InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
OCC releases enforcement actions
On November 16, the OCC released a list of recent enforcement actions taken against national banks, federal savings associations, and individuals currently and formerly affiliated with such entities. Included is a cease and desist order against an Indiana bank for allegedly engaging in unsafe or unsound practices, related to corporate governance and enterprise risk management, credit underwriting and administration, liquidity risk management, and interest rate risk management. The order requires the bank to, among other things, (i) provide quarterly reports detailing corrective action and efforts to comply with the order; (ii) develop a written strategic plan; (iii) maintain specified capital ratios; (iv) engage an independent third party to review board and management supervision; (v) submit a written concentration risk management program and a written liquidity risk management program; (vi) adopt a credit underwriting and administration program; (vii) submit and adopt a written adequate allowance for credit losses; and (viii) adopt a written credit derivatives program.
CFPB imposes $15 million penalty on lender for violating 2019 order
On November 15, the CFPB announced a consent order against a Chicago-based small-dollar lender for allegedly violating a 2019 order and by independently violating the CFPA. According to the 2019 consent order, the respondent allegedly withdrew funds from consumers’ bank accounts without permission and failed to honor loan extensions. Specifically, the respondent replaced consumers’ bank account information used to pay for existing loans with separate account information supplied by a “lead generator.” Respondent allegedly debited consumers’ payments through the accounts provided by the lead generator, instead of the consumers’ originally saved payment method. The 2019 order, among other things, (i) barred the respondent from making or initiating electronic fund transfers without valid authorization; (ii) barred the respondent from failing to honor loan extensions; (iii) required the respondent to pay a $3.8 million civil money penalty. In its most recent order, the CFPB alleged that through an investigation of the respondent’s compliance with the 2019 order, the respondent continued the same unauthorized withdrawals and canceled loan extensions. The Bureau also alleged that the respondent failed to disclose that making a partial payment could cancel a loan extension and misrepresent associated fees, and they failed to provide consumers copies of signed authorizations. The respondent also allegedly provided inaccurate due dates, misrepresented skipping payments, and misrepresented loan amounts. The respondent released a statement on the enforcement action, highlighting its cooperation with the CFPB, and internal technical issues.
In the most recent order, the respondent, without admitting nor denying the CFPB’s allegations, agreed to pay a $15 million civil money penalty and refund affected consumers. The respondent also agreed to stop providing certain types of consumer loans for seven years (beginning in 2022) and to reform its executive compensation agreements and policies to ensure that compensation accounts for executives’ compliance with consumer financial protection laws, including the Consent Order. The respondent must conduct an annual compensation review and provide a report of the review to the CFPB.
SEC and DOJ charge two co-CEOs operating a $100 million fraud scheme
On November 9, the SEC and DOJ charged two co-CEOs of a tech investment firm for allegedly directing a $100 million fraud scheme. The two individuals were the founders of a failed Fresno-based technology company and were charged with “conspiring to commit wire fraud and taking more than $100,000,000 from various businesses and individuals” under U.S.C. § 1349. The two founders allegedly misled investors through falsified documents, bank records, auditing reports, and accounting statements.
The DOJ alleges that, as recently as January 2022, “[the two individuals lied] to board members, investors, lenders, and others about [the company’s] finances to obtain investments, loans, and other funding… Much of the money went towards paying payroll, including the [co-CEOs’] $600,000 per year salaries.” Authorities discovered the alleged fraud scheme back in May 2023 when the company failed to make payroll and then terminated all its 900 employees. If convicted, the two founders face a maximum statutory penalty of 20 years in prison each and a $250,000 fine.
DFPI orders deceptive debt collectors to desist and refrain, pay penalties
On October 23, DFPI announced enforcement actions against four debt collectors for engaging in unlicensed debt collection activity, in violation of Debt Collection Licensing Act and unfair, deceptive, or abusive acts or practices, in violation of the California Consumer Financial Protection Law. In its order against two entities, the department alleged that the entities contacted at least one California consumer and made deceptive statements in an attempt to collect a payday loan-related debt, among other things. In its third order against another two entities, DFPI alleged that a consumer was not provided the proper disclosures in a proposed settlement agreement to pay off their debts in a one-time payments. Additionally, DFPI alleged that the entity representatives made a false representation by communicating empty threats of an impending lawsuit.
Under their orders (see here, here, and here), the entities must desist and refrain from engaging in illegal and deceptive practices, including (i) failing to identify as debt collectors; (ii) making false and misleading statements about payment requirements; (iii) threatening unlawful action, such as a lawsuit, because of nonpayment of a debt; (iv) contacting the consumer at a forbidden time of day; (iv) making false claims of pending lawsuits or legal process and the character, amount, or legal status of the debt; (v) failing to provide a “validation notice” ; and (vi) threatening to sue on time-barred debt.
The entities are ordered to pay a combined $87,500 in penalties for each of the illegal and deceptive practices.
FTC and Wisconsin sue auto dealer group for alleged discrimination and illegal fees
The FTC and the State of Wisconsin announced that they filed a complaint in the District Court for the Western District of Wisconsin against an auto dealer group, and its current and former owners, and general manager, alleging that the defendants deceived consumers by tacking hundreds or even thousands of dollars in illegal junk fees onto car prices and discriminated against American Indian customers by charging them higher financing costs and fees relative to similarly situated non-Latino whites.
The complaint also notes the disparity only increased since a change of ownership in 2019. Specifically, the complaint alleges that the defendants regularly charged many of their customers junk fees for “add-on” products or services without their consent, which resulted in additional fees and interest on the customers’ loans. Further, the defendants allegedly discriminated against American Indian customers in the cost of financing by adding more “markup” to their interest rates. This additional markup cost American Indian customers, on average, $401 more compared to non-Latino white customers.
The complaint resulted in two proposed settlements. The proposed settlement with the auto dealer, its current owners, and the general manager requires the company to stop deceiving consumers about whether add-ons are required for a purchase and obtain consumers’ express informed consent before charging them for add-ons. The settlement will also the require the defendants to establish a comprehensive fair lending program that, among other components, will allow consumers to seek outside financing for a purchase and cap the additional interest markup the auto dealer can charge consumers. The current owners and general manager will also be required to pay $1 million to be used to refund affected consumers.
Separately, the former owners agreed to pay $100,000 to be used to refund affected consumers.
CFPB announces civil money penalty against nonbank, alleges EFTA and CFPA violations
On October 17, the CFPB announced an enforcement action against a nonbank international money transfer provider for alleged deceptive practices and illegal consumer waivers. According to the consent order, the company facilitated remittance transfers through its app that required consumers to sign a “remittance services agreement,” which included a clause protecting the company from liability for negligence over $1,000. The Bureau alleged that such waiver violated the Electronic Fund Transfer Act (EFTA) and its implementing Regulation E, including Subpart B, known as the Remittance Transfer Rule, by (i) requiring consumers sign an improper limited liability clause to waive their rights; (ii) failing to provide contact and cancellation information in disclosures, and other required terms; (iii) failing to provide a timely receipt when payment is made for a transfer; (iv) failing to develop and maintain required policies and procedures for error resolution; (v) failing to investigate and determine whether an error occurred, possibly preventing consumers from receiving refunds or other remedies they were entitled to; and (vi) failing to accurately disclose exchange rates and the date of fund availability. The CFPB further alleged that the company’s representations regarding the speed (“instantly” or “within seconds”) and cost (“with no fees”) of its remittance transfers to consumers were inaccurate and constituted violations of CFPA. The order requires the company to pay a $1.5 million civil money penalty and provide an additional $1.5 in consumer redress. The company must also take measures to ensure future compliance.
Payments processor fined $20 million by State Money Transmission Regulators and State AGs
On October 16, a national payment processor entered into two settlement agreements totaling $20 million with 44 state and territory money transmission regulators and 50 state and territory attorneys general to resolve issues stemming from alleged erroneous payment transactions. The alleged erroneous payments involved the mistaken initiation of payments on behalf of almost 480,000 mortgage borrowers, with the total amount at issue totaling nearly $2.4 billion.
According to the settlement entered into between the payment processor and the money transmission regulators, who were working through the Multi-State Money Service Business Examination Taskforce, the mistaken payments resulted from a breakdown of internal data security controls that allowed customer data intended for use in the testing of processing code to trigger actual payments. The payment processor, who regularly provided payment processing services to a large residential mortgage lending and servicing company, was using actual customer mortgage payment data for test purposes. As alleged in the settlement, it was determined that in the process of conducting testing on processing code to optimize the payment processors’ payment platform, more than 1.4 million payment entries were unintentionally and erroneously processed. This erroneous payment processing was said to be primarily the result of “circumvention of internal data security controls and a lack of segregation between internal production and testing environments.”
The settlement reached with the money transmission regulators requires the payment processor to maintain a comprehensive risk and compliance program and to provide regular reporting to a state regulator monitoring committee to ensure the adequacy of its risk management programs.
Under the terms of the settlement with the money transmission regulators, the payment processor is required to pay a total of $10 million, with approximately $9.5 million of that total being shared evenly by each participating state, with the remaining roughly $500,000 being used to cover the administrative costs of the investigating states. Under the agreement with the state attorneys general, the payment processor is required to pay an additional $10 million to the various participating states and territories. These amounts are in addition to the $25 million fine previously agreed to in the CFPB Consent Order, bringing the total amount to be paid by the payment processor to $45 million.
CFPB sues nonbank mortgage lender for alleged HMDA and CFPA violations
On October 10, the CFPB filed a lawsuit against a Florida-based nonbank mortgage originator for allegedly failing to accurately report mortgage data in violation of the Home Mortgage Disclosure Act (HMDA). According to the complaint, in 2019 the Bureau found that the lender violated HDMA by intentionally misreporting data regarding applicants’ race, ethnicity and gender from 2014-2017, which resulted in the lender paying a civil money penalty and taking corrective action. In this action, the Bureau alleges that during its supervision process, it found the lender submitted HMDA data for 2020 contained “widespread errors across multiple data fields” including 51 errors in 159 files and the lender violated a 2019 consent order condition that required it to improve its data practices. The alleged errors include (i) mistakes in inputting data concerning subordinate lien loans and acquired loans; (ii) inclusion of loans in HMDA reporting that did not meet the HMDA criteria for reportable applications; (iii) incorrect characterization of purchaser type for tens of thousands of loans; (iv) erroneous rate spread calculations, leading to errors in interconnected fields; (iv) inaccurate data related to lender credits; and (v) incorrect categorization of specific loan applications as “approved but not accepted” when they were, in fact, withdrawn, resulting in discrepancies in associated fields. Along with the HDMA violations and the violations of the 2019 consent order, the CFPB also alleges violations of the CFPA and requests that the court permanently enjoin the lender from committing future violations of HMDA, require the lender to take corrective action to prevent further violations of HMDA, injunctive relief, and the imposition of a civil money penalty.
FTC settles with bankrupt crypto company and bans asset management
On October 12, the FTC announced it has reached a settlement with a bankrupt crypto company, which will permanently ban the company from managing consumer assets. According to the federal court complaint, the FTC alleged that from at least 2018, respondent attracted customers by promising their deposits would be secure, but when the company failed, consumers lost access to significant assets, resulting in over $1 billion in cryptocurrency asset losses. The FTC alleges violations of the FTC Act and the Gramm-Leach-Bliley Act's prohibition on obtaining financial information through false statements. Respondent allegedly misled consumers by claiming their assets were safe on the platform, stating that "YOUR USD IS FDIC INSURED." However, respondent is not a bank and the deposits were not eligible for FDIC insurance. The FTC complaint also alleged that the FDIC does not insure cryptocurrency assets, and consumers' cash deposits were placed in an account held by respondent at a traditional bank. Consumers' funds were protected only if that bank failed, but their cryptocurrency was not protected at all.
The proposed settlement with respondent and its affiliates permanently bans them from offering, marketing, or promoting any product or service related to depositing, exchanging, investing, or withdrawing assets. Respondent and its affiliates have agreed to a judgment of $1.65 billion, which will be suspended to allow the bankrupt company to return its remaining assets to consumers through bankruptcy proceedings. The proposed settlement also prohibits respondent and its affiliates from managing consumer assets, misrepresenting product benefits, making false representations to obtain financial information, and disclosing nonpublic personal information without consent.
The FTC also announced that it is filing a lawsuit against the respondent’s CEO for making false claims that consumer accounts were FDIC-insured. Respondent’s CEO has not agreed to a settlement, and the FTC's case against him will proceed in federal court. “In a parallel action, on October 12, the Commodity Futures Trading Commission separately charged [respondent’s CEO] with fraud and registration failures,” the FTC added.
NYDFS settles with bank for compliance failures
On September 29, NYDFS announced a settlement with a South Korean-based bank’s American subsidiary to resolve allegations of repeated violations of AML requirements, the Bank Secrecy Act (BSA), and New York law. According to the consent order, the respondent was repeatedly examined seven times in less than 10 years by DFS and entered into a consent order with the FDIC in 2017 for BSA/AML compliance, among other things. DFS claims that respondents violated (i) New York Banking Law § 44 by conducting their business in an unsafe and unsound manner; (ii) 3 NYCRR § 116.2 by failing to maintain an effective AML compliance program; and (iii) 23 NYCRR § 504.4 by incorrectly certifying compliance with Part 504. To resolve the claims, the respondent agreed to pay a $10 million civil money penalty, and write a written plan detailing improvements to its compliance policies and procedures, among other things.