InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
SEC settles FCPA charges with former CEO of Chilean mining company
On September 25, 2018, the SEC announced a settlement of FCPA charges against the former CEO of a Chilean-based chemical and mining company for $125,000. According to the SEC, over the course of seven years, the company’s then-CEO “caused the company to make nearly $15 million in improper payments to Chilean political figures and others connected to them.” The former CEO agreed to the settlement without admitting the findings in the SEC’s order. According to the SEC’s order, the former CEO signed false certifications related to financial reporting in the United States.
Last year, the company agreed to pay $30 million to settle parallel DOJ and SEC charges against the company. That settlement demonstrated the jurisdictional reach of U.S. government enforcement of the FCPA – while the company is a Chilean company with no U.S. operations, it is registered with the SEC as a foreign private issuer.
Brazilian oil company settles FCPA violations for $853 million to U.S. and Brazil
On September 27, 2018, the DOJ announced that a Brazilian state-owned oil company had entered into a Non-Prosecution Agreement with the DOJ, as well as settlement agreements with the SEC and Brazilian authorities, and agreed to pay a total $853.2 million in penalties to all jurisdictions. Under the terms of the settlement, DOJ and SEC will each receive 10 percent of the penalty amount, with Brazilian authorities receiving the remaining 80 percent.
As part of the settlement, the company admitted that its Executive Board members “were involved in facilitating and directing millions of dollars in corrupt payments to politicians and political parties in Brazil,” while directors were “involved in facilitating bribes that a major contractor of the company was paying to Brazilian politicians.” The conduct included bribes related to several refineries, as well as shipyard and drillship contracts, as well as payments to “stop a parliamentary inquiry into the company's contracts.”
The company's penalty reflects a 25 percent discount off the low end of the applicable U.S. Sentencing Guidelines due to its cooperation and remediation. While the company did not voluntary disclose its conduct, it cooperated with authorities by disclosing the findings of its internal investigation, providing document discovery, and facilitating the interview of foreign witnesses. It also took remedial measures by replacing its Board of Directors and Executive Board, as well as implementing reforms in its policies and procedures.
In addition to the criminal penalty, the SEC announced that the company agreed to an administrative order requiring it to pay almost $1 billion in disgorgement and prejudgment interest. However, the company received full credit for payments it already made to resolve a class action for $2.95 billion earlier this year. The net result is that the company will not have to pay any additional funds to the SEC in the separate disgorgement action.
Prior ScoreCard coverage of the company and related investigations can be found here.
OFAC adds members of Venezuelan President Maduro’s inner circle to Specially Designated Nationals List
On September 25, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) made additions to the Specially Designated Nationals List pursuant to Executive Order 13692. OFAC’s additions to the list include four members of Venezuelan President Maduro’s inner circle, along with a “front network” identified as acting for or on behalf of a sanctioned member of the Maduro regime. According to OFAC, the additional sanctions are issued in response to the Maduro regime's continued “corruption and gross mismanagement.” As a result, all assets belonging to the identified individuals and entities subject to U.S. jurisdiction are blocked, and U.S. persons generally are prohibited from dealing with them.
OFAC also referenced FinCEN advisories issued August and September 2017 (see previous InfoBytes coverage here and here) as a source for additional information on “the methods that Venezuelan senior political figures, their associates, and front persons use to move and hide corrupt proceeds,” including the potential for exploitation within the U.S. financial system and real estate market.
See here for continuing InfoBytes coverage of actions related to Venezuela.
Global technology companies testify before Senate Commerce Committee on need for federal consumer data privacy legislation
On September 26, the Senate Committee on Commerce, Science, and Transportation held a hearing entitled “Examining Safeguards for Consumer Data Privacy” to discuss whether federal lawmakers should write a broad federal online privacy law in the wake of the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) of 2018, which was amended on September 23. Committee Chairman, Senator John Thune, noted that the September 26 hearing was the first in a series of hearings the Committee plans to hold to discuss consumer data privacy concerns. Testifying before the Committee were executives representing six global technology and telecommunications companies who all agreed that there is a need for federal consumer privacy safeguards that would give consumers more control over the way their data is used. The witnesses also supported the idea of engaging in further discussions with the Committee regarding the FTC’s enforcement powers under its current authority to determine whether the agency needs more resources and tools to carry out its responsibilities effectively. However, the witnesses cautioned that Congress needed to strike an appropriate balance between industry accountability and giving government agencies unchecked power. The witnesses also voiced their opposition to proposed legislation that would require businesses to notify consumers of data breaches within 72 hours of their discovery.
Among other things, the hearing also discussed topics addressing: (i) GDPR compliance burdens; (ii) the need for federal privacy laws to preempt the growing “patchwork” of inconsistent state laws; (iii) pitfalls of mandatory opt-in requirements for consumers; (iv) data use transparency and mandatory disclosures; and (v) efforts undertaken by companies to monitor violations of the Children’s Online Privacy Protection Act, particularly with respect to both in-house and third-party apps offered by the several of the witnesses’ companies.
Global ride-sharing company settles with state Attorneys General for $148 million over data breach
On September 26, the California Attorney General announced that a global ride-sharing company reached a joint settlement with all 50 state Attorneys General and the District of Columbia for $148 million to resolve allegations that the company failed to safeguard user data and to notify authorities after a 2016 data breach. As previously covered by InfoBytes, in November 2017, the company disclosed, via press release, a 2016 data breach that exposed the personal data of 57 million riders and drivers, where hackers obtained approximately 600,000 driver names and license numbers, along with rider names, email addresses, and mobile phone numbers. During subsequent state investigations, authorities discovered that, after the company discovered the breach, it paid hackers $100,000 to delete the acquired data and to keep silent about the breach.
According to the California announcement, the $148 million settlement benefits all 50 states and the District of Columbia, with California receiving $26 million. In addition to the penalty, the settlement allegedly requires the company to implement various conduct provisions, including (i) integrating privacy considerations and protections into the development and design of products; (ii) implementing and maintaining robust data security practices and accurately representing them; (iii) developing and maintaining a comprehensive information security program; (iv) reporting data security incidents to states on a quarterly basis for two years; and (v) maintaining a “Corporate Integrity Program.”
District Court concludes a small virtual currency is a “commodity” under the Commodities Exchange Act
On September 26, the U.S. District Court for the District of Massachusetts denied a virtual currency trading company’s motion to dismiss, concluding that smaller virtual currencies are commodities that may be regulated by the CFTC. In January, the CFTC bought an action alleging the company violated the Commodities Exchange Act (CEA) and CFTC Regulation 180.1(a) by making false or misleading statements and omitting material facts when offering the sale of their company’s virtual currency. For example, the complaint alleges that the company falsely stated that its virtual currency was backed by gold, could be used anywhere Mastercard was accepted, and was being actively traded on several currency exchanges. Moreover, while consumers who purchased the virtual currency could view their accounts, they were unable to trade it or withdraw funds from their accounts with the company. The company moved to dismiss the case, arguing that the conduct did not involve a “commodity,” specifically one that underlies a futures contract, under the CEA. In denying the motion to dismiss, the court determined that Congress intended for the CEA to cover a certain “class” of items and specific items within that class are then “dealt in.” Because the company offered a type of “virtual currency” and it is “undisputed that there is futures trading in virtual currencies (specifically involving Bitcoin),” the court held that the CFTC sufficiently alleged the company’s product is a “commodity” under the CEA. The court also rejected the company’s other arguments, determining Regulation 180.1(a) was meant to combat the fraud alleged by the CFTC, notwithstanding its use of the term “market manipulation,” and the CFTC adequately pleaded the fraudulent claim under the regulation.
11th Circuit holds filed-rate doctrine bars class actions relating to lender-placed insurance
On September 24, the U.S. Court of Appeals for the 11th Circuit affirmed the district court’s dismissal of two class actions on grounds that the “filed-rate doctrine” precludes the plaintiffs’ claims. In their complaints, the plaintiffs alleged that their loan servicers charged “inflated amounts” for lender-placed insurance by receiving “rebates” or “kickbacks” from an insurance company without passing the savings on to consumers. The district court dismissed the actions with prejudice, holding that the filed-rate doctrine barred the plaintiffs’ claims. On appeal, the 11th Circuit upheld the lower court’s decision, finding that the plaintiffs’ allegations challenged the insurance company’s filed rate. As a result, the court determined that the plaintiffs’ allegations were textbook examples of claims barred by the nonjusticiability principle, which provides that duly-empowered administrative agencies have exclusive say over the rates charged by regulated entities because agencies are more competent than the courts at the rate-making process.
OCC updates Comptroller’s Handbook with new TILA booklet
On September 26, the OCC issued Bulletin 2018-31, which updates the “Truth in Lending Act” (TILA) booklet of the Comptroller’s Handbook, which previously was issued in December 2014. The booklet provides guidance for OCC examiners to be used in connection with the examination and supervision of national banks and federal savings associations, which offer or extend consumer credit products covered by TILA. The updates reflect changes made to Regulation Z, TILA’s implementing regulations, since the booklet’s previous release, and includes procedures implementing the CFPB’s TILA-RESPA integrated disclosure rule (TRID). Additional updates include, among other things, (i) special provisions on certain construction loans; (ii) special provisions relating to small creditors and rural or underserved areas; (iii) changes regarding appraisals for higher-priced mortgage loan exemptions; (iv) updates to mortgage origination examination procedures; and (v) updates to mortgage servicing rules and the small creditor definition.
With the issuance of the new booklet, the OCC rescinds (i) OCC Bulletin 2014-61, “Truth in Lending Act: Revised Comptroller’s Handbook Booklet and Rescissions”; (ii) The TILA sections of OCC Bulletin 2015-27, “Revised Interagency Examination Procedures for Consumer Compliance”; and (iii) OCC Bulletin 2015-42, “Initial Examinations for Compliance With TILA-RESPA Integrated Disclosure Rule.”
Department of Commerce requests comments on new federal approach to consumer privacy rules
On September 26, the National Telecommunications and Information Administration (NTIA) published a notice and request for comments on behalf of the Department of Commerce seeking input from stakeholders on ways to address consumer privacy concerns while protecting prosperity and innovation. The NTIA’s notice seeks comments on a proposed set of “user-centric privacy outcomes” to be addressed by future federal action on consumer privacy policy, along with a set of high-level goals that would establish the outlines for the direction these protections should take. Among other things, the NTIA also seeks feedback on ways to (i) increase harmonization across the regulatory landscape; (ii) ensure a balance between legal clarity, flexibility for innovation, and consumer privacy; (iii) prevent a fragmented regulatory approach by ensuring that any law is applied equally to all businesses not covered by sectoral laws; (iv) develop a regulatory framework “consistent with the international norms and frameworks”; and (v) provide the FTC with the necessary tools and resources to effectively enforce such rules.
The NTIA’s proposal follows the European Union’s General Data Protection Regulation (GDPR), which was implemented this past summer, and the recently enacted and amended California Consumer Privacy Act of 2018 (see previous InfoBytes coverage here). Comments on the notice must be received by October 26.
FCC fines health insurance lead generator $82 million for spoofed robocalls
On September 26, the FCC announced that it fined a telemarketer and associated companies more than $82 million for using allegedly illegal caller ID spoofing to market and generate leads for health insurance sales in violation of the Truth in Caller ID Act (the Act). The Act prohibits telemarketers from purposefully falsifying caller ID information with the intent to harm, defraud consumers, or wrongfully obtain anything of value. The FCC alleges that the telemarketer made more than 21 million robocalls with spoofed caller ID information, which makes it difficult for consumers to register complaints and for law enforcement to track and stop the illegal calls. According to the related Forfeiture Order (FCC 18-134), the FCC rejected the telemarketer’s argument that the value he received from the calls was not “wrongfully obtained,” concluding that the calls were placed without prior consent, including contacting consumers on the Do Not Call registry, and that the telemarketer knew the tactics he used to obtain the insurance leads were unlawful. The FCC also rejected the telemarketer’s request to reduce the penalty, stating “the proposed forfeiture of $82,106,000 properly reflects the seriousness, duration, and scope of [the telemarketer]’s violations.”