InfoBytes
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
SEC issues nearly $600,000 whistleblower award
On January 14, the SEC announced a whistleblower award of nearly $600,000 in connection with a successful enforcement action. According to the redacted order, the whistleblower provided new, highly valuable information during the course of the investigation, as well as substantial assistance, including meeting with enforcement staff numerous times and providing critical investigative leads. Additionally, the SEC notes that “there is a close nexus” between the whistleblower’s information and certain charges in the covered action.
The SEC has now paid approximately $738 million to 134 individuals since the inception of the program.
OFAC issues Hong Kong-related sanctions regulations, updates SDN List
On January 15, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) issued regulations implementing Executive Order (E.O.) 13936 issued last July. As previously covered by InfoBytes, E.O. 13936, among other things, targets and authorizes the imposition of sanctions on persons who materially assist, sponsor, or provide financial, material, or technological support to activities contributing to the undermining of Hong Kong’s democracy and autonomy. The regulations outline prohibitions, including prohibited transactions, and provide general definitions, interpretations, licensing authorizations, and penalties and findings of violations. OFAC noted it intends to supplement Part 585 of the regulations with more comprehensive regulations that “may include additional interpretive and definitional guidance and additional general licenses and statements of licensing policy.”
The same day, OFAC also added several individuals and entities to its Specially Designated Nationals List. These persons have been added pursuant to OFAC’s Hong Kong-related designations, Global Magnitsky designations, E.O. 13846, and the Iran Freedom and Counter-Proliferation Act, among others.
Indonesian company settles with OFAC for $1 million for North Korea sanctions violations, enters into deferred prosecution agreement with DOJ
On January 14, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a more than $1 million settlement with an Indonesian-based paper products manufacturer for 28 apparent violations of the North Korea Sanction Regulations. According to OFAC’s web notice, between 2016 and 2018, the company “exported cigarette paper to entities located in or doing business on behalf of the Democratic People’s Republic of Korea (DPRK),” including a Chinese intermediary that procured paper on behalf of an OFAC-designated company operating under an alias. The company allegedly directed payments for its DPRK-related exports to a U.S. dollar bank account held at a non U.S. bank, leading to 28 wire transfers being cleared through U.S. banks. OFAC noted that while the company initially referenced the DPRK entities on documents such as invoices, packing lists, and bills of lading, it eventually replaced the references with the names of intermediaries located in third countries.
In arriving at the settlement amount, OFAC considered various aggravating factors, including that the company (i) “acted with reckless disregard for U.S. sanctions laws and regulations” by directing DPRK-related payments to its U.S. dollar account; (ii) was aware that management had actual knowledge of the conduct at issue; and (iii) the company’s actions “caused U.S. persons to confer economic benefits to the DPRK and an OFAC-designated person.”
OFAC also considered various mitigating factors, including that the company (i) cooperated with OFAC’s investigation; (ii) has undertaken remedial measures, ceased all dealings with the DPRK, and enhanced its compliance controls and internal policies by, among other things, procuring a sanctions screening service from a third-party provider, implementing a know-your-customer process, and requiring that “all trading companies or agents purchasing goods on behalf of other end-users sign an anti-diversion agreement that includes OFAC sanctions compliance commitments.”
Separately, the DOJ announced that the company agreed to pay a $1.5 million fine and enter into a deferred prosecution agreement for conspiring to commit bank fraud after admitting it deceived U.S. banks in order to trade with the DPRK. The company also “agreed to implement a compliance program designed to prevent and detect violations of U.S. sanctions laws and regulations and to regularly report to the [DOJ] on the implementation of that program.” The company is also required to report violations of relevant U.S. laws to the DOJ and “cooperate in the investigation of such offenses.”
Court dismisses data breach claims citing lack of compromised sensitive information
On January 12, the U.S. District Court for the Central District of California dismissed a data breach lawsuit brought against a hotel chain, ruling the plaintiff lacked standing. The plaintiff claimed class members were victims of a data breach when hotel employees at a franchise in Russia allegedly accessed personal information without authorization, including guests’ names, addresses, phone numbers, email addresses, genders, birth dates and loyalty account numbers. The plaintiff’s suit alleged, among other things, violations of the California Consumer Privacy Act and the state’s Unfair Competition Law. While the hotel disclosed the incident last March and admitted that class members’ personal information was compromised, the court determined that the plaintiff lacked standing to bring claims after the hotel’s investigation found that “no sensitive information, such as social security numbers, credit card information, or passwords, was compromised.” The court determined that the plaintiff failed to plausibly plead that any of the class members’ more sensitive data had fallen into the wrong hands, and that “[w]ithout a breach of this type of sensitive information, Plaintiff has not suffered an injury in fact and cannot meet the constitutional requirements of standing.”
CFPB issues debt collection small entity compliance guide
On January 15, the CFPB issued a small entity compliance guide summarizing the Bureau’s debt collection rule. As previously covered by InfoBytes, the Bureau issued a final rule last October amending Regulation F, which implements the Fair Debt Collection Practices Act (FDCPA), to address debt collection communications and prohibitions on harassment or abuse, false or misleading representations, and unfair practices. The guide provides a detailed summary of the October final rule’s substantive prohibitions and requirements, as well as a summary of key interpretations and clarifications of the FDCPA. The Bureau noted, however, that the current small entity compliance guide does not discuss (unless specifically noted otherwise) the CFPB’s final rule issued in December (covered by InfoBytes here), which clarified consumer disclosure requirements, provided a model validation notice, and addressed required actions prior to furnishing and prohibitions concerning the collection of time-barred debt. Updates will be made to the small entity compliance guide at a later date to include provisions related to the December final rule.
CFPB and NCUA announce supervision MOU
On January 14, the CFPB announced a Memorandum of Understanding (MOU) with the NCUA, which is intended to improve supervision coordination of credit unions with over $10 billion in assets. According to the Bureau’s press release, the MOU covers (i) the sharing of the Covered Reports of Examination and final Reports of Examination for covered institutions, using secure, two-way electronic means; (ii) collaboration in semi-annual strategy planning sessions for examination coordination; (iii) information sharing on training activities and content; and (iv) information sharing related to potential enforcement actions.
FTC may seek civil penalties under Covid-19 Consumer Protection Act
Recently President Trump signed the Consolidated Appropriations Act, 2021—a funding measure which extends certain emergency authorities and temporary regulatory relief contained in the CARES Act (covered by InfoBytes here)—that includes a provision under Title XIV Covid-19 Consumer Protection Act, which allows the FTC to seek civil penalties for first-time violations of the FTC Act related to Covid-19 scams and deceptive practices. Specifically, the provision targets conduct “associated with—(1) the treatment, cure, prevention, mitigation, or diagnosis of COVID-19; or (2) a government benefit related to COVID-19.” Such a violation would be “treated as a violation of a rule defining an unfair or deceptive act or practice prescribed under section 18(a)(1)(B) of the Federal Trade Commission Act (15 U.S.C. 57a(a)(1)(B)),” with violators subject to civil penalties. This authority is granted to the FTC for the duration of the Covid-19 pandemic.
FHFA further extends foreclosure moratorium
On January 19, the FHFA announced that Fannie Mae and Freddie Mac (GSEs) will extend their moratorium on single-family foreclosures and real estate owned (REO) evictions until at least February 28 (which was set to expire on January 31, previously covered here). The foreclosure moratorium applies to homeowners with a GSE-backed, single-family mortgage, and the REO eviction moratorium applies to properties that were acquired by the GSEs through foreclosure or deed-in-lieu of foreclosure transactions.
Court says CFPB unconstitutionality argument strays from Supreme Court ruling in Seila
On January 13, the U.S. District Court for the Middle District of Pennsylvania denied a student loan servicer’s motion for judgment on the pleadings, ruling that the servicer’s argument that the CFPB is unconstitutional “strays afar” from the U.S. Supreme Court’s finding in Seila Law LLC v. CFPB. The servicer previously argued that the Supreme Court’s finding in Seila (covered by a Buckley Special Alert)—which held that that the director’s for-cause removal provision was unconstitutional but was severable from the statute establishing the CFPB—meant that the Bureau “never had constitutional authority to bring this action and that the filing of [the] lawsuit was unauthorized and unlawful.” The servicer also claimed that the statute of limitations governing the CFPB’s claims prior to the decision in Seila had expired, arguing that Director Kathy Kraninger’s July 2020 ratification came too late. However, the court determined, among other things, that “[n]othing in Seila indicates that the Supreme Court intended that its holding should result in a finding that this lawsuit is void ab initio.” The court further noted that the servicer’s assertion that the Bureau “‘never had constitutional authority to bring this action’ is belied by Seila’s implicit finding that the CFPB always had the authority to act, despite the Supreme Court’s finding that the removal protection was unconstitutional.”
SBA releases PPP guidance as portal reopens
On January 19, the Small Business Administration’s (SBA) Paycheck Protection Program (PPP) loan portal re-opened to all participating lenders (covered by InfoBytes here). To assist lenders, the SBA released an interim final rule, consolidating prior rules related to PPP loan forgiveness and incorporating changes made by the Economic Aid Act. The interim final rule also addresses conflict of interest provisions and related disclosure requirements, and applies to PPP loans for which loan forgiveness payments have not been remitted by the SBA as of December 27, 2020. To assist lenders, the SBA also issued a set of frequently asked questions addressing how to calculate revenue reduction and maximum loan amounts for Second Draw PPP loans, as well as documents borrowers must provide to substantiate their calculations. The SBA reiterated that borrowers and lenders may rely on this guidance as the agency’s interpretation of the CARES Act, the Economic Aid Act and the PPP interim final rules (covered by InfoBytes here), emphasizing that the “government will not challenge lender PPP actions that conform to this guidance and to the PPP interim final rules and any subsequent rulemaking in effect at the time the action is taken.”
In preparation for the re-opening, the SBA also released guidance for lenders on calculating the maximum amount for First Draw PPP loans. The guidance outlines documentation requirements for different types of businesses, and advises lenders handling second-draw loans to make sure the loan number for a borrower’s first-draw PPP loan is included on the second-draw application. The SBA also released two procedural notices. The first notice informs PPP lenders of the process for borrower resubmission of loan forgiveness applications (see SBA Form 3508S, SBA Form 3508EZ, and PPP Loan Forgiveness Calculation Form, all revised January 19), as well as lender responsibilities for notifying borrowers of lender and SBA decisions to approve or deny forgiveness in full or in part. The notice also discusses the process for remitting any portion of the loan forgiveness amount by the SBA to the lender, along with offsets of remittances to lenders to cover a lender’s outstanding debts. The second notice addresses PPP excess loan amount errors, and clarifies that borrowers may not receive forgiveness for excess loan amounts, even if “the excess loan amount was caused by borrower error or lender error.”