InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
OFAC sanctions darknet marketplace for selling stolen data
On April 5, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions, pursuant to Executive Order (E.O.) 13694, as amended by E.O. 13757, against one of the world’s largest darknet marketplaces for its involvement in the theft and sale of device credentials and related sensitive information. According to OFAC, the marketplace accesses victims’ devices without authorization and sells the stolen data, including usernames and passwords, on the darknet. The action was taken in coordination with the DOJ and international partners from a dozen countries who are also taking action against market users across multiple jurisdictions and seizing associated website domains. The designation built upon previous actions taken against darknet marketplaces, including sanctions issued last year against the world’s most prominent darknet market. (Covered by InfoBytes here.) OFAC also referenced FinCEN’s 2019 Advisory on Illicit Activity Involving Convertible Virtual Currency, to warn “that darknet markets frequently include offers for the sale of illicit goods and services that use virtual currencies as a method of payment.” (Covered by InfoBytes here.) As a result of the sanctions, all property and interests in property belonging to the sanctioned entity in the U.S. must be blocked and reported to OFAC. OFAC noted that U.S. persons are prohibited from participating in transactions with sanctioned persons, and that “persons that engage in certain transactions with the entity designated today may themselves be exposed to sanctions.”
The DOJ stated in its press release that, along with its partners, it had “dismantled” the marketplace and “arrested many of its users around the world.” The DOJ explained that the marketplace “was also one also one of the most prolific initial access brokers [] in the cybercrime world,” and “attract[ed] criminals looking to easily infiltrate a victim’s computer system.” The marketplace sold access to ransomware actors looking to attack computer networks in the United States and globally, the DOJ said, adding that the marketplace also sold device “fingerprints” used to trick third-party websites into thinking the marketplace user was the actual account owner.
Banking company pleads guilty to mortgage fraud
On March 15, a Michigan-headquartered bank holding company agreed to plead guilty to securities fraud for filing misleading statements related to its 2017 initial public offering (IPO) and its 2018 and 2019 annual filings. According to the DOJ’s announcement, the bank holding company and its wholly owned subsidiary were under investigation over allegations that loan officers were encouraged to increase the volume of residential mortgage loan originations in order to artificially inflate bank revenue leading up to and following the IPO. The DOJ explained that the bank filed false securities statements about its residential mortgage loan program in its IPO, as well as in subsequent annual filings that “contained materially false and misleading statements that touted the soundness of the [] loans.” These loans were actually “rife with fraud,” the DOJ said and cost non-insider victim-shareholders nearly $70 million. Senior management allegedly knew that loan officers were falsifying loan documents and concealing the fraudulent information from the bank’s underwriting and quality control departments, the DOJ maintained, noting that the actions caused the bank to originate loans and extend credit to borrowers who would have otherwise not qualified.
Under the terms of the plea agreement (which must be accepted by the court), the bank holding company will “be required to serve a term of probation through 2026, submit to enhanced reporting obligations to the department, and pay more than $27.2 million in restitution to its non-insider victim-shareholders.” The DOJ considered several factors when determining the criminal resolution, including the nature and seriousness of the offense and the pervasiveness of the misconduct at the most senior levels. The bank holding company received credit for its cooperation and for implementing extensive remedial measures, and has agreed to continue to fully cooperate with the DOJ in all matters relating to the covered conducts and other conduct under investigation. It is also required to self-report criminal violations and must continue to implement a compliance and ethics program to detect and deter future violations of U.S. securities law.
As previously covered by InfoBytes, the bank holding company’s subsidiary paid a $6 million civil money penalty to the OCC last September for alleged unsafe or unsound practices related to the residential mortgage loan program.
U.S., German law enforcement disable darknet crypto mixer
On March 15, U.S. law enforcement, along with German criminal authorities, disabled a darknet cryptocurrency “mixing” service used to allegedly launder more than $3 billion in cryptocurrency underlying ransomware, darknet market activities, fraud, cryptocurrency heists, hacking schemes, and other activities. According to the DOJ’s announcement, law enforcement agencies seized two domains and back-end servers, as well as more than $46 million in cryptocurrency. The DOJ claimed the mixing service allowed criminals to obfuscate the source of stolen cryptocurrency by commingling users’ cryptocurrency in a way that made it difficult to trace the transactions. In conjunction with the action taken against the mixing service, a Vietnamese national responsible for creating and operating the online infrastructure was charged with money laundering, operating an unlicensed money transmitting business, and identity theft connected to the mixing service. Separate actions have also been taken by German law enforcement authorities, the DOJ said. “Criminals have long sought to launder the proceeds of their illegal activity through various means,” Special Agent in Charge Jacqueline Maguire of the FBI Philadelphia Field Office said in the announcement. “Technology has changed the game, though[.] In response, the FBI continues to evolve in the ways we ‘follow the money’ of illegal enterprise, employing all the tools and techniques at our disposal and drawing on our strong partnerships at home and around the globe.”
DOJ, CFPB: Lenders that rely on discriminatory appraisals violate the FHA and ECOA
On March 13, the DOJ and CFPB filed a statement of interest saying that a “lender violates both the [Fair Housing Act (FHA)] and ECOA if it relies on an appraisal that it knows or should know to be discriminatory.” (See also CFPB blog post here.) Pointing out that the case raises important legal questions regarding the issue of appraisal bias, the agencies explained that the DOJ has enforcement authority under both the FHA and ECOA, and the Bureau has authority to interpret and issue rules under ECOA and enforce the statute’s requirements.
The case, which is currently pending in the U.S. District Court for the District of Maryland, concerns whether an appraiser, a real estate appraisal company, and an online mortgage lender (collectively, “defendants”) violated federal and state law by undervaluing plaintiffs’ home on the basis of race and denying a mortgage refinancing application based on the appraisal. Plaintiffs, who are Black, claimed their home was appraised for a lower amount on the basis of race, and maintained that the lender denied their loan even after being told the appraisal was discriminatory. Additionally, plaintiffs claimed that after they replaced family photos with pictures of white people and had a white colleague meet a new appraiser, that appraiser appraised the house for $750,000—a nearly 60 percent increase despite there not being any significant improvements made to the house or meaningful appreciation in the value of comparable homes in the market.
The defendant appraiser filed a counterclaim against the plaintiffs providing technical arguments for why he valued the home at $472,000, including that the property next door was listed for $500,000, but was later reduced to $475,000, only 10 days after he completed the appraisal. He further claimed that the second appraisal failed to include that property as a comparison and relied on home sales that had not happened as of the time of the first appraisal. The lender argued that it should not be held liable because it was relying on a third-party appraiser and that “it can be liable only if it took discriminatory actions that were entirely separate from [the appraiser’s].”
While the statement does not address the issue of vicarious liability, the DOJ and CFPB asserted that lenders can be held liable under the FHA and ECOA for relying on discriminatory appraisals. They explained that it is “well-established that a lender is liable if it relies on an appraisal that it knows or should know to be discriminatory.” The statement also provided that for disparate treatment claims under the FHA and ECOA, “plaintiffs need only plead facts that plausibly allege discriminatory intent.” The agencies also argued that a violation of Section 3617 of the FHA (which includes “a prohibition against retaliating in response to the exercise of fair housing rights”) “does not require a ‘predicate violation’ of the FHA.
Design firm to settle False Claims Act allegations related to cybersecurity failures
On March 14, the DOJ announced a $293,771 settlement with a design company to resolve alleged False Claims Act (FCA) violations related to failures in its cybersecurity practices. According to the DOJ, the company failed to secure personal information on a federally-funded Florida children’s health insurance website that was created, hosted, and maintained by the company. “Government contractors responsible for handling personal information must ensure that such information is appropriately protected,” Principal Deputy Assistant Attorney General Brian M. Boynton, head of the Justice Department’s Civil Division, said in the announcement. “We will use the [FCA] to hold accountable companies and their management when they knowingly fail to comply with their cybersecurity obligations and put sensitive information at risk.” In this case, the Florida entity (which receives federal Medicaid funds, as well as state funds to provide children’s health insurance programs) contracted with the design company for the provision of a hosting environment that complied with HIPAA’s personal information protection requirements. The company also agreed to adapt, modify, and create code on the webserver to support the secure communication of data. However, between January 1, 2014, and Dec. 14, 2020, the company allegedly failed to provide secure hosting of applicants’ personal information and failed to implement necessary updates. In December 2020, the website experienced a data breach that potentially exposed more than 500,000 applicants’ personal identifying information and other data. In response to the data breach and the company’s cybersecurity failure, the Florida entity shut down the website’s application portal.
DOJ initiates SCRA action over auto auctions and dispositions
On March 3, the DOJ filed a complaint in the U.S. District Court for the Eastern District of North Carolina against a North Carolina-based towing company for allegedly auctioning off, selling, or disposing of vehicles owned by servicemembers through the use of court judgments obtained without filing proper military affidavits. Under the Servicemembers Civil Relief Act (SCRA), plaintiffs seeking a default judgment must “file an accurate military affidavit stating whether or not the defendant is in military service, or that the plaintiff is unable to determine the defendant’s military service status.” Towing companies are also required by the statute to make a good faith effort to determine if a defendant is in military service. A court may not enter a default judgment in favor of a plaintiff until after a servicemember has been appointed an attorney.
According to the complaint, the towing company disposed of servicemembers’ vehicles without complying with these requirements from at least 2017. The DOJ further claims that several factors should have alerted the towing company to the fact that the vehicles belonged to a servicemember, including that many of the vehicles were originally towed from locations on or near a military installation and many of the vehicles “had military decals, patches, and decorations, were financed through lenders geared towards members of the military, and contained military uniforms and paperwork, including orders.” The DOJ seeks damages for the affected servicemembers and civil penalties, as well as a court order enjoining the towing company from engaging in the illegal conduct.
Agencies flag intermediaries in evading Russia-related sanctions
On March 2, the DOJ, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC), and the Department of Commerce’s Bureau of Industry and Security (BIS) issued a joint compliance note on the use of third-party intermediaries or transshipment points to evade Russian- and Belarussian-related sanctions and export controls. This is the first collective effort taken by the three agencies to inform the international community, the private sector, and the public about efforts taken by malign actors to evade sanctions and export controls in order to provide support for Russia’s war against Ukraine. The compliance note outlines enforcement trends and details attempts made by Russia “to circumvent restrictions, disguise the involvement of Specially Designated Nationals and Blocked Persons [] or parties on the Entity List in transactions, and obscure the true identities of Russian end users.” The compliance note also provides common red flags indicating whether a third-party intermediary may be engaged in efforts to evade sanctions or export controls, and outlines guidance for companies on maintaining effective, risk-based sanctions and export compliance programs. The agencies highlight other measures taken to constrain Russia, including stringent export controls imposed by BIS to restrict Russia’s access to technologies and other items, sanctions and civil money penalties issued against U.S. persons who violate OFAC sanctions and non-U.S. persons who cause U.S. persons to violate Russian sanctions programs, and the DOJ’s interagency law enforcement task force, Task Force KleptoCapture, which enforces sanctions, export controls, and economic countermeasures imposed by the U.S. and foreign allies and partners.
DOJ announces $9 million redlining settlement with Ohio bank
On February 28, the DOJ announced a settlement with an Ohio-based bank to resolve allegations that the bank engaged in a pattern or practice of lending discrimination by engaging in “redlining” in the Columbus metropolitan area. The DOJ’s complaint claimed that from at least 2015 to 2021, the bank failed to provide mortgage lending services to Black and Hispanic neighborhoods in the Columbus area. The DOJ also alleged that all of the bank’s branches were concentrated in majority-white neighborhoods, and that the bank did not take meaningful measures to compensate for not having a physical presence in majority-Black and Hispanic communities.
Under the proposed consent order, the bank will, among other things, (i) invest a minimum of $7.75 million in a loan subsidy fund for majority-Black and Hispanic neighborhoods in the Columbus area to increase access to credit for home mortgage, improvement, and refinance loans, and home equity loans and lines of credit; (ii) invest $750,000 to go towards outreach, advertising, consumer financial education, and credit counseling initiatives; (iii) invest $500,000 to be spent in developing community partnerships to expand access to residential mortgage credit for Black and Hispanic consumers; (iv) establish one new branch and one new mortgage loan production office in majority-Black and Hispanic neighborhoods in the Columbus area (the bank must “ensure that a minimum of four mortgage lenders, at least one of whom is Spanish-speaking, are assigned to serve these neighborhoods” and employ a full-time community development officer to oversee lending in these neighborhoods); and (v) conduct a community credit needs assessment to identify financial services needs in majority-Black and Hispanic census tracts in the Columbus area. The announcement cited the bank’s cooperation with the DOJ to remedy the identified redlining concerns.
FTC, DOJ sue telemarketers of fake debt relief services
On February 16, the DOJ filed a complaint on behalf of the FTC against several corporate and individual defendants for alleged violations of the FTC Act and the Telemarketing Sales Rule (TSR) in connection with debt relief telemarketing campaigns that delivered millions of unwanted robocalls to consumers. (See also FTC press release here.) According to the complaint, filed in the U.S. District Court for the Southern District of California, the defendants are interconnected platform providers, lead generators, telemarketers, and debt relief service sellers. Alleged violations include: (i) making misrepresentations about their debt relief services; (ii) initiating telemarketing calls to numbers on the FTC’s Do Not Call Registry, as well as calls in which telemarketers failed to disclose the identity of the seller and services being offered; (iii) initiating illegal robocalls without first obtaining consent; (iv) failing to make oral disclosures required by the TSR, including clearly and truthfully identifying the seller of the debt relief services; (v) misrepresenting material aspects of their debt relief services; and (vi) requesting and receiving payments from customers before renegotiating or otherwise altering the terms of those customers’ debts. The complaint seeks permanent injunctive relief, civil penalties, and monetary damages. Two of the defendants (a debt relief lead generator and its owner) have agreed to a stipulated order that, if approved, would prohibit them from further violations and impose a monetary judgment of $3.38 million, partially suspended to $7,500 to go towards consumer redress due to their inability to pay.
Agencies reiterate illegality of appraisal discrimination
On February 14, CFPB Fair Lending Director Patrice Ficklin joined senior leaders from the FDIC, HUD, NCUA, Federal Reserve Board, DOJ, OCC, and FHFA in submitting a joint letter to The Appraisal Foundation (TAF) urging the organization to further revise its draft Ethics Rule for appraisers to include a detailed statement of federal prohibitions against discrimination under the Fair Housing Act (FHA) and ECOA.
This is the second time the agencies have raised concerns with TAF. As previously covered by InfoBytes, last February, the agencies sent a joint letter in response to a request for comments on proposed changes to the 2023 Appraisal Standards Board Ethics Rule and Advisory Opinion 16, in which they noted that while provisions prohibit an appraiser from relying on “unsupported conclusions relating to characteristics such as race, color, religion, national origin, sex, sexual orientation, gender, marital status, familial status, age, receipt of public assistance income, disability, or an unsupported conclusion that homogeneity of such characteristics is necessary to maximize value,” the “provisions do not prohibit an appraiser from relying on ‘supported conclusions’ based on such characteristics and, therefore, suggest that such reliance may be permissible.” The letter noted that the federal ban on discrimination under the FHA and ECOA is not limited only to “unsupported” conclusions, and that any discussions related to potential appraisal bias should be consistent with all applicable nondiscrimination laws.
In their second letter, the agencies said that the fourth draft removed a detailed, unambiguous summary covering nondiscrimination standards under the FHA and ECOA, and instead substituted “a distinction between unethical discrimination and unlawful discrimination.” The letter expressed concerns that the term “unethical discrimination” is not well established in current law or practice, and could lead to confusion in the appraisal industry. Moreover, the letter noted that “the term ‘ethical’ discrimination, and reference to the possibility of a protected characteristic being ‘essential to the assignment and necessary for credible assignment results,’ appears to resemble the concept of ‘supported’ discrimination that the agencies previously disfavored and whose removal and replacement with a summary of the relevant law significantly improved the draft Ethics Rule.” The agencies further cautioned that “[s]uggesting that appraisers avoid ‘bias, prejudice, or stereotype’ as general norms” would grant individual appraisers wide discretion in applying these norms and likely yield inconsistent results. The agencies advised TAF to provide a thorough explanation of these legal distinctions.