InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FTC settles with income scam operation targeting Latina consumers
On March 2, the FTC announced a settlement with a company and its owners (collectively, “defendants”) that used Spanish-language ads targeting Latina consumers with false promises of large profits reselling luxury products. The action—a part of the FTC’s “Operation Income Illusion” sweep (covered by InfoBytes here)—alleged the defendants violated the FTC Act by making false or unsubstantiated earnings claims when marketing work-at-home opportunities. The FTC also claimed the defendants violated the Telemarketing Sales Rule by, among other things, misrepresenting material aspects of the investment opportunities and routinely using threats or intimidation “to coerce consumers to pay Defendants, including but not limited to threatening consumers with damage to consumers’ credit history, false legal actions, and reports to federal government authorities.” The proposed settlement imposes a $7 million judgment, which is partially suspended due to the defendants’ inability to pay. The defendants are also permanently banned from (i) selling any goods or service that is represented as a means for consumers to make money working from home or elsewhere; (ii) making any deceptive claims about the risk, liquidity, earnings potential, or profitability of any goods or services, and making such claims through telemarketing; and (iii) using threats or intimidation to coerce consumers to pay for goods or services.
Agencies update CRA Covid-19 FAQs
On March 8, the OCC, Federal Reserve Board, and the FDIC released updated Community Reinvestment Act (CRA) FAQs related to Covid-19. The FAQs, first issued last May (covered by InfoBytes here), provide guidance for financial institutions and examiners regarding CRA consideration for activities taken in response to the pandemic. Highlights of the five new FAQs include:
- Banks cannot receive CRA service test consideration for Paycheck Protection Program (PPP)-related activities; however, the agencies recognize that because the PPP loan program responds to community credit needs, PPP activities will be considered under the CRA lending test when evaluating flexible or innovative lending programs offered by a bank.
- Banks should not report PPP loans that have been rescinded or returned under the SBA’s safe harbor on their CRA loan register. Moreover, examiners will not consider these loans in their CRA evaluations of banks during the applicable time period.
- PPP loans over $1 million in low- or moderate-income geographies or in distressed or underserved nonmetropolitan middle-income geographies “will be considered an eligible community development activity.”
- As noted in a joint statement released by the agencies last year (covered by InfoBytes here), favorable CRA consideration will be given to banks providing retail banking services and retail lending activities that respond to the needs of affected low- and moderate-income (LMI) individuals, small businesses, and small farms consistent with safe and sound banking practices. These activities may include waiving ATM fees, overdraft fees, and early withdrawal penalties on certificates of deposit (CDs), or allowing LMI consumers to make draws from a HELOC during the repayment period. The agencies note that allowing LMI consumers “to make a withdrawal from an IRA as allowed under the CARES Act, or to draw on a HELOC during the draw period are routine banking services and, as such, are not eligible for CRA consideration.”
- The agencies will consider community development services provided virtually by bank representatives on an individual level based on the event and the benefitted assessment area.
Fed extends PPP Liquidity Facility through June 30
On March 8, the Federal Reserve Board announced the extension of the Paycheck Protection Program Liquidity Facility (PPPLF) through June 30. The PPPLF was rolled out last year to provide liquidity to banks making loans to small businesses pursuant to the Small Business Administration’s Paycheck Protection Program at the start of the Covid-19 pandemic (covered by InfoBytes here). The Board noted, however, that the remaining Covid-19 lending facilities—the Commercial Paper Funding Facility, the Money Market Mutual Fund Liquidity Facility, and the Primary Dealer Credit Facility—will terminate March 31 as planned.
Illinois reissues and extends several Covid-19 executive orders
On March 5, Illinois Governor JB Pritzker issued Executive Order 2021-05, which extends several executive orders through April 3, 2021 (previously covered here, here, here, here, here, and here). Among other things, the order extends: (i) Executive Order 2020-07 regarding in-person meeting requirements, (ii) Executive Order 2020-23 regarding actions by individuals licensed by the Illinois Department of Financial and Professional Regulation engaged in disaster response, (iii) Executive Order 2020-25 regarding garnishment and wage deductions (previously covered here), (iv) Executive Order 2020-30 regarding residential evictions (previously covered here), and (v) Executive Order 2020-72 regarding the residential eviction moratorium (previously covered here and here).
NYDFS, mortgage lender reach $1.5 million cyber breach settlement
On March 3, NYDFS announced a settlement with a mortgage lender to resolve allegations that the lender violated the state’s cybersecurity regulation (23 NYCRR Part 500) by failing to report it was the subject of a cyber breach in 2019. Under Part 500.17, regulated entities are required to provide timely notice to NYDFS when a cybersecurity event involves harm to customers (see FAQs here). A July 2020 examination revealed that the cyber breach involved unauthorized access to an employee’s email account, which could have provided access to personal data, including social security and bank account numbers. NYDFS also claimed that the lender allegedly failed to implement a comprehensive cybersecurity risk assessment as required by 23 NYCRR Part 500. Under the terms of the consent order, the lender will pay a $1.5 million civil monetary penalty, and will make further improvements to strengthen its existing cybersecurity program to ensure compliance with 23 NYCRR Part 500. NYDFS acknowledged that the mortgage lender had controls in place at the time of the cyber incident and implemented additional controls since the incident. NYDFS also acknowledged the mortgage lender’s “commendable” cooperation throughout the examination and investigation and stated that the lender had demonstrated its commitment to remediation.
SBA allows self-employed filers to use gross income to calculate PPP loan amounts
On March 4, the Small Business Administration (SBA) issued an interim final rule (IFR) to implement recent changes to the Paycheck Protection Program (PPP) calculation for IRS Form 1040, Schedule C filers. Self-employed individuals who file Schedule C will now be able to calculate their maximum loan amount using gross income. This calculation change only applies to loans approved after March 4, 2021, and borrowers that have already had their loans approved cannot increase their PPP loan amount based on the new maximum loan formula. SBA also notes that a previously provided safe harbor presumption of making “the statutorily required certification concerning the necessity of the loan request in good faith” will not apply to Schedule C filers that elect to calculate their First Draw PPP loan using gross income if they report more than $150,000 in gross income. These borrowers will be subject to additional SBA review as they will most likely have additional sources of liquidity to support business operations. The IFR further removes eligibility restrictions that prohibit businesses owned at least 20 percent by individuals (i) who have a non-financial fraud felony conviction in the last year, or (ii) who are delinquent or in default on their federal student loans. These changes apply to both First Draw and Second Draw PPP loans.
To assist borrowers, SBA released the following revised forms: First Draw application form and Schedule C gross income form, Second Draw application form and Schedule C gross income form, and lender applications for First Draw and Second Draw loans. The IFR takes effect March 4.
CFPB sues payment processor for fraudulent practices
On March 3, the CFPB filed a complaint against an Illinois-based third-party payment processor and its founder and former CEO (collectively, “defendants”) for allegedly engaging in unfair practices in violation of the CFPA and deceptive telemarketing practices in violation of the Telemarketing Sales Rule. According to the complaint, the defendants knowingly processed remotely created check (RCC) payments totaling millions of dollars for over 100 merchant-clients claiming to offer technical-support services and products, but that actually deceived consumers—mostly older Americans—into purchasing expensive and unnecessary antivirus software or services. The tech-support clients allegedly used telemarketing to sell their products and services and received payment through RCCs, the Bureau stated, noting that the defendants continued to process the clients’ RCC payments despite being “aware of nearly a thousand consumer complaints” about the tech-support clients. According to the Bureau, roughly 25 percent of the complaints specifically alleged that the transactions were fraudulent or unauthorized. The Bureau noted that the defendants also responded to inquiries from police departments across the country concerning consumer complaints about being defrauded by the defendants. Further, the Bureau cited high return rates experienced by the tech-support clients, including an average unauthorized return rate of 14 percent—a “subset of the overall return rate where the reason for the return provided by the consumer is that the transaction was unauthorized.” The Bureau is seeking an injunction, as well as damages, redress, disgorgement, and civil money penalties.
CFPB appeals ruling vacating mandatory disclosures and 30-day credit linking restriction in Prepaid Accounts Rule
On March 1, the CFPB filed a notice to appeal a December 2020 ruling, in which the U.S. District Court for the District of D.C. vacated two provisions of the Bureau’s Prepaid Account Rule: (i) the short-form disclosure requirement “to the extent it provides mandatory disclosure clauses”; and (ii) the 30-day credit linking restriction. As previously covered by InfoBytes, the court concluded that the Bureau acted outside of its statutory authority by promulgating a short-form disclosure requirement (to the extent it provided for mandatory disclosure clauses). The court noted that it could not “presume—as the Bureau does—that Congress delegated power to the Bureau to issue mandatory disclosure clauses just because Congress did not specifically prohibit them from doing so.” The court further determined that the Bureau also read too much into its general rulemaking authority when it promulgated a mandatory 30-day credit linking restriction under 12 CFR section 1026.61(c)(1)(iii) that limited consumers’ ability to link certain credit cards to their prepaid accounts. The court first determined that neither TILA nor Dodd-Frank vest the Bureau with the authority to promulgate substantive regulations on when consumers can access and use credit linked to prepaid accounts. Second, the court deemed the regulatory provision to be a “substantive regulation banning a consumer’s access to and use of credit” under the disguise of a disclosure, and thus invalid.
Court grants interlocutory appeal in CFPB student loan servicing action
On February 26, the U.S. District Court for the Middle District of Pennsylvania granted a student loan servicer’s request for interlocutory appeal as to whether questions concerning the CFPB’s constitutionality stopped the clock on claims that it allegedly misled borrowers. The court’s order pauses a 2017 lawsuit in which the Bureau claimed the servicer violated the CFPA, FCRA, and FDCPA by allegedly creating obstacles for borrower repayment options (covered by InfoBytes here), and grants the servicer’s request to certify a January 13 ruling. As previously covered by InfoBytes, the servicer argued that the Supreme Court’s finding in Seila Law LLC v. CFPB (covered by a Buckley Special Alert—which held that that the director’s for-cause removal provision was unconstitutional but was severable from the statute establishing the CFPB)—meant that the Bureau “never had constitutional authority to bring this action and that the filing of [the] lawsuit was unauthorized and unlawful.” The servicer also claimed that the statute of limitations governing the CFPB’s claims prior to the decision in Seila had expired, arguing that Director Kathy Kraninger’s July 2020 ratification came too late. The court disagreed, ruling, among other things, that “[n]othing in Seila indicates that the Supreme Court intended that its holding should result in a finding that this lawsuit is void ab initio.”
The court’s order sends the ruling to the 3rd Circuit to review “[w]hether an act of ratification, performed after the statute of limitations has expired, is subject to equitable tolling, so as to permit the valid ratification of the original action which was filed within the statute of limitations but which was filed at a time when the structure of the federal agency was unconstitutional and where the legal determination of the presence of the structural defect came after the expiration of the statute of limitations.” Specifically, the court explained that this particular “question does not appear to have been addressed by any court in the United States. . . .Not only is there a lack of conflicting precedent, there is no supporting precedent; indeed, no party has identified any comparable precedent.” Further, “[i]f this court erred in applying the doctrine of equitable tolling, it would almost certainly lead to a reversal on appeal and dismissal of this action,” the court noted.
OFAC sanctions Russian officials
On March 2, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions pursuant to Executive Order (E.O.) 13661 against seven Russian government officials in connection with the “poisoning and subsequent imprisonment of [a] Russian opposition figure.” One of the designated individuals is also being sanctioned pursuant to E.O. 13382 “for acting or purporting to act for or on behalf of, directly or indirectly, the Federal Security Service.” In conjunction with OFAC’s sanctions, the Department of State also designated several entities and persons pursuant to E.O. 13882 for “having engaged, or attempted to engage, in activities or transactions that have materially contributed to, or pose a risk of materially contributing to, the proliferation of weapons of mass destruction or their means of delivery” by Russia. As a result of the sanctions, all of the property and interests in property of the designated persons that are in the United States or in the possession or control of U.S. persons, as well as any entities that are owned 50 percent or more by the designated persons, are blocked and must be reported to OFAC. Additionally, OFAC regulations generally prohibit U.S. persons from participating in transactions with the designated persons unless exempt or otherwise authorized by an OFAC general or specific license. OFAC further warned that “any foreign person who knowingly facilitates a significant transaction or transactions for or on behalf of one of these persons risks being sanctioned.”