InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
SEC files charges in brokerage hacking case
On August 15, the SEC filed a complaint against 18 individuals and entities (collectively, “defendants”) in the U.S. District Court for the Northern District of Georgia for allegedly engaging in a fraudulent scheme in which online retail brokerage accounts were hacked and improperly used to purchase microcap stocks. According to the SEC, the defendants collectively acquired substantial shares of the common stock of two public microcap companies. After obtaining the shares, some defendants conspired with other unknown parties to subject various retail brokerage accounts, held by third-party investors, to online account takeover attacks. The hacked accounts then were forced to make large purchases of the companies’ common stock, thereby artificially inflating the trading price and volume of the stocks. The defendants then sold the shares they had acquired at the inflated prices, generating approximately $1.3 million in proceeds and creating substantial profits for the defendants. The complaint also noted that throughout the scheme, some defendants repeatedly took steps to conceal their beneficial ownership of the company’s shares by, among other things, failing to file with the Commission certain beneficial ownership reports required by law. The SEC’s complaint alleges violations of anti-fraud and beneficial ownership reporting provisions of the federal securities laws, specifically, the Securities Act of 1933 and the Securities Exchange Act of 1934. The complaint seeks a permanent injunction against the defendants, disgorgement of ill-gotten gains, plus interest, penalties, bars, and other equitable relief. According to the SEC Director of Division of Enforcement, the case “illustrates the critical importance of cybersecurity and of our ongoing efforts to protect retail investors from cyber fraud.”
CFTC alleges crypto promoter’s digital asset trading scheme violates CEA
On August 12, the CFTC filed charges against an individual and his two Ohio-based cryptocurrency promotion companies for allegedly violating the Commodity Exchange Act and Commission regulations by soliciting more than $1 million in a digital asset trading scheme. The complaint alleged that the defendants made false and misleading statements in their solicitations to customers, including profit guarantees and claims concerning the individual defendant’s supposed success as a digital asset trader. According to the complaint, customers were guaranteed that they would not lose their initial investment and would be able to withdraw their initial investment and alleged profits at any time; however, defendants allegedly refused to allow existing customers to withdraw these funds, stopped communicating with customers, and manufactured excuses as to why funds were not returned. The complaint also contended, among other things, that the defendants omitted material facts, including that the defendants “misappropriated customer funds to pay purported profits to other customers in a manner akin to a Ponzi scheme,” misappropriated customer funds to pay for the individual defendant’s lifestyle, and commingled customer funds with personal bank and digital asset trading accounts. The CFTC seeks: (i) restitution for defrauded investors; (ii) disgorgement; (iii) civil monetary penalties; (iv) permanent registration and trading bans; and (v) a permanent injunction from future violations.
District Court awards injunctive relief to FTC in deceptive advertising case
On August 9, the U.S. District Court for the Northern District of Georgia ruled that the FTC provided “broad and detailed” evidence of alleged deceptive advertising and unfair fee practices in its $550 million case against a technology company and its CEO (collectively, “defendants”). As previously covered by InfoBytes, the FTC filed a suit in 2019, alleging the defendants made deceptive representations to customers and charged hidden, unauthorized fees in connection with the company’s “fuel card” products in violation of Section 5 of the FTC Act. In 2019, when the agency filed its lawsuit, legal precedent held that the FTC could obtain restitution for consumers directly through such civil proceedings in federal court. However, in April of 2021, the Supreme Court held in AMG Capital Management, LLC v. FTC that the FTC does not have statutory authority to obtain equitable monetary relief under Section 13(b) of the FTC Act. (Covered by InfoBytes here.) Following that decision, the FTC filed a motion to stay or voluntarily dismiss in an attempt to preserve the possibility of obtaining monetary relief for injured consumers in federal court while pursuing claims against the defendants through the agency’s administrative process, but the district court denied the motion, concluding that the “balance of equities does not weigh in favor of a stay or dismissal without prejudice.”
In its most recent order, the district court ruled that the FTC provided compelling and overwhelming evidence, including advertisements, internal marketing studies, and a “plethora of customer complaints” that showed the defendants are liable for multiple violations of the FTC Act. Among other things, the court noted that the evidence showed that the defendants knew that many customers were unaware of certain fees when they signed up for the fuel cards and that the defendants’ terms and conditions governing the fees were “inscrutable” and confusing. However, the district court partially granted defendants’ request for summary judgment on monetary relief, ruling that in light of the Supreme Court’s decision in AMG Capital Management, the FTC cannot obtain a monetary award for the violations until the agency exhausts its administrative litigation process. A hearing will be held to determine the nature of the required injunctive relief.
FTC probes cryptocurrency exchange operators
On August 9, the FTC issued an order denying a petition to quash a civil investigative demand (CID) against the operators of a cryptocurrency exchange regarding allegations of a December 2021 data breach. According to the order, the FTC “is investigating potential law violations arising out of [the company’s] operation and marketing of [the company], and whether Commission action to obtain monetary relief would be in the public interest.” The agency issued a virtually identical CID to the company on May 11 seeking details on what the company disclosed to consumers regarding the security of their crypto assets and how they have handled customer complaints. The FTC noted that investigation includes inquiries regarding the company’s “representations concerning its advertised exchange services; allegations that consumers have been denied access to their accounts; and concerns about the security of customer accounts especially in light of a publicly reported 2021 security breach that resulted in consumer loss of more than $200 million in cryptocurrency.” Among other things, the FTC is seeking to determine if the business practices of the operation in marketing and operating the company “constituted ‘unfair [or] deceptive . . . acts or practices . . . relating to the marketing of goods and services,’ or ‘[m]anipulative [c]onduct,’ ‘on the Internet’ (Resolution No. 2123125); constituted “deceptive or unfair acts or practices related to consumer privacy and/or data security’ in violation of Section 5 of the FTC Act (Resolution No. 1823036); or violated the GLB Act, its implementing rules, or Section 5 regarding ‘the privacy or security of consumer [financial] information.”
SEC issues more than $16 million in whistleblower awards
On August 9, the SEC announced whistleblower awards totaling more than $16 million to two whistleblowers for providing information and assistance in a successful SEC enforcement action. According to the redacted order, the SEC awarded approximately $13 million to one of the whistleblowers for prompting the opening of the investigation and providing critical information, including information on “difficult to detect” violations. The whistleblower also identified key witnesses and helped staff “understand complex fact patterns and issues related to the matters under investigation.” The second whistleblower received a more than $3 million award for submitting important new information during the course of the investigation, which provided the staff a more complete picture. The SEC attributed the lower award amount to the fact that the second whistleblower delayed reporting the wrongdoing for several years, whereas the first whistleblower “persistently alerted the Commission to the ongoing abusive practices for a number of years before the investigation was opened.”
The SEC has awarded more than $1.3 billion to 281 individuals since issuing its first whistleblower award in 2012.
CFPB fines fintech for algorithm-induced overdraft charges
On August 10, the CFPB announced a consent order against a California-based fintech company for allegedly using an algorithm that caused consumers to be charged overdrafts on their checking accounts when using the company’s personal finance-management app. According to the Bureau, the app promotes automated savings with a proprietary algorithm, which analyzes consumers’ checking-account data to determine when and how much to save for each consumer. The app then automatically transfers funds from consumers’ checking accounts to accounts held in the company’s name. The Bureau asserted, however, that the company engaged in deceptive acts or practices in violation of the CFPA by (i) causing consumers’ checking accounts to incur overdraft charges from their banks even though it guaranteed no overdrafts and represented that its app never transferred more than a consumer could afford; (ii) representing that it would reimburse overdraft charges (the Bureau claims the company has received nearly 70,000 overdraft-reimbursement requests since 2017); and (iii) keeping interest that should have gone to consumers even though it told consumers it would not keep any interest earned on consumer funds. Under the terms of the consent order, the company is required to provide consumer redress for overdraft charges that it previously denied and must pay a $2.7 million civil penalty.
SEC orders cryptocurrency company to register tokens as securities or pay more than $30 million fine
On August 9, the SEC issued a cease and desist order to a cryptocurrency company accused of allegedly holding an unregistered securities offering. The company raised approximately $30.9 million by selling cryptocurrency tokens to investors through an initial coin offering from November 2017 to January 2018. The SEC asserted, however, that the tokens were offered and sold as investment contracts (and therefore should be considered securities), and that the company’s offering constituted an unregistered securities offering. “A purchaser in the offering of [the tokens] would have had a reasonable expectation of obtaining a future profit based upon [the company’s] efforts in using the proceeds from the offering to create an online identity attestation system that would increase the token’s value on crypto asset trading platforms,” the SEC said in the order, which alleged violations of Sections 5(a) and 5(c) of the Securities Act. While at the time of the offering the company required certain purchasers to agree that they were buying the tokens for “utility” rather than an investment, the SEC argued that the company’s marketing promotions and statements made by early purchasers indicated that purchasers “had a reasonable expectation of profit.” Under the terms of the order, the company agreed to register its tokens with the SEC and notify purchasers in its offering that they may be able to claim a refund on their token purchases. The company also agreed to pay a $300,000 civil penalty. If the company fails to take these actions it faces a $30.9 million fine, minus the amount already paid to the SEC or to token purchasers, the order stated. The SEC noted that the company has already voluntarily taken steps to prepare for registration.
FTC charges healthcare company with fraud
On August 8, the FTC announced it has taken action against a healthcare company, two subsidiaries, and the former CEO and former vice president of sales (collectively, “defendants”) for allegedly misleading consumers about their health insurance plans and using deceptive lead generation websites. According to the complaint, the defendants, along with their third-party partners, allegedly engaged in deceptive sales practices in violation of the FTC Act, the Telemarketing Sales Rule, and the Restore Online Shoppers Confidence Act (ROSCA). These practices included allegedly (i) lying to consumers about the nature of their healthcare plans; (ii) bundling and charging junk fees for unwanted products that were typically not clearly disclosed (consumers were often charged for these additional products after they cancelled their core healthcare plans); and (iii) making it difficult for consumers to cancel their plans. The FTC further alleged that the company (which sells association memberships and other healthcare-related products to consumers, often through telemarketing companies and lead generators), as well as the former CEO and former vice president of sales, were aware of the agents’ misconduct but allegedly “took steps to disguise and further the deception” instead of stopping the deceptive practices.
The FTC stated that the company and two of its subsidiaries have agreed to a proposed court order, which requires the payment of $100 million in consumer redress. The proposed order also requires the company to contact current customers and allow them to cancel their enrollment. The company is also required to send refunds to consumers who cancel right after their order is entered. Additionally, the proposed order prohibits the company from misleading consumers about their products, requires the disclosure of total costs and limitations prior to purchase, and requires consumers to provide express informed consent before they are billed. The company must also provide a simple and easy-to-use cancellation method and closely monitor other companies that sell its products.
The FTC also filed separate proposed court orders against the individual defendants (see here and here), which impose similar prohibitions and permanently bans them from playing any role in the sale or marketing of any healthcare-related product or service. The proposed orders also prohibit the former CEO from engaging in deceptive or abusive telemarketing practices, and bans the former vice president of sales from participating in any telemarketing whatsoever in the future.
DOJ resolves SCRA violations with landlords
On August 8, the DOJ announced a settlement with two landlords resolving allegations that they violated the Servicemembers Civil Relief Act (SCRA) by obtaining unlawful court judgments against military tenants. The DOJ explained that, under the SCRA, if a landlord files a civil lawsuit against a tenant and the tenant does not appear in court, the landlord must file an affidavit with the court stating whether the tenant is in the military before seeking a judgment. The DOJ further noted that if the affidavit states that the tenant is in military service, the court cannot enter judgment until an attorney is appointed to represent the servicemember. The court must also postpone the case for at least 90 days. According to the DOJ’s complaint, which was filed in the U.S. District Court for the Eastern District of Virginia, the property owners allegedly filed false affidavits stating that the servicemembers were “not in military service” and failed to file affidavits of military service, as required by the SCRA, prior to obtaining default judgments against numerous servicemembers. The DOJ further alleged that the property owners had information in their files that would have allowed them to easily verify their tenants’ military status.
The consent decree requires the property owners to pay $162,971 to affected servicemembers and a $62,029 civil penalty to the U.S. The order also requires the property owners to, among other things, vacate the eviction judgments, repair the servicemembers’ credit, and provide SCRA training to their employees. The property owners must also reimburse affected servicemembers for any amounts collected pursuant to an unlawful judgment.
Minnesota fines debt collector for violating earlier consent order
Recently, the Minnesota Department of Commerce issued a consent order assessing $20,000 in fines to a debt collector accused of violating a 2020 consent order. The state previously entered into a consent order with the debt collector, in which it agreed to cease and desist from violating the FDCPA and state law after it was found to have, among other things, commingled funds and allowed agents to work from unlicensed branch locations. The state later found that the debt collector allegedly continued to violate state and federal law by collecting on payday loans from unlicensed lenders and failing to provide meaningful disclosures on telephone calls or register several of its agents as debt collectors in the state. As a result, the state ordered the debt collector to pay the stayed portion of the 2020 fine ($19,000), as well as a $25,000 civil penalty of which $24,000 is stayed. If the stay has not been lifted by December 31, 2025, the remaining portion of the civil penalty will be vacated provided the debt collector does not commit any further violations.