Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • California modifying CCPA regs again

    State Issues

    On October 12, the California Department of Justice released a third set of proposed modifications to the regulations implementing the California Consumer Privacy Act (CCPA). As previously covered by InfoBytes, on August 14, the regulations went into effect after being approved by the Office of Administrative Law (OAL). Highlights of the proposed modifications include:

    • The addition of Section 999.306, subd. (b)(3), which provides illustrative examples of the methods businesses can use to provide the notice of right to opt-out of the sale of personal information through an offline method, when the business collects personal information in the course of interacting with consumers offline. Examples include: posting signage in the area where personal information is collected or providing the notice orally during calls where information is collected;
    • The addition of Section 999.315, subd. (h), which provides illustrative examples of right to opt-out methods that are designed with the purpose or have the substantial effect of subverting or impairing a consumer’s choice to opt-out. Examples include: using double negatives or requiring consumers to click through a list of reasons why they should not opt-out before confirming their request;
    • Amending Section 999.326, subd. (a), which clarifies what proof a business may require from an authorized agent and consumer when a consumer uses an agent to submit a request to know or a request to delete; and
    • Amending Section 999.332, subd. (a), which clarifies that businesses subject to § 999.330 (consumers under 13 years of age) and/or § 999.331 (consumers 13 to 15 years of age) must include a description of the processes set forth in those section in its privacy policy for consumers under 16 years of age.

    Comments on the proposed modifications are due on October 28 by 5:00 p.m.

    State Issues Privacy/Cyber Risk & Data Security CCPA State Attorney General Consumer Protection

  • Financial Stability Board outlines global stablecoin recommendations

    Federal Issues

    On October 13, the Financial Stability Board (FSB) published a report providing high-level recommendations for the regulation, supervision, and oversight of “global stablecoin” (GSC) arrangements. FSB defines “stablecoins” as a “specific category of crypto-assets which have the potential to enhance the efficiency of the provision of financial services, but may also generate risks to financial stability, particularly if they are adopted at a significant scale.” GSCs are those with multi-jurisdictional reach that “could become systemically important in and across one or many jurisdictions, including as a means of making payments.” The report, Regulation, Supervision, and Oversight of “Global Stablecoin” Arrangements, follows an analysis of financial stability risks raised by GSCs as well as a survey of FSB and non-FSB members’ approaches to stablecoins. Prior to issuing the report, FSB also conducted several outreach meetings with representatives from regulated financial institutions, fintech firms, academia, and the legal field. The October report, which takes into account public feedback received earlier in the year, outlines 10 high-level recommendations that “call for regulation, supervision and oversight that is proportionate to the risks, and stress the value of flexible, efficient, inclusive, and multi-sectoral cross-border cooperation, coordination, and information sharing arrangements among authorities that take into account the evolving nature of GSC arrangements and the risks they may pose over time.” However, the report stresses that because these recommendations primarily address financial stability risks, issues such as anti-money laundering/combating the financing of terrorism, data privacy, cyber security consumer and investor protection, and competition are not covered. These issues, which may present consequences for financial stability if not properly addressed, should be incorporated as part of a comprehensive supervisory, regulatory, and oversight framework, the report states.

    Among other things, the report also provides regulatory authorities a guide “of relevant international standards and potential tools to address vulnerabilities arising from GSC activities,” and outlines a timeline of actions that will build a roadmap to ensure “any relevant international standard-setting work is completed.”

    Federal Issues Digital Assets Financial Stability Board Of Interest to Non-US Persons Stablecoins

  • CFPB settles with auto servicer over deceptive practices

    Federal Issues

    On October 13, the CFPB announced a settlement with the Texas-based auto-financing subsidiary of a Japanese automobile manufacturer to resolve allegations that the servicer violated the Consumer Financial Protection Act by engaging in illegal repossession and collection practices. The CFPB alleged that the servicer engaged in unfair and deceptive practices by (i) wrongfully repossessing vehicles even though customers made payments to decrease their delinquency to less than 60 days past due or kept a promise to pay; (ii) limiting the ability of borrowers who pay over the phone to select payment options with significantly lower fees; (iii) making false statements in loan extension agreements, which “created the net impression that consumers could not file for bankruptcy”; and (iv) knowing its repossession agents were charging customers upfront storage fees before returning personal property left inside repossessed cars.

    Under the terms of the consent order, the servicer must pay a $4 million civil money penalty, as well as up to $1 million in consumer redress. The servicer must also credit any outstanding fees stemming from the repossession and pay consumers redress for each day it wrongfully held their vehicles. The servicer is also ordered to, among other things, (i) cease using language that creates the impression that customers may not file for bankruptcy; (ii) conduct a quarterly review to identify and remediate any future wrongful repossessions; (iii) adopt policies and procedures to correct its repossession practices; (iv) prohibit its repossession agents from charging fees to get personal property returned; and (v) clearly disclose phone payment fees to consumers.

    Federal Issues CFPB Enforcement CFPA UDAAP Deceptive Unfair

  • G7 urges financial services sector to mitigate ransomware attacks

    Federal Issues

    On October 13, the member nations of the G7 issued a joint statement stressing their commitment to working with the financial services sector to address and mitigate ransomware attacks. The statement highlights the recent increase in ransomware attacks over the last few years and notes that the scale, sophistication, and frequency has intensified as attackers “demand payments primarily in virtual assets to facilitate money laundering.” These ransom payments, the G7 warns, “can incentivize further malicious cyber activity; benefit malign actors and fund illicit activities; and present a risk of money laundering, terrorist financing, and proliferation financing, and other illicit financial activity.” The G7 reminds financial institutions that paying ransom is subject to anti-money laundering/combating the financing of terrorism (AML/CFT) laws and regulations, and warns non-financial services companies that providing certain services, such as money transfers, may subject them to the same obligations. The G7 further urges entities to follow international obligations for reporting ransom payments as suspicious activity and to take measures to prevent sanctions evasions. Moreover, the G7 recommends that entities implement standards set by the Financial Action Task Force to reduce criminals’ access to and use of financial services and digital assets, and emphasizes the importance of implementing effective programs to “hold and exchange information about the originators and beneficiaries of virtual asset transfers.” The G7 plans to share information related to ransomware threats, explore opportunities for coordinated targeted financial sanctions, and encourage a global implementation of AML/CFT obligations on virtual assets and virtual asset service providers.

    Federal Issues Ransomware Privacy/Cyber Risk & Data Security Of Interest to Non-US Persons FATF

  • Debt collector settles with CFPB for $15 million

    Federal Issues

    On October 15, the CFPB announced a proposed settlement with the largest U.S. debt collector and debt buyer and its subsidiaries (collectively, “defendants”), resolving allegations that the defendants violated the terms of a 2015 consent order related to their debt collection practices. As previously covered by InfoBytes, the Bureau filed an action against the defendants in September alleging that they collected more than $300 million from consumers by violating the terms of the 2015 consent order—and again violating the FDCPA and CFPA—by, among other things, (i) filing lawsuits without possessing certain original account-level documentation (OALD) or first providing the required disclosures; (ii) failing to provide debtors with OALD within 30 days of the debtor’s request; (iii) filing lawsuits to collect on time-barred debt; and (iv) failing to disclose that debtors may incur international-transaction fees when making payments to foreign countries, which “effectively den[ied] consumers the opportunity to make informed choices of their preferred payment methods.” 

    The stipulated final judgment, if entered by the court, would require the defendants to pay nearly $80,000 in consumer redress and a $15 million civil money penalty. Moreover, among other things, the defendants are subject to a five-year extension of certain conduct provisions of the 2015 consent order and must disclose to consumers the potential for international-transaction fees and that the fees can be avoided by using alternative payment methods.   

    Federal Issues CFPB Settlement Debt Collection Debt Buyer CFPA FDCPA Enforcement

  • Brazilian investment company agrees to pay over $284 million to settle FCPA violations

    Financial Crimes

    On October 14, the DOJ announced it had entered into a plea agreement with a Brazil-based investment company that owns companies primarily involved in the meat and agricultural business, in which the company agreed to pay a criminal penalty of over $256 million related to violations of the FCPA’s anti-bribery provisions. According to the DOJ, between 2005 and 2017, to execute the bribery scheme in Brazil, the company “conspired with others to violate the FCPA by paying bribes to Brazilian government officials in order to ensure that Brazilian state-owned and state-controlled banks would enter into debt and equity financing transactions with [the company and company]-owned entities, as well as to obtain approval for a merger from a Brazilian state-owned and state-controlled pension fund.” Specifically, between 2005 and 2014, the company paid or promised more than $148 million in bribes to high-level Brazilian government officials, in exchange for receiving hundreds of millions of dollars in financing from a Brazilian state-owned and state-controlled bank. In another instance, the company paid more than $4.6 million in bribes to a high-ranking executive of a Brazilian state-controlled pension fund in exchange for the fund’s approval of a significant merger that benefited the company. The company also paid approximately $25 million in bribes to a high-level Brazilian government official in order to obtain hundreds of millions of dollars of financing from a different Brazilian state-owned and state-controlled bank. Company executives also “used New York-based bank accounts to facilitate the bribery scheme and to make corrupt payments, purchased and transferred a Manhattan apartment as a bribe, and met in the United States to discuss and further aspects of the illegal scheme.”

    The announcement noted that the company did not voluntarily disclose the violations but still received partial credit and a 10 percent reduction off the U.S. Sentencing Guidelines fine range for its remediation and cooperation with the DOJ’s investigation. Under the terms of the plea agreement, the company will pay the U.S. approximately $128.2 million of the $256 million criminal penalty. The remaining portion will be offset by $128.2 million in penalties the company will pay pursuant to a resolution with the Brazilian authorities. The company also agreed to continue to cooperate with the DOJ in any ongoing or future criminal investigations, and will enhance its compliance program, and report on the implementation of its enhanced compliance program for a three-year period.

    The SEC simultaneously announced a resolution in a related matter with the company, along with a majority-owned subsidiary and two Brazilian nationals who own the company and the subsidiary. According to the SEC, the Brazilian nationals engaged in a bribery scheme to facilitate the subsidiary’s acquisition of a U.S. food corporation. The SEC charged the two companies and individuals with violations of the books and records and internal accounting provisions of the FCPA. Under the terms of the cease and desist order, the subsidiary must pay approximately $27 million in disgorgement and the two Brazilian nationals are required to each pay civil penalties of $550,000. All parties also agreed to self-report on the status of certain remedial measures for a three-year period.

    Financial Crimes FCPA SEC DOJ Bribery Of Interest to Non-US Persons

  • OFAC sanctions Nicaraguan bank and government officials

    Financial Crimes

    On October 9, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions pursuant to Executive Order 13851 against a Nicaraguan financial institution, as well as two government officials for supporting the Ortega regime, which “continue[s] to undermine Nicaragua’s democracy.” According to OFAC, the financial institution served as a tool for Ortega to “siphon money from [] $2.4 billion in oil trusts and credit portfolios…in order to remain in power and pay a network of patronage.” As a result, all property and interests in property of the sanctioned individuals and entities, and any entities owned 50 percent or more by such persons subject to U.S. jurisdiction, are blocked and must be reported to OFAC. U.S. persons are also generally prohibited from entering into transactions with the sanctioned persons. 

    Financial Crimes OFAC Department of Treasury Sanctions Of Interest to Non-US Persons Nicaragua OFAC Designations

  • OFAC sanctions 18 major Iranian banks

    Financial Crimes

    On October 8, the U.S. Treasury Department announced that the Secretary of the Treasury, in consultation with the Secretary of State, sanctioned 18 major Iranian banks, consistent with E.O. 13902, which identified Iran’s financial sector “as an additional avenue that funds the Iranian government’s malign activities.” E.O. 13902 provides Treasury with the authority to sanction any Iranian financial institution. The sanctioned banks include 16 banks operating in Iran’s financial sector and one bank that is owned or controlled by a sanctioned Iranian bank. In addition, OFAC sanctioned an Iranian military-affiliated bank under Treasury’s counter-proliferation authority pursuant to E.O. 13382. “Today’s action to identify the financial sector and sanction eighteen major Iranian banks reflects our commitment to stop illicit access to U.S. dollars,” Treasury Secretary Steven T. Mnuchin stated. OFAC noted that the sanctions under E.O. 13902 do not affect existing authorizations and exceptions for humanitarian trade (covered by a Buckley Special Alert), “which remain in full force and effect for these seventeen banks.”

    As a result, all property and interests in property of the designated entities that are in the U.S. or in the possession or control of U.S. persons must be blocked and reported to OFAC. U.S. persons are also generally prohibited from engaging in transactions with the designated entities. OFAC is providing a 45-day period for non-U.S. persons to wind down non-humanitarian transactions that may become subject to sanctions as a result of the designations. OFAC further warned that “financial institutions and other persons that engage in certain transactions or activities with the sanctioned entities after a 45-day wind-down period may expose themselves to secondary sanctions or be subject to an enforcement action.”

    Concurrent with the action, OFAC issued General License L, which outlines transactions and activities involving the sanctioned entities “that are authorized, exempt, or otherwise not prohibited under the Iranian Transactions and Sanctions Regulations.” Additional guidance is also provided in recently issued FAQs.

    Financial Crimes OFAC Department of Treasury Of Interest to Non-US Persons Sanctions Iran

  • CSBS and others release ransomware mitigation tool

    State Issues

    On October 13, the Conference of State Bank Supervisors (CSBS), joined by the Bankers Electronic Crimes Task Force and the U.S. Secret Service, released a self-assessment tool to help supervised financial institutions mitigate the risk of ransomware attacks. The tool will also help financial institutions assess how well they are managing risks and identify gaps for increasing security. CSBS developed the tool in conjunction with the U.S. Secret Service and the Bankers Electronic Crimes Task Force as incidents of ransomware have been on the rise and continue to spread.

    State Issues CSBS Ransomware Privacy/Cyber Risk & Data Security

  • Illinois adopts regulations for student loan servicers

    State Issues

    On October 9, the Illinois Department of Financial and Professional Regulation adopted regulations implementing provisions of the Student Loan Servicing Right Act related to licensing fees, operations, and supervision. Among other things, the provisions (i) establish license, examination, and hearing fees, as well as assessment costs; (ii) require servicers to file notice within 10 business days of any application changes; (iii) require servicers to maintain websites and toll-free telephone services for borrowers and cosigners to access information on existing loans; (iv) require servicers to provide borrowers with information on alternative repayment and loan forgiveness options; (v) outline requirements related to the maintenance of account information, payment processing, cosigner payments, and books and records; (vi) provide record retention requirements; and (vii) address the preparation of independent audit reports and examination ratings. The regulations are effective immediately.

    State Issues State Regulators Student Lending Student Loan Servicer Licensing

Pages

Upcoming Events