InfoBytes Blog

DOJ Announces Latest FCPA Action Related To Nigerian Gas Pipeline Project

On December 10, the DOJ announced that a German engineering and services company agreed to resolve charges that it violated the FCPA by bribing government officials of the Federal Republic of Nigeria to obtain and retain contracts related to the Eastern Gas Gathering System (EGGS) project. The settlement is the most recent of several related to that project, and the charges are based on activities that occurred over a three-year period beginning a decade ago. In a criminal information filed in the U.S. District Court for the Southern District of Texas, the DOJ charged that the company, as part of a joint venture, conspired to make corrupt payments totaling more than $6 million to Nigerian government officials to assist in obtaining and retaining contracts. Through the joint venture the companies submitted inflated bids to cover the cost of paying bribes to Nigerian officials. The company entered into a deferred prosecution agreement, in which it admitted to the alleged conduct, agreed to pay a $32 million penalty, and consented to enhance its internal controls and retain an independent corporate compliance monitor for at least 18 months.

FCPA Anti-Corruption DOJ

CFPB Releases Preliminary Results Of Ongoing Arbitration Study

On December 12, the CFPB published the preliminary results of its ongoing study of arbitration agreements in consumer finance contracts. Section 1028(a) of the Dodd-Frank Act directs the CFPB to study the use of pre-dispute arbitration contract provisions, and preconditions the CFPB’s exercise of rulemaking authority regarding arbitration agreements on a finding that the regulation is “in the public interest and for the protection of consumers.” The CFPB commenced its arbitration study in early 2012, and expanded its review this year with a proposal to survey credit card holders, and by exercising its authority under Dodd-Frank Act Section 1022 to order some companies to provide template consumer credit agreements, as Director Cordray indicated during a September House Financial Services hearing.

The CFPB reports the following preliminary results, among others:

• Larger banks are more likely to include arbitration clauses in their credit card contracts and checking account contracts than smaller banks and credit unions.
• Just over 50% of credit card loans outstanding are subject to arbitration clauses, while 8% of banks, covering 44% of insured deposits, include arbitration clauses in their checking account contracts.
• Arbitration clauses are prevalent across the general purpose reloadable (GPR) prepaid card market, with arbitration clauses appearing in the cardholder contracts for 81% of GPR prepaid cards studied by the CFPB.
• Class action waivers are ubiquitous, appearing in approximately 90% of arbitration provisions.
• A minuscule number of consumers exercise contract carve-outs permitting disputes to be pursued in small claims courts, while credit card issuers are “significantly more likely” to sue consumers in small claims court.

The CFPB did not consider specific policy options at this stage. However, the report outlines numerous additional steps the CFPB plans to take as part of its arbitration study, which may expand to include other financial product markets. For example, in response to stakeholder comments, the CFPB is revising a prior proposal to conduct a survey of consumers that addresses consumer awareness of arbitration clauses and consumer perceptions of and expectations about formal dispute resolution. The CFPB also intends to assess the possible impact of arbitration clauses on the price of consumer financial products. Finally, the CFPB is examining the interrelationship between public enforcement and private aggregate enforcement (i.e., class actions) by conducting an empirical analysis of the types of cases brought by public and private actors, and the relationship between any actions against the same defendants or challenging similar conduct. The report does not provide anticipated timelines for these or any of the other future steps the Bureau describes.

Credit Cards CFPB Arbitration Class Action Prepaid Cards Deposit Products Retail Banking

CFPB Announces Healthcare Credit Card Enforcement Action Over Deferred-Interest Financing

On December 10, the CFPB released a consent order with a federal savings association, pursuant to which the bank will refund approximately $34 million to more than one million credit card holders who were enrolled in deferred-interest financing for healthcare services. The order does not include a civil penalty. The deferred-interest action is the first public action taken by the CFPB since it promised to scrutinize such products in its October credit card report.

The product at issue typically is offered by healthcare providers who offer personal lines of credit for healthcare services, including medical, dental, cosmetic, vision, and veterinary care. The CFPB alleges that the bank failed to sufficiently train healthcare providers to deliver material information about deferred-interest promotional periods associated with the credit cards, which led to consumers being misled during the enrollment process.  The CFPB further claimed that healthcare providers improperly completed applications and submitted them on behalf of consumers, failed to provide consumers with copies of the credit card agreement, and, where disclosures were provided, those disclosures failed to adequately explain the deferred-interest promotion.

In addition to consumer redress, the order mandates certain terms of the bank’s contracts with medical providers offering the healthcare credit card. For example, the bank must incorporate specific “transparency principles” into its agreements with healthcare providers, and the contracts must prohibit certain charges. The bank also must enhance disclosures provided with the card application and billing statements, and improve training for healthcare providers offering the card. In addition, the order details consumer complaint resolution requirements, and prohibits certain incentive arrangements and paid endorsements. To date, the CFPB has not released the attachments to the consent order, which include, among other things, the transparency principles and disclosures.

The New York Attorney General entered into a similar agreement with the bank earlier this year. Under that agreement, the bank was likewise required to add a set of transparency principles to provider contracts to ensure that card terms were described accurately and to revise promotional interest rate options and other disclosures to better inform consumers’ use of the card.

Credit Cards CFPB Vendors Enforcement

Special Alert: Federal Reserve Board Guidance on Managing Outsourcing Risks Mirrors Recent OCC Guidance

On December 5, 2013, the Federal Reserve Board (FRB or the Fed) issued Supervision and Regulation Letter 13-19, which details and attaches the Fed’s Guidance on Managing Outsourcing Risk  (FRB Guidance).  The FRB Guidance sets forth risks arising out of the use of service providers and the regulatory expectations relating to risk management programs. It is substantially similar to OCC Bulletin 2013-29, which the Office of the Comptroller of the Currency (OCC) issued on October 30, 2013.

The FRB Guidance supplements existing guidance relating to risks presented by Technology Service Providers (TSPs) to reach service providers that perform a wide range of business functions, including, among other things, appraisal management, internal audit, human resources, sales and marketing, loan review, asset and wealth management, procurement, and loan servicing.

While a complete roadmap of the FRB Guidance would be largely duplicative of our recent Special Alert relating to the OCC Bulletin 2013-29, key supervisory and enforcement themes emerge from a comparison of the two guidance documents.  Like the OCC, the Fed signals broadly that failure to effectively manage the use of third-party service providers could “expose financial institutions to risks that can result in regulatory action, financial loss, litigation, and loss of reputation.” The Fed also emphasizes the responsibility of the Board of Directors and senior management to provide for the effective management of third-party relationships and activities.  It enumerates virtually the same risk categories as the OCC, including compliance, concentration, reputational, operational, country, and legal risks, though its discussion of those risks is slightly less comprehensive.

The FRB Guidance makes clear that service provider risk management programs should focus on outsourced activities that are most impactful to the institution’s financial condition, are critical to ongoing operations, involve sensitive customer information, new products or services, or pose material compliance risk. While the elements comprising the service provider risk management program will vary with the nature of the financial institution’s outsourced activities, the Fed’s view is that effective programs usually will include the following:

• Risk assessments: Institutions should evaluate the implications of performing an activity in-house versus having the activity performed by a service provider and also consider whether outsourcing an activity is consistent with the strategic direction and overall business strategy of the organization. This section of the FRB Guidance closely aligns with the section titled “Planning” in OCC Bulletin 2013-29.

• Due diligence and selection of service providers: Institutions should address the depth and formality of due diligence of prospective service providers consistent with the scope, complexity, and importance of the planned outsourcing arrangement. The Fed emphasizes processes designed to diligence a potential service provider’s (i) business background, reputation, and strategy; (ii) financial performance and condition; and (iii) operations and internal controls. This section is less detailed, but nonetheless consistent with the section titled “Due Diligence and Third-Party Selection” in OCC Bulletin 2013-29.

• Contract provisions and considerations: Service provider contracts should cover certain topics, including, but not limited to: (i) the scope of services covered; (ii) cost and compensation; (iii) right to audit; (iv) performance standards; (v) confidentiality and security of information; (vi) indemnification; (vii) default and termination; (viii) limits on liability; (ix) customer complaints; (x) business resumption and contingency plan of the service provider; and (xi) use of subcontractors. The key provisions noted generally mirror the “Contract Negotiation” section of OCC Bulletin 2013-29.

• Incentive compensation review: Institutions should establish an effective process to review and approve any incentive compensation arrangements that may be embedded in service provider contracts to avoid encouraging “imprudent” risk-taking. While OCC Bulletin 2013-29 does not break out incentive compensation as a separate program feature (it is included among factors to be considered in due diligence and selection), it does identify the need for banks to review whether fee structure and incentives would create burdensome upfront fees or result in inappropriate risk-taking by the third party or the bank.

• Oversight and monitoring of service providers: Institutions should set forth the processes for measuring performance against contractually-required service levels and key the frequency of performance reviews to the risk profile of the service provider. This section of the FRB Guidance, consistent with the “Ongoing Monitoring” section of OCC Bulletin 2013-29, also recommends the creation of escalation protocols for underperforming service providers and monitoring of service provider financial condition and internal controls, which may also trigger escalation if the service provider’s financial viability or adequacy of its control environment are compromised during the course of the relationship.

• Business continuity and contingency plans: Institutions should develop plans that focus on critical services and consider alternative arrangements in the event of an interruption. The Fed specifically notes that financial institutions should: (i) ensure that a disaster recovery and business continuity plan exists with regard to the contracted services and products; (ii) assess the adequacy and effectiveness of a service provider’s disaster recovery and business continuity plan and its alignment to their own plan; (iii) document the roles and responsibilities for maintaining and testing the service provider’s business continuity and contingency plans; (iv) test the service provider’s business continuity and contingency plans on a periodic basis to ensure adequacy and effectiveness; and (v) maintain an exit strategy, including a pool of comparable service providers. Notably, OCC Bulletin 2013-29 addresses business continuity and contingency plans under third-party risk management, rather than as separate program features.

Finally, the FRB Guidance notes a number of “additional risk considerations” not singled out by OCC Bulletin 2013-29, which cover: (i) confidentiality of Suspicious Activity Report (SAR) reporting functions; (ii) compliance by foreign-based service providers with U.S. laws, regulations, and regulatory guidance; (iii) prohibitions against outsourcing internal audit functions in violation of Sarbanes-Oxley; and (iv) alignment of outsourced model risk management with existing Fed Guidance on Model Risk Management (SR 11-7).

Questions regarding the matters discussed in this Alert may be directed to any of our lawyers listed below, or to any other BuckleySandler attorney with whom you have consulted in the past.

• Jeffrey P. Naimon, (202) 349-8030
• Christopher M. Witeck, (202) 349-8051
• Elizabeth E. McGinn, (212) 600-2370
• Jon David Langlois, (202) 349-8045

Federal Reserve OCC Bank Compliance Vendors Bank Supervision

CFPB Finalizes "Larger Participant" Rule For Student Loan Servicing, Updates Exam Procedures

On December 3, the CFPB issued a final rule that will allow the Bureau to supervise certain nonbank student loan servicers for the first time. The CFPB already oversees student loan servicing at the largest banks. The new rule will allow the Bureau to also oversee “larger participants” in federal and private loan servicing, defined as any nonbank student loan servicer that handles more than one million borrower accounts. The Bureau estimates that its final rule will allow supervision of the seven largest student loan servicers, responsible for servicing the loans of more than 49 million borrower accounts. The final rule takes effect on March 1, 2014.

Several commenters to the Bureau’s initial proposal requested further clarification of what constitutes an “account.” The final rule, like the proposed rule issued on March 28, 2013, considers each separate stream of fees to which a servicer is entitled for servicing post-secondary education loans with respect to a given student or prior student to be an account. Commenters also requested further clarification of the inclusions and exclusions implicit in this definition. The Bureau declined to make any substantive changes and instead adopted its proposed definitions with only technical changes.

The final rule does adopt several adjustments to the proposed definition of “student loan servicing.” The Bureau changed the proposed definition to address comments related to the use of a lockbox and similar services, agreeing that the function of merely receiving and remitting payments without handling borrowers’ accounts should not itself be considered “student loan servicing” for purposes of the final rule. The final rule also further clarifies that the purpose of an interaction with a borrower is important for determining whether it is “student loan servicing” and that activities to prevent default arising from post-secondary education loans are only included if conducted to facilitate the core servicing activities identified in the definition of “student loan servicing.” In addition, the Bureau adjusted the clause of the definition that addresses periods when payments are not required on the loan to make clear that it intends the clause to apply during all periods when no payment is required on a loan, including, for example, periods of forbearance.

The Bureau did not receive any objections to the proposed method of aggregating accounts of affiliated companies for the purpose of calculating volume and therefore adopts the aggregation method as proposed. The final rule also adopts the proposed threshold of one million accounts for the student loan servicing market, despite numerous comments requesting an alternate threshold for qualifying entities as “larger participants.”

On the same date, the CFPB released updated student loan examination procedures, which the Bureau revised to account for examination of nonbank servicers under the larger participant rule. In addition, the revised procedures prepare examiners to identify potential violations outside of consumer financial service laws applicable to servicers and administered by the CFPB, including potential violations of certain Servicemember Civil Relief Act (SCRA) requirements. The procedures also were revised to emphasize student loan servicing transfer and repayment issues, two issues the CFPB has highlighted as areas of concern over the past year.

CFPB Nonbank Supervision Student Lending

ACLU Seeks FHFA Documents On Eminent Domain Analysis

On December 5, ACLU-affiliated entities and borrower advocacy groups filed a lawsuit in the Northern District of California seeking to compel FHFA to produce “all [FHFA] records pertaining to the use of eminent domain to purchase mortgages.” Alliance of Californians for Community Empowerment v. Fed. Hous. Fin. Agency, No. 13-5618 (N.D. Cal. Dec. 5, 2013). Specifically, the plaintiffs seek to compel FHFA to respond to a FOIA request that demanded, among other things, (i) all communications and records of meetings between FHFA leadership and financial services industry trade associations and individual companies; (ii) all FHFA records regarding the City of Richmond’s proposal to seize certain mortgages; and (iii) all studies and analyses of the impact of eminent domain or principal reduction proposals relied upon by FHFA in support of materials it released in August 2013 outlining potential actions the agency could take in response to local efforts to employ eminent domain to seize mortgages. The complaint details the organizations’ position on eminent domain as a tool to implement principal reduction, which the organizations complain FHFA has improperly failed to pursue on its own. The request and complaint suggest that FHFA’s eminent domain position was unduly influenced by the financial services industry and “is advancing the interests of Wall Street firms at the expense of the nation’s homeowners.” This latest challenge of FHFA’s positions on eminent domain and principle reduction precede, potentially by days, an anticipated vote to confirm Representative Mel Watt (D-NC) to serve as FHFA Director.

FHFA Eminent Domain

Sixth Circuit Rejects HUD Test For RESPA Affiliated Business Safe Harbor

On November 27, the U.S. Court of Appeals for the Sixth Circuit held that HUD’s supplemental ten factor test for determining whether RESPA’s affiliated business arrangements safe harbor applies is not entitled to deference or persuasive weight, and determined that a real estate agency and its affiliated title servicers companies satisfied RESPA’s statutory affiliated business arrangements safe harbor provision. Carter v. Welles-Bowen Realty, Inc., No. 10-3922, 2013 WL 6183851 (6th Cir. Nov. 27, 2013). On behalf of a putative class, a group of homebuyers who used a real estate agency’s settlement services claimed that the agency and two title services companies violated RESPA’s referral fee prohibition. The agency and title companies asserted that they satisfied RESPA’s affiliated business arrangements safe harbor provision because (i) they disclosed the arrangement to the homebuyers, (ii) the homebuyers were free to reject the referral, and (iii) the companies only received a return from the referral through their ownership interest. The homebuyers countered that the companies must also demonstrate that they were bona fide providers of settlement services under HUD’s ten factor test for distinguishing sham business arrangements, which HUD established in a 1996 policy statement. A district court granted summary judgment in favor of the companies, finding that HUD’s ten factor test was void for unconstitutional vagueness. On appeal, the Sixth Circuit affirmed but on different grounds. The Sixth Circuit held that HUD’s policy statement is not entitled to Chevron or Skidmore deference because the statement provides only ambiguous guidelines HUD intends to consider rather than HUD’s interpretation of the statute. As a result, the companies’ compliance with the three conditions set out in the statute sufficed to obtain the exemption under the affiliated business safe harbor provision. The Sixth Circuit noted that “a statutory safe harbor is not very safe if a federal agency may add a new requirement to it through a policy statement.”

HUD Class Action RESPA

Fifth Circuit Holds State AG Credit Card Add-On Suit Not Subject To Federal Jurisdiction

On December 2, the U.S. Court of Appeals for the Fifth Circuit held that a set of parens patriae suits filed by the Mississippi Attorney General (AG) against credit card issuers is not subject to federal jurisdiction under the Class Action Fairness Act (CAFA) or National Bank Act (NBA) preemption. Hood v. JP Morgan Chase & Co., No. 13-60686, 2013 WL 6230960 (5th Cir. Dec. 2, 2013). The consolidated appeal involves cases originally filed by the AG in state court against six credit card issuers for allegedly violating the Mississippi Consumer Protection Act in connection with the marketing, sale, and administering of certain ancillary products, including payment protection plans. After the card issuers removed the cases, a federal district court denied the state’s motion to remand, holding that it had subject matter jurisdiction because: (i) the cases were CAFA mass actions; (ii) the NBA (and the Depository Institutions Deregulation and Monetary Control Act for one state-chartered bank defendant) preempted some of the state law claims; and (iii) it had supplemental jurisdiction over the remaining state law claims. The Sixth Circuit disagreed and held that the card issuers failed to prove that any card holder met CAFA’s individual amount in controversy requirement, rejecting the issuers’ argument that the state is the real party in interest and its claims for restitution and civil penalties exceed the threshold. The court also rejected the issuers’ argument—and the district court’s holding—that the payment protection plans were part of the loan agreement and the fees associated with the plans constitute “interest,” such that the state’s challenge to the plans was an implicit usury claim preempted by the NBA. Instead, the court held that while the plans could conceivably fit within the definition of “interest,” there is no clear rule on this subject that demands removal. Moreover, the court held that even if the payment protection plan fees are “interest,” the claims still would not be preempted because the state does not allege that the issuers charged too much interest, but rather challenges the alleged practice of improperly enrolling customers in the plans. The court reversed the district court and remanded for further proceedings consistent with its opinion.

Credit Cards State Attorney General Ancillary Products

Sixth Circuit Holds Servicers Exempt from TILA Liability

On November 26, the U.S. Court of Appeals for the Sixth Circuit held that mortgage servicers are exempted from TILA liability, despite recent amendments to the statute. Marais v. Chase Home Fin. LLC, No. 12-4248, 2013 WL 6170977 (6th Cir. Nov. 26, 2013). A borrower had alleged that her servicer violated TILA by failing to properly respond to her written request for information regarding her loan. The Sixth Circuit rejected the borrower’s argument that amendments to TILA as part of the Helping Families Save Their Homes Act of 2009 created a cause of action against mere servicers, and held that servicers who are not creditors or creditor assignees are expressly exempt from TILA liability.  The court, however, held that the servicer could be liable under RESPA for damages caused by its purported deficient response to the borrower’s request for information.

TILA Mortgage Servicing RESPA

Seventh Circuit Holds TCPA Does Not Preempt State Law Banning Robocalls

On November 21, the U.S. Court of Appeals for the Seventh Circuit held that the federal Telephone Consumer Protection Act (TCPA) does not preempt an Indiana statute that bans most robocalls without exempting calls that are not made for a commercial purpose. Patriotic Veterans, Inc. v. State of Indiana, No. 11-3265, 2013 WL 6114836 (7th Cir. Nov. 21, 2013). A not-for-profit Illinois corporation seeking to use automatically dialed interstate phone calls to deliver political messages to Indiana residents sought a declaration that the Indiana Automated Dialing Machine Statute (IADMS) violates the First Amendment, at least as it applies to political messages, and also is preempted by the TCPA, which expressly exempts non-commercial calls such as political calls from the TCPA’s regulation of autodialers. Overturning the district court’s decision, the Seventh Circuit found that the Indiana statute is not expressly preempted by the TCPA because the plain language of the TCPA’s savings clause states that the federal law does not preempt any state law that prohibits the use of automatic telephone dialing systems and, even if the IADMS is considered a regulation of, rather than a prohibition on, the use of autodialers, the savings clause does not at all address state laws that impose interstate regulations on their use. The court further found that the IADMS is not impliedly preempted by the TCPA because it is possible to comply with the state statute without violating the TCPA, the state statute furthers the TCPA’s purpose of protecting the privacy interests of residential telephone subscribers, and Congress did not intend to create field preemption when it enacted the TCPA. The court, however, remanded the case to the district court to consider whether the statute violates the First Amendment.

TCPA Privacy/Cyber Risk & Data Security Appellate Seventh Circuit Autodialer