Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • Final judgment entered in alleged misappropriated funds suit

    Courts

    On September 19, the U.S. District Court for the District of Southern Florida granted final judgment against an individual to resolve SEC allegations regarding her involvement in a company that allegedly fraudulently misappropriated funds from investors. As previously covered by InfoBytes, the SEC’s complaint claimed that the individual was employed by the company and was the wife of a chief executive officer who falsely represented to many Venezuelan-American investors that the company would use their funds to finance payday loans through the offer and sale of “safe and secured or guaranteed” promissory notes. The complaint noted that the defendant “received at least $1.2 million of [the company’s] investor funds for no apparent legitimate business purpose,” in violation of the federal securities laws or any regulation or order issued under such laws, as set forth in the Bankruptcy Code. According to the order, the defendant must pay $994,000 in disgorgement and $83,000 in interest.

    Courts Securities Enforcement Fraud Bankruptcy Code

  • FTC proposes rulemaking to combat impersonation fraud

    Agency Rule-Making & Guidance

    On September 15, the FTC issued a notice of proposed rulemaking (NPRM) to prohibit the impersonation of government, businesses, or their officials. According to the FTC, reported losses due to impersonation fraud spiked at the beginning the Covid-19 pandemic, and more than 2.5 million scams were reported nationwide from the beginning of 2017 through the middle of 2022, with consumers reporting losses of more than $2 billion. These impersonation scams include persons posing as government officials or employees, or persons claiming that they represent well-known businesses or charities who may use “misleading domain names and URLs and ‘spoofed’ contact information’” to create the illusion of legitimacy. The FTC added that scammers are looking for information that can be used to commit identity theft or seek monetary payment, and often request that funds be paid through wire transfer, gift cards, or cryptocurrency.

    The NPRM follows an advanced notice of proposed rulemaking issued last December (covered by InfoBytes here), for which the FTC received more than 160 comments from members of the public, as well as a coalition of 49 state attorneys general and many companies and industry organizations. According to the FTC, the NPRM would codify the principle that impersonation scams violate the FTC Act, allowing the Commission to seek civil penalties and recover money from those who violate the rule. Among other things, the NPRM would ban scammers from (i) using government identifiers when communicating with consumers via mail or online; (ii) spoofing government and business email and web addresses “or using lookalike email addresses or websites that rely on misspellings of a company’s name”; or (iii) falsely implying an affiliation with a government or a business by using commonly known terms. The FTC noted that the NPRM would also apply to persons who provide the “means or instrumentalities” for scammers, such as suppliers who manufacture the fake government credentials used by scammers. Additionally, non-profit organizations would be included in the definition of a business under the NPRM, so that the FTC can take action against scammers impersonating charities. Comments on the NPRM are due 60 days after publication in the Federal Register.

    Agency Rule-Making & Guidance Federal Issues FTC Consumer Protection Fraud Privacy, Cyber Risk & Data Security

  • CFPB studying BNPL growth

    Federal Issues

    On September 15, the CFPB announced plans to consider issuing interpretive guidance or regulations to ensure that buy now, pay later (BNPL) lenders follow many of the same consumer protection measures that exist for credit cards. “We will be working to ensure that borrowers have similar protections, regardless of whether they use a credit card or a Buy Now, Pay Later loan,” CFPB Director Rohit Chopra said in the announcement. The Bureau described BNPL products as a form of interest-free credit that “serves as a close substitute for credit cards” and allows consumers to split a retail transaction into smaller, interest-free installments that are repaid over time. 

    Recognizing that BNPL products are a rapidly growing alternative form of credit for online retail purchases, the Bureau published a report providing key insights into the industry. According to the report, the number of BNPL loans originated from 2019 to 2021 in the US grew 970 percent, from 16.8 million to 180 million. The total dollar volume of these loans grew by 1,092 percent in that period, from $2 billion in 2019 to $24.2 billion in 2021, the report said, noting that 73 percent of applicants were approved for credit in 2021, up from 69 percent in 2020. Additionally, the report found that 89 percent of consumers using BNPL loans linked their accounts to their debit cards, and that late fee policies vary by issuer.

    The Bureau raised several concerns with BNPL products in the report, including (i) inconsistent standardized cost-of-credit disclosures, minimal dispute resolution rights, a forced opt-in to autopay, and occurrences where consumers are assessed multiple late fees on the same missed payment; (ii) risks related to data harvesting and monetization, as many BNPL lenders shift business models toward proprietary app usage, allowing lenders “to build a valuable digital profile of each user’s shopping preferences and behavior”; and (iii) concerns over consumers taking out several loans during a short period of time at multiple lenders. According to the Bureau, because most BNPL lenders currently do not furnish data to the major credit reporting companies, many lenders are unaware of a consumer’s current liabilities when deciding whether to originate new loans.

    The Bureau noted in its announcement that while BNPL lenders are currently subject to some federal and state oversight, compliance and licensing requirements vary. In addition to exploring potential new regulatory guidance, the Bureau said it plans to identify surveillance practices that BNPL lenders should seek to avoid, and it will continue to address the development of appropriate and accurate credit reporting practices for the industry. Chopra further announced that the Bureau is inviting BNPL lenders to self-identify if they wish to be examined for any potentially problematic business practices. The Bureau is also reviewing its authorities to conduct examinations on a compulsory basis and will work with state regulators that license nonbank finance companies on examinations of BNPL firms.

    Federal Issues Agency Rule-Making & Guidance CFPB Buy Now Pay Later Privacy, Cyber Risk & Data Security Consumer Protection Consumer Finance Disclosures Fraud

  • 11th Circuit affirms denial of title company’s cyber fraud claim

    Courts

    On September 6, the U.S. Court of Appeals for the Eleventh Circuit upheld a district court’s decision to deny insurance coverage to a Florida title company under its Cyber Protection Insurance Policy after it was allegedly “fraudulently induced—by an unknown actor impersonating a mortgage lender—to wire funds to an incorrect account.” The insurance company denied coverage on the basis that the title company did not meet the policy’s requirements. The title company submitted a claim under the cybercrime endorsement of its insurance policy, which includes a deceptive transfer fraud insurance clause that grants coverage provided certain criteria are met, including that the loss resulted from intentionally misleading actions, was done by a person purporting to be an employee, customer, client or vendor, and the authenticity of the wire transfer instructions was verified according to the title company’s internal procedures. The insurance company denied coverage, claiming that: (i) the mortgage lender to whom the funds were intended was not an employee, customer, client or vendor of the title company; and (ii) that the title company failed to verify the transfer request according to its procedures. The district court granted summary judgment in favor of the insurance company, agreeing that coverage did not exist under the plain language of the policy.

    On appeal, the 11th Circuit determined that the mortgage lender was not listed as an entity under the plain language of the policy. It further disagreed with the title company’s position that under Florida law, insurance coverage clauses must “be construed as broadly as possible to provide the greatest amount of coverage,” and that the deceptive transfer fraud clause should also include “persons and entities involved in the real estate transaction.” The appellate court noted that “[a]s attractive as that proposition may be, it is simply not what the clause provides,” adding that because the clause “limits coverage to misleading communications ‘sent by a person purporting to be an employee, customer, client or vendor’” it must interpret these terms according to their plain meaning and may not “alter[] the terms bargained to by parties to a contract.”

    Courts Privacy, Cyber Risk & Data Security Appellate Eleventh Circuit Insurance Fraud Mortgages

  • 11th Circuit says one-year statutory notice period cannot be varied

    Courts

    On August 26, the U.S. Court of Appeals for the Eleventh Circuit vacated and remanded a district court’s summary judgment in favor of a bank after determining that the plaintiff-appellants’ claim for statutory repayment is not time-barred. Plaintiffs (Venezuelan citizens residing in Venezuela) maintained personal and commercial bank accounts at a Florida branch of the bank. According to the plaintiffs, a bank employee changed the email account associated with the bank accounts to a new fraudulent email. Identity thieves were later able to bypass security measures on the account, gave correct answers to security questions, and sent documents with signatures that matched ones the bank had on file, resulting in roughly $850,000 being transferred out of one of the accounts. Plaintiffs contended they were locked out of their accounts and struggled to contact the bank for months without success. After eventually regaining access to their accounts, plaintiffs discovered the stolen money and sued for a variety of claims, including fraud, negligence, and breach of contract. They also claimed that the bank was required to refund them for the fraudulent wire transfers under Florida Statutes § 670.202. The bank argued, among other things, that the plaintiffs’ claims were time-barred because they failed to notify the bank about the alleged fraud within 30 days of receiving a bank statement. Plaintiffs responded that the Florida Statutes provide a one-year time period to notify a bank of an unauthorized wire transfer and stated that the time-period could not be modified by agreement. The district court entered summary judgment for the bank, concluding “that the one-year period was modifiable and that the parties had modified it.” The district court also determined that because the bank’s procedures were “commercially reasonable” and followed “in good faith” it was not liable to the plaintiffs to repay the wire transfers.

    On appeal, the 11th Circuit held that the plaintiffs were still within their statutory one-year notification period when they notified the bank of the fraudulent wire transfers, and rejected the bank’s argument that it could shorten the notification period to 30 days. The 11th Circuit, in rejecting the bank’s argument determined that it cannot “shift the loss of an unauthorized order to the customer during the statutorily determined period,” adding that “if the one-year statutory notice period could be varied, then banks could insist that customers sign contracts that make the time to demand a refund of a fraudulent payment a day (or even less). That would impair the account holder’s right to a refund and defeat Florida’s intent that banks—not account holders— bear the risk of a fraudulent transfer for the first year following the transfer. And there’s no limiting principle in the text for how short banks could make the statutory refund period.” Pointing out that the bank was unable to identify a limiting principal at oral argument, the appellate court concluded that “if banks could modify the one-year period, there’s no principled way to draw the line as to how short of a refund period is too short.” On remand, the 11th Circuit also instructed the district court to review whether the bank’s security procedures are “commercially reasonable.”

    Courts State Issues Fraud Appellate Eleventh Circuit Privacy, Cyber Risk & Data Security

  • District Court dismisses EFTA claims concerning fraudulent transactions

    Courts

    On August 18, the U.S. District Court for the Eastern District of Michigan dismissed a class action alleging violations of the EFTA brought against a national bank on behalf of consumers who were issued prepaid debit cards providing Covid-19 pandemic unemployment insurance payments. Two of the plaintiffs alleged they experienced fraudulent transactions on their accounts. According to the plaintiffs, the bank froze one of the defendant’s accounts but failed to credit his account for the allegedly fraudulent transaction. In response to a second plaintiff’s fraud report, the bank allegedly froze her account and informed her that she had “to contact the unemployment agency because an unauthorized person had ‘gained access to the card and was using the unemployment benefits.’” The third plaintiff alleged that the bank froze her account based on suspected fraud and was informed that she would have to contact someone else to unfreeze the account. Plaintiffs sued for violations of the EFTA and raised several breach of contract and negligence claims.

    The court dismissed the EFTA claim on several grounds, including that (i) the second plaintiff’s claim is time-barred; (ii) the other two plaintiffs’ claims stem from the bank’s alleged errors related to unauthorized transactions, yet neither requested information or clarification about an electronic funds transfer; (iii) one of the plaintiffs never actually experienced fraud (the court emphasized that the EFTA does not regulate account freezes; it regulates electronic funds transfers); and (iv) one of the plaintiff’s failed to plausibly plead that he complied with the EFTA’s notification requirements that must be met before a defendant conducts an investigation. The court also determined that the breach of contract claims failed, citing, among other things, that if an account did not have an unauthorized transaction a defendant cannot breach its reimbursement duties. Nor did the other two plaintiffs provide proper notice to trigger the bank’s duty to investigate, the court wrote, adding that the negligence claims also failed because the plaintiffs failed to respond to a request asking them to show how the bank’s actions caused them injury.

    Courts EFTA Covid-19 Consumer Finance Fraud

  • District Court dismisses EFTA claims over prepaid debit card fraud

    Courts

    On August 11, the U.S. District Court for the District of Maryland dismissed a putative class action alleging violations of the EFTA and state privacy and consumer protection laws brought against a national bank on behalf of consumers who were issued prepaid debit cards providing pandemic unemployment benefits. The named plaintiff—a self-employed individual who did not qualify for state unemployment insurance but who was eligible to receive temporary Pandemic Unemployment Assistance (PUA) benefits—alleged that he lost nearly $15,000 when an unauthorized user fraudulently used a prepaid debit card containing PUA funds that were intended for him. The court dismissed the class claims with respect to the EFTA and Regulation E, finding that the Covid-19 pandemic was a “qualified disaster” under applicable law and regulations (i.e. PUA payments were “qualified disaster relief payments”), and that as such, the payments satisfied the CFPB’s official interpretation of Regulation E and were excluded from the definition of a “prepaid account.” The court further explained that while relevant CFPB regulations define an “account” to include a prepaid account, Regulation E excludes “any ‘account that is directly or indirectly established through a third party and loaded only with qualified disaster relief payments.’” Because the prepaid debit card in question was established through a third party and was loaded only with PUA funds, it did not meet the definition of a “prepaid account” and therefore fell outside the EFTA’s definition of a covered account. The court also disagreed with the plaintiff’s contention that PUA payments were authorized by Congress in the CARES Act due to the public health emergency rather than a disaster.

    Courts EFTA Regulation E Prepaid Cards Consumer Finance Class Action Covid-19 CFPB CARES Act Fraud

  • DOJ charges six with crypto fraud

    Federal Issues

    On June 30, the DOJ charged six individuals in four separate cases for allegedly playing a role in several cryptocurrency-related fraud schemes. In its press release announcing the indictments, the DOJ said these schemes include “the largest known Non-Fungible Token (NFT) scheme charged to date, a fraudulent investment fund that purportedly traded on cryptocurrency exchanges, a global Ponzi scheme involving the sale of unregistered crypto securities, and a fraudulent initial coin offering.”

    • Crypto NFT Scheme: The DOJ charged a Vietnamese national with one count of conspiracy to commit wire fraud and one count of conspiracy to commit international money laundering related to his involvement in an NFT project, in which the individual and his co-conspirators allegedly engaged in a “rug pull” that ended the investment project and stole roughly $2.6 million from investors. Shortly after the rug pull, the DOJ said in its announcement that the individuals allegedly “laundered investors’ funds through ‘chain-hopping,’ a form of money laundering in which one type of coin is converted to another type and funds are moved across multiple cryptocurrency blockchains.” The individuals also allegedly used decentralized cryptocurrency swap services to hide the trail of investors’ stolen funds.
    • Crypto Ponzi and Unregistered Securities Scheme: The DOJ charged two Brazilian nationals and a Florida resident with one count of conspiracy to commit wire fraud and one count of conspiracy to commit securities fraud in connection with a global cryptocurrency-based Ponzi scheme that generated approximately $100 million from investors. The Brazilian nationals were also charged with conspiracy to commit international money laundering. According to the DOJ, the individuals fraudulently promoted a cryptocurrency investment platform and unregistered securities offering by misrepresenting a purported proprietary trading bot and falsely guaranteeing returns to investors. The Brazilian nationals allegedly laundered investors’ funds through a foreign-based cryptocurrency exchange and paid earlier platform investors with money obtained from later investors, the DOJ said. The SEC also filed a lawsuit against all three individuals and their company in the U.S. District Court for the Southern District of Florida.
    • Crypto Initial Coin Offering Scheme: A California resident who founded a cryptocurrency investment platform was charged by the DOJ with one count of securities fraud for his role in a cryptocurrency fraud scheme involving the platform’s initial coin offering (ICO), which raised roughly $21 million from investors globally. According to the DOJ, the individual falsified information in company white papers for prospective investors, promoted fake testimonials, and fabricated purported business relationships with the Federal Reserve Board and dozens of major companies to appear legitimate.
    • Crypto Commodities Scheme: The DOJ charged the owner of a cryptocurrency investment platform with one count of conspiracy to commit wire fraud, four counts of wire fraud, one count of conspiracy to commit commodities fraud, and one count of obstruction of justice. The Nevada resident allegedly raised approximately $12 million from investors by using the platform to solicit investors’ participation in an unregistered commodity pool (“a fund that combines investors’ contributions to trade on the futures and commodity markets”), told investors that he used a trading bot that “could execute over 17,000 transactions per hour on various cryptocurrency exchanges” to earn profits, and falsely represented that this trading bot would generate between 500 to 600 percent returns on the amount invested.

    “Our office is committed to protecting investors from sophisticated scammers seeking to capitalize on the relative novelty of digital currency,” U.S. Attorney Juan Antonio Gonzalez for the Southern District of Florida stated. “As with any emerging technology, those who invest in cryptocurrency must beware of profit-making opportunities that appear too good to be true.”

    Federal Issues Digital Assets Securities DOJ Enforcement Cryptocurrency Fraud Indictment NFT Wire Fraud Money Laundering

  • FTC sues national retailer for allegedly facilitating money transfer fraud

    Federal Issues

    On June 28, the FTC filed a complaint against a national retailer for allegedly allowing its money-transfer services to facilitate fraud. The complaint alleges the retailer knew about the role money transfer services play in scams but failed to properly secure the services offered at its stores, thus allowing money to be sent to “domestic and international fraud rings.” According to the FTC, at least 226,679 complaints totaling more than $197 million were received by several money transfer services companies about fraud-induced money transfers that were sent from or received at one of the retailer’s stores between January 1, 2013 and December 31, 2018. An investigation by the FTC purportedly revealed that the retailer’s practices allegedly harmed consumers by, among other things, (i) allowing the payout of suspicious money transfers, which allowed scammers to retrieve fraud proceeds at one of the retailer’s stores; (ii) failing to have in place a written anti-fraud policy or consumer protection program until November 2014; (iii) allowing cash pickups for large payments, often through the use of fake IDs; (iv) failing to display or provide materials warning consumers about potential frauds; (v) failing to effectively train or retrain employees; and (vi) allowing money transfers to be used for telemarketing purchases, which are prohibited under the Telemarketing Sales Rule (TSR) due to the high risk of fraud.

    According to the complaint, the retailer “is well aware that telemarketing and other mass marketing frauds, such as ‘grandparent’ scams, lottery scams, and government agent impersonator scams, induce people to use [the retailer’s] money transfer services to send money to domestic and international fraud rings. Nevertheless, [the retailer] has continued processing fraud-induced money transfers at its stores—funding telemarketing and other scams—without adopting policies and practices that effectively detect and prevent these transfers.”

    The complaint seeks a permanent injunction, monetary relief, civil penalties, restitution, and other relief for each violation of the FTC Act and the TSR. The FTC also requests the “rescission or reformation of contracts, the refund of money, the return of property, the payment of damages, public notification, or other relief necessary to redress injury to consumers damages.”

    The retailer issued a press release following the FTC’s announcement, stating that it considers the agency’s claims to be “misguided and legally flawed,” and that the civil lawsuit “was approved by the FTC by the narrowest of margins after Chair Lina Khan refused [the retailer] the due process of hearing directly from the company.” The retailer noted that the FTC’s decision comes after DOJ declined to pursue the case in court. Among other thing, the retailer contended that because it maintains robust anti-fraud measures there is no need for injunctive relief requiring the retailer to change its practices. The retailer pointed to the U.S. Supreme Court’s ruling in AMG Capital Management LLC v. FTC, which limited the FTC’s ability to obtain monetary relief in federal court (covered by InfoBytes here), to argue that the FTC “pivoted their focus in this case after AMG to a distorted interpretation of the TSR to effectively try and hold [the retailer] strictly liable for money transfers that third-party criminals reportedly persuaded some consumers to send.” The retailer added that “[s]witching their main legal theory to the TSR is an obvious attempt to get around the Supreme Court’s ruling in AMG.”

    Federal Issues FTC Enforcement FTC Act Telemarketing Sales Rule Money Service / Money Transmitters Fraud

  • FTC says consumers lost more than $1 billion to crypto fraud

    Federal Issues

    On June 3, the FTC reported that consumers lost over $1 billion to fraud involving cryptocurrencies from January 2021 through March 2022. The FTC’s recent Consumer Protection Data Spotlight found that cryptocurrency is becoming the payment of choice for many scammers and that most reported cryptocurrency losses involved fake investment opportunities (totaling $575 million in reported losses since January 2021). The spotlight stated that nearly four out of every ten dollars reported lost to a fraud originating on social media was lost in crypto, far more than any other payment method. Following losses related to cryptocurrency schemes, the next largest losses involved romance scams ($185 million) and business and government impersonation scams ($133 million collectively).

    Federal Issues Digital Assets FTC Cryptocurrency Consumer Finance Fraud Consumer Protection

Pages

Upcoming Events