according to proponents of the proposal, intended to ensure that consumers’ personal information is adequately protected when Internet Service Providers (ISP) collect information on consumers using their products. According to FCC Chairman Wheeler’s opening remarks, the FCC’s proposed rule governing the privacy and security of consumer data is built on “transparency, choice, and security.” Commission members Pai and O’Reilly oppose the proposal, with Commissioner Pai commenting at the hearing that the proposal imposes “stringent regulation” on ISPs, in spite of Commissioner Wheeler’s November 2015 statement before the House Energy and Commerce Committee’s Subcommittee on Communications and Technology that the FCC “would ‘not be regulating the edge providers differently’ from ISPs.” In contrast to the FCC’s proposal, the FTC maintains a unified approach toward regulating ISPs and other online actors. Speaking to the FTC’s efforts to protect consumer information, Chairwoman Ramirez’s and Commissioner Ohlhausen’s joint testimony summarized the FTC’s enforcement, policy, and education work related to consumer privacy and highlighted recent FTC and FCC joint enforcement actions. According to Senator Leahy’s (D-VT) opening remarks, the FCC’s recent proposal raises the question as to whether FCC regulation of specialized broadband privacy issues is “unnecessary in light of the FTC’s general enforcement power.” Advocates of the FCC’s proposal, such as Senator Leahy, maintain that the FTC’s case-specific enforcement power cannot be a substitute for the FCC’s “expert rulemaking process”; while those in opposition, such as FCC Commissioner Pai, argue that the proposal “makes little, if any, sense.” Comments on the FCC’s proposal are due by May 27, 2016, with the reply comment period ending June 27, 2016.
DOJ Sentences Founder of Money Laundering Operation to 20 Years Imprisonment
On May 6, the DOJ announced that U.S. District Judge Denise L. Cote sentenced the founder of a Costa Rica-based virtual currency company to 20 years imprisonment and ordered him to pay a $500,000 fine for charges related to illegal money laundering. According to the DOJ, the individual owner, at all relevant times, directed and supervised the company’s operations and was aware that cybercriminals, such as credit card traffickers and identity thieves, were using the “digital currency empire” to launder the proceeds of illegal activity. The DOJ further asserts that the company “grew into a financial hub for cybercriminals around the world, trafficking the criminal proceeds of Ponzi schemes, credit card trafficking, stolen identity information and computer hacking.” When the government shut the company down in May 2013, it had more than 5.5 million user accounts worldwide and more than 78 million financial transactions processed, valued at more than $8 billion. Prior to the sentencing hearing, the owner pleaded guilty to one count of conspiring to commit money laundering; four other co-defendants also pleaded guilty, with two individuals being sentenced to five and three years in prison and two others awaiting sentencing.
Deputy Attorney General Yates Expands on Individual Accountability Policy
On May 10, Deputy U.S. Attorney General Sally Yates spoke at the New York City Bar Association’s White Collar Crime Conference and expanded on the DOJ’s Individual Accountability Policy, which informally bears Yates’ name (the Yates Memo). The DOJ issued the Yates Memo in September 2015, and Yates’ remarks were focused on why the DOJ issued the policy and how it has been working in practice. Yates made clear that “holding individuals accountable for corporate wrongdoing has always been a priority for” the DOJ, but that the policy memorandum was necessary to overcome “real world challenges” that the DOJ encounters (e.g., convoluted corporate structures and lines of authority, data privacy laws, and inability to compel foreign witness testimony) so that it can hold individuals responsible for corporate wrongdoing.
In practice, Yates said that the policy has not caused the parade of horrors that defense attorneys and client alerts have predicted. For example, she stated that she was not aware of any company refusing to cooperate with the DOJ as a result of the policy. She further added that “no one has told us that they will be forced to waive privilege in order to comply with the policy.” Instead, she said that the policy already has caused a shift toward higher compliance standards within companies.
Yates also highlighted how DOJ attorneys are focused on individuals from the outset of an investigation: “[t]he first thing the lawyers briefing me discuss is what we are doing to identify the individuals involved and what the company is doing during the course of its cooperation to meet its obligation to provide all the facts about individual conduct.” In addition, civil enforcement efforts have broadened to focusing on individuals. According to Yates, “[a]bility to pay is one of the factors considered, but it’s no longer the determinative factor in deciding whether to bring an action in the first instance.
Former Currency Manufacturer Manager Convicted and Sentenced In UK for Making Corrupt Payments
On May 11, following a five-week trial in a London court, a former manager of an Australia-based banknote manufacturer was convicted of four counts of making corrupt payments to a foreign official in violation of the Prevention of Corruption Act 1906. Peter Chapman, the former manager of the polymer banknote manufacturer’s Africa office, was acquitted on two other counts. Chapman was convicted of bribing an agent of Nigerian Security Printing and Mining PLC in order to secure contracts for the purchase of reams of polymer substrate from the banknote manufacturer. The total amount of bribes to the agent equaled approximately $205,000. On May 12, Chapman was sentenced to two and a half years (30 months on each convicted count, to be served concurrently).
The UK Serious Fraud Office (SFO) prosecuted the case following a joint investigation by the SFO and the Australian Federal Police, which initiated the investigation in May 2009.
FinCEN Finalizes Long-Awaited Customer Due Diligence Rule
On May 6, FinCEN issued a final rule imposing standardized customer due diligence requirements for banks, broker-dealers, mutual funds, futures commission’s merchants and introducing brokers in commodities. Subject to exceptions for certain types of entities deemed low risk by FinCEN, beginning on May 11, 2018, covered institutions must identify any natural person that owns, directly or indirectly, 25% or more of a legal entity customer or that exercises control over the entity. Covered financial institutions would also have to take measures to verify that they know the true identity of each person identified as a beneficial owner (but would not be required to verify that such persons are in fact beneficial owners). The requirement will apply to new accounts opened by legal entity customers, and will not be retroactive. Additionally, the final rule adds a standardized set of four customer due diligence requirements as a “fifth pillar” of an effective anti-money laundering program. In addition to identification and verification of beneficial owners of legal entities, the requirements include: (i) identification and verification of customers; (ii) understanding the nature and purpose of the customer relationship; and (iii) ongoing monitoring for reporting suspicious transactions and, on a risk basis, updating customer information.
DOJ Proposes Legislation Intended to Advance Anti-Corruption Efforts
On May 5, the DOJ announced that it plans to submit to Congress proposals for legislative amendments that would provide the DOJ with additional tools to advance anti-corruption work in the areas of pursuing illegal proceeds of transnational corruption and modifying the substance of criminal corruption offenses. The DOJ’s proposals regarding the illegal proceeds of transnational corruption would amend various sections of the U.S.C. to (i) expand foreign money laundering predicate crimes to include any violation of foreign law that, if committed in the U.S., would be a money laundering predicate; (ii) allow administrative subpoenas for money laundering investigations; (iii) enhance law enforcement’s ability to obtain overseas records by allowing access to foreign bank or business records by serving subpoenas on foreign bank branches located in the United States regardless of bank secrecy or data privacy laws in the foreign jurisdictions; (iv) create a framework to use and protect classified information in civil kleptocracy-related cases; and (v) extend the time period in which the United States can restrain property based on a request from a foreign country from 30 to 90 days. The proposals pertaining to substantive corruption offenses would amend 18 U.S.C. § 666 (theft or bribery concerning programs receiving federal funds) to (i) expressly criminalize the corrupt offer or acceptance of payments to “reward” official action; and (ii) lower the dollar threshold for liability from $5,000 to $1,000 to address cases where the dollar amount may be low but threat to the integrity of a government function is high.
CFPB Issues Proposed Rule Seeking to Prohibit Mandatory Arbitration Clauses
On May 5, the CFPB released a highly anticipated proposed rule that would ban covered providers of most financial consumer products and services from including mandatory pre-dispute arbitration clauses in future consumer agreements. In addition, the proposed rule would require a covered provider involved in arbitration pursuant to a pre-dispute arbitration agreement to submit specified arbitral records to the CFPB. Following its March 2015 Arbitration Study, the CFPB asserts that the proposed rule would (i) protect consumers’ right to seek justice and relief in court; (ii) deter companies from violating the law, claiming “attention on the practices of one company can affect or influence their business practices and the business practices of other companies more broadly”; and (iii) increase transparency by requiring companies that use arbitration clauses to submit to the CFPB any claims filed or awards issued in arbitration.
The CFPB officially announced its proposed rule during a May 5 field hearing in Albuquerque, New Mexico. In his opening remarks at the field hearing, CFPB Director Cordray opined that, “[i]f arbitration truly offers the benefits that its proponents claim, such as providing a less costly and more efficient means of dispute resolution, then it stands to reason that companies will continue to make it available.” Opponents of the proposal argue that, among other things, by requiring companies to insert language into arbitration clauses that explicitly states the clauses cannot be used to stop consumers from being part of a class action, the CFPB is, in fact, placing a de facto ban on arbitration. In a U.S. Chamber post, Executive Director of Center for Capital Markets Competitiveness Travis Norton, who was present at the CFPB’s field hearing, reasoned that companies can only bear the costs of arbitration because they do not simultaneously have to defend themselves in class actions, writing that “[n]o economically rational company (or individual) is going to spend additional money voluntarily [on arbitration] when it is forced to pay millions in litigation costs imposed by the broken class action system.”