InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Oklahoma regulator amends working from home guidance
On September 23, the Oklahoma Department of Consumer Credit extended, for the third time, its interim guidance to regulated entities on working from home (see here, here, here and here for previous coverage). The guidance sets forth data security standards that regulated entities must meet in order to satisfy the department guidance. The guidance also provides that the department will expedite and waive fees for change of address applications in the event that a licensed location is compromised by Covid-19 or is undergoing decontamination. The guidance was extended through October 31, 2020.
SEC issues two separate whistleblower awards totaling over $2.65 million
On September 21, the SEC announced a $2.4 million award to a whistleblower in connection with a successful agency enforcement action. The SEC’s press release states that the whistleblower’s “timely submission of information” led to the initiation of an investigation and enforcement action that stopped the ongoing misconduct. The redacted order determining the whistleblower award claim states that the whistleblower’s information helped SEC staff “identify key witnesses and parties and draft targeted subpoenas, which saved the staff time and resources in conducting the investigation.”
Earlier on September 17, the SEC announced a nearly $250,000 joint whistleblower award in connection with a successful agency enforcement action. According to the SEC’s press release, the whistleblowers raised their concerns internally before reporting the potential securities violations to the SEC. According to the redacted order, the claimants’ concerns prompted enforcement staff to open an investigation. The order notes, however, that while the claimants’ information identified certain parties and transactions that were ultimately subjects of the covered action, “many of their allegations did not directly relate to the Commission’s charges” in covered action, which played a role in the SEC’s determination of the appropriate award percentage.
The SEC has now paid a total of $523 million to 97 individuals since the inception of the program.
OFAC issues Iran nuclear and ballistic missile program sanctions
On September 21, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) designated three high-ranking individuals of the Atomic Energy Organization of Iran (AEOI), numerous AEOI subsidiaries, equipment supply companies, and various senior officials working on Iran’s missile programs pursuant to Executive Order (E.O.) 13382, which allows for sanctions for engaging in or supporting the proliferation of weapons of mass destruction (WMD). As a result of the sanctions, all property and interests in property of the designated persons that are in the United States or in the possession or control of U.S. persons must be blocked and reported to OFAC. OFAC further warned foreign financial institutions that knowingly facilitating significant transactions or providing significant support to the designated entities may subject them to sanctions and could sever access to the U.S. financial system.
In addition, the U.S. Department of Treasury announced a new Executive Order titled, "Blocking Property of Certain Persons with Respect to the Conventional Arms Activities of Iran,” which authorizes the Secretary of the Treasury, in conjunction with the Secretary of State, to impose asset blocking sanctions on any person engaged in any activity that materially contributes to the supply, sale, or transfer of destabilizing conventional weapons and acquisition of arms and related materiel by Iran.
CFPB settles with auto lender on unfair LDW practices
On September 21, the CFPB announced a settlement with a California-based auto-loan servicer to resolve allegations that the company engaged in unfair practices with respect to its Loss Damage Waiver (LDW) product, in violation of the Consumer Financial Protection Act. The CFPB alleged that the company engaged in unfair practices by charging certain borrowers for LDW coverage, but then failed to provide the coverage. Specifically, the LDW agreement allowed the company to suspend coverage if borrowers became 10-days delinquent on their auto loans. The company, however, continued to charge borrowers LDW premiums even though coverage was no longer being provided. The Bureau also alleged that the company assessed LDW claim-related fees that were not disclosed in the LDW contract, which the borrowers were not contractually obligated to pay.
Under the terms of the consent order, the company is required to pay more than $1.3 million in consumer redress to approximately 4,000 impacted consumers, as well as a $100,000 civil money penalty. The order also prohibits the company from “failing to provide consumers with LDW coverage, collateral protection insurance, or similar products or services for which [the company] has charged consumers” or from “charging consumers fees that are not authorized by its LDW contracts.”
LIBOR-based loans will not be eligible for Ginnie Mae pooling
On September 21, Ginnie Mae issued All Participant Memorandum 20-12, which states that Ginnie Mae will stop accepting the delivery of single-family forward adjustable rate mortgage (ARM) loans, dated on or after January 1, 2021, with any interest term based on LIBOR, for securitization in any pool. Additionally, any adjustable rate reverse mortgages (HECMs) will be ineligible for securitization into any HMBS pool that relies on LIBOR if not securitized as of January 1, 2021, “without regard to their date of origination or the date in which the corresponding FHA case number was assigned.” Participations associated with HECM loans backing HMBS will continue to be eligible without restriction, so long as the issuance date is on or before December 1.
Oklahoma regulator extends working from home guidance
On September 23, the Oklahoma Department of Consumer Credit extended, for the fourth time, its interim guidance to regulated entities on working from home (see here, here, here, and here for previous coverage). The guidance sets forth data security standards for regulated entities with employees working from home and also provides that the department will expedite and waive fees for change of address applications in the event that a licensed location is compromised by Covid-19 or is undergoing decontamination. The guidance was extended through October 31, 2020.
Special Alert: FinCEN extends AML program, other requirements to banks without federal regulators
On September 14, the Financial Crimes Enforcement Network (FinCEN) issued a final rule to align Bank Secrecy Act (BSA) requirements applicable to most banks with the requirements applicable to banks lacking a “federal functional regulator.” In particular, the final rule will require all non-federally regulated banks — including private banks, non-federally insured credit unions, and certain trust companies — to establish and implement anti-money-laundering (AML) programs and customer identification programs (CIP).
Colorado amends executive order regarding eviction protections
On September 22, the Colorado governor issued Executive Order 2020 202, which amends Executive Order 2020 101, as amended and extended by earlier orders. The amendment provides that an individual is prohibited from filing or initiating actions for forcible entry and detainer (i.e. eviction), including any demand for rent, unless the individual has notified the tenant in writing of the federal protections against eviction provided by the Centers for Disease Control and Prevention’s Temporary Halt in Residential Evictions To Prevent the Further Spread of Covid-19. The individual must provide as notice a copy of the CDC’s order. Certain aspects of Executive Order 2020 101, including the amendments pursuant to Executive 2020 202, will expire 30 days from September 2020. Other aspects of Executive Order 2020 101 will remain in full force and effect as originally promulgated. Previous coverage relating to Colorado’s eviction orders can be found here, here, and here.
IRS: Lenders should not report PPP debt forgiveness
On September 22, the IRS released Announcement 2020-12 notifying lenders that they should not report the amount of qualifying loan forgiveness for covered loans to qualifying small businesses made under the Paycheck Protection Program (PPP).The IRS code generally requires lenders to file a Form 1099-C for any discharge of indebtedness of at least $600. However, the IRS’ announcement specifies that when a portion or all of the principal is forgiven under the requirements of Section 1106 of the CARES Act, lenders, for federal income tax purposes only, should not “file a Form 1099-C information return with the IRS or provide a payee statement to the eligible recipient under section 6050P of the Code as a result of the qualifying forgiveness.”
OFAC sanctions Iranian cyber threat group
On September 17, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned an Iranian cyber threat group, 45 associated individuals, and one additional “front company” for allegedly being involved in a Government of Iran (GOI) malware campaign targeting international travel companies, Iranian dissidents, and journalists. Specifically, OFAC alleges that the front company “advances Iranian national security objectives and the strategic goals of Iran’s Ministry of Intelligence and Security (MOIS) by conducting computer intrusions and malware campaigns against perceived adversaries.” OFAC asserts that the 45 individuals provided support for MOIS cyber intrusions by serving as managers, programmers, and hacking experts. The front company has allegedly targeted hundreds of individuals and entities from more than 30 different countries, including using “malicious cyber intrusion tools” to target approximately 15 U.S. companies primarily in the travel sector.
As a result, all property and interests in property belonging to, or owned by, the identified individuals subject to U.S. jurisdiction are blocked, and “any entities 50 percent or more owned by one or more designated persons are also blocked.” U.S. persons are also generally prohibited from engaging in transactions with the designated individuals.
The FBI also issued a Public Intelligence Alert on the Iranian cyber threat group.