InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
District Court enters consent order in 2016 CFPB structured settlement action
On May 18, the U.S. District Court for the District of Maryland approved a consent order against defendants in an action concerning allegedly unfair, abusive, and deceptive structured settlement practices. As previously covered by InfoBytes, in 2016 the Bureau initiated an enforcement action against the defendants alleging that they violated the CFPA by employing abusive practices when purchasing structured settlements from consumers in exchange for lump-sum payments. According to the Bureau, the defendants encouraged consumers to take advances on their structured settlements and falsely represented that the consumers were obligated to complete the structured settlement sale, “even if they [later] realized it was not in their best interest.” In July 2021, the court denied the defendants’ motions to dismiss the Bureau’s amended complaint, which argued that the enforcement action was barred by the U.S. Supreme Court’s decision in Seila Law LLC v. CFPB, which held that the director’s for-cause removal provision was unconstitutional (covered by a Buckley Special Alert). The defendants had also argued that that the ratification of the enforcement action “came too late” because the statute of limitations on the CFPA claims had already expired (covered by InfoBytes here). Under the terms of the May 18 consent order, the individual defendant, who “had an ownership interest in [the company] and served in executive positions at [the defendants] from their inception to their dissolution" is prohibited from, among other things, participating or assisting others in participating in transfer of payment streams from structured-settlement holders and referring consumers to a specific individual or for-profit entity for advice concerning any structured-settlement transaction, including for independent professional advice. The individual defendant must also pay a $5,000 civil money penalty.
Social media company to pay $150 million to settle FTC, DOJ data security probe
On May 25, the DOJ filed a complaint on behalf of the FTC against a global social media company for allegedly misusing users’ phone numbers and email addresses uploaded for security purposes to target users with ads. (See also FTC press release here.) According to the complaint, the defendant deceived users about the extent to which it maintained and protected the security and privacy of users’ nonpublic contact information. Specifically, from May 2013 to September 2019, the defendant asked users to provide either a phone number or an email address to improve account security. The defendant, however, allegedly failed to inform the more than 140 million users who provided phone numbers or email addresses that their information would also be used for targeted advertising. The FTC claimed the defendant used the collected information to allow advertisers to target specific ads to specific users by matching the phone numbers or email addresses with data they already had or obtained from data brokers. DOJ’s complaint alleged that the defendant’s conduct violated the FTC Act and the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield agreements, which require participating countries to adhere to certain privacy principles in order to legally transfer data from EU countries and Switzerland. This conduct also allegedly violated a 2011 FTC consent order with the defendant stemming from claims that the defendant deceived users and put their privacy at risk by failing to safeguard their personal information. According to DOJ’s complaint, the 2011 order “specifically prohibits the company from making misrepresentations regarding the security of nonpublic consumer information.”
Under the terms of the proposed order, the defendant would be required to pay a $150 million civil penalty and implement robust compliance measures to improve its data privacy practices. According to the FTC and DOJ announcements, these measures would (i) “allow users to use other multi-factor authentication methods such as mobile authentication apps or security keys that do not require users to provide their telephone numbers”; (ii) require the defendant to “notify users that it misused phone numbers and email addresses collected for account security to also target ads to them and provide information about [its] privacy and security controls”; (iii) require the defendant to implement and maintain a comprehensive privacy and information security program, including conducting “a privacy review with a written report prior to implementing any new product or service that collects users’ private information,” regularly testing its data privacy safeguards, and obtaining regular independent assessments of its data privacy program; (iv) limit employee access to users’ personal data; and (v) require the defendant to notify the FTC should it experience a data breach, and provide reports after any data privacy incident affecting 250 or more users. Additionally, the defendant would be banned from profiting from deceptively collected data.
FTC orders credit card payment ISO to comply with heightened monitoring practices
On May 24, the FTC finalized an order against an independent sales organization and its owners (collectively, “respondents”) to settle allegations that they violated the FTC Act and the Telemarketing Sales Rule by helping scammers launder millions of dollars of consumers’ credit card payments from 2012 to 2013 and ignored warning signs that the merchants were fake. According to the FTC’s administrative complaint, the respondents, among other things, created 43 different merchant accounts for fictitious companies and provided advice to the organizers of the scam on how to spread out the transactions among different accounts to evade detection (covered by InfoBytes here).
Under the terms of the final order, the respondents are required to make several substantial changes to their processes, and are prohibited from engaging in credit card laundering, as well as any other actions to evade fraud and risk monitoring programs. Additionally, the respondents are banned from providing payment processing services to any merchant that is, or is likely to be, engaged in deceptive or unfair conduct, and to any merchant that is flagged as high-risk by the credit card industry monitoring programs. Furthermore, the respondents are required to screen potential merchants who are engaged in certain activities that could harm consumers, and monitor and designate as necessary current merchants who may require additional screening. The FTC noted that it is unable to obtain a monetary judgment in this action due to the U.S. Supreme Court’s decision in AMG Capital Management v. FTC, which held that the FTC does not have statutory authority to obtain equitable monetary relief under Section 13(b) of the FTC Act (covered by InfoBytes here).
District Court issues judgment against student debt relief operation
On May 24, the U.S. District Court for the Central District of California entered a stipulated final judgment and order against an individual defendant who participated in a deceptive debt-relief enterprise operation. As previously covered by InfoBytes, in 2019, the CFPB, along with the Minnesota and North Carolina attorneys general, and the Los Angeles City Attorney (together, the “states”), announced an action against the student loan debt relief operation for allegedly deceiving thousands of student-loan borrowers and charging more than $71 million in unlawful advance fees. In the third amended complaint, the Bureau and the states alleged that since at least 2015 the debt relief operation violated the CFPA, TSR, FDCPA, and various state laws by charging and collecting improper advance fees from student loan borrowers prior to providing assistance and receiving payments on the adjusted loans. In addition, the Bureau and the states claimed that the debt relief operation engaged in deceptive practices by misrepresenting, among other things: (i) the purpose and application of fees they charged; (ii) their ability to obtain loan forgiveness for borrowers; and (iii) their ability to actually lower borrowers’ monthly payments. Moreover, the debt relief operation allegedly failed to inform borrowers that it was their practice to request that the loans be placed in forbearance and also submitted false information to student loan servicers to qualify borrowers for lower payments. Under the terms of the final judgment, the individual defendant must pay a $483,662 civil money penalty to the Bureau.
9th Circuit says CFPB can seek restitution in action against payday lender
On May 23, the U.S. Court of Appeals for the Ninth Circuit upheld a district court’s judgment finding an online loan servicer and its affiliates liable for a deceptive loan scheme. However, the appellate court vacated the district court’s order, which had imposed a $10 million civil penalty (rather than the requested penalty of over $50 million) and had declined the CFPB's request for $235 million in restitution. As previously covered by InfoBytes, in 2018, the district court ordered the defendants to pay the civil penalty for offering high-interest loans in states with usury laws barring the transactions after determining in September 2016 that the online loan servicer was the “true lender” of the loans that were issued through entities located on tribal land (covered by a Buckley Special Alert). At the time, the district court found that a lower statutory penalty was more appropriate than the CFPB’s requested amount because the Bureau failed to show the company “knowingly violated the CFPA” or acted “recklessly.” In rejecting the Bureau’s requested restitution amount, the district court found that the agency had not put forth any evidence that the defendants “intended to defraud consumers or that consumers did not receive the benefit of their bargain from the [program]” for restitution to be an appropriate remedy.
According to the 9th Circuit, the district court applied the wrong legal analysis in 2018 when it assessed only a $10 million civil money penalty against the defendants and no restitution payments to consumers harmed by the improper loans. By applying federal common law choice-of-law principles, the appellate court declined to apply tribal law, holding that state laws applied to the loans, thus rendering them invalid. The appellate court determined that the defendants acted recklessly when they attempted to collect on invalid debts after counsel advised in 2013 that such actions were likely illegal. While the defendants shut down the tribal lending program for new loans, the 9th Circuit said they continued to collect on existing loans. “We conclude that from September 2013 on, the danger that [defendants’] conduct violated the statute was ‘so obvious that [defendants] must have been aware of it,’” the appellate court wrote. Noting that penalties for “reckless” violations under tier two were appropriate beginning September 2013, the appellate court ordered the district court to recalculate the civil penalty on remand. The 9th Circuit also directed the district court on remand to reconsider the appropriate restitution without relying on irrelevant considerations that motivated its earlier decision, including (i) whether defendants acted in bad faith; and (ii) “whether consumers received the benefit of their bargain.” Moreover, the appellate court held that the district court erred by stating “that the ‘proposed restitution amount [should be] netted to account for expenses.’”
The 9th Circuit also concluded that the district court was correct in holding one of the individual defendants personally liable for the company’s conduct. Furthermore, the appellate court held that the defendants’ argument that the structure of the Bureau is unconstitutional did not affect the validity of the lawsuit (which was filed when the Bureau was headed by lawfully appointed former Director Richard Cordray), writing that, as in Collins v. Yellen (covered by InfoBytes here), “the unlawfulness of the removal provision does not strip the Director of the power to undertake the other responsibilities of his office.”
Remittance provider hints it may challenge CFPB’s funding structure
On May 20, a global payments provider, which was recently sued by the New York attorney general and the CFPB, filed a pre-motion letter hinting that it will challenge the constitutionality of the Bureau’s funding structure. As previously covered by InfoBytes, the complaint claimed the “repeat offender” defendant allegedly violated numerous federal and state consumer financial protection laws in its handling of remittance transfers. Earlier in the month, the defendant called the allegations “false, inflammatory and misleading,” and took issue with the Bureau’s suggestion that it had “uncovered widespread and systemic issues involving ‘substantial’ consumer harm.” According to the defendant, “data from the CFPB’s own consumer complaint portal strongly suggest otherwise.” (Covered by InfoBytes here.)
The defendant raised several arguments, including that the “CFPB’s funding structure also violates the Appropriations Clause, requiring dismissal”—a nod to a recent en banc decision issued by the U.S. Court of Appeals for the Fifth Circuit (covered by InfoBytes here), in which several dissenting judges argued that the case should be dismissed because the agency’s funding structure violates the Constitution’s separation of powers and “is doubly removed from congressional review.” The defendant’s pre-motion letter also argued that the Bureau’s complaint should be moved to the Northern District of Texas where the company is headquartered and where the Bureau’s examinations were conducted.
In response, the Bureau and New York AG filed their own letter responding to the defendant’s proposed grounds for dismissal, countering, among other things, that the case is “adequately pled,” the claims are timely, and that the Bureau’s funding structure is constitutional. Challenging the defendant’s contention that the Bureau’s statutory method of funding violates the Constitution’s appropriations clause, the letter stressed that the U.S. Supreme Court and the U.S. Court of Appeals for the Second Circuit have held that this clause “simply requires that federal spending be authorized by statute,” adding that “[b]oth the Bureau’s receipt of funds and its use of those funds are so authorized.”
CFPB, New York reach $4 million settlement with debt collection operation
On May 25, the U.S. District Court for the Western District of New York entered a stipulated final judgment and order in an action taken by the CFPB, in partnership with the New York attorney general, resolving allegations that a debt collection operation based near Buffalo, New York, which includes six companies, three owners, and two managers (collectively, “defendants”), engaged in deceptive tactics to induce consumer payments. (See also CFPB press release here.) As previously covered by InfoBytes, the CFPB filed a complaint in 2020 against the defendants for allegedly violating the CFPA, FDCPA, and various New York laws by using illegal tactics to induce consumer payments, such as (i) threatening arrest and imprisonment; (ii) claiming consumers owed more debt than they actually did; (iii) threatening to contact employers about the existence of the debt; (iv) harassing consumers and third parties by using “intimidating, menacing, or belittling language”; and (v) failing to provide debt verification notices. Under the terms of the settlement, the defendants must pay a $2 million penalty to the CFPB and a $2 million penalty to the New York AG. The judgment provides that if the defendants fail to make timely payments, each penalty amount would increase to $2.5 million. The judgment also permanently bans the defendants from engaging in debt collection operations and prohibits them from engaging in deceptive practices in connection with consumer financial products or services.
SEC charges broker-dealer with SAR violations
On May 20, the SEC announced charges against the broker-dealer affiliate of a national bank for allegedly failing to file Suspicious Activity Reports (SARs) in a timely manner in violation of the Securities Exchange Act and Rule 17a-8. According to the SEC’s order, the broker-dealer’s internal anti-money laundering (AML) transaction monitoring and alert system allegedly failed to reconcile the different country codes used to monitor foreign wire transfers due to an alleged failure to test a new version of the system. The broker-dealer also allegedly did not timely file SARs related to suspicious transactions in its customers’ brokerage accounts involving the wire transfers to or from foreign countries that it determined to be at a high or moderate risk for money laundering, terrorist financing, or other illegal money movements. Additionally, in April 2017, the broker-dealer allegedly failed to timely file additional SARs due to a failure to appropriately process wire transfer data into its AML transaction monitoring system in certain other situations. In addition to the $7 million penalty, the institution, without admitting or denying the SEC’s findings, agreed to a censure and a cease-and-desist order.
OCC releases enforcement actions
On May 19, the OCC released a list of recent enforcement actions taken against national banks, federal savings associations, and individuals currently and formerly affiliated with such entities. Included is a cease and desist order against an Alaska-based bank for allegedly engaging in Bank Secrecy Act/anti-money laundering (BSA/AML) program violations. The bank allegedly “failed to adopt and implement a compliance program that adequately covers the required BSA/AML program elements, including, in particular, internal controls for customer due diligence and procedures for monitoring suspicious activity, BSA officer and staff, and training.” The order requires the bank to, among other things, establish a compliance committee, submit a BSA/AML action plan, and develop a written suspicious activity monitoring and reporting program.
5th Circuit rules against SEC’s use of ALJs
On May 18, the U.S. Court of Appeals for the Fifth Circuit held that the SEC’s in-house adjudication of a petitioners’ case violated their Seventh Amendment right to a jury trial and relied on unconstitutionally delegated legislative power. The appellate court further determined that SEC administrative law judges (ALJs) are unconstitutionally shielded from removal. In a 2-1 decision, the 5th Circuit vacated the SEC’s judgment against a hedge fund manager and his investment company arising from a case, which accused petitioners of fraud under the Securities Act, the Securities Exchange Act, and the Advisers Act in connection with two hedge funds that held roughly $24 million in assets. According to the SEC, the petitioners had, among other things, inflated the funds’ assets to increase the fees they collected from investors. Petitioners sued in federal court, arguing that the SEC’s proceedings “infringed on various constitutional rights,” but the federal courts refused to issue an injunction claiming they lacked jurisdiction and that petitioners had to continue with the agency’s proceedings. While petitioners’ sought review by the SEC, the U.S. Supreme Court issued a decision in Lucia v. SEC, which held that SEC ALJs are “inferior officers” subject to the Appointments Clause of the Constitution (covered by InfoBytes here). Following the decision, the SEC assigned petitioners’ proceeding to an ALJ who was properly appointed, “but petitioners chose to waive their right to a new hearing and continued under their original petition to the Commission.” The SEC eventually affirmed findings of liability against the petitioners, and ordered the petitioners to cease and desist from committing further violations and to pay a $300,000 civil penalty. The investment company was also ordered to pay nearly $685,000 in ill-gotten gains, while the hedge fund manager was barred from various securities industry activities.
In vacating the SEC’s judgment, the appellate court determined that the SEC had deprived petitioners of their right to a jury trial by bringing its action in an “administrative forum” instead of filing suit in federal court. While the SEC challenged “that the legal interests at issue in this case vindicate distinctly public rights” and therefore are “appropriately allowed” to be brought in agency proceedings without a jury, the appellate court countered that the SEC’s enforcement action was “akin to traditional actions at law to which the jury-trial right attaches.” Moreover, the 5th Circuit noted that while “the SEC agrees that Congress has given it exclusive authority and absolute discretion to decide whether to bring securities fraud enforcement actions within the agency instead of in an Article III court[,] Congress has said nothing at all indicating how the SEC should make that call in any given case.” As such, the 5th Circuit opined that this “total absence of guidance is impermissible under the Constitution.”
Additionally, the 5th Circuit raised concerns about the statutory removal restrictions for SEC ALJs who can only be removed for “good cause” by SEC commissioners (who are removable only for good cause by the president). “Simply put, if the President wanted an SEC ALJ to be removed, at least two layers of for-cause protection stand in the President’s way,” the appellate court concluded. “Thus, SEC ALJs are sufficiently insulated from removal that the President cannot take care that the laws are faithfully executed. The statutory removal restrictions are unconstitutional.”
The dissenting judge disagreed with all three of the majority’s constitutional conclusions, contending that the majority, among other things, misread the Supreme Court’s decisions as to what are and are not “public rights,” and that “Congress’s decision to give prosecutorial authority to the SEC to choose between an Article III court and an administrative proceeding for its enforcement actions does not violate the nondelegation doctrine.” The judge further stated that while the Supreme Court determined in Lucia that ALJs are “inferior officers” within the meaning of the Appointments Clause in Article II, it “expressly declined to decide whether multiple layers of statutory removal restrictions on SEC ALJs violate Article II.” Consequently, the judge concluded that he found “no constitutional violations or any other errors with the administrative proceedings below.”