InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
HUD announces $65,000 payment for FHA violations
On June 2, HUD announced a conciliation agreement with a mortgage lender to resolve allegations that it engaged in discriminatory lending practices based on race and national origin, in violation of the Fair Housing Act (FHA). The agreement arises from a complaint filed with HUD by the National Community Reinvestment Coalition (NCRC), which alleged that testing in the Seattle-Tacoma area revealed that Black and Hispanic testers were treated differently than White testers who sought housing loans. While the respondent denied that it provided less favorable treatment to testers based on race or national origin, it has agreed to pay $65,000 to NCRC and will “contribute an additional $10,000 to a Seattle-area non-profit organization specializing in providing financial literacy and housing education and counseling for persons in majority-minority census tracts in the Seattle-Tacoma-Bellevue metropolitan area.” The respondent will also conduct an event in the Seattle metro area to improve homeownership rates of Black homebuyers and will provide additional fair lending training to employees. The conciliation agreement does not constitute an admission by respondent or evidence of a finding by HUD of a violation of the FHA.
SEC enters $78 million FCPA settlement with steel pipe manufacturer
On June 6, the SEC announced that a Luxembourg-based manufacturer and supplier of steel pipe products agreed to pay over $78 million to settle the SEC’s claims that it violated the anti-bribery, books and records, and internal accounting controls provisions of the FCPA and the Exchange Act. The settlement is the latest in the long-running investigation regarding Brazilian state-owned and controlled energy company Petrobras, and resolves allegations that agents and employees of the company’s Brazilian subsidiary paid approximately $10.4 million in bribes between 2008 and 2013 to obtain over $1 billion in new contracts and to retain existing business from Petrobras. The bribes were allegedly funded on behalf of the company through entities associated with its controlling shareholder and paid to Brazilian government officials in exchange for using their influence to persuade Petrobras to forego an international tender process. The DOJ closed its parallel investigation without charges.
This is the second time the Luxembourg-based company has resolved FCPA charges with U.S. authorities, following 2011 resolutions with both the DOJ and SEC related to a state-owned entity in Uzbekistan. The company had been the first ever to enter into a Deferred Prosecution Agreement with the SEC.
The current resolution involves a $25 million monetary penalty, as well as $42.8 million in disgorgement and over $10 million in prejudgment interest. The company neither admitted nor denied the allegations.
FINRA levies $15 million fine for software flaw that increased mutual-fund prices
On June 2, the Financial Industry Regulatory Authority (FINRA) announced it had entered into a Letter of Acceptance, Waiver, and Consent (AWC), which ordered a New York-based member brokerage firm to pay more than $15.2 million in restitution and interest to customers who were steered by a software flaw in its automated system into purchasing higher-priced mutual fund shares when other shares were available at substantially lower costs. According to FINRA, the firm’s system, which is designed to restrict a customer’s purchase of Class C shares when lower cost Class A shares are available, allegedly “failed to correctly identify and implement applicable purchase limits on Class C shares,” thus causing thousands of customers to purchase Class C shares and incur fees and charges. The firm neither admitted nor denied the findings set forth in the AWC agreement but accepted and consented to the entry of FINRA’s findings and agreed to convert shares where applicable. FINRA stated that it “did not impose a fine due to the firm’s extraordinary cooperation and substantial assistance with the investigation.”
FTC secures TRO against credit repair scheme
On May 31, the FTC announced that the U.S. District Court for the Eastern District of Maryland granted a temporary restraining order against a credit repair operation for allegedly engaging in deceptive practices that scammed consumers out of more than $213 million. According to the FTC’s complaint, the operation targeted consumers with low credit scores promising its products could remove all negative information from their credit reports and significantly increase credit scores. The operation allegedly violated the FTC Act, the Credit Repair Organizations Act, and the Telemarketing Sales Rule by, among other things, (i) making misrepresentations regarding its credit repair services; (ii) selling a product that purportedly sends rent payment information to credit bureaus even though “this information is not generally part of consumers’ credit score and many credit bureaus don’t accept this kind of information directly from consumers”; (iii) charging illegal advance fees; (iv) failing to provide consumers required information such as refund and cancellation policies; and (v) recruiting consumers to sell credit repair products to other consumers as part of a pyramid scheme even though few consumers ever received the promised earnings (and many consumers actually lost money as agents). Beyond the temporary restraining order, the FTC is seeking a permanent injunction, monetary relief, and other equitable relief.
OFAC reaches settlement with Puerto Rican bank to resolve Venezuela sanctions violations
On May 27, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a $225,937 settlement with a Puerto Rican bank for allegedly violating the Venezuela Sanctions Regulations. According to OFAC’s web notice, the bank allegedly processed 337 transactions totaling $853,126 on behalf of two low level employees of the Government of Venezuela (GoV). The apparent violations allegedly resulted from the bank’s maintenance of four personal accounts operated by these two employees that should have been blocked by Executive Order (E.O.) 13884 (which blocks property and interests in property of the GoV, including “‘any person owned or controlled, directly or indirectly,’ by the GoV, and ‘any person who has acted or purported to act directly or indirectly for or on behalf of’ any such entity”). OFAC stated that the two GoV individuals also did not meet the criteria for authorized transaction exemptions under General License 34A and found that the bank failed to identify the customers for 14 months following the issuance of E.O. 13884.
In arriving at the settlement amount, OFAC considered various aggravating factors, including, among other things, that (i) the bank maintained documentation showing that the two individuals were low-level GoV employees but delayed identifying them; and (ii) the bank has more than $61 billion in assets. OFAC also considered various mitigating factors, including that the bank (i) took remedial action to ensure compliance with OFAC sanctions; (ii) created more robust sanctions-related procedures; (iii) developed additional resources and guidance in connection to sanctions alert review and disposition; (iv) added staff to oversee OFAC sanctions matters; (v) reviewed policies and procedures for identifying, reviewing, and reporting transactions that violate OFAC’s regulations; and (vi) enhanced its sanctions screening trainings. The bank also voluntarily self-disclosed the apparent violations to OFAC and cooperated with OFAC’s investigation.
Providing context for the settlement, OFAC stated that this action “demonstrates the importance of financial institutions conducting timely due diligence…following the issuance of new sanctions prohibitions.”
NAAG establishes cyber training center to help states understand emerging and evolving technologies
Recently, the National Association of Attorneys General (NAAG) established a new center dedicated to the development of programs and resources for supporting states’ understanding of emerging and evolving technologies. The Center on Cyber and Technology will also assist with cybercrime investigations and prosecutions and “serve as an information clearinghouse for the attorney general community on trending technology issues.” Faisal Sheikh will serve as the Center’s first director, and “will be responsible for developing programming on cybersecurity, cybercrime, and new and emerging technologies, as well as forming strategic partnerships with other government agencies, academic institutions, nonprofit organizations, and private sector entities that focus on these issues.” According to NAAG Executive Director Chris Toth, “digital evolution has highlighted the need for a sustained approach to addressing cyber and technology issues.”
FDIC releases April enforcement actions
On May 27, the FDIC released a list of administrative enforcement actions taken against banks and individuals in April. During the month, the FDIC made public eight orders consisting of “three consent orders, one order of prohibition, one order to pay civil money penalty, one section 19 order, and two orders terminating consent orders.” The FDIC also released one notice seeking "an order of prohibition and an order to pay civil money penalty.” An order to pay a civil money penalty was imposed against a Missouri-based bank related to alleged violations of the Flood Disaster Protection Act. Among other things, the FDIC claimed that the bank: (i) “made, increased, extended, or renewed loans secured by a building or mobile home located or to be located in a special flood hazard area without requiring that the collateral be covered by flood insurance”; and (ii) “made, increased, extended, or renewed a loan secured by a building or mobile home located or to be located in a special flood hazard area without providing timely notice to the borrower and/or the servicer as to whether flood insurance was available for the collateral.” The order requires the payment of a $2,250 civil money penalty.
The FDIC also issued a consent order to a Louisiana-based bank, which alleged that the bank had “unsafe or unsound banking practices or violations of law or regulation relating to deficiencies in management and Board oversight, earnings performance, capital support, interest rate risk management, and asset quality.” The bank neither admitted nor denied the alleged violations but agreed to, among other things, “maintain its Total Risk-Based Capital ratio equal to or greater than 12.00 percent.”
FTC takes action against telemarketing operation
On May 25, the FTC announced an action resolving allegations against a subscription scam operation and its officers (collectively, “defendants”) that allegedly deceptively used telemarketing schemes on consumers. According to the complaint, which was filed in the U.S. District Court for the District of Nevada, the defendants allegedly violated the FTC Act and the Telemarketing Sales Rule (TSR) by calling consumers to claim that they were conducting a survey and offering “free” or low-cost magazine subscriptions. After the survey, the defendants allegedly sent consumers a bill falsely stating that they agreed to pay several hundred dollars for the magazine subscriptions. According to the FTC, there was a “no-cancellation policy,” and the defendants allegedly harassed consumers when they refused to pay the exorbitant bills, including by threatening to initiate collection actions or threatening to submit derogatory information about them to the major credit bureaus. The proposed order follows a 2010 permanent injunction that was entered against the same defendants, which prohibited them from committing future violations. The recent order requires the defendants to pay a suspended judgment of $14.4 million and requires them to give up all claims to money already paid to the FTC. Additionally, the defendants are required to monitor their compliance with the proposed order “and may face significant contempt remedies if they violate its terms.” The FTC noted that the original monetary relief was vacated after the Supreme Court’s decision in AMG Capital Management LLC v. FTC, which limited the FTC’s ability to obtain monetary relief in federal court (covered by InfoBytes here). The FTC pointed out that the “settlement of this matter for a suspended judgment of $14.47 million, after originally having been awarded $24 million at trial, demonstrates the challenges since the Supreme Court’s AMG decision.”
District Court enters consent order in 2016 CFPB structured settlement action
On May 18, the U.S. District Court for the District of Maryland approved a consent order against defendants in an action concerning allegedly unfair, abusive, and deceptive structured settlement practices. As previously covered by InfoBytes, in 2016 the Bureau initiated an enforcement action against the defendants alleging that they violated the CFPA by employing abusive practices when purchasing structured settlements from consumers in exchange for lump-sum payments. According to the Bureau, the defendants encouraged consumers to take advances on their structured settlements and falsely represented that the consumers were obligated to complete the structured settlement sale, “even if they [later] realized it was not in their best interest.” In July 2021, the court denied the defendants’ motions to dismiss the Bureau’s amended complaint, which argued that the enforcement action was barred by the U.S. Supreme Court’s decision in Seila Law LLC v. CFPB, which held that the director’s for-cause removal provision was unconstitutional (covered by a Buckley Special Alert). The defendants had also argued that that the ratification of the enforcement action “came too late” because the statute of limitations on the CFPA claims had already expired (covered by InfoBytes here). Under the terms of the May 18 consent order, the individual defendant, who “had an ownership interest in [the company] and served in executive positions at [the defendants] from their inception to their dissolution" is prohibited from, among other things, participating or assisting others in participating in transfer of payment streams from structured-settlement holders and referring consumers to a specific individual or for-profit entity for advice concerning any structured-settlement transaction, including for independent professional advice. The individual defendant must also pay a $5,000 civil money penalty.
Social media company to pay $150 million to settle FTC, DOJ data security probe
On May 25, the DOJ filed a complaint on behalf of the FTC against a global social media company for allegedly misusing users’ phone numbers and email addresses uploaded for security purposes to target users with ads. (See also FTC press release here.) According to the complaint, the defendant deceived users about the extent to which it maintained and protected the security and privacy of users’ nonpublic contact information. Specifically, from May 2013 to September 2019, the defendant asked users to provide either a phone number or an email address to improve account security. The defendant, however, allegedly failed to inform the more than 140 million users who provided phone numbers or email addresses that their information would also be used for targeted advertising. The FTC claimed the defendant used the collected information to allow advertisers to target specific ads to specific users by matching the phone numbers or email addresses with data they already had or obtained from data brokers. DOJ’s complaint alleged that the defendant’s conduct violated the FTC Act and the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield agreements, which require participating countries to adhere to certain privacy principles in order to legally transfer data from EU countries and Switzerland. This conduct also allegedly violated a 2011 FTC consent order with the defendant stemming from claims that the defendant deceived users and put their privacy at risk by failing to safeguard their personal information. According to DOJ’s complaint, the 2011 order “specifically prohibits the company from making misrepresentations regarding the security of nonpublic consumer information.”
Under the terms of the proposed order, the defendant would be required to pay a $150 million civil penalty and implement robust compliance measures to improve its data privacy practices. According to the FTC and DOJ announcements, these measures would (i) “allow users to use other multi-factor authentication methods such as mobile authentication apps or security keys that do not require users to provide their telephone numbers”; (ii) require the defendant to “notify users that it misused phone numbers and email addresses collected for account security to also target ads to them and provide information about [its] privacy and security controls”; (iii) require the defendant to implement and maintain a comprehensive privacy and information security program, including conducting “a privacy review with a written report prior to implementing any new product or service that collects users’ private information,” regularly testing its data privacy safeguards, and obtaining regular independent assessments of its data privacy program; (iv) limit employee access to users’ personal data; and (v) require the defendant to notify the FTC should it experience a data breach, and provide reports after any data privacy incident affecting 250 or more users. Additionally, the defendant would be banned from profiting from deceptively collected data.