Skip to main content
Menu Icon Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations
Section Content

Upcoming Events

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • FTC Announces Final Approval of Settlements With Companies Over EU-U.S. Privacy Shield False Certification Claims

    Privacy, Cyber Risk & Data Security

    On November 29, the FTC announced it had approved final settlements with three companies over allegations that they falsely claimed  participation in the European Union-U.S. Privacy Shield (EU-U.S. Privacy Shield) framework. (See previous InfoBytes coverage here.) The settlements mark the FTC’s first EU-U.S. Privacy Shield enforcement actions following the EU’s finalization and adoption in July 2016 (as covered by InfoBytes) of the EU-U.S. Privacy Shield Framework, which established a mechanism for companies to transfer consumer data between the EU and the U.S. in compliance with specified obligations.

    Privacy/Cyber Risk & Data Security Enforcement FTC Settlement

    Share page with AddThis
  • Ride-Sharing Company Announces Data Breach; State Attorneys General Launch Investigations

    State Issues

    On November 21, a ride-sharing company disclosed via press release a 2016 data breach that exposed the personal data of 57 million riders and drivers. According to the company, an outside forensic investigation revealed that in October 2016 hackers obtained approximately 600,000 driver names and license numbers, along with rider names, email addresses, and mobile phone numbers. The company claimed that hackers did not obtain driver or passenger social security, credit card, bank account, birth date, or trip location information. Though the company stated that it has taken action to address the delay in notifying affected individuals and regulators, lawsuits filed by the State of Washington and the City of Chicago claim that the company capitulated to hackers’ demands and “paid the hackers to delete the consumer data and keep quiet about the breach.”

    According to a letter from the company to the Washington attorney general attached to the state’s complaint, the company “is taking personnel actions with respect to some of those involved in the handling of the incident.” The company further stated that it has “implemented and will implement further technical security measures, including improvements related to both access controls and encryption.”

    According to sources, three separate class action lawsuits have been filed against the company as a result of the 2016 breach (see here, here, and here) and five attorneys general (New York, Illinois, Connecticut, Massachusetts, and Missouri) have launched investigations.

    The 2016 data breach follows a settlement in January of that year with the New York Attorney General related to allegations that the company failed to promptly disclose a 2014 data breach.  The 2014 data breach involved an alleged failure to prevent unauthorized access to the company’s consumer and driver data maintained on a third-party cloud service provider. As previously reported in InfoBytes in August, the company reached a settlement with the FTC related to the 2014 data breach; however, that settlement was entered into before the company disclosed the existence of the 2016 breach.

    In a related development, on November 27, the U.S. District Court for the Northern District of California dismissed without prejudice a putative class action lawsuit against the company related to the 2014 data breach. The court held that the driver’s name, license number, and limited banking information disclosed in the breach was not the type of personally identifiable information that could expose plaintiffs to the risk of identity theft. Accordingly, the court dismissed the case for lack of Article III standing. The court also granted plaintiffs a final opportunity to amend their complaint to address the standing deficiencies.

    State Issues Privacy/Cyber Risk & Data Security Data Breach State Attorney General FTC Class Action Settlement Courts

    Share page with AddThis
  • OFAC Penalizes Credit Card Issuer for Violations of Cuban Assets Control Regulations

    Financial Crimes

    On November 17, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced that it had reached a $204,277 settlement with a U.S. financial institution for alleged violations of the Cuban Assets Control Regulations (CACR). The settlement involves actions taken by an international credit card company which, at the time of the apparent violations, was a wholly owned subsidiary of an entity that was itself 50 percent owned by the U.S. financial institution. According to the announcement, between 2009 and 2014, credit cards that the company issued to over 100 corporate customers were used to make purchases in Cuba or otherwise involved Cuba. OFAC asserts that the company failed to implement controls to prevent this even though it had policies and procedures in place to review transactions for compliance with CACR.

    In determining the settlement amount, OFAC considered that (i) employees within the company had reason to know of the conduct that led to the alleged violations; (ii) none of the entities involved appeared to appreciate the risk that the credit cards might be used in Cuba; (iii) at the time they occurred, the actions resulted in harm to the US sanctions program objectives; (iv) the U.S. financial institution is a large and sophisticated financial entity; and (v) during the investigation, the entities provided “verifiably inaccurate or incomplete, including material omissions.” OFAC also considered the fact that the entities voluntarily self-disclosed the alleged violations and the U.S. financial institution took “swift and appropriate remedial action” upon discovery.

    OFAC recently announced updates to CACR, covered by InfoBytes here.

    Financial Crimes OFAC Department of Treasury Enforcement Settlement Credit Cards

    Share page with AddThis
  • DOJ Announces $5.4 Million in Additional Relief for Servicemembers Impacted by Bank’s Alleged SCRA Violations

    Lending

    On November 14, the DOJ announced it had secured an additional $5.4 million from a major U.S. bank related to a September 2016 settlement (previously covered by InfoBytes) resolving allegations that between January 2008 and July 2015 the bank repossessed vehicles owned by active duty servicemembers without required court orders in violation of the Servicemembers Civil Relief Act. The original consent order with the DOJ required the bank to pay $10,000, plus lost equity, to each of the 413 affected servicemembers whose cars were found to be unlawfully seized and further stipulated the bank could be required to compensate additional servicemembers. Since entering into the 2016 settlement with the DOJ, the bank announced it had uncovered another 450 qualifying servicemembers, bringing the combined affected total to 863, with compensatory payouts of more than $10 million.

    Lending Fair Lending DOJ SCRA Servicemembers Settlement Enforcement

    Share page with AddThis
  • OFAC Announces Cuban Assets Control Regulations Updates; Releases New FAQs

    Financial Crimes

    On November 8, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced amendments to the Cuban Assets Control Regulations to implement changes related to certain financial transaction restrictions and economic activities. In accordance with the National Security Presidential Memorandum issued by President Trump on June 16, the amendments will, among other things, prohibit “persons subject to U.S. jurisdictions” from engaging in financial transactions with entities and subentities identified on the State Department’s Cuba Restricted List. This effort is intended to “channel economic activities away from the Cuban military, intelligence, and security services, while maintaining opportunities for Americans to engage in authorized travel to Cuba and support the private, small business sector in Cuba.” The amendments will take effect November 9. OFAC also released updated FAQs and a fact sheet to answer questions related to the amended regulations.

    Refer here, here, and here for InfoBytes coverage on OFAC settlements of alleged violations of the Cuban Assets Control Regulations.

    Financial Crimes OFAC Department of State Settlement International

    Share page with AddThis
  • FTC Fines California Auto Dealer for Violating Order About Disclosures

    Lending

    On November 6, the FTC announced a settlement of $1.4 million with a Southern California auto dealership for violating a 2014 administrative order (Order). The Order prohibited the dealership from misrepresenting the cost to finance or lease a vehicle. In issuing the Order, the FTC alleged that the dealership had violated the FTC Act by using advertisements that deceptively stated a $0 up-front lease option while excluding other fees and costs, and also that the dealership’s advertisements violated disclosure requirements of the Consumer Leasing Act (CLA) and TILA.

    The new settlement resolves a complaint in which the FTC alleged the auto dealership “routinely violated” the Order requiring the dealership to, among other things, (i) accurately represent costs and terms of financing or leasing vehicles; (ii) conform its advertisements to the requirements of the CLA and TILA; and (iv) maintain necessary records and make those records available to the agency. In addition to the monetary penalty and the prohibition of similar practices, the settlement also subjects the dealership to strong compliance and reporting requirements.

    Lending Auto Finance FTC Enforcement Settlement FTC Act CLA TILA Disclosures

    Share page with AddThis
  • Federal Reserve Board Issues Consent Order for the Alleged Deceptive Marketing of Balance Transfer Credit Cards

    Consumer Finance

    On October 26, the Federal Reserve Board (Fed) announced it had entered into a consent order with Mid America Bank & Trust Company (Mid America) over allegations that the bank engaged in deceptive practices in violation of the FTC Act involving balance transfer credit cards issued to consumers through third party independent service organizations. On the same day, the Fed announced its approval of an application by Reliable Community Bankshares, Inc. to acquire Mid America’s holding company, Mid America Banking Corporation. The allegations pertain to the adequacy of marketing materials, disclosures and other customer communications that described certain terms of the balance transfer cards such as credit reporting, available credit, and application of the statute of limitations to transferred balances. The Fed’s order requires the bank to refund certain fees, account balances and payments to its cardholders and other non-monetary actions, including compliance program enhancements. The order did not impose a civil money penalty.

    Consumer Finance Credit Cards Settlement FTC Act Federal Reserve

    Share page with AddThis
  • Illinois AG and FTC Reach $9 Million Settlement With Phantom Debt Collector

    Consumer Finance

    On October 31, Illinois Attorney General Lisa Madigan and the Federal Trade Commission (FTC) announced settlements with three operators of a fake debt collection scheme in Chicago. According to the Attorney General’s office, the three individuals and associated companies identified people who had recently applied for or received a short-term loan and then posed as a law firm to collect on the debt. The companies also sold fictitious loan debt portfolios to other debt buyers, who then attempted to collect on the fake debts. The settlements require the operators to surrender at least $9 million in assets (which will be used to refund impacted consumers) and, among other things, ban them from the debt collection business and from selling debt portfolios.

    Consumer Finance State Attorney General FTC Debt Collection Payday Lending Enforcement Settlement

    Share page with AddThis
  • FTC Settles Suit Against Credit Score Site Schemers

    Courts

    On October 26, the FTC agreed to a settlement of $760,000 with two affiliate marketers of a credit score business who allegedly committed deceptive acts to lure consumers into signing up for their monthly credit monitoring service for $30.00.

    The settlement partly resolves a suit the FTC filed in January against the credit score company, the owner, and the company’s affiliate marketers. The FTC alleged that the defendants posted fake rental ads on Craigslist and required persons responding to the ads to obtain a purportedly “free” credit report from the company’s websites before viewing the property. The defendants, however, used the credit or debit card information consumers entered to obtain the credit report and enrolled consumers for a negative option credit monitoring service with a $30.00 monthly fee.

    The order suspended the balance of the total $6.8 million judgment on the condition that the affiliate marketers pay the FTC the settled amounts. The claims against the company and the owner are ongoing.

    Courts Consumer Finance FTC Fraud Settlement Litigation

    Share page with AddThis
  • Virginia AG Announces Settlement With Internet Lender Over Licensing Claims and Excessive Interest

    State Issues

    On October 25, Virginia Attorney General Mark R. Herring announced a settlement with a Nevada-based internet lender to resolve allegations that the lender violated the Virginia Consumer Protection Act by misrepresenting it was licensed by the state’s Bureau of Financial Institutions and collecting interest exceeding the state’s general usury limit. According to a press release issued by the Attorney General’s office, the settlement requires the lender to provide refunds and interest forgiveness of more than $265,000 to borrowers, and pay the state $50,000 in civil money penalties, costs, and fees. A permanent injunction also prohibits the lender from, among other things, misrepresenting its licensing status and collecting interest exceeding the amount allowed by the state’s general usury statute.

    State Issues State Attorney General Usury Predatory Lending Consumer Finance Settlement Enforcement

    Share page with AddThis

Pages