InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
AG coalition calls on Department of Education to discharge loans for students who attended closed for-profit school
On November 13, a coalition of 22 state attorneys general led by the Massachusetts attorney general sent a letter to the Department of Education’s Federal Student Aid Chief Operating Officer to determine whether the Department has complied with federal regulations that allow student borrowers to qualify for automatic discharge relief if they attended a school within 120 days of its closure date and have not continued their education elsewhere. The letter referred to an estimate provided by the Department in May, which stated that approximately 52,000 former students of a now-closed for-profit college qualified for automatic closed-school discharge relief. The letter notes, however, that recent information obtained from Congress indicates that only 7,000 student borrowers have been granted automatic discharges. Among other things, the AGs ask the Department to clarify whether all eligible students are now receiving automatic discharges, and request that the 120-day window be expanded “due to the deeply compromised nature of the school and its offerings in the months before its national collapse.” In addition, the letter requests details about the number of students with discharged loans and the methodology the Department is using to implement the automatic closed-school discharge.
Washington AG settles deceptive practices allegations with office supply company
On November 13, the Washington attorney general announced an office supply company has agreed to pay $900,000 to resolve an investigation into deceptive computer repair services. According to the AG’s office, the company allegedly used a software program, called “PC Health Check” or similar names, to facilitate the sale of diagnostic and repair services to retail customers that cost up to $200, regardless of whether their computer was actually infected with viruses or malware. The company claimed that the program, which allegedly detected malware symptoms on consumers’ computers, actually based the results on answers to four questions consumers were asked by a company employee at the beginning of the service, including whether the computer had slowed down, had issues with frequent pop-up ads, received virus warnings, or crashed often. After the questions were asked, the responses were entered into the program and a simple scan of the computer was run. The AG’s office claims that the scan had no connection to the malware symptoms results because an affirmative answer by the consumer to any of the four questions always led to the report of actual or potential malware symptoms. The release also states that in 2012, a company employee informed management that “the software reported malware symptoms on a computer that ‘didn’t have anything wrong with it,’” but that the company continued to sell the repair services until 2016 to an estimated 14,000 Washington consumers. According to the AG’s release, Washington is the only state to reach an agreement with the company over the alleged practices in addition to the $35 million national settlement the company and its software vendor reached with the FTC in March for similar conduct. (Previous InfoBytes coverage here.)
FATF issues an advisory on jurisdictions with AML/CFT deficiencies
On November 12, the Financial Crimes Enforcement Network (FinCEN) issued an advisory on the Financial Action Task Force (FATF)-identified jurisdictions with “strategic deficiencies” in their anti-money laundering and combating the financing of terrorism (AML/CFT) regimes. As previously covered by InfoBytes, in October, FATF updated the list of jurisdictions to include the Bahamas, Botswana, Cambodia, Ghana, Iceland, Mongolia, Pakistan, Panama, Syria, Trinidad and Tobago, Yemen, and Zimbabwe. At the time, FATF noted that several jurisdictions had not yet been reviewed, and that it “continues to identify additional jurisdictions, on an ongoing basis, that pose a risk to the international financial system.”
The FinCEN advisory reminds financial institutions of the FATF October updates and emphasizes that financial institutions should consider both the FATF Public Statement and the Improving Global AML/CFT Compliance: On-going Process documents when reviewing due diligence obligations and risk-based policies, procedures, and practices. Moreover, the advisory includes public statements on the status of, and obligations involving, the Democratic People’s Republic of Korea (DPRK) and Iran, in particular. The advisory reminds jurisdictions of the actions the United Nations and the U.S. have taken with respect to sanctioning the DPRK and Iran and emphasizes that financial institutions must comply “with the extensive U.S. restrictions and prohibitions against opening or maintaining any correspondent accounts, directly or indirectly, with foreign banks licensed by the DPRK or Iran.”
Massachusetts AG reaches $4 million settlement with debt collector
On November 11, the Massachusetts attorney general announced a $4 million settlement with a Virginia-based debt collection company to resolve allegations that it engaged in deceptive and unfair debt collection practices. The AG’s release stated that an assurance of discontinuance filed in the Suffolk Superior Court alleges that the company “aggressively” collected on purchased defaulted loans, credit card accounts, car loans, and other consumer debts by using a network of in-house collectors who contacted consumers through multiple letters and phone calls, and used law firms to take consumers to court. An investigation revealed that the company “routinely pursued consumers with only exempt sources of income such as social security, social security disability, and supplemental security income,” and that consumers who informed the company of their reliance on such income “were pressured by the company to pay money they should have been entitled to keep.” Among other things, the AG’s office claimed that the company also (i) collected on debts it could not substantiate; (ii) failed to verify whether the consumer information it reported to credit reporting agencies was accurate; (iii) ignored the statute of limitations when collecting debt; and (iv) failed to notify consumers of their rights to request proof of a debt and to provide proof of a debt upon request. In addition to the $4 million payment, the company has agreed to stop collecting from consumers using only exempt income, will obtain documentation that debts are valid before collecting, will inform consumers when debt is beyond the statute of limitations, and will refrain from calling consumers more than twice in a seven-day period. The company also agreed to stop reporting debts it cannot substantiate to credit reporting agencies and to investigate consumer credit report accuracy disputes.
11th Circuit reinstates FCRA suit, addresses “false pretenses”
On November 12, the U.S. Court of Appeals for the Eleventh Circuit issued an order reversing in part and affirming in part a district court’s dismissal of claims brought by a consumer who claimed a bank violated the Fair Credit Reporting Act (FCRA) and the FDCPA when it allegedly provided debt information using a “false name” to a credit reporting agency and requested the consumer’s credit report without a proper purpose. In 2016, the consumer filed a lawsuit asserting the bank (i) violated the FDCPA by using a name other than its true name in connection with the collection of debt; and (ii) violated the FCRA when it failed to investigate the accuracy of the information provide to the credit reporting agency, and requested his credit report without a permissible purpose. The district court dismissed the complaint for failure to state a claim.
On appeal, the 11th Circuit affirmed the dismissal of the FDCPA claim, concluding that, while the false-name exception stipulates that the FDCPA applies to a creditor that uses any name other than its own when collecting its own debts (which may indicate a third party was collecting or attempting to collect the debt), the exception does not apply in this instance because “even the least sophisticated consumer” would understand that the bank and the entity named in the consumer report were related. However, the appellate court held that the district court erred in dismissing the FCRA claims. According to the opinion, the consumer stated three plausible claims for relief, including that the bank failed to investigate the accuracy of the information it sent, as required when a dispute arises, and that it unlawfully obtained his credit report. The 11th Circuit noted that while it has never addressed the meaning of “false pretenses” under the FCRA, it now joins other courts in holding that “intentionally obtaining a credit report under the guise of a permissible purpose while intending to use the report for an impermissible purpose can constitute false pretenses.” Moreover, the appellate court noted that while the bank may have obtained the consumer’s credit report for proper purposes, or that it may have disclosed the true purpose to the credit reporting agency, “this fact question cannot be resolved on a motion to dismiss.”
7th Circuit: Collection letter tax filing language may violate the FDCPA
On November 8, the U.S. Court of Appeals for the Seventh Circuit reversed a district court’s dismissal of an action against a debt collector, concluding that tax consequence language in a debt collection letter may violate the FDCPA. According to the opinion, the debt collector sent a consumer four collection letters with at least one letter stating in part that “[s]ettling a debt for less than the balance owed may have tax consequences and [the creditor] may file a 1099C form.” The consumer filed an action against the debt collector alleging that the language violated the FDCPA because the creditor is not obligated to file a 1099C with the IRS unless it has forgiven at least $600 in principal. The consumer also claimed that the creditor at issue would never file a 1099C unless it was legally obligated to do so, and as applied to the consumer’s debt at issue, none of the settlement options offered in the dunning letter would have reached the $600 threshold. The district court granted the debt collector’s motion to dismiss the action and the consumer appealed.
On appeal, the 7th Circuit focused on the letter’s reference to the possible 1099C filing. The court noted that “it is impermissible for a creditor to make a ‘may’ statement about something that is illegal or impossible,” and while it is not technically illegal or impossible for the creditor to file a 1099C form for amounts less than $600, the debt collector did not dispute that the creditor “would never file a 1099C form with the IRS unless required to do so by law.” The court observed that the “language of a collection letter can be literally true and still be misleading in a way that violates the Act.” Thus, the consumer plausibly alleged that “it is, in fact, misleading to state that [the creditor] may file a Form 1099C, when it never would.” And because questions as to whether specific statements are deceptive or misleading are “almost always questions of fact,” the appellate court reversed the dismissal and remanded the case back to district court for further proceedings.
FCC seeks comment on whether an opt-out clarification text violates TCPA
On November 7, the FCC released a public notice seeking comment on a petition filed by a financial institution requesting a declaratory ruling on whether a company can send a follow-up clarification text message in response to an opt-out message from a consumer without violating the TCPA. More specifically, in connection with informational texts that the consumer previously consented to receive, the institution desires to “discern the scope of that opt-out,” because “[s]ome customers want to opt-out of all texts; others merely want to opt-out of the specific category of text message alert they received most recently.” The institution notes it filed the petition “in an abundance of caution” in light of the highly technical nature of TCPA compliance, and that it believes the FCC’s 2012 ruling in SoundBite Communications, Inc. Petition for Expedited Declaratory Ruling is clear that a sender may clarify in an opt-out confirmation message the scope of the consumer’s request without violating the TCPA as long as the message does not contain marketing or promotional content or seek to encourage or persuade the recipient to reconsider the opt-out.
Comments on the FCC’s public notice are due by December 9, with reply comments by December 24.
FTC settles with technology service provider on data security issues
On November 12, the FTC announced a proposed settlement, which requires a technology service provider to implement a comprehensive data security program to resolve allegations of security failures, which allegedly allowed a hacker to access the sensitive personal information of about one million consumers. According to the complaint, the FTC asserts that the service provider and its former CEO violated the FTC Act by engaging in unreasonable data security practices, including failing to (i) have a systematic process for inventorying and deleting consumers’ sensitive personal information that was no longer necessary to store on its network; (ii) adequately assess the cybersecurity risk posed to consumers’ personal information stored on its network by performing adequate code review of its software and penetration testing; (iii) detect malicious file uploads by implementing protections such as adequate input validation; (iv) adequately limit the locations to which third parties could upload unknown files on its network and segment the network to ensure that one client’s distributors could not access another client’s data on the network; and (v) implement safeguards to detect abnormal activity and/or cybersecurity events. The FTC further alleges in its complaint that the provider could have addressed each of the failures described above “by implementing readily available and relatively low-cost security measures.”
The FTC alleges more particularly that, between May 2014 and March 2016, an unauthorized intruder accessed the service provider’s server over 20 times, and in March 2016, “accessed personal information of approximately one million consumers, including: full names; physical addresses; email addresses; telephone numbers; SSNs; distributor user IDs and passwords; and admin IDs and passwords.” Because the information obtained can be used to commit identity theft and fraud, the FTC alleged that the service provider’s failure to implement reasonable security measures violated the FTC’s prohibition against unfair practices.
The proposed settlement requires the service provider to, among other things, create certain records and obtain third-party assessments of its information security program every two years for the 20 years following the issuance of the related order that would result from the settlement.
VA encourages relief for Tropical Storm Imelda-affected borrowers
On November 8, the Department of Veterans Affairs (VA) issued Circular 26-19-29, encouraging mortgagees to provide relief for VA borrowers affected by Tropical Storm Imelda. Among other forms of assistance, the Circular encourages loan holders and servicers to (i) extend forbearances to borrowers in distress because of the disaster; (ii) establish a 90-day moratorium from the disaster declaration date on initiating new foreclosures on affected loans; (iii) waive late charges on affected loans; and (iv) suspend credit reporting related to affected loans. The Circular is effective until January 1, 2021. Mortgage servicers and veteran borrowers are also encouraged to review the VA’s Guidance on Natural Disasters.
Find continuing InfoBytes coverage on disaster relief guidance here.
Jury convicts former French power company executive of multiple FCPA, money laundering and conspiracy offenses
On November 8, the DOJ announced that a jury had returned a guilty verdict against a British national and former French power and transportation company executive who was accused of bribing Indonesian officials to secure a power contract. Following a two-week trial, the jury convicted the former executive on six counts of violating the FCPA, three counts of money laundering, and two counts of conspiracy. As previously covered by InfoBytes, while the French company pleaded guilty in 2014, and three other executives—each of whom worked for the French company’s U.S.-based subsidiary—entered guilty pleas, the trial for the former executive (originally indicted in 2013) was delayed as he challenged the reach of the FCPA. The U.S. Court of Appeals for the Second Circuit held in 2018 that a non-resident foreign national lacking sufficient ties to a U.S. entity could not be charged with conspiring or aiding and abetting something that he could not be directly charged with, because he was “not an agent, employee, officer, director, or shareholder of an American issuer or domestic concern” within the scope of the FCPA’s jurisdictional provision and had not himself committed a crime inside the U.S. The 2nd Circuit also determined, however, that the former executive could still be charged with FCPA offenses, as the DOJ had signaled its intention to prove he “was an agent of a domestic concern,” which would place him “squarely within the terms of the statute.”
According to the DOJ’s press release, it presented evidence at the trial to show that the former executive violated the FCPA by overseeing and supporting the U.S.-based subsidiary’s efforts to win the contract with the bribery scheme, including pressing the U.S. subsidiary to structure the payment terms to a consultant used as an intermediary in the scheme to “get the right influence.” The former executive and his co-conspirators allegedly helped arrange the payment of bribes to Indonesian officials by assisting in the U.S. subsidiary’s retention of two consultants, purportedly to provide legitimate consulting services on behalf of the subsidiary but with the intention of employing them to pay and conceal the bribes. The DOJ observed in its release that the former executive and his co-conspirators were successful in securing the contract from Indonesia’s state-owned and state-controlled electricity company and “subsequently made payments to the consultants for the purpose of bribing the Indonesian officials.”
Sentencing is scheduled for January 31, 2020 in the U.S. District Court for the District of Connecticut.