Skip to main content
Menu Icon Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations
Section Content

Upcoming Events

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • OFAC reaches settlement with national bank to resolve alleged non-egregious sanctions violations

    Financial Crimes

    On October 5, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced an approximate $5.3 million settlement with a national bank for alleged violations of the Cuban Assets Control Regulations, the Iranian Transactions and Sanctions Regulations, and the Weapons of Mass Destruction Proliferators Sanctions Regulations. According to OFAC, the settlement resolves the bank’s potential civil liability for, among other things, allegedly processing net settlement payments for bank clients between January 2008 and February 2012, for which only 0.14 percent were attributable to interests of non-U.S. person entity members that were at various times identified on OFAC’s Specially Designated Nationals List, sanctioned, or located in countries subject to OFAC’s sanctions programs.

    In arriving at the settlement amount, OFAC considered factors such as (i) prior to January 2012, the bank did not appear to have in place a process to independently assess participating member entities of the non-U.S. person entity for OFAC sanctions risk, despite allegedly receiving red flag notifications regarding OFAC-sanctioned members; (ii) staff members processing the net settlement transactions may have had actual knowledge of the members; and (iii) the bank is a large, commercially sophisticated financial institution.

    OFAC also considered numerous mitigating factors, including (i) managers and supervisors were not aware of the conduct; (ii) the total harm caused was “significantly less than the total value of the transactions”; (iii) the bank cooperated with the investigation and entered into a retroactive agreement to toll the statutes of limitations; and (iv) the bank has implemented several steps as part of its risk-based compliance program to prevent future violations. OFAC also noted that the bank voluntary disclosed the violations, and that the violations constitute a non-egregious case.

    Financial Crimes OFAC Sanctions Iran Settlement

    Share page with AddThis
  • International bank settles with DOJ for $765 million regarding alleged RMBS misconduct

    Securities

    On October 9, the U.S. Attorney for the District of Colorado announced that an international bank would settle claims related to the bank’s packaging, securitizing, issuing, marketing and sale of residential mortgage-backed securities (RMBS) in the lead-up to the 2008 financial crisis. In particular, the U.S. alleged that (i) the bank’s due diligence loan review procedures disclosed to investors were not, in certain instances, followed; (ii) bank managers overruled due diligence vendors’ warnings regarding the quality of certain loans included in securitizations; and (iii) the bank misrepresented the quality of the RMBS to investors. The bank disputes the allegations and does not admit to any liability or wrongdoing, but agreed to pay a $765 million civil money penalty pursuant to the Financial Institutions Reform, Recovery, and Enforcement Act to resolve the matter.

    Securities DOJ Settlement RMBS FIRREA

    Share page with AddThis
  • CFPB announces settlement with companies that allegedly delayed transfer of consumer payments to debt buyers

    Consumer Finance

    On October 4, the CFPB announced a settlement with a group of Minnesota-based companies that allegedly violated the Consumer Financial Protection Act when consumers made payments on debts that the companies had already sold to third parties, and the companies improperly delayed the forwarding of some of those payments to debt buyers. According to the consent order, the companies—whose practices include the purchasing, servicing, collection, and furnishing consumer-report information on consumer loans—partnered with third-party banks to sell merchandise on closed-end or open-end revolving credit. Within a few days, banks originated the loans and sold the receivables to the companies. The companies subsequently serviced the debts and sold the receivables to a third party. For defaulted accounts, the companies charged off the accounts and sold them to third-party debt buyers. According to the Bureau, the companies allegedly failed to notify consumers when their accounts were sold, failed to inform them who now owned the debt, and continued to accept direct pays from consumers. The Bureau contends that between 2013 and 2016, the companies delayed forwarding direct pays for more than 31 days in 18,000 instances, and in 3,500 of those instances, the companies did not forward the payments for more than a year. Moreover, the Bureau asserts that these delays led to misleading collection efforts, including collection activity on accounts consumers had completely paid off. The order requires the companies to pay a civil money penalty of $200,000, and improve their policies and procedures to prevent further violations.

    Consumer Finance CFPB Enforcement Third-Party Debt Buying CFPA Settlement

    Share page with AddThis
  • SEC penalizes investment company $1 million for cyber security failings

    Privacy, Cyber Risk & Data Security

    On September 26, the SEC announced a settlement with an Iowa-based broker-dealer and investment advisement company, which agreed to pay $1 million to resolve allegations that the company violated the Safeguards Rule and the Identity Theft Red Flags Rule arising out of the company’s failure to protect confidential customer information from intrusion. This is the SEC’s first enforcement action charging violations under the Rule. According to the order, intruders were able to access the company’s system by impersonating company contractors, calling the company’s support line, and requesting their passwords be reset. The intruders gained access to the company’s system that contained personally identifiable information for approximately 5,600 customers and obtained unauthorized access to account documents for three customers. The SEC identified weaknesses in the company’s cybersecurity procedures, including failure to terminate the intruders’ access even after the intrusion was flagged and failure to apply its procedures to the systems used by its independent contractors. The order takes into account remedial acts undertaken by the company, including blocking malicious IP addresses and issuing breach notices to affected customers, and requires the company to pay a $1 million penalty and retain an independent consultant to evaluate its compliance with the Safeguards Rule and the Identity Theft Red Flags Rule. The company did not admit nor deny the SEC’s findings.

    Privacy/Cyber Risk & Data Security SEC Enforcement Settlement

    Share page with AddThis
  • Global ride-sharing company settles with state Attorneys General for $148 million over data breach

    State Issues

    On September 26, the California Attorney General announced that a global ride-sharing company reached a joint settlement with all 50 state Attorneys General and the District of Columbia for $148 million to resolve allegations that the company failed to safeguard user data and to notify authorities after a 2016 data breach. As previously covered by InfoBytes, in November 2017, the company disclosed, via press release, a 2016 data breach that exposed the personal data of 57 million riders and drivers, where hackers obtained approximately 600,000 driver names and license numbers, along with rider names, email addresses, and mobile phone numbers. During subsequent state investigations, authorities discovered that, after the company discovered the breach, it paid hackers $100,000 to delete the acquired data and to keep silent about the breach.

    According to the California announcement, the $148 million settlement benefits all 50 states and the District of Columbia, with California receiving $26 million. In addition to the penalty, the settlement allegedly requires the company to implement various conduct provisions, including (i) integrating privacy considerations and protections into the development and design of products; (ii) implementing and maintaining robust data security practices and accurately representing them; (iii) developing and maintaining a comprehensive information security program; (iv) reporting data security incidents to states on a quarterly basis for two years; and (v) maintaining a “Corporate Integrity Program.”

    State Issues Privacy/Cyber Risk & Data Security State Attorney General Settlement Data Breach

    Share page with AddThis
  • District court approves an $8.8 million TCPA class action settlement with an inmate telephone company

    Courts

    On September 24, the U.S. District Court for the Central District of California approved an $8.8 million class action settlement between consumers and an inmate telephone company. The settlement resolves allegations that the company violated the TCPA by playing a separate prerecorded “Notification Call” directing the receiving party to provide billing information for the inmate’s collect calls without obtaining the receiving party’s prior consent or providing the receiving party with an opt out mechanism for future calls. Under the terms of the settlement, the company will pay almost $175 to each class member and will change its practices to include both an interactive-voice/key activated opt-out mechanism and a toll-free number that the receiving party may use to opt-out of all future notification calls.

    Courts TCPA Settlement Class Action

    Share page with AddThis
  • FTC announces settlements with website operators over the sale of fake documents allegedly used for fraud and identity theft

    Consumer Finance

    On September 18, the FTC announced three proposed settlements with the operators of websites who allegedly violated the FTC Act’s prohibition against unfair practices by selling fake financial documents used to facilitate identity theft and other frauds, including loan and tax fraud. As previously covered in InfoBytes, identity theft was the second largest category of consumer complaints reported in 2017 according to the FTC. The FTC brought charges against the first defendant, alleging the defendant engaged in the sale of fake pay stubs, bank statements, and profit-and-loss statements, as well as providing a product that allowed customers to edit existing (and authentic) bank statements. The second defendant’s charges include the alleged sale of fake pay stubs, auto insurance cards, and utility and cable bills, while the allegations against the third defendant also include the sale of fake tax forms, bank statements, and verifications of employment. While the defendants’ websites claimed that the fake documents were sold for “‘novelty’ and ‘entertainment’ purposes,” the FTC asserts that the defendants “failed to clearly and prominently mark such documents as being for such purposes and did not state on the documents themselves that they were fake.”

    Under the terms of the proposed settlement agreements (see here, here, and here), monetary judgments are imposed against the defendants, who also are permanently prohibited from advertising, marketing, or selling similar fake documents.

    Consumer Finance FTC Identity Theft Fraud Consumer Complaints Settlement FTC Act

    Share page with AddThis
  • FTC and NYAG settle with debt collectors who falsely threatened consumers

    Federal Issues

    On September 21, the FTC announced settlements with multiple New York debt collection operations and their principals (defendants) for unlawful debt collection practices. The settlements are a result of 2015 joint lawsuits by the FTC and the New York Attorney General, alleging the defendants unlawfully used threats and abusive language, including false threats that consumers would be arrested, to collect more than $45 million in supposed debts (previously covered by InfoBytes here). The settlement orders ban the defendants from the business of debt collection and prohibit the defendants from (i) misrepresenting information related to financial products and services; (ii) disclosing, using, or benefitting from the consumer information obtained through the course of the debt collection activities; and (iii) failing to disclose of such personal information properly. The two orders (located here and here) impose a $22.5 million judgment against one set of defendants, and a judgment of $4.4 million against other defendants. The judgments are suspended as to some of the defendants due to inability to pay.

    Federal Issues FTC Debt Collection Enforcement Settlement State Attorney General State Issues

    Share page with AddThis
  • DOJ settles with apartment owner for alleged SCRA violations

    Consumer Finance

    On September 11, the Department of Justice announced a settlement with a Nebraska apartment complex owner resolving allegations that it violated the Servicemembers Civil Relief Act (SCRA) by unlawfully charging lease termination fees for 65 servicemembers. The complaint, which was filed on the same day as the settlement, alleges that between January 2012 and June 2017, the apartment complex owner imposed early lease termination fees, ranging from $78 to almost $1,500, on servicemembers who sought termination due to qualifying military orders under the SCRA. The settlement requires the apartment complex owner, among other things, to (i) pay more than $76,000 in damages to the 65 identified servicemembers; (ii) pay a $20,000 civil money penalty, and (iii) develop policies and procedures related to SCRA lease terminations.

    Consumer Finance DOJ SCRA Settlement Servicemembers

    Share page with AddThis
  • Court approves final class action settlement; previously ruled that extended overdrawn balance charge fees are “interest” under National Bank Act

    Courts

    On August 31, the U.S. District Court for the Southern District of California granted final approval to a class action settlement, resolving a suit alleging that a national bank’s overdraft fees exceeded the maximum interest rate permitted by the National Bank Act (NBA). According to the order, the settlement ends a putative class action concerning the bank’s practice of charging a $35 “extended overdrawn balance charge” fee (EOBCs) on deposit accounts that remained overdrawn for more than five days when funds were advanced to honor an overdrawn check. Class members argued that the fee amounted to interest and—when taken into account as a percentage of an account holder’s negative balance—exceeded the NBA’s allowable interest rate. The bank countered, stating that “EOBCs were not ‘interest’ and therefore cannot trigger the NBA.” A 2016 order denying the bank’s motion to dismiss, which departed from several other district courts on this issue, found that “covering an overdraft check is an ‘extension of credit’” and therefore overdraft fees can be considered interest under the NBA. The bank appealed the decision to the 9th Circuit in April 2017, but reached a settlement last October with class members.

    Under the terms of the approved settlement, the bank will refrain from charging extended overdraft fees for five years—retroactive to December 31, 2017—unless the U.S. Supreme Court “expressly holds that EOBCs or their equivalent do not constitute interest under the NBA.” The bank also will provide $37.5 million in relief to certain class members who paid at least one EOBC and were not provided a refund or a charge-off, and will provide at least $29.1 million in debt reduction for class members whose overdrawn accounts were closed by the bank while they still had an outstanding balance as a result of one or more EOBCs applied during the class period. The bank also will pay attorneys’ fees.

    Courts Overdraft Settlement Class Action National Bank Act Fees Consumer Finance

    Share page with AddThis

Pages