InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
SEC fines company $50 million over misleading account statements
On July 18, the SEC issued a cease and desist order to a life insurance company for allegedly providing materially misleading account statements to roughly 1.4 million variable annuity investors in violation of the antifraud provisions of the Securities Act of 1933. According to the SEC, since at least 2016, the company misled investors into thinking that their quarterly account statements listed all fees paid during the period. An SEC investigation found, however, that the statements listed only administrative, transaction, and plan operating fees that investors infrequently incurred. The SEC noted that these fees were usually negligible, and only a slight fraction of the overall fees paid by an investor. “When considering how to invest their hard-earned money and save for retirement, it is essential that investors not be misled about the fees they are paying,” Gurbir S. Grewal, Director of the SEC’s Division of Enforcement, said in the announcement. “This case should serve as an important reminder to investment firms to carefully review their statements to ensure fee information is disclosed properly.” Without admitting or denying the allegations, the company agreed to pay a $50 million civil penalty that will be distributed to affected investors. The company will also cease and desist from committing or causing any future violations and will revise the way it presents fee information in its variable annuity account statements.
DOJ reports on cybersecurity and announces seizure of $500,000 from hackers
On July 19, Deputy Attorney General Lisa O. Monaco spoke before the International Conference on Cyber Security (ICCS) 2022 regarding DOJ’s efforts to combat the increase of cyberattacks. Monaco also announced the release of the Comprehensive Cyber Review, which reflects “the need to prioritize prevention, to ensure we are doing all we can to help victims, and above all else – to use all the tools at our disposal, working with partners here and around the globe, across the government and across the private sector.” The report noted that the “failure of certain technology companies” to meet their legal obligations “is a major factor in allowing criminals to escape detection and apprehension.” The report also noted that over the last decade,” companies have “proactively taken independent actions” against cybercriminals without prior coordination with U.S. law enforcement officials. The report argues that “there is no reason that criminal activities in the cyber context should be handled differently than in the real world, where it would almost be unheard of for private companies to observe criminal activity” without informing law enforcement as soon as possible and then working with law enforcement to further identify and disrupt the criminal activity. The report recommends that the Justice Department and U.S. technology companies “develop a voluntary set of principles regarding the proactive and systematic reporting of cybercriminal activities using their platforms.”
Monaco also announced that the FBI and DOJ “disrupted” a North Korean state-sponsored hacking group that targeted U.S. medical facilities and other public health sector organizations. According to the DOJ’s press release, the Department seized $500,000 in cryptocurrency paid as ransom to North Korean hackers who used a ransomware strain to encrypt the files and servers of a medical center in Kansas. After more than a week of being unable to access encrypted servers, the Kansas hospital paid approximately $100,000 in Bitcoin to regain the use of their computers and equipment. Because the Kansas medical center notified the FBI and cooperated with law enforcement, the FBI was able to identify the never-before-seen North Korean ransomware and trace the cryptocurrency to China-based money launderers.
FTC, NLRB sign MOU to protect workers in gig economy
On July 19, the FTC announced that it is joining with the National Labor Relations Board (NLRB) (collectively, “Parties”) in a memorandum of understanding (MOU) intended to protect workers by promoting competitive U.S. labor markets and putting an end to unfair practices that harm workers in the “gig economy” and other labor markets. The MOU provides ways for the Parties to work together to address key issues, such as labor market concentration, one-sided contract terms, and labor developments in the gig economy. According to the MOU, the Parties recognize that ongoing interagency collaboration regarding “issues of common regulatory interest will help to protect workers against unfair methods of competition, unfair or deceptive acts or practices, and unfair labor practices.” The MOU also provides that the Parties will facilitate: (i) “information sharing and cross-agency consultations on an ad hoc basis for official law enforcement purposes, in a manner consistent with and permitted by the laws and regulations that govern the Parties”; (ii) “cross-agency training to educate each Party about the laws and regulations enforced by the other Party”; and (iii) “coordinated outreach and education as appropriate.” According to the FTC, the MOU “is part of a broader FTC initiative to use the agency’s full authority[.]” The announcement also described the FTC’s recent efforts to root out deceptive and unfair acts and practices aimed at workers, “particularly those in the ‘gig economy’ who often don’t enjoy the full protections of traditional employment relationship.”
OFAC settles with bank for alleged Foreign Narcotics Kingpin Sanctions Regulations violations
On July 15, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a $430,500 settlement with a subsidiary of a national bank for allegedly processing transactions in violation of the Foreign Narcotics Kingpin Sanctions Regulations. According to OFAC’s web notice, between May 2018 and July 2018, the bank allegedly processed 214 transactions totaling $155,189, in violation of OFAC’s Kingpin sanctions. Specifically, OFAC noted that the processed transactions were for an account whose supplemental card holder was designated in connection with illegal drug distribution and money laundering.
In arriving at the settlement amount of $430,500, OFAC considered various aggravating factors, including that the bank “is a large and sophisticated financial institution with a global presence,” and “conferred $155,189.42 in economic benefit to an account associated with a [person] who was designated for involvement in illegal drug distribution and money laundering.” OFAC also considered various mitigating factors, including that the bank cooperated with OFAC throughout the investigation, and has undertaken remedial measures intended to minimize the risk of recurrence of similar conduct.
SEC issues multiple whistleblower awards
On July 19, the SEC announced that it awarded whistleblowers nearly $17 million for providing information and assistance in a covered action and related action. According to the redacted order, the whistleblower provided information that caused the SEC to open the investigation that resulted in the covered action. The whistleblower also provided SEC staff with detailed information and documents early in the investigation, and offered ongoing assistance by, among other things, speaking with the SEC staff on several occasions, which led to the successful enforcement of the covered action. Further, because the whistleblower provided original information to staff that contributed to the successful enforcement of the related action, the whistleblower is also entitled to an award based on amounts collected in the related action.
Earlier in the week, the SEC announced whistleblower awards totaling more than $6 million to two whistleblowers for providing information and assistance in two separate covered actions. According to the first redacted order, the SEC awarded approximately $3 million to a whistleblower who was solicited to invest in a product that they believed was being misrepresented. The whistleblower then notified the SEC, which prompted an investigation. According to the second redacted order, the SEC awarded more than $3 million to an individual who provided information that prompted SEC staff to open an investigation, which led to a successful enforcement action. The whistleblower reported their concerns internally, then submitted a detailed tip and met with SEC staff on multiple occasions to provide additional information throughout the investigation.
The SEC has awarded approximately $1.3 billion to 276 individuals since issuing its first award in 2012.
Connecticut fines collection agency $10,000 for violating usury laws
On June 28, the Connecticut Department of Banking issued a consent order against a licensed consumer collection agency for allegedly engaging in numerous violations of state law. These include (i) collecting on loans made by unlicensed lenders affiliated with federally-recognized Native American tribes that violate state usury laws; (ii) commingling operating monies from its business account with funds in its trust accounts; and (iii) engaging in unfair or deceptive acts or practices by advertising financial products and services of unlicensed affiliates in communications with consumers. According to the order, an examination found that the company collected on loans made by unlicensed lenders affiliated with Native American tribes that charged interest rates exceeding state limits, and that the company received payments on small loans that violated other state statutes. The Connecticut Department of Banking noted that, pursuant to a Connecticut Supreme Court decision in Great Plains Lending, LLC v. Department of Banking, consumer collection agencies are prohibited “from collecting on small loans made by unlicensed persons, including lenders affiliated with Native American tribes." Such loans are considered void and unenforceable, the Department said.
While the company neither admitted nor denied any of the allegations, it voluntarily agreed to the imposition of sanctions to obviate the need for formal administrative proceedings. Under the terms of the consent order, the company must pay a $10,000 civil penalty, refund all amounts collected from Connecticut borrowers as payment on small loans made by unlicensed lenders affiliated with federally recognized Native-American tribes, implement appropriate policies and procedures, cease and desist from soliciting financial services products in its collection communications with consumers, and cease and desist from collecting, attempting to collect, and receiving payment on small loans not made in compliance with state law.
CFPB, OCC issue consent orders against national bank
On July 14, the CFPB announced a consent order against a national bank to resolve allegations that the bank engaged in unfair and abusive acts or practices with respect to unemployment insurance benefit recipients who filed notices of error concerning alleged unauthorized electronic fund transfers (EFTs). The CFPB alleged that the bank violated the CFPA by, among other things: (i) determining that “no error had occurred and [by] freezing cardholder accounts based solely on the results of [the bank’s] automated Fraud Filter”; (ii) “retroactively applying its automated Fraud Filter to reverse permanent credits for unemployment insurance benefit prepaid debit cardholders whose notices of error [the bank] had previously investigated and paid”; and (iii) “impeding unemployment insurance benefit prepaid debit cardholders’ efforts to file notices of error and seek liability protection from unauthorized EFTs.” The CFPB also claimed that the bank violated the EFTA and Regulation E by “fail[ing] to conduct reasonable investigations” of cardholders’ notices of error. Under the terms of the Bureau’s consent order, the bank is required to provide redress to harmed consumers, review and reform its unemployment insurance benefit prepaid debit card program, and pay a $100 million civil penalty to the Bureau.
The same day, the OCC announced a consent order and a $125 million civil money penalty against the bank for alleged unsafe or unsound practices related to the same prepaid card program. According to the OCC, the bank, among other things: (i) “fail[ed] to establish effective risk management” over its unemployment card program”; and (ii) “beginning in 2020, denied or delayed many consumers’ access to unemployment benefits when consumers filed or attempted to file [unemployment insurance benefits] unauthorized transaction claims.” The OCC’s civil money penalty and remediation requirement is in addition to the CFPB’s civil money penalty.
FTC testifies on its efforts to combat fraud against servicemembers
On July 13, the FTC announced that it testified before the House Committee on Oversight and Reform Subcommittee on National Security regarding the Commission’s efforts to combat fraud and related threats against servicemembers. The testimony highlighted efforts by the Commission to protect military members, such as: (i) proposing a rule to eliminate “junk fees” and “bait-and-switch” advertising tactics related to the sale, financing, and leasing of motor vehicles by dealers (covered by InfoBytes here); (ii) taking action against a fast-food chain that allegedly targeted veterans with false promises while withholding information required by the FTC’s Franchise Rule; and (iii) providing $1.2 million in refunds and debt cancellation for students who allegedly were deceived by a for-profit medical school. The testimony also discussed other “challenges in protecting consumers from fraud and abuse,” and referenced the U.S. Supreme Court's ruling in AMG Capital Mgmt., LLC v. FTC, which held that the FTC does not have the ability to obtain monetary relief under Section 13(b) of the FTC Act (covered by InfoBytes here). Additionally, the FTC said its education and outreach efforts, including its focus on identity theft, is a “critical part of the agency’s consumer protection and fraud prevention work.”
CFPB sues payday lender over debt collection practices
On July 12, the CFPB filed a complaint against a Texas-based payday lender (defendant) for allegedly engaging in illegal debt-collection practices and allegedly generating $240 million in reborrowing fees from borrowers who were eligible for free repayment plans in violation of the CFPA. As previously covered by InfoBytes, in 2014, the Bureau ordered the defendant to, among other things, pay $10 million for allegedly using false claims and threats to coerce delinquent payday loan borrowers into taking out an additional payday loan to cover their debt. The Bureau stated that after the CFPB’s 2014 enforcement action, the defendant “used different tactics to make consumers re-borrow.” The complaint alleges that the defendant “engaged in unfair, deceptive, and abusive acts or practices by concealing the option of a free repayment plan to consumers who indicated that they could not repay their short term, high-cost loans originated by the defendant.” The Bureau also alleges that the defendant attempted to collect payments by unfairly making unauthorized electronic withdrawals from over 3,000 consumers’ bank accounts. The Bureau seeks permanent injunctive relief, restitution, disgorgement, damages, civil money penalties, and other relief.
Ohio AG, FCC take action against robocall operation
On July 7, the Ohio attorney general filed a complaint against multiple companies for participating in an alleged unwanted car warranty call operation. The complaint, filed in the U.S. District Court for Southern District of Ohio, alleged that the 22 named defendants “participated in an unlawful robocall operation that bombarded American consumers with billions of robocalls.” Specifically, the complaint alleged that the defendants “initiated over 77 million robocalls per day for the purpose of generating sales leads, many times in relation to the sale of Vehicle Service Contracts (‘VSCs’) that are deceptively marketed as ‘car warranty’ plans,” totaling at least 800 million call attempts. The defendants allegedly violated the TSR, the Ohio Consumer Sales Practices Act, and the Ohio Telephone Solicitation Sales Act by, among other things: (i) deceptively representing the subject of the call; (ii) misrepresenting caller IDs, or “spoofing”; and (iii) acting as telephone solicitors without having registered as telephone solicitors with the Ohio AG’s Office, as required by law, and without having obtained and filed the required surety bond. The lawsuit coincided with the FCC’s announcement of actions taken to decrease robocalls, including sending cease and desist letters to several carriers in an attempt “to cut off a flood of possibly illegal robocalls marketing auto warranties targeting billions of consumers.” The announcement also noted that the FCC has authorized “all U.S.-based voice service providers to cease carrying any traffic originating from the [named] operation consistent with FCC regulations,” as detailed in a public notice to all U.S.-based voice service providers.