Skip to main content
Menu Icon Menu Icon


Section Content

Upcoming Events


Subscribe to our InfoBytes Blog weekly newsletter for news affecting the financial services industry.

  • Ninth Circuit Rules FCRA Plaintiff Has Article III Standing


    On August 15, the U.S. Court of Appeals for the Ninth Circuit issued an opinion, on remand from the U.S. Supreme Court, ruling that a consumer plaintiff could proceed with his Fair Credit Reporting Act (FCRA) claims because he had sufficiently alleged a “concrete” injury and therefore had standing to sue under Article III of the Constitution. Robins v. Spokeo, Inc., No. 11-56843, 2017 WL 3480695 (9th Cir. Aug. 15, 2017). By way of background, the plaintiff had alleged that the defendant consumer reporting agency “willfully violated various procedural requirements under FCRA,” and consequently published an inaccurate consumer report on its website that “falsely stated his age, marital status, wealth, education level, and profession” and “included a photo of a different person.” In May 2016, the Supreme Court vacated an earlier Ninth Circuit decision, finding that the court failed to consider an essential element of Article III standing: whether the plaintiff alleged a “concrete” injury. (See previous Special Alert here.) After providing some guidance—including that the plaintiff’s injury must be “real” and not “abstract” or merely “procedural”—the high court remanded to the Ninth Circuit for further consideration. 

    On remand, the court first asked “whether the statutory provisions at issue were established to protect [the plaintiff’s] concrete interests (as opposed to purely procedural rights).” The court answered affirmatively, finding that “the FCRA procedures at issue in this case were crafted to protect consumers’ . . . concrete interest in accurate credit reporting about themselves.” Next, the court asked “whether the specific procedural violations alleged in this case actually harm, or present a material risk of harm to, such interests.” The court again answered affirmatively, finding that the plaintiff sufficiently alleged that he suffered a “real harm” to his “concrete interests in truthful credit reporting.” That is, the plaintiff sufficiently alleged that the defendant “prepared . . . an [inaccurate] report,” “that it then published the report on the Internet,” and that “the nature of the specific alleged reporting inaccuracies” was not “trivial or meaningless,” but instead covered “a broad range of material facts” about the plaintiff’s life “that may be important to employers or others making use of a consumer report.” Finally, the court found that the plaintiff’s allegations were not too speculative, because “both the challenged conduct and the attendant injury have already occurred.” After reaffirming that the plaintiff had adequately alleged the other essential elements of standing, the court remanded to the Central District of California for further proceedings.

    Courts FCRA Appellate Litigation Ninth Circuit U.S. Supreme Court

    Share page with AddThis
  • FTC Announces Settlement with Ride-Sharing Company Over Privacy Allegations

    Privacy, Cyber Risk & Data Security

    On August 15, the FTC issued a press release announcing a settlement with a ride-sharing company over allegations that it violated the Federal Trade Commission Act by making deceptive claims about its privacy and data practices. According to the complaint, the company allegedly failed to closely monitor and audit its employees’ internal access to consumer and driver data. Furthermore, the company represented to consumers and drivers that personal information stored in its databases were secure, but, according to the FTC, failed to implement reasonable measures to prevent unauthorized access to consumers and driver data maintained by the ride-sharing company’s third-party cloud service provider. Both counts, the FTC alleged, demonstrated false or misleading representations. In the press release, FTC Acting Chairman Maureen K. Ohlhausen said, “This case shows that, even if you’re a fast growing company, you can’t leave consumers behind: you must honor your privacy and security promises.”

    Under the terms of the decision and order, the company has agreed to establish, implement, and maintain a written “comprehensive privacy program,” reasonably designed to: (i) “address privacy risks related to the development and management of new and existing products and services for consumers,” and (ii) “protect the privacy and confidentiality of Personal Information.” The company is also required to obtain biennial independent third-party assessments to address privacy controls requirements and “certify that the privacy controls are operating with sufficient effectiveness to provide reasonable assurance to protect the privacy of Personal Information and that the controls have operated throughout the reporting period.”

    The agreement with the FTC will be subject to public comment for 30 days through September 15, at which point the FTC will decide whether to make the proposed consent order final.

    Privacy/Cyber Risk & Data Security FTC UDAAP Settlement FTCA

    Share page with AddThis
  • Minnesota-Based Company Announces Closure of FCPA Investigations

    Financial Crimes

    On August 7, a Minnesota-based company announced in its Form 10-Q the closure of DOJ and SEC FCPA investigations related to gift, travel, entertainment, and other expenses incurred in connection with its Asia-Pacific operations. The company initially informed the DOJ and SEC about this matter in 2012 and thereafter provided the government periodic updates. According to the company’s 10-Q, the government’s investigations were closed “without further action taken by either [the SEC or DOJ].”

    Financial Crimes FCPA DOJ SEC

    Share page with AddThis
  • Ohio-Based Corporation Discloses FCPA Investigation in Quarterly Filing

    Financial Crimes

    On August 4, Ohio-based corporation disclosed in its 10-Q that the DOJ and SEC are conducting investigations concerning potential violations of the FCPA related to a subsidiary’s operations in Turkey. The company operates in more than 70 countries and develops and sells technology-enabled solutions, including data warehouse management and database technologies. 

    According to the 10-Q, the company “discovered certain questionable expenditures for travel, gifts and other expenses at one of its international subsidiaries” doing business in Turkey. The company stated that it promptly launched an internal investigation and, in February 2017, self-disclosed the investigation to the SEC and DOJ. According to its 10-Q, the company has periodically updated the government about its investigation and plans to “continue to cooperate fully.” The company also noted that it already has “taken remedial actions,” including terminations, and that the FCPA issues “involved specific individuals who are no longer with the Company.” 

    It appears that the company is making a case for full cooperation credit under the DOJ’s Pilot Program, which encourages companies to “voluntarily self-disclose FCPA-related misconduct, fully cooperate with the Fraud Section, and, where appropriate, remediate flaws in their controls and compliance programs.”

    Financial Crimes FCPA DOJ SEC

    Share page with AddThis
  • Colorado UCCC Administrator Opinion Provides Guidance on Debt Cancellation and Suspension Agreement Fees

    State Issues

    On August 7, the Colorado Attorney General’s Office, through the Administrator of the Uniform Consumer Credit Code (UCCC), issued an Administrator Opinion to provide clarification on fees related to debt cancellation and suspension agreements. The UCCC has adopted and authorized rules permitting additional charges to be assessed in addition to a finance charge, such as fees for Single Premium Non-Credit Insurance, Involuntary Unemployment Insurance Premiums, and Guaranteed Automobile Protection. However, because the UCCC has not yet adopted by rule permissible fees for debt cancellation and suspension agreements, those fees must be included in the calculation of the finance charge, even if they are “permitted by federal or state law or regulation—including debt cancellation and suspension agreements offered by Colorado-[c]hartered [b]anks, Colorado-[c]harted [i]ndustrial [b]anks, and Colorado-[c]hartered [c]redit [u]nions.” This Administrator Opinion rescinds the November 9, 2004 Advisory Opinion titled “Debt Cancellation and Suspension Agreements Offered by Colorado-Chartered Banks, Colorado-Chartered Industrial Banks, and Colorado Chartered Credit Unions.” Organizations have 120 days to comply with the newly issued guidance.

    State Issues State AG Auto Finance Debt Cancellation UCCC

    Share page with AddThis
  • DOJ Announces Settlements with Non-Bank Mortgage Lender to Resolve Alleged False Claims Act Violations


    On August 8, the DOJ announced a $74.5 million settlement with a non-bank mortgage lender and certain affiliates to resolve potential claims that they violated the False Claims Act by knowingly originating and underwriting mortgage loans insured by the U.S. Department of Housing and Urban Development and the Veterans Administration (VA), and by selling certain loans to Fannie Mae and Freddie Mac that did not meet applicable requirements. According to the terms of the two settlement agreements, $65 million of the settlement will be paid to resolve allegations relating to FHA loans, and $9.45 million will be paid to resolve potential civil claims relating to certain specified VA, Fannie Mae, and Freddie Mac loans. The settlements also fully resolved a False Claims Act qui tam lawsuit that had been pending in the United States District Court for the Eastern District of New York.

    The settlement included no admission of liability by the lender. The lender issued a statement responding to the settlements: “We have agreed to resolve these matters, which cover certain legacy origination and underwriting activities, without admitting liability, in order to avoid the distraction and expense of potential litigation. While we cooperated fully in these investigations since receiving subpoenas in 2013, we concluded that settling these matters is in the best interest of [the company] and its constituents.”

    Lending Mortgages False Claims Act / FIRREA Mortgage Origination HUD Fannie Mae Freddie Mac FHA Settlement DOJ Nonbank Supervision

    Share page with AddThis
  • OFAC Fines Global Risk Mitigation Firm for Violating Iranian Sanctions

    Financial Crimes

    On August 10, the Treasury’s Office of Foreign Assets Control (OFAC) announced it had reached a settlement with a global company that provides services in regulatory risk mitigation for alleged violations of OFAC sanctions against Iran. OFAC claimed that, beginning in 2012, on 44 separate occasions, the firm imported Iranian-origin services into the U.S., and on 28 different occasions, engaged in “transactions or dealings related to Iranian-origin services by approving and facilitating its foreign subsidiaries’ payments to providers of Iranian-origin services.” In establishing the penalty, OFAC considered that the firm failed to exercise a minimal degree of caution—and senior management allegedly knew or had reason to know the transactions related to services of Iranian-origin—and that the transactions giving rise to the apparent violations were not eligible for OFAC authorization and yielded economic benefits to Iran. Furthermore, OFAC claimed the “frequency and duration of the apparent violations constitute a pattern or practice of conduct,” and that the firm’s ineffective compliance program failed to recognize the risks of engaging in the aforementioned transactions. OFAC maintained the firm violated the Iranian Transactions and Sanctions Regulations, 31 C.F.R. part 560. OFAC also considered the company’s prior history of not being sanctioned; its significant remedial measures; and substantial cooperation with OFAC’s investigation.

    The settlement requires the firm to pay more than $250,000 to settle the claims, which the firm did not voluntarily self-disclose to OFAC.

    Financial Crimes OFAC Sanctions Treasury Department

    Share page with AddThis
  • Mortgage Closing Relies Exclusively on Electronic Loan Documents


    On August 9, a Wall Street Journal article reported the first mortgage refinance conducted entirely through a remote electronic online closing using electronic signatures. The loan will soon be electronically sold to Freddie Mac. While electronic mortgages are not new, this was the first closing that did not require a notary public be physically present, according to the article. Using an online notary service, the borrowers answered a series of questions to authenticate their identities, and without the need to “wet sign” any of the documents. Freddie Mac’s Vice President of Single-Family Business Transformation Management, Samuel E. Oliver III, stated that “by having things digitized, a loan would be able to get to the secondary market much more quickly. . . . [M]ortgages could be delivered to an investor in as little as one day—a process that takes a median of 29 days now.”

    As previously covered in InfoBytes, Freddie Mac released a bulletin last September outlining conditions, which allow closing documents to be electronically recorded. Freddie Mac also provides several resources concerning eClosings  and eMortgages on their website.

    Fintech Lending Mortgages Electronic Mortgages Electronic Signatures

    Share page with AddThis
  • National Insurance Company Settles States’ Investigation over 2012 Data Breach, Pays $5.5 Million in Settlement

    Privacy, Cyber Risk & Data Security

    On August 9, a national insurance company and its wholly-owned subsidiary reached a $5.5 million settlement with 32 states and the District of Columbia to resolve the states’ investigation into a 2012 data breach, which allegedly caused the personal information of certain consumers to be compromised—including social security and driver’s license numbers, as well as credit scoring information and other data. According to the states’ investigation, the October 2012 data breach occurred when hackers were able to exploit a vulnerability in the company’s website application hosting software. A security patch was later applied. Under the terms of the Assurance of Voluntary Compliance, the company agreed to a number of requirements, including:

    • providing an online disclosure notifying consumers that personal information is retained even if they do not become insured;
    • appointing an individual to oversee company security practices and manage and monitor software and application security updates, including security patch monitoring; and
    • hiring an outside, independent provider to conduct a “patch management audit” of the company’s covered systems.

    The majority of the requirements last three years.

    The company, while admitting that it experienced a data breach, denied any liability or wrongdoing.

    Privacy/Cyber Risk & Data Security Settlement State AG

    Share page with AddThis
  • DOL Announces Intention to Delay Portions of Fiduciary Rule Exemptions


    On August 9, the U.S. Department of Labor (DOL) filed a notice of administrative action in the U.S. District Court for the District of Minnesota as part of an ongoing lawsuit between the DOL and a wealth management firm. In the notice, the DOL said that it has submitted a proposal (text currently unavailable) to the Office of Management and Budget to delay the fiduciary rule’s second applicability date to July 1, 2019, instead of taking effect January 1, 2018 as previously announced (portions of the rule, however, took effect June 9, 2017). (See previous InfoBytes coverage here.) The rule—which expands the definition of who qualifies as a “fiduciary” under ERISA and the Internal Revenue Code—will allow for a delay of applicability under the proposal for certain exemptions, such as (i) “Best Interest Contract Exemption”; (ii) “Class Exemption for Principal Transactions in Certain Assets Between Investment Advice Fiduciaries and Employee Benefit Plans and IRAs”; and (iii) “Prohibited Transaction Exemption . . . for Certain Transactions Involving Insurance Agents and Brokers, Pension Consultants, Insurance Companies, and Investment Company Principal Underwriters.”

    Securities Department of Labor DOL Fiduciary Rule

    Share page with AddThis