InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FDIC releases August enforcement actions
On September 25, the FDIC released a list of administrative enforcement actions taken against banks and individuals in August. During the month, the FDIC issued 13 orders, consisting of “one consent order under 8(b), four orders of prohibition under 8(e), and eight Section 19 orders.” The consent order, issued against a Kansas-based bank, relates to alleged violations of the Bank Secrecy Act (BSA). Among other things, the bank was ordered to (i) terminate all activity related to its foreign financial institution customers, including such activity as funds transfers, remote deposit capture, money service business remittances, Automated Clearing House transfers, and funds transfers to or from any foreign central bank accounts; (ii) establish a directors’ BSA/anti-money laundering (AML) compliance committee; (iii) implement a revised BSA compliance program to address BSA/AML deficiencies, including incorporating internal controls to assure ongoing compliance, as well as training for appropriate personnel; (iv) maintain a BSA/AML internal control structure, including suspicious activity monitoring and reporting, risk assessment, and customer due diligence; (v) contract with a third-party consulting firm to conduct an independent test of the bank’s BSA/AML compliance program; (vi) implement an effective, comprehensive BSA training program for appropriate personnel regarding specific compliance responsibilities; and (vii) conduct a look-back review to ensure certain reportable transactions and suspicious activities were appropriately identified and reported.
District court: FTC allegations fail due to lack of credible experts
On September 24, the U.S. District Court for the Western District of Pennsylvania entered an order granting a Pennsylvania-based home insulation manufacturer’s motion under Fed. R. Civ. P. 52(c). The insulation manufacturer was accused of violating the FTC Act by making misrepresentations regarding the performance of its home insulation product. In particular, the FTC “challenge[d] the veracity” of the company’s “R-value” claims about the performance of its house insulation product. In the order, the court ruled that the FTC “offered no reliable or credible expert testimony.” The court explained that “[w]hen the FTC challenges the veracity of a corporation’s R-value and energy saving claims, expert testimony is required,” and emphasized that the FTC has the burden of proving that a company’s “purported substantiation is inadequate.” The FTC’s two expert witnesses, the court determined, were not credible and did not express “a reasonable degree of scientific certainty.” The court further ruled that the FTC failed to demonstrate by a preponderance of evidence that the company’s substantiation lacked a reasonable basis. As a result of the order, judgment will be entered in favor of the defendant and against the FTC.
District court: No SCRA foreclosure protections for servicemember not on the note
On September 23, the U.S. District Court for the Eastern District of New York held that an active duty servicemember could not avail herself of the foreclosure protections provided by the Servicemembers Civil Relief Act (SCRA) even though she was a signatory on the mortgage, because she was not a signatory on the note. According to the opinion, the SCRA foreclosure protections are afforded only to an “obligation on real . . . property” which is “secured by a mortgage” and that it is the note “which evidences the obligations, i.e. the promise to pay the debt.” By signing the mortgage, the servicemember-spouse “merely mortgaged her interest in the property, to secure her husband’s obligation to pay.” Accordingly, the court vacated a prior stay of foreclosure.
OFAC settles Iranian Transactions and Sanctions Regulations violations
On September 24, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a $473,157 settlement with a California-based equipment and software company for six apparent violations of the Iranian Transactions and Sanctions Regulations (ITSR). According to OFAC’s web notice, from roughly January 2016 to June 2016, the company—through a former subsidiary it had since merged with—allegedly reexported U.S. export-controlled test measurement equipment to Iran. Among other things, OFAC noted that prior to the merger, the subsidiary “committed to cease all existing and future business” with certain sanctioned countries, including Iran. However, after the acquisition, certain subsidiary personnel continued to engage in transactions with Iran, with three employees taking “measures to obfuscate from [the company] their dealings with Iran.”
In arriving at the settlement amount, OFAC considered various aggravating factors, including that (i) the subsidiary willfully violated the ITSR by shipping products in order to bypass the company’s directive to cease Iran-related business; and (ii) some of the subsidiary’s senior branch and sales managers knowingly participated in the apparent violations.
OFAC also considered various mitigating factors, including that the company (i) fully cooperated with OFAC’s investigation; (ii) undertook several remedial measures, such as terminating the appropriate employees; (iii) “assess[ed] past and current transactions for compliance with OFAC regulations, implement[ed] mechanisms to halt current transactions, and ensur[ed] that no further transactions involved restricted countries”; and (iv) enhanced its sanctions compliance program to minimize the risk of similar violations from occurring in the future.
Rhode Island regulator extends work from home guidance for lenders
On September 28, the Rhode Island Department of Business Regulation, Banking Division, extended previous guidance (previously covered here and here) issued to mortgage loan originators, lenders, loan brokers, and exempt company registrants. The guidance permits working from home, even if the home is located outside of Rhode Island or is not a licensed branch, so long as specified data security provisions are met. The department extended this guidance until December 31, 2020.
OFAC amends CACR to restrict revenue sources to the Cuban regime
On September 23, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a final rule amending the Cuban Assets Control Regulations (CACR) to further implement portions of the President’s foreign policy to deny the Cuban regime sources of revenue. Among other things, the final rule (i) amends an interpretive provision and several general licenses regarding lodging and related transactions at certain properties in Cuba identified on the State Department’s “Cuba Prohibited Accommodations List,” including those owned or controlled by the Cuban government; (ii) amends four general licenses to restrict the importation of Cuban-origin alcohol and tobacco products into the U.S.; (iii) amends a general license to eliminate the authorization for U.S. persons to attend or organize professional meetings or conferences in Cuba (specific licenses may be issued on a case-by-case basis for certain transactions); and (iv) eliminates a general license that authorizes U.S. persons “to participate in or organize certain public performances, clinics, workshops, other athletic or non-athletic competitions, and exhibitions, and replaces it with a specific licensing policy” (again permitting the authorization of specific activities via specific license on a case-by-case basis). The final rule also makes several technical and conforming changes, and is effective September 24.
Fed issues ANPR on CRA modernization
On September 21, the Federal Reserve Board (Fed) issued an Advance Notice of Proposed Rulemaking (ANPR) inviting public comment on its approach for modernizing the regulations that implement the Community Reinvestment Act (CRA). The Fed’s ANPR follows a final rule to modernize the regulatory framework implementing the CRA issued by the OCC in May (covered by a Buckley Special Alert), which was met by opposition from community coalitions and House Democrats (covered by InfoBytes here and here). Neither the FDIC nor the Fed joined in promulgating the OCC’s final rule, which is technically effective October 1, 2020, but provides for at least a 27-month transition period for compliance based on a bank’s size and business model.
According to the Fed, the ANPR’s objectives are to increase the clarity, consistency and transparency of CRA supervisory expectations and standards, while minimizing data collection burdens. The following are key takeaways from the ANPR:
- Promoting financial inclusion. The ANPR seeks feedback on ways to strengthen regulations and evaluate how banks meet the needs of low- and moderate-income (LMI) communities and address inequities in credit access. The ANPR proposes, among other things, (i) ways to encourage more activities that support minority depository institutions (MDIs), Community Development Financial Institutions, as well as women-owned financial institutions and low-income credit unions outside of a bank’s assessment area; (ii) seeks feedback on additional incentives for investing in and partnering with MDIs; and (iii) requests input on expanding geographic areas for community development activities to allow banks to receive special CRA credit for activities in areas with high unmet needs.
- Metrics. The ANPR introduces a metrics-based approach to bring greater clarity, consistency, and transparency to how banks are assessed and rated. The ANPR proposes assessing banks’ CRA performance using a Retail Test and a Community Development Test with options to be evaluated under certain subsets based on their size. According to the Fed’s fact sheet, the metrics would be “tailored to local market conditions and adjust[ed] automatically to reflect structural economic differences and changes over the business cycle.” Additionally, the proposed retail lending metrics formulas use the number of a bank’s loans, rather than the dollar amount of those loans, to avoid weighting larger loans more heavily than smaller ones.
- Internet banks. The ANPR contemplates defining an internet bank for CRA purposes and allowing such internet banks to delineate nationwide assessment areas to “more holistically capture their banking activities.”
- CRA deserts. The ANPR considers designating “CRA deserts”—“areas with little bank presence and corresponding lesser availability of banking products and services and community development activities”—and allowing banks to receive credit for community development activities in designated areas of need outside of their assessment areas. The ANPR also suggests providing additional consideration if a bank operates a branch in a designated banking desert within an assessment area.
- CRA-approved activities. The ANPR proposes publishing an illustrative, non-exhaustive list of community development activities that qualify for CRA consideration and seeks feedback on an activity pre-approval process.
- Small banks. The ANPR proposes eliminating the current intermediate small bank category and establishing an asset-size threshold of $750 million or $1 billion to distinguish between small and large retail banks. Currently, the asset threshold between small and intermediate small banks is $326 million, and the threshold between intermediate small and large banks is $1.305 billion. Small retail banks could continue to be evaluated under the current CRA framework but would have the option to be evaluated under certain of the new subtests. Small banks are also exempt from additional deposit and certain other data collection requirements.
- Consistent approach. Fed Chair Jerome Powell released a statement stressing that the ANPR “is an important step forward in laying a foundation for the [Fed, OCC, and FDIC] to build a shared, modernized CRA framework that has broad support.”
Comments on the ANPR are due 120 days after publication in the Federal Register.
SEC amends whistleblower program rules
On September 23, the SEC voted to adopt amendments to the rules governing its whistleblower program. According to the SEC, the amendments are meant to “provide greater transparency, efficiency and clarity, and to strengthen and bolster the program.” The amendments were proposed for public comment in June 2018 (covered by InfoBytes here) and have been adopted with some changes. Highlights include:
- Award Determinations. The amendments (i) add Exchange Act Rule 21F-6(c), which provides a presumption that meritorious claimants will receive the statutory maximum amount, for awards $5 million or less, where none of the negative award criteria specified in Rule 21F-6(b) are present, with certain exceptions; (ii) amend the definition of “action” to allow awards based on deferred prosecution agreements and non-prosecution agreements entered into by the DOJ or a state attorney general in a criminal case, or settlement agreements entered into by the SEC outside of a judicial or administrative proceeding that address securities law violations; and (iii) codify that a law-enforcement or separate regulatory action does not qualify as a “related action,” if there is a separate award scheme that more appropriately applies. Additional details can be found in the SEC Office of the Whistleblower’s concurrently released staff guidance regarding the process for determining award amounts for eligible whistleblowers.
- Definition of Whistleblower. The amendments establish a uniform definition of “whistleblower” that will apply to all aspects of Exchange Act Section 21F, in response to the Supreme Court's decision in Digital Realty Trust, Inc. v. Somers (as previously covered in a Buckley Special Alert).
- Increased Efficiency. The amendments (i) allow for a permanent bar of any applicant from seeking an award after that applicant has submitted three frivolous award applications; and (ii) allow for a summary disposition procedure for certain common denials.
- Others. The amendments also clarify and enhance certain policies, practices, and procedures in implementing the program, including allowing the waiver of Tip, Complaint or Referral (TCR) filing requirements if a whistleblower complies with the requirements within 30 days of (i) first providing the information; or (ii) first obtaining notice of the TCR filing requirements.
The amendments are effective 30 days after publication in the Federal Register.
California AG, former FTC chairs argue about federal privacy law preemption during Senate committee hearing
On September 23, the Senate Committee on Commerce, Science, and Transportation held a hearing titled, “Revisiting the Need for Federal Data Privacy Legislation.” The hearing examined the current state of consumer data privacy and legislative efforts to provide baseline data protections for American consumers, and examined the lessons learned from the EU’s Global Data Protection Regulation (GDPR) and recently enacted state privacy laws. Witnesses included a number of former chairs and commissioners of the FTC, along with California Attorney General Xavier Becerra.
Becerra discussed the California Consumer Privacy Act (CCPA), which sets forth various requirements for businesses that collect, transfer, or sell a consumer’s personal information, and provides California residents several rights, including the right to know what data companies have collected on them and the right to ask to delete data or opt-out of its sale. (See continuing InfoBytes coverage on the CCPA here.) Concerning future federal privacy legislation, Becerra stressed that any such legislation should not preempt the work happening at the state level, and he urged the Committee “to favor legislation that sets a federal privacy-protection floor rather than a ceiling,” in order to allow states the opportunity to provide tailored protections for their residents. Becerra also stressed that the ideal federal legal framework would “recognize[] that privacy protections must keep pace with innovation,” and further addressed the need for a meaningful enforcement regime that respects the work undertaken by the states.
Former FTC chairs Jon Leibowitz and Maureen Ohlhausen, however, argued (see here and here) in favor of federal preemption. They suggested that a single national comprehensive privacy standard would be stronger and more comprehensive than existing regimes such as the CCPA and GDPR, and could better serve consumers even if it replaces state regulations. Both stressed that preempting state laws should not mean weakening protections for consumers. Moreover, both Leibowitz and Ohlhausen emphasized that federal privacy legislation should be technology- and industry-neutral, with rigorous standards backed by tough enforcement. Leibowitz also urged Congress to provide the FTC with the ability to impose civil penalties on violators for first-time offenses, and recommended that the FTC be granted the primary authority to administer the law and be given continued authority to provide redress directly to consumers. Former chair William Kovacic presented a different approach, which would establish a domestic privacy network to promote cooperation and coordination between federal and state privacy regulators to improve policy formation.
Other topics covered in the hearing included Chairman Roger Wicker’s (R-MS) recently introduced bill (S. 4626), known as the SAFE DATA Act, which would require businesses to be more transparent about their data collection, processing, and transfer activities, and give consumers more choices and control over their data. Among other things, the bill would preempt privacy laws in California and other states, except in regard to data breaches, and would not include a private right of action allowing consumers to sue over privacy violations.
FDIC announces disaster relief in connection with Hurricane Sally
On September 23, the FDIC issued FIL-92-2020 to provide regulatory relief to financial institutions and help facilitate recovery in areas of Alabama affected by Hurricane Sally starting on September 14. In the guidance, the FDIC notes that, in supervising institutions affected by the hurricane, the FDIC will consider the unusual circumstances those institutions face. The guidance suggests that institutions work with impacted borrowers to, among other things, (i) extend repayment terms; (ii) restructure existing loans; or (iii) ease terms for new loans to those affected by the severe weather, provided the measures are “done in a manner consistent with sound banking practices.” Additionally, the FDIC notes that institutions may receive Community Reinvestment Act consideration for community development loans, investments, and services in support of disaster recovery. The FDIC states it will also consider relief from certain reporting and publishing requirements.