InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Court orders credit union to pay $5 million to settle overdraft allegations
On June 27, the U.S. District Court for the Northern District of New York granted final approval of a class action settlement, resulting in a defendant credit union paying approximately $5.2 million to settle allegations concerning illegal overdraft/non-sufficient funds (NSF) fees and inadequate disclosure practices. As described in plaintiffs’ unopposed motion for preliminary approval, the defendant was sued in 2020 for violating the EFTA (Regulation E) and New York General Business Law (NY GBL) § 349. According to plaintiffs, defendant charged overdraft fees and NSF fees that were not permitted under its contracts with its members or Regulation E. Plaintiffs’ Regulation E and NY GBL liability theories are premised on the argument that defendant’s “opt-in form did not inform members that these fees were charged under the ‘available balance’ metric, rather than the ‘actual’ or ‘ledger’ balance metric”—a violation of Regulation E and NY GBL § 349. The plaintiffs’ liability theory was that defendant’s “contracts did not authorize charging overdraft fees when the ledger or actual balance was positive.”
Under the terms of the settlement, defendant is required to pay $2 million, for which 25 percent of the settlement fund will be allocated to class members’ Regulation E overdraft fees, 62.5 percent will go to class members’ GBL overdraft fees, and 12.5 percent will be allocated to class members’ breach of contract overdraft fees. Defendant is also required to pay $948,812 in attorney’s fees, plus costs, and $10,000 service awards to the two named plaintiffs. Additionally, the defendant has agreed to change its disclosures and will “forgive and release any claims it may have to collect any at-issue fees which were assessed by [defendant] but not collected and subsequently charged-off, totaling approximately $2,300,000.”
OFAC settles with international financial institution
On June 20, the U.S Treasury Department’s Office of Foreign Assets Control (OFAC) announced a settlement with a Latvia-based bank—a subsidiary of an international financial institution headquartered in Sweden—to resolve potential civil liability stemming from OFAC’s Crimea sanctions. According to OFAC’s web notice, in 2015 and 2016, a shipping industry client of the Latvia-based subsidiary bank made 386 transactions totaling over $3 million through its e-banking platform from a Crimea-based IP address to persons in Crimea, which were processed through U.S. correspondent banks. OFAC alleges that in 2016, the client attempted to make a payment to a U.S. correspondent bank from a Crimea-based IP address, but after the payments were rejected and the bank was reassured by the client that the transactions did not involve Crimea, the bank rerouted the payment through a different U.S. correspondent bank. OFAC alleges that the bank had client onboarding information that the client had a physical presence in Crimea, so the bank had reason to know that the transactions in fact involved Crimea. OFAC also accused the bank of not integrating the client’s IP data into its sanctions screening processes.
In arriving at the $3.4 million settlement amount, OFAC considered, among other things, that the bank willfully violated U.S. sanctions by not self-disclosing the violations, which is required as a third party. According to the OCC, the bank failed to exercise due caution or care in neglecting to account for the client’s presence in Crimea, and instead solely relied on the client’s reassurances when it possessed contradictory information. OFAC also claimed that the bank had many customers in Crimea, and therefore had reason to know the origin of the payments it was processing. OFAC also considered several mitigating factors, including that: (i) the bank has not received a penalty notice from OFAC in the preceding five years; (ii) the bank and the financial institution took remedial action; and (iii) the bank and the financial institution cooperated with OFAC’s requests for information.
OFAC said that this action “demonstrates the importance of implementing and maintaining effective, risk-based sanctions compliance controls, especially for sophisticated financial institutions operating in proximity to high-risk regions.” OFAC added that this case also demonstrates the importance of undertaking reasonable efforts to investigate red flags. Finally, OFAC noted that this matter underscores the importance of remaining vigilant against efforts by entities based in Crimea, Russia, and other high-risk countries seeking to evade sanctions and elude compliance controls.
District Court preliminarily approves $2.7 million FCRA settlement
On June 1, the U.S. District Court for the Eastern District of California preliminarily approved a class action settlement, which would require a corporate defendant to pay $2.7 million to resolve allegations that it provided false information on credit reports to auto dealers. The defendant sells credit reports to auto dealers to help dealers manage their regulatory compliance obligations, the order explained, noting that one of these obligations prohibits dealers from engaging in business with anyone designated on the U.S. Treasury Department’s Office of Foreign Assets Control’s (OFAC) Specially Designated Nationals (SDN) list. The SDN list is comprised of persons and entities owned or controlled by (or acting for or on behalf of) a targeted company, or non-country specific persons, who are prohibited from conducting business in the U.S. The defendant would flag a consumer as an “OFAC Hit” if it matched a name on the SDN list.
The order explained that when using a “similar name” algorithm script to run the consumer’s name against the SDN list to check for a match, the defendant only ran first and last names and did not input other available information such as birth dates and addresses. The lead plaintiff filed a putative class action pleading claims under the FCRA and California’s Consumer Credit Reporting Agencies Act, alleging his name inaccurately came up as an OFAC hit on a credit report sold to an auto dealer. In turn, the plaintiff was denied credit and suffered emotionally, later learning that the defendant incorrectly matched him with an SDN. According to class members, the defendant failed to follow reasonable procedures to assure maximum possible accuracy when matching consumer information and failed to provide, upon request, all information listed in a consumer’s file. Moreover, the lead plaintiff claimed the defendant failed to investigate the disputed OFAC-related information sold to the dealer. The defendant moved for summary judgment on the premise that it was not acting as a consumer reporting agency and that OFAC check documents were not consumer reports, but the court denied the motion and later certified the class. If finalized, the settlement would provide $1,000 to each of the class members, attorneys fees and costs, and a service award to the lead plaintiff.
District Court approves $4.3 million data breach settlement
Earlier this month, the International Organization of Securities Commissions (IOSCO) released draft policy recommendations to support greater regulatory and oversight consistency within the crypto and digital assets markets. According to the global securities watchdog, regulators must strive for consistency in their oversight of crypto-asset activities given the cross-border nature of these markets and the varying approaches taken by individual jurisdictions. Seeking to optimize consistency in the way crypto-asset and securities markets are regulated, the IOSCO advised regulators to enhance cooperation efforts and attempt “to achieve regulatory outcomes for investor protection and market integrity that are the same as, or consistent with, those required in traditional financial markets in order to facilitate a level-playing field between crypto-assets and traditional financial markets and help reduce the risk of regulatory arbitrage.” Encouraging regulators to engage in rulemaking and information sharing, the IOSCO presented a comprehensive strategy for harmonizing the oversight of crypto companies, including standards on conflicts of interest and governance, fraud and market abuse, cross-border cooperation, custody of client monies and assets, and operational and technological risks. The IOSCO also suggested measures for reducing money laundering risks, explaining that crypto assets may be more appealing to criminals who want to avoid traditional financial system oversight. The IOSCO noted that its goal is to finalize its policy recommendations in early Q4 2023. Comments will be received through July 31.
Pennsylvania reaches $11 million settlement with rent-to-own company
On May 15, the Pennsylvania attorney general announced a $11.4 million settlement with a rent-to-own lender and its subsidiaries accused of engaging in predatory practices targeting low-income borrowers and employing deceptive collection practices. According to the AG, the lender disguised one-year rent-to-own agreements as “100-Day Cash Payoffs” and then concealed the balances owed. The AG maintained that consumers were locked into binding 12-month agreements that included high leasing fees (equal to 152 percent APR interest). The AG explained that consumers entitled to restitution and relief “had already satisfied the cash price, the sales tax on the cash price, and the processing fees associated with their purchase – yet still owed [the lender] a balance.” Additionally, the AG accused the lender of using a web-based portal for creating and signing contracts, which made it easy for persons other than the consumer to sign the agreements.
The order requires the lender to pay $7.3 million in restitution that will be distributed to affected consumers, $200,000 in civil penalties, and $750,000 in costs to be paid to the AG to be used for public protection and education purposes. Additionally, the lender is required to reduce the balances of delinquent lease-to-own accounts for certain rental purchase agreements, resulting in a $3.15 million aggregate reduction in balances. The lender has also agreed to, among other things, not represent or imply that failure to pay a debt owed or alleged to be owed “will result in the seizure, attachment or sale of any property that is the subject of the debt unless such action is lawful” or that the lender’s subsidiary intends to take such actions. The lender is also prohibited from collecting any amount, including interest, fees, charges, or expenses incidental to the principal obligation, unless the amount is expressly authorized by the agreement creating the obligation or permitted by law. Furthermore, the lender’s subsidiaries must clearly and conspicuously disclose customer balances during servicing calls and through a customer portal.
OFAC reaches $3.3 million settlement with cosmetics company for Iranian sanctions violations
The U.S Treasury Department’s Office of Foreign Assets Control (OFAC) recently announced settlements with a California-based cosmetics company and a former senior company executive to resolve potential civil liability stemming from allegations that the company participated in a conspiracy to export goods and services from the United States to Iran over roughly an eight-year period. According to OFAC’s web notice, the company entered into an exclusive agreement with an Iranian distributor to sell products in the Middle East, specifically in Iran, without ever receiving a specific license or other applicable OFAC guidance to do so. OFAC maintained that these exported products (for which the company requested a license), were neither generally authorized nor exempt from prohibition. During a later acquisition, the company again applied for, but did not receive, a specific license to export products to Iran. The company knew that an OFAC license was required to lawfully export the products to Iran but continued to do so through departments generally overseen by the former senior company executive, OFAC said, adding that prior to the acquisition, the company did not disclosure the exports or its involvement with Iran, nor was this conduct discovered during pre-acquisition due diligence. By conspiring to export approximately $11.1 million worth of goods to Iran over approximately eight years, the company allegedly violated the Iranian Transactions and Sanctions Regulations.
In arriving at the settlement amount, OFAC considered, among other things, that the company willfully violated U.S. sanctions by exporting its products and services to Iran, despite having knowledge that such conduct was prohibited, and that senior company officials had actual knowledge of the alleged misconduct. The $3.3 million settlement (of which the former senior company executive is responsible for $175,000) reflects that while the company voluntarily self-disclosed the apparent violations, the violations constitute an egregious case. OFAC also considered several mitigating factors, including that: (i) the company has undertaking remedial measures to prevent future misconduct; (ii) the overall percentage represented by its sales to Iran is small; (iii) the company has not received a penalty notice from OFAC in the preceding five years; (iv) the company cooperated with OFAC during the investigation and agreed to toll the statute of limitations; and (v) the former senior company executive’s violations involved the export of benign consumer goods.
Providing context for the settlement, OFAC said, among other things, that the “case highlights that U.S. sanctions on Iran encompass a wide range of potentially violative conduct, including the formation and execution of conspiracies to engage in prohibited activities such as exporting goods to Iran and causing such exports to occur.” OFAC reminded businesses that “placement of a U.S. entity under the compliance structure of a non-U.S. entity that may lack sufficient familiarity with U.S. sanctions laws could prevent the prompt identification of and response to potentially prohibited conduct.”
District Court preliminarily approves $300 million auto insurance settlement
On May 1, the U.S. District Court for the Northern District of California preliminarily approved a $300 million class action settlement resolving claims that a national bank hid misconduct relating to its auto insurance practices. The lead plaintiff alleged that, between November 3, 2016 and August 3, 2017, the defendant made materially false or misleading statements in violation of the Securities Act, which artificially inflated the price of the defendant’s stock. Specifically, the plaintiff maintained that the defendant concealed that it allegedly force-placed unneeded collateral protection insurance (CPI) on many of its customers and failed to refund unearned guaranteed auto protection (GAP) premiums to other customers, which led to more than 20,000 customers having their cars repossessed. The plaintiff further alleged that the defendant was aware of these issues but failed to disclose them to investors or the public, and claimed that the facts did not emerge until they were published by the media in July of 2017. As a result, class members who purchased defendant’s stock during the relevant period allegedly suffered economic losses when the stock price declined as a result of two corrective disclosures that revealed the CPI and GAP issues to investors. A hearing later this year will determine the service fee award and attorneys’ fees and expenses (to be no more than 25 percent of the settlement amount). The defendant denies all claims of wrongdoing.
ID verifier to pay $28.5 million to settle BIPA allegations
On May 5, the U.S. District Court for the Northern District of Illinois preliminarily approved an amended class action settlement in which an identification verification service provider agreed to pay $28.5 million to settle allegations that it violated the Illinois Biometric Information Privacy Act (BIPA). According to the plaintiffs, the defendant collected, stored, and or used class members’ biometric data without authorization when they uploaded photos and state IDs on a mobile app belonging to one of the defendant’s customers. After the court denied the defendant’s move to compel arbitration and determined the plaintiff had standing to pursue his BIPA claims, the parties entered into settlement discussions without the defendant admitting any allegations or liability. The court certified two classes: (i) Illinois residents who uploaded photos to the defendant through the app or website of a financial institution (class members will receive $15.7 million); and (ii) Illinois residents who uploaded photos through a non-financial institution (class members will receive $12.8 million). A final approval hearing will determine attorney’s fees and expenses and incentive awards.
OFAC reaches $7.6 million settlement with online digital-asset trading platform
On May 1, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a roughly $7.6 million settlement with a Massachusetts-based online trading and settlement platform to resolve potential civil liability stemming from allegations that the platform allowed customers in sanctioned jurisdictions to engage in digital asset-related transactions. According to OFAC’s web notice, between January 2014 and November 2019, the platform allegedly permitted customers to make more than $15.3 million in trades, deposits, and withdrawals, despite having reason to know that the customers’ locations—based on both Know Your Customer (KYC) information and internet protocol address data—were in jurisdictions subject to comprehensive OFAC sanctions. OFAC noted that although the platform implemented a sanctions compliance program to screen new customers, it did not retroactively screen existing customers, thus allowing these customers to continue to conduct trading activity. While the platform made efforts to identify and restrict accounts with a nexus to certain sanctioned jurisdictions, compliance deficiencies resulted in the platform processing 65,942 online digital asset-related transactions for 232 customers apparently located predominantly in Crimea, but also in Cuba, Iran, Sudan, and Syria.
In arriving at the settlement amount, OFAC considered, among other things, that the platform failed to exercise due caution or care for its sanctions compliance obligations and had reason to know that certain customers were located in sanctioned jurisdictions. Additionally, the settlement amount reflects that the platform did not voluntarily disclose the apparent violations. OFAC also considered several mitigating factors, including that: (i) the platform was a small start-up when most of the apparent violations occurred; (ii) the platform has not received a penalty notice from OFAC in the preceding five years; (iii) the platform cooperated with OFAC during the investigation and undertook numerous remedial measures; and (iv) the volume of apparent violations represented a very small percentage of the total volume of transactions conducted on the platform annually.
Providing context for the settlement, OFAC said the “action highlights that online digital asset companies—like all financial service providers— are responsible for ensuring that they do not engage in transactions prohibited by OFAC sanctions, such as providing services to persons in comprehensively sanctioned jurisdictions. To mitigate such risks, online digital asset companies should develop a tailored, risk-based sanctions compliance program.”
OFAC reaches $508 million settlement with British tobacco company on North Korean transactions
On April 25, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a $508 million settlement with one of the world’s largest tobacco companies to resolve potential civil liabilities stemming from allegations that the company sent more than $250 million in profits from a North Korean joint venture through U.S. financial institutions by relying on designated North Korean banks and several intermediaries. According to OFAC’s web notice, from 2007 to 2016, the London-headquartered company formed a conspiracy to export tobacco and related products to North Korea, and remitted approximately $250 million in payments from the North Korean joint venture. The payments were allegedly remitted through bank accounts controlled by sanctioned North Korean banks to the company’s Singaporean subsidiary via U.S. banks who cleared the transactions. By causing U.S. financial institutions to process wire transfers containing blocked property interests of sanctioned North Korean banks in order to export financial services and facilitate the export of tobacco, the company violated the Weapons of Mass Destruction Proliferators Sanctions Regulations and the North Korea Sanctions Regulations, OFAC said.
According to OFAC, the settlement is the largest ever reached with a non-financial institution and reflects the statutory maximum penalty due to OFAC’s determination that the company’s conduct was egregious and not voluntarily self-disclosed. In arriving at the settlement amount, OFAC determined, among other things, that the company and its subsidiaries willfully conspired to transfer hundreds of millions of dollars related to North Korea through U.S. financial institutions while being aware that U.S. sanctions regulations prohibited this conduct. The company and its subsidiaries also allegedly “relied on an opaque series of front companies and intermediaries” to conceal their North-Korea-related business, with management having actual knowledge about the alleged conspiracy from the beginning. OFAC also considered various mitigating factors, including that the company has not received a penalty notice from OFAC in the preceding five years, and that the company cooperated with OFAC and agreed to toll the statute of limitations.
Providing context for the settlement, OFAC said that this action demonstrates that “creating the illusion of distance between a firm and apparently violative conduct does not shield that firm from liability.” Moreover, “[s]enior management decisions to approve or otherwise support arrangements that obscure dealings with sanctioned countries and parties can be reflected throughout an organization, compounding sanctions risks and increasing the likelihood of committing potential violations.”
Concurrently, the DOJ announced that the company and one of its subsidiaries have agreed to pay combined penalties of more than $629 million to resolve bank fraud and sanctions violations charges stemming from the aforementioned conduct. According to the DOJ, the subsidiary pleaded guilty to a criminal information charging both entities with conspiracy to commit bank fraud and conspiracy to violate the International Emergency Economic Powers Act. The company entered into a deferred prosecution agreement related to these charges.