Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • Federal Register Publishes CFPB Notice to Renew the Approval for the Existing Collection, "Consumer Leasing Act (Regulation M)"

    Consumer Finance

    On May 4, the Federal Register published the CFPB’s notice and request for comment, “Consumer Leasing Act (Regulation M) 12 CFR 1013.” The CFPB is requesting to renew the approval of Regulation M without change. Consumers depend on Regulation M to shop for and compare leases, and, under Regulation M’s recordkeeping requirement, federal and state enforcement agencies are able to determine whether consumers receive accurate and complete disclosures of loan costs. Comments regarding the renewal of Regulation M are due on or before July 6, 2015.

    CFPB Consumer Leasing Act

  • OCC Comptroller Curry Delivers Remarks on Easing Regulatory Burdens on Small Banks

    Consumer Finance

    On May 4, OCC Comptroller Thomas J. Curry delivered remarks at the third outreach meeting held under the Economic Growth and Regulatory Paperwork Reduction Act (EGRPRA) in Boston. Acknowledging that smaller banks lack compliance resources as compared to larger institutions, Curry noted that the agency is working with the FFIEC to remove the outdated and onerous regulatory requirements currently imposed on the institutions: “If it is clear that a regulation is unduly burdensome, and if we have the authority to make changes to eliminate that burden, we will act.” With respect to regulatory requirements that call for legislative action, Curry emphasized that the agency is working with Congress to eliminate the unnecessary burdens. In this regard, the agency has presented lawmakers with three specific proposals to remove regulatory burden on smaller banks: (i) raise the asset threshold from $500 million to $750 million so that a greater number of community banks qualify for the 18-month examination cycle; (ii) provide a community bank exemption from the Volcker Rule; and (iii) provide greater flexibility to federal savings associations to change and expand their business strategies without changing their governance structure.

    OCC Community Banks

  • FinCEN Resolves First Enforcement Action Against Virtual Currency Exchange

    Fintech

    On May 5, a virtual currency company and its subsidiary agreed to pay a $700,000 civil money penalty for violating multiple provisions of the Bank Secrecy Act (BSA), in which both companies acted as a money service business and seller of virtual currency without properly registering with FinCEN, as well as, failed to implement and maintain an adequate anti-money laundering (AML) program. Furthermore, according to a Statement of Facts and Violations, FinCEN also charged the subsidiary for not filing or untimely filing suspicious activity reports related to several financial transactions. In addition to the civil money penalty, terms of the agreement require both companies to, among other things, (i) engage in remedial steps to ensure future compliance with AML statutory obligations; and (ii) enhance their current internal measures for compliance with the BSA. In a separate DOJ announcement, both companies entered into a settlement agreement to resolve potential criminal charges with the U.S. Attorney’s Office in the Northern District of California. Under terms of the DOJ settlement, both companies agreed to forfeit a total of $450,000, which will be credited to satisfy FinCEN’s $700,000 penalty, in exchange for the government not criminally prosecuting the companies for the aforementioned conduct.

    Anti-Money Laundering FinCEN Bank Secrecy Act Enforcement

  • FinCEN Eyes Real Estate Industry For Money Laundering Concerns

    Federal Issues

    On May 6, FinCen Director Jennifer Calvery delivered remarks at the West Coast AML Forum, highlighting the agency’s increased focus to ensure transparency within the U.S. financial system. In her remarks, Calvery addressed concerns about potential money laundering activities in the real estate market, particularly for persons involved in real estate closings and settlements. The continued use of shell companies by criminals to purchase luxury residential real estate is of particular concern. Of note, Calvery referenced prior FinCEN efforts to define the scope of BSA obligations involving real estate closings and settlements, and that it has thus far deferred issuing rules likely to cover settlement and closing attorneys and agents, appraisers, title search and insurance companies, escrow companies, and possibly mortgage servicers and corporate service providers until it better identifies the money laundering risks and activities involved. Calvery also described criminal organizations’ use of third-party money launderers, such as accountants or attorneys, to obtain access to U.S. financial institutions, stating “[FinCEN] cannot permit institutions and their associated [third-party money launderers] to act as gateways to the U.S. financial system for criminal and other bad actors.” Calvery also provided an update on FinCEN’s current efforts to address beneficial ownership and ensure BSA compliance in the virtual currency market using the recent Ripple enforcement action as an example.

    Anti-Money Laundering FinCEN Bank Secrecy Act

  • OFAC Publishes Guidance Regarding Travel Between U.S. and Cuba, Releases Updated FAQs Regarding Cuba-Related Sanctions

    Federal Issues

    On May 5, OFAC issued new Guidance Regarding Travel Between the U.S. and Cuba, which provides information on the types of individuals and cargo that can be transported between the U.S. and Cuba by a licensed air carrier or commercial passenger vessel. With respect to individuals, the guidance addressed persons subject to U.S. jurisdiction, Cuban nationals, and other individuals, including foreign nationals, travelling on official government business.  The guidance regarding cargo addressed, among other things, alcohol and tobacco products.  In a separate announcement released on April 16 (and later updated on May 5), OFAC issued new and updated Frequently Asked Questions (FAQs) related to the Cuban Assets Control Regulations (CACR). The updated FAQs follow a January 15 announcement in which OFAC issued a final rule amending the CACR to reflect policy changes previously announced by President Obama in 2014.

    OFAC

  • NYDFS Grants First Charter to New York-Based Virtual Currency Company

    Fintech

    On May 7, NYDFS granted its first charter to a New York-based commercial Bitcoin exchange. In February, the company requested a charter under the NYDFS’s application process, which included a thorough review of the company’s anti-money laundering, capitalization, consumer protection, and cyber security standards. Under the New York Banking Law, the company can start its operations immediately, but is subject to continual supervision by the NYDFS.  Indeed, Superintendent Lawsky noted, “regulation will ultimately be important to the long-term health and development of the virtual currency industry.”

    Virtual Currency NYDFS

  • Illinois Crackdown on Companies Targeting People Struggling to Repay Student Loans Continues

    Consumer Finance

    On May 4, Illinois AG Lisa Madigan’s office announced that it filed five lawsuits against companies that allegedly scammed borrowers into paying hundreds to thousands of dollars in upfront fees with the false hope that they would be paying off student loan debt or have the debt forgiven entirely. The lawsuits allege that the companies violated the 2010 Illinois Debt Settlement Consumer Protection Act, which bans companies from charging upfront fees for services that claim to settle debt. According to the lawsuits’ allegations, the companies falsely advertised that they could stop wage garnishments, reduce monthly payments, and remove default statuses. In addition to the allegations under the Debt Settlement Consumer Protection Act, the companies are being charged with violations of the Illinois Consumer Fraud and Deceptive Business Practices Act, and the Credit Services Organizations Act. The May 4 lawsuits follow the Illinois AG office’s July 2014 suits against two companies for violations of the same three acts.

    Student Lending

  • Indiana Enacts Servicemembers Civil Relief Act

    Consumer Finance

    On May 4, Indiana Governor Michael Pence signed H.B. 1456 into law, amending the state’s civil relief act to include protections for servicemembers under the federal Servicemembers Civil Relief Act (SCRA). The legislation also requires the Indiana National Guard provide both active and reserve members a list that details the rights a servicemember or a dependent of a servicemember are entitled to under the state and federal SCRA. The law will take effect on July 1, 2015.

    Servicemembers SCRA U.S. House

  • Second Circuit Rules National Security Agency's Collection of Phone Data Unlawful Under USA PATRIOT Act

    Privacy, Cyber Risk & Data Security

    In ACLU et al. v. Clapper et al., No. 14-42-CV, --- F.3d ----, 2015 WL 2097814, (2d Cir. May 7, 2015), the Second Circuit reversed a lower court’s ruling that the NSA’s bulk collection of phone data can be lawfully conducted under the USA Patriot Act. The district court had dismissed the ACLU’s complaint, holding that the program was authorized under the Patriot Act. The Second Circuit vacated that ruling and remanded the matter back to the District Court. 

    In remanding the matter back to the district court, the Court held “the district court erred in ruling that § 215 [of the USA Patriot Act] authorizes the telephone metadata collection program, and instead hold that the telephone metadata program exceeds the scope of what Congress has authorized and therefore violates § 215.” Id. at *33.  The Court found that “[s]uch expansive development of government repositories of formerly private records would be an unprecedented contraction of the privacy expectations of all Americans.”  Id. at *25. Because the Court decided the issue on statutory grounds, it declined to determine the constitutionality of the program.  Id. at *1, *31. Although the Second Circuit vacated the lower court judgment, it fell short of stopping the program and affirmed the District Court’s denial of a request for a preliminary injunction, given that parts of Section 215 were set to expire on June 1, 2015.  Id. at *32.

    Patriot Act

  • Spotlight on Vendor Management: "Brother's Keeper" Enforcement Pattern Becoming the Norm

    Consumer Finance

    Elizabeth-McGinn-webTwo regulatory enforcement matters announced in April offer a view into the current mindset of regulators in the ever-evolving world of vendor management.  First, the Federal Communications Commission (FCC) announced a $25 million settlement with a telecommunications carrier related to the unauthorized release of personal information of more than a quarter-million customers.  The identified cause of the data breach were employees of the carrier’s service providers based in Mexico, Columbia, and the Philippines, who confessed to selling customer information to unauthorized third parties.  In holding the carrier responsible, the FCC issued its largest data security enforcement action to date.  Although severe in its punishment, the FCC action did not break new ground, as regulators have shown an increasing willingness in recent years to assess monetary penalties against supervised institutions for legal violations committed by vendors.

    “This approach is entirely consistent with the FCC’s past enforcement actions related to data security breaches, as well as those of other regulatory bodies where consumer harm has resulted,” advises Elizabeth McGinn, Partner in the D.C. office of BuckleySandler.  “In the current environment, virtually every regulator has made accountability a fundamental axiom of its vendor management guidance.”   

    In the second action, the Consumer Financial Protection Bureau (CFPB) announced that it had filed a lawsuit in the United States District Court for the Northern District of Georgia in connection with an allegedly illegal debt collection operation whereby a group of individuals and companies based in New York and Georgia attempted to collect debts that consumers did not owe or that collectors were not authorized to collect.  Specifically, the collectors allegedly placed “robo-calls” to millions of consumers stating that the consumers had engaged in check fraud and threatening them with legal action if they did not provide payment information. The CFPB asserts that, as a result, the debt collectors received millions of dollars in profits from the targeted consumers.

    In addition, several service providers were named as defendants in the case because, according to the CFPB, the illegal scheme depended upon the participation of the service providers.  Specifically, the CFPB charged payment processors and a telephone broadcast provider hired by the debt collectors, because these service providers, in pertinent part, (i) “failed to conduct reasonable due diligence to detect unlawful conduct,” which helped to facilitate millions of dollars in ill-gotten profits, and (ii) transmitted robo-call messages created by the debt collectors that the service providers “knew or should have known … contributed to unlawful debt collection.”

    “The CFPB is holding the vendors accountable in this case on the theory that the vendors had a duty to vet the business practices used by the debt collectors to determine if they were unfair or deceptive or violate the debt collections laws,” according to Moorari Shah, Counsel in BuckleySandler’s Los Angeles office. “Having to take responsibility for another entity’s wrongdoing is likely a wake-up call for many vendors, but the CFPB has now shown on several occasions that it intends to cast a wide net when it comes to protecting consumers from unwarranted harm, including over entities that may not have known they were subject to this type of supervision.”

    The bottom line:  Compliance continues to be a significant outsourcing challenge for regulated institutions and their service providers.  Thorough due diligence and ongoing oversight are becoming an imperative to avoid guilt-by-association predicaments such as was the case in the recent FCC and CFPB actions.

    McGinn and Shah suggest the following steps supervised institutions and service providers can take to adapt and comply with a rapidly changing regulatory and enforcement environment:

    • Commit to developing or enhancing compliance management systems to:
      • Establish compliance responsibilities;
      • Communicate those responsibilities to employees;
      • Ensure that responsibilities for meeting legal requirements and internal policies are incorporated into business processes;
      • Review operations to ensure responsibilities are carried out and legal requirements are met; and
      • Take corrective action and update tools, systems, and materials;
    • Review written policies and procedures including responsibilities for documenting compliance-related activities and regular reporting to senior management and the board of directors;
    • Monitor training for service provider employees to ensure that contractual responsibilities align with operational realities, including procedures to identify legal and regulatory issues for escalation and resolution;
    • Conduct regular on-site compliance audits of service provider operations, and proactively address issues discovered when reviewing service provider controls, performance, and information systems; and
    • Dedicate sufficient resources and personnel to vendor management and compliance activities especially with respect to pre-contract due diligence and ongoing monitoring during the term of the contract.

    As data security, privacy, and vendor management issues continue to intersect, there are a number of new focal points that will be particularly relevant to service providers. 

    CFPB Vendors FCC Elizabeth McGinn

Pages

Upcoming Events