InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Bankruptcy judge approves Lehman’s motion to add indemnity claims against mortgage sellers
It has been reported that during a hearing on October 29, a judge for the U.S. Bankruptcy Court for the Southern District of New York approved Lehman Brothers Holdings, Inc.’s motion to amend and extend indemnification claims brought against mortgage sellers, allowing Lehman to include an additional $2.45 billion in residential mortgage-backed securities (RMBS) allowed claims from settlements reached earlier this year. As previously reported by InfoBytes, these claims had not yet accrued when the original order was entered pursuant to Federal Rule of Bankruptcy Procedure 9024. Lehman’s prior claims addressed indemnification claims held against roughly 3,000 counterparties involving more than 11,000 mortgage loans related to litigation settlements reached with Fannie Mae and Freddie Mac.
According to the report, the judge stated her decision to allow the amendments will not delay litigation, nor abridge defendants’ rights, as discovery has not yet commenced. The judge’s decision further requires the parties to reach an agreement concerning an alternative dispute resolution regarding the claims.
FTC to hold public hearings on consumer privacy and data security; focus will address data security enforcement program
On October 26, the FTC announced it will hold four days of public hearings in December 2018 and February 2019 to examine the Commission’s authority to deter unfair and deceptive conduct in data security and privacy matters as part of its broader series of hearings on “Competition and Consumer Protection in the 21st Century.” According to the FTC, these hearings (i) “will provide the first comprehensive re-examination of the FTC’s approach to consumer privacy since 2012,” and (ii) “will provide an opportunity to reexamine the Commission’s work in light of changing technologies, legal regimes, and business models.”
The FTC will continue to accept public comments through March 13, 2019, regarding items to be discussed at the February 2019 hearing. As previously covered by InfoBytes, a coalition of bipartisan state Attorneys General submitted a comment letter to the FTC last August requesting that they be included in the discussions regarding consumer protection during the Commission’s hearing process. Specifically, the letter emphasized the states’ “long history of protecting consumers from unfair and deceptive practices” under each state’s consumer protection authority, and noted consumers’ concerns over personal information and data security.
OFAC targets Singaporean persons for assisting North Korea in evading U.S. sanctions
On October 25, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced that it made three additions to the Specially Designated Nationals (SDNs) List pursuant to Executive Order 13551, which empowers the United States to block the property of certain persons with respect to North Korea. OFAC said the decision was designed to reinforce the U.S.’s ongoing “commitment to safeguard the international financial system and implement existing UN Security Council [ ] resolutions.” OFAC’s additions identify one Singaporean individual and two Singapore-based entities found to have helped North Korea evade U.S. sanctions—either directly or indirectly—by allegedly engaging in money laundering, counterfeiting goods or currency, smuggling bulk cash, trafficking narcotics, or engaging in other forms of illicit economic activity involving or supporting the North Korean government or any senior official. As a result, all assets belonging to the identified individual and entities subject to U.S. jurisdiction are blocked, and U.S. persons are generally prohibited from engaging in transactions with them.
In a related action, the DOJ unsealed a federal indictment against the Singaporean individual who was charged with fulfilling millions of dollars in commodities contracts for North Korea and defrauding several financial institutions in hiding those illicit transactions using international front companies, including entities previously identified as SDNs for supporting the North Korean regime’s illicit activities. The indictment’s charges include conspiracies to (i) violate international sanctions; (ii) commit bank fraud; (iii) commit money laundering; and (iv) defraud the U.S. The charges also include counts of bank fraud and money laundering.
See here for previous InfoBytes coverage on North Korean sanctions.
NYDFS updates cybersecurity FAQs to address use of utilization review agents
On October 25, NYDFS provided a new update to its answers to FAQs relating to 23 NYCRR Part 500, which took effect March 1, 2017, and establishes cybersecurity requirements for banks, insurance companies, and other financial services institutions. The original promulgation of the FAQs was covered in Infobytes, as were the last updates in February, March, and August.
The new update states that when a covered entity uses an independent “Utilization Review” agent (UR agent) who receives nonpublic information, the covered entity should treat the UR agent as a third-party service provider in order to properly assess and address any potential risks to their data and systems. NYDFS emphasizes that covered entities bear the responsibility for these protections.
FTC approves final expanded settlement with global ride-sharing company over data breaches
On October 26, the FTC announced its final approval of an expanded settlement with a global ride-sharing company over allegations that the company violated the FTC Act by deceiving consumers regarding the company’s privacy and data practices. Specifically, the company allegedly failed to closely monitor and audit its employees’ internal access to consumer and driver data. Furthermore, the company represented to consumers and drivers that personal information stored in its databases were secure, but, according to the FTC, the company failed to implement reasonable measures to prevent unauthorized access to consumers and driver data maintained by the ride-sharing company’s third-party cloud service provider. In April, the FTC announced it would be expanding the original settlement from August 2017 (previously covered by InfoBytes here), which covered a 2014 data breach, because it was discovered the company failed to disclose a subsequent data breach that occurred in 2016 for more than a year, despite the on-going FTC investigation of the 2014 data breach.
The expanded final settlement subjects the company to civil penalties if it fails to notify the FTC of future incidents involving unauthorized access to data. The settlement also, among other things, requires the company to implement a comprehensive privacy program, including biennial third-party privacy assessments for 20 years.
NY AG sues jeweler for practices targeting servicemembers
On October 29, the New York Attorney General announced the filing of a complaint against a national jewelry store, headquartered in New York, for allegedly engaging in fraudulent and deceptive conduct, deceptive credit repair services, and illegal lending in the financing of jewelry sales to active duty servicemembers. Specifically, the complaint alleges the company targets active duty servicemembers through a purported charitable program in which military-themed teddy bears are sold with a promise of a charitable donation by the company. The company also sells patriotic and military-themed jewelry and offers financing through a program exclusively available to servicemembers. The financing program is marketed as a credit repair or credit-establishing opportunity through a different entity, but according to the complaint, the separate entity is merely an “alter-ego” of the jewelry company, a relationship which is not disclosed to servicemembers. The company markets the financing program to active duty servicemembers as a way to build credit scores to purchase other consumer goods, such as a motor vehicle; however, once a servicemember agrees to the program, the Attorney General alleges the company’s employees are instructed to “’sell’ enough product to maximize the amount of credit [the company] is willing to advance.” The amount of credit is allegedly based on the amount of time the servicemember has left in active service, not on traditional underwriting standards such as credit history. Additionally, the complaint alleges the company marks up poor-quality jewelry between 600 and 1,000 percent over the wholesale price and advertises a “per payday” price on the merchandise, which bears “little resemblance to the total amount paid by a consumer at the end of the financing contract.” Of special interest to all creditors doing business in New York, the complaint appears to include in its civil and criminal usury claims the concept that the effective interest rate was higher because the good being purchased had “inflated retail prices.” The complaint seeks civil money penalties, restitution, and injunctive relief.
Colorado appeals court holds second collection letter violated state debt collection law
On October 18, the Colorado Court of Appeals held that a debt collector’s second collection letter violated the Colorado Fair Debt Collection Practices Act (CFDCPA) requirement for proper notification of the consumer’s right to dispute and request validation of the debt, reversing the lower court’s ruling. According to the opinion, a consumer filed a complaint against the debt collector alleging the two letters she received violated the CFDCPA, and the lower court disagreed, granting summary judgment in favor of the debt collector. Upon review, the appeals court determined that the first letter contained all the disclosures required under the CFDCPA but that the debt collector’s second letter, which prominently used the bold and capitalized phrase "we cannot help you unless you call," overshadowed or contradicted the statutorily required disclosures made by the company in the first letter. Specifically, the court concluded that the second letter, which arrived within the thirty-day statutory period initiated by the first letter, was “capable of being reasonably interpreted by the least sophisticated consumer as changing the manner in which the consumer was required by law to dispute the debt” and is therefore deceptive or misleading in violation of the CFDCPA.
FDIC proposes to eliminate annual disclosure requirement for state nonmember banks
On October 25, the FDIC published a proposed rule in the Federal Register to rescind the annual disclosure requirement applicable to all state nonmember banks and insured state-licensed branches of foreign banks (collectively, “banks”). Specifically, the FDIC is proposing to eliminate 12 CFR Part 350, which, in general, required banks to prepare annual disclosure statements consisting of (i) required financial data comparable to specified schedules in the Call Reports filed for the previous two years; (ii) information that the FDIC may request, such as enforcement actions; and (iii) other information the bank chooses to disclose. According to the proposal, the FDIC has determined that the regulation is “outdated and no longer necessary,” because, with widespread access to the internet, information about the financial condition and performance of individual banks is now “reliably and directly offered to the public through the FDIC’s and the Federal Financial Institutions Examination Council’s (FFIEC) websites” in the form of Call Reports and Uniform Bank Performance Reports. This eliminates the need for the annual disclosure statement requirements. Similar disclosure requirements have already been rescinded in recent years by the Federal Reserve Board and OCC. Comments on the proposed rule must be received by November 26.
CFPB releases Remittance Rule assessment report
On October 26, the CFPB released an assessment report of its Remittance Rule, in accordance with the Dodd-Frank Act’s requirements that the Bureau conduct an assessment of each significant rule within five years of the rule’s effective date. The Bureau’s 2013 Remittance Rule (Rule), including its subsequent amendments, requires providers to (i) give consumers disclosures showing costs, fees and other information before they pay for a remittance transfer; (ii) provide cancellation and refund rights; and (iii) investigate disputes and remedy certain errors. The assessment was conducted using the Bureau’s own research and external sources. Key findings of the assessment include:
- Money services businesses (MSBs) conduct 95.6 percent of all remittance transfers and the volume of transfers from these businesses was increasing before the effective date of the Rule and continued to increase afterwards at the same or higher rate.
- The average price of remittances was declining before the Rule took effect and has continued to do so.
- Initial compliance costs for the Rule were between $86 million, based on analysis at the time of the rulemaking, and $92 million, based on estimates from a survey of industry conducted by the Bureau.
- Ongoing compliance costs are estimated between $19 million per year and $102 million per year.
- Consumers cancel between 0.3 percent and 4.5 percent of remittance transfers, according to available data sources, and there is evidence of some banks initiating a delay in the transfer to make it easier to provide a refund if a consumer cancels within the 30-minute cancellation window permitted under the Rule.
- Approximately 80 percent of banks and 75 percent of credit unions that offer remittance transfers are below the 100-transfer threshold in a given year and are therefore, not subject to the Rule’s requirements.
Federal Reserve enters into written compliance agreement with Oklahoma state bank
On October 22, the Federal Reserve Board (Board) entered into a written agreement with an Oklahoma state chartered bank, which outlines a compliance proposal to “maintain the financial soundness” of the bank. The agreement requires the bank to submit, within 60 days, written plans to improve various aspects of the bank’s functions including, but not limited to, (i) internal controls; (ii) credit risk management; (iii) liquidity and funds management; (iv) interest rate risk management; (v) information technology/cybersecurity; and (vi) BSA/AML compliance. The agreement also prevents the bank from extending, renewing, or restructuring any credit for any borrower whose loans or other extensions of credit were part of the Board’s examination critiques, without prior approval from the board of directors, who are required to document the reasons for the credit extension and certify its compliance with the terms of the agreement.