Skip to main content
Menu Icon Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations
Section Content

Upcoming Events

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • Consumer advocates testify before Senate Commerce Committee on need for federal consumer data privacy legislation

    Privacy, Cyber Risk & Data Security

    On October 10, the Senate Committee on Commerce, Science, and Transportation held the second in a series of hearings on the subject of consumer data privacy safeguards. The hearing entitled “Consumer Data Privacy: Examining Lessons From the European Union’s General Data Protection Regulation and the California Consumer Privacy Act” heard from consumer privacy advocates on lessons from the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) of 2018, and what types of consumer protections should be considered in future federal legislation. Committee Chairman, Senator John Thune, opened the hearing by emphasizing the importance of promoting privacy without stifling innovation. Senator Thune stated that, while understanding the experience of technology and telecommunications companies in this space is important, any new federal privacy law must also incorporate views from affected industry stakeholders and consumer advocates.

    The consumer privacy advocate witnesses agreed there is a need for heightened consumer protections and rights, and that the time is ripe to have a debate on what a consumer data privacy law at the federal level would look like and how it would work with state level laws. However, witnesses cautioned that federal legislation should create a floor and not a ceiling for privacy that will not prevent states from passing their own privacy laws. One of the witnesses who led the effort behind the California ballot initiative that resulted in the CCPA emphasized that federal legislation should contain a robust enforcement mechanism, while a witness from the Center for Democracy & Technology said that (i) lawmakers should give the FTC the ability to fine companies that violate consumers’ privacy and provide the agency with more resources; and (ii) a federal law should cover entities of all sizes and clarify what secondary and third-party uses of data are permissible.

    Among other things, the hearing also discussed topics addressing: (i) GDPR open investigations; (ii) support for state Attorney General enforcement rights; (iii) privacy protections for children, including the strengths and weaknesses of the Children’s Online Privacy Protection Act, particularly with respect to children ages 13 and older; and (iv) consumers’ rights to control their personal data.

    Privacy/Cyber Risk & Data Security Data Breach U.S. Senate GDPR State Attorney General State Legislation Enforcement

    Share page with AddThis
  • CFPB announces settlement with companies that allegedly delayed transfer of consumer payments to debt buyers

    Consumer Finance

    On October 4, the CFPB announced a settlement with a group of Minnesota-based companies that allegedly violated the Consumer Financial Protection Act when consumers made payments on debts that the companies had already sold to third parties, and the companies improperly delayed the forwarding of some of those payments to debt buyers. According to the consent order, the companies—whose practices include the purchasing, servicing, collection, and furnishing consumer-report information on consumer loans—partnered with third-party banks to sell merchandise on closed-end or open-end revolving credit. Within a few days, banks originated the loans and sold the receivables to the companies. The companies subsequently serviced the debts and sold the receivables to a third party. For defaulted accounts, the companies charged off the accounts and sold them to third-party debt buyers. According to the Bureau, the companies allegedly failed to notify consumers when their accounts were sold, failed to inform them who now owned the debt, and continued to accept direct pays from consumers. The Bureau contends that between 2013 and 2016, the companies delayed forwarding direct pays for more than 31 days in 18,000 instances, and in 3,500 of those instances, the companies did not forward the payments for more than a year. Moreover, the Bureau asserts that these delays led to misleading collection efforts, including collection activity on accounts consumers had completely paid off. The order requires the companies to pay a civil money penalty of $200,000, and improve their policies and procedures to prevent further violations.

    Consumer Finance CFPB Enforcement Third-Party Debt Buying CFPA Settlement

    Share page with AddThis
  • SEC penalizes investment company $1 million for cyber security failings

    Privacy, Cyber Risk & Data Security

    On September 26, the SEC announced a settlement with an Iowa-based broker-dealer and investment advisement company, which agreed to pay $1 million to resolve allegations that the company violated the Safeguards Rule and the Identity Theft Red Flags Rule arising out of the company’s failure to protect confidential customer information from intrusion. This is the SEC’s first enforcement action charging violations under the Rule. According to the order, intruders were able to access the company’s system by impersonating company contractors, calling the company’s support line, and requesting their passwords be reset. The intruders gained access to the company’s system that contained personally identifiable information for approximately 5,600 customers and obtained unauthorized access to account documents for three customers. The SEC identified weaknesses in the company’s cybersecurity procedures, including failure to terminate the intruders’ access even after the intrusion was flagged and failure to apply its procedures to the systems used by its independent contractors. The order takes into account remedial acts undertaken by the company, including blocking malicious IP addresses and issuing breach notices to affected customers, and requires the company to pay a $1 million penalty and retain an independent consultant to evaluate its compliance with the Safeguards Rule and the Identity Theft Red Flags Rule. The company did not admit nor deny the SEC’s findings.

    Privacy/Cyber Risk & Data Security SEC Enforcement Settlement

    Share page with AddThis
  • FDIC publishes August enforcement actions, fines individual for inaccurate past-due loan reports

    Federal Issues

    On September 28, the FDIC announced a list of administrative enforcement actions taken against banks and individuals in August. Included among the actions is a removal and prohibition and civil money penalty assessment issued against an individual acting as an institution-affiliated party of a New Jersey-based bank for allegedly engaging in unsafe or unsound practices and breaches of fiduciary duty while employed as the bank’s chief lending officer. Among other claims, the respondent allegedly “originated loans and extended the maturity dates on existing loans to borrowers despite their inability to repay the loans, and caused inaccurate past-due reports on the loans to be provided to the Board of Directors of the Bank (Board), thereby preventing the Board from discovering that the borrowers were not making their payments to the Bank on a timely basis.”

    Also on the FDIC’s list of August orders are five Section 19 orders, which allow applicants to participate in the affairs of an insured depository institution after having demonstrated “satisfactory evidence of rehabilitation,” six terminations of consent orders, and three terminations of orders for restitution. The FDIC database containing all August enforcement decisions and orders may be accessed here.

    There are no administrative hearings scheduled for October 2018.

    Federal Issues FDIC Enforcement Consumer Lending

    Share page with AddThis
  • FTC and NYAG settle with debt collectors who falsely threatened consumers

    Federal Issues

    On September 21, the FTC announced settlements with multiple New York debt collection operations and their principals (defendants) for unlawful debt collection practices. The settlements are a result of 2015 joint lawsuits by the FTC and the New York Attorney General, alleging the defendants unlawfully used threats and abusive language, including false threats that consumers would be arrested, to collect more than $45 million in supposed debts (previously covered by InfoBytes here). The settlement orders ban the defendants from the business of debt collection and prohibit the defendants from (i) misrepresenting information related to financial products and services; (ii) disclosing, using, or benefitting from the consumer information obtained through the course of the debt collection activities; and (iii) failing to disclose of such personal information properly. The two orders (located here and here) impose a $22.5 million judgment against one set of defendants, and a judgment of $4.4 million against other defendants. The judgments are suspended as to some of the defendants due to inability to pay.

    Federal Issues FTC Debt Collection Enforcement Settlement State Attorney General State Issues

    Share page with AddThis
  • SEC awards whistleblower $1.5 million after reducing amount for reporting delay

    Securities

    On September 14, the Securities and Exchange Commission (Commission) announced a whistleblower award likely to yield the whistleblower more than $1.5 million for volunteering information that led to a successful enforcement action. In its order, the Commission notes that it “severely reduced the award here after considering the award criteria identified in Rule 21F-6 of the Exchange Act.” Specifically, the Commission alleges the whistleblower was culpable and “unreasonably delayed” reporting the information for over a year after the occurrence of the underlying facts, only doing so after learning a Commission investigation was ongoing and receiving a “significant and direct financial benefit.”

    The SEC’s whistleblower program has awarded approximately $322 million to 58 individuals since issuing its first award in 2012.

    Securities SEC Whistleblower Enforcement

    Share page with AddThis
  • SEC confirms staff statements create no enforceable legal obligations

    Agency Rule-Making & Guidance

    On September 13, Securities and Exchange Commission (Commission) Chairman, Jay Clayton, issued a statement confirming that staff communications, in the form of written statements, compliance guides, letters, speeches, responses to frequently asked questions, and responses to specific requests for assistance, are “nonbinding and create no enforceable legal rights or obligations of the Commission or other parties.” Clayton’s statement echoes a similar position taken in a joint statement by five federal agencies regarding supervisory guidance, released two days earlier (previously covered by InfoBytes here). Clayton emphasized that only Commission adopted rules and regulations have the force and effect of law and encouraged public engagement on staff statements in order to assist the Commission in developing future rules and regulations.

    Agency Rule-Making & Guidance SEC Supervision Enforcement Securities

    Share page with AddThis
  • Agencies say supervisory guidance does not have the “force and effect” of law

    Agency Rule-Making & Guidance

    On September 11, five federal agencies (the Federal Reserve Board, CFPB, FDIC, NCUA, and OCC) issued a joint statement confirming that supervisory guidance “does not have the force and effect of law, and [that] the agencies do not take enforcement actions based on supervisory guidance.” The statement distinguishes the various types of supervisory guidance—interagency statements, advisories, bulletins, policy statements, questions and answers, and frequently asked questions—from laws or regulations and emphasizes that the intention of supervisory guidance is to outline agencies’ expectations or priorities. The statement highlights five policies and practices related to supervisory guidance: (i) limit the use of numerical thresholds or other “bright-line” requirements; (ii) examiners will not cite to “violations” of supervisory guidance; (iii) request for public comment does not mean the guidance has the force and effect of law; (iv) limit multiple issuances of guidance on the same topic; and (v) continue to emphasize the role of supervisory guidance to examiners and to supervised institutions.

    Agency Rule-Making & Guidance Federal Reserve CFPB FDIC NCUA OCC Supervision Examination Enforcement

    Share page with AddThis
  • FTC settles with debt collection operators for alleged fraudulent collections

    Federal Issues

    On September 7, the FTC announced a series of settlements with the operators of a Georgia-based debt collection business for allegedly violating the FTC Act by making false, or misleading claims and threats during debt collection. As previously covered by InfoBytes, in November 2017, the FTC filed a complaint alleging that the defendants threatened legal action, garnishment, and imprisonment if purported debts were not paid, and in other instances, attempted to collect debts after consumers provided proof that the debt was paid off. Each settlement order (available here, here, and here) imposes a $3.4 million penalty against the defendants, which, after surrendering certain assets, will be partially suspended due to the inability to pay. The settlement orders ban the defendants from the business of debt collection, and prohibit the defendants from (i) misrepresenting information related to financial products and services, and (ii) disclosing, using, or benefitting from the consumer information obtained through the course of the debt collection activities.

    Federal Issues FTC Consumer Finance Debt Collection Enforcement FTC Act

    Share page with AddThis
  • Federal Reserve Board issues flood insurance enforcement action against New York bank

    Federal Issues

    On August 28, the Federal Reserve Board (Board) announced an enforcement action against a New York state bank for allegedly violating the National Flood Insurance Act (NFIA). The consent order assesses a $16,000 penalty against the bank, but does not specify the number or nature of the alleged violations.  The maximum civil money penalty under that NFIA is $2,000 per violation. 

    Federal Issues Federal Reserve Enforcement Flood Insurance National Flood Insurance Act

    Share page with AddThis

Pages