InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Democratic senators concerned with CFPB retiring HMDA search tool
On April 29, nine Democratic Senators, led by Sherrod Brown (D-Ohio), wrote to the CFPB expressing “deep concern” regarding the Bureau’s plan to retire its tools for public exploration of HMDA data—HMDA Explorer Tool and the Public Data Platform API. In the letter, the Senators argue that retiring the tools with no plan for adequate replacements “threatens to undermine the statutory purposes of HMDA and does not live up the commitments to transparency and accountability” that Director Kraninger promised to uphold during her nomination hearing. The Senators cite to the Bureau’s decision to move the Office of Fair Lending and Equal Opportunity from the Supervision and Enforcement section to the Office of the Director and argue that “[r]reductions in available data and its accessibility, combined with weakened [fair lending] enforcement, is a disservice to the consumers the CFPB was created to protect.” The letter urges the CFPB to reverse course and requests that the Bureau provide a “detailed briefing” on the decision by May 10.
In the notice regarding the tools’ retirement, the Bureau states that the FFIEC “will publish a query tool for the 2018 data in the coming months.”
OFAC reaches settlement with New Jersey corporation for alleged Ukrainian sanctions violations
On April 25, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a $75,375 settlement with a New Jersey corporation for two alleged violations of the Ukraine Related Sanctions Regulations. The settlement resolves potential civil liability for the company’s alleged issuance of two separate invoices for software licensing and software support services to an entity previously identified on OFAC’s Sectoral Sanctions Identification List. According to OFAC, the designated entity’s attempts to remit payment were rejected by financial institutions after it was determined that the transaction was prohibited. However, the corporation—which allegedly failed to have in place a sanctions compliance program and failed to “recognize that the delayed collection of payment was prohibited”—explored possible options to collect the payment and did not seek guidance or authorization from OFAC.
South Carolina enacts servicemembers civil relief act
On April 26, the South Carolina governor signed H 3180 to enact the South Carolina Servicemembers Civil Relief Act, which will “expand and supplement the rights, benefits, and protections of the federal Servicemembers Civil Relief Act (SCRA)” and provide that a violation of the SCRA is a violation of the state’s act. In particular, the Act expands federal SCRA’s definition of “military service” to include South Carolina guardsman who are on state active duty, subject to certain requirements. It also provides that a “dependent of a servicemember engaged in military service has the same rights and protections provided to a servicemember” under both the Act and the SCRA and expands contract termination rights for servicemembers receiving “military orders to relocate for a period of service of at least ninety days to a location that does not support the contract,” encompassing phone, internet, TV, and gym subscriptions. The Act took effect upon signature and is applicable to contracts executed on or after April 26.
CFPB updates Prepaid Small Entity Compliance Guide
On April 26, the CFPB released version 3.1 of its Prepaid Small Entity Compliance Guide to incorporate previously issued submission instructions for issuers submitting account agreements pursuant to the prepaid account rule through the electronic submission system “Collect.” (See previous InfoBytes coverage here.)
Federal Reserve issues BSA/AML enforcement action against Japanese bank
On April 25, the Federal Reserve Board announced an enforcement action against a Japanese bank for alleged weaknesses in its New York branch’s anti-money laundering risk management and compliance programs, including a failure to comply with applicable rules and regulations, including the Bank Secrecy Act. Under the terms of the order, the bank is required to, among other things, (i) develop and implement a written plan to strengthen the board of directors’ oversight of Bank Secrecy Act/anti-money laundering (BSA/AML) compliance and Office of Foreign Assets Control (OFAC) regulations; (ii) submit an enhanced written compliance program that complies with BSA/AML requirements; (iii) submit an enhanced, written customer due diligence plan; (iv) submit a written program to ensure compliant, timely, and accurate suspicious activity monitoring and reporting; (v) submit a written plan to enhance OFAC regulation compliance; and (vi) submit a written plan for independent testing of the bank’s compliance with all applicable BSA/AML requirements. A civil money penalty was not assessed against the bank or the branch. This is the latest in a long string of BSA/AML and OFAC-related regulatory enforcement actions against the U.S. operations of foreign banking organizations. Intense regulatory scrutiny of such institutions’ BSA/AML and OFAC risk management appears to continue unabated.
FDIC fines banks for TCPA, BSA violations; releases March enforcement actions
On April 26, the FDIC announced a list of administrative enforcement actions taken against banks and individuals in March. The 13 orders include “three consent orders; two orders terminating consent orders; four Section 19 orders; one removal and prohibition order; two voluntary terminations of insurance orders; and two orders to pay civil money penalty.” The FDIC assessed, among other things, a $200,000 civil money penalty against an Oklahoma-based bank for allegedly violating the FTC Act and the TCPA by (i) using telemarketers who misrepresented themselves as employees or affiliates of the federal government; and (ii) placing calls to consumers who appeared on the National Do Not Call Registry or who requested to be added to the bank’s internal Do Not Call List.
The FDIC also assessed a consent order against an Illinois-based bank related to alleged weaknesses in its Bank Secrecy Act (BSA) compliance program. Among other things, the bank is ordered to (i) designate a senior official to enforce and take corrective action related to its BSA compliance policy; (ii) implement a revised, comprehensive written BSA compliance program and system of internal controls to address provisions, including currency transaction reporting, customer identification program, beneficial ownership, and information sharing requirements; (iii) adopt a written Customer Due Diligence Program to assure the reasonable detection of suspicious activity, specifically for money services businesses and privately-owned ATM customers; (iv) implement a process for account transaction monitoring; (v) implement a comprehensive BSA training program for appropriate personnel; (vi) conduct a look back review to ensure certain transactions were appropriately identified and reported; and (vii) revise its internal control programs to correct the identified deficiencies.
11th Circuit: Increased risk of identity theft is sufficient to bring FACTA claims
On April 22, the U.S. Court of Appeals for the 11th Circuit affirmed a district court’s ruling that including too many digits of a consumer’s credit card account number on a receipt was sufficient to constitute a concrete injury even if the consumer’s identity was not stolen. Under the Fair and Accurate Credit Transactions Act (FACTA), merchants are prohibited from including more than the final five digits of a consumer’s credit card number on a receipt. According to the opinion, the consumer filed a class action suit against a chocolate company, alleging that one of its stores printed the first six and last four digits of his account number on a receipt, which exposed the class members “to an elevated risk of identity theft.” When the parties sought approval of a proposed settlement, two unnamed class members contested the settlement on the grounds that, among other things, the consumer/class representative lacked standing to sue because he had not suffered a concrete injury as defined in the U.S. Supreme Court’s decision in Spokeo, Inc. v. Robins. The district court, however, approved the settlement.
On appeal, the 11th Circuit held that an increased risk of identity theft is sufficient to bring claims under FACTA, and that the class representative’s “alleged injury is ‘particularized’ because the heightened risk of identity theft affected him ‘in a personal and individual way’—it was his credit card number that appeared on the receipt.” Moreover, the appellate court noted, “In our view, if Congress adopts procedures designed to minimize the risk of harm to a concrete interest, then a violation of that procedure that causes even a marginal increase in the risk of harm to the interest is sufficient to constitute a concrete injury.”
FINRA forms Office of Financial Innovation
On April 24, the Financial Industry Regulatory Authority (FINRA) announced the formation of a new office, the Office of Financial Innovation, that will act as a central point of coordination for issues related to financial innovation by FINRA members. The new office, which is an outgrowth of FINRA’s Innovation Outreach Initiative (previously covered by InfoBytes here), will collaborate with various FINRA teams as well as regulators, investors, and other stakeholders to encourage the use of fintech in a way that strengthens market integrity and protects investors. The new office also will incorporate FINRA’s existing Office of Emerging Regulatory Issues, which focuses on analyzing new and emerging risks and trends related to the securities market.
Oklahoma permits inter-agency information-sharing agreements
On April 22, the Oklahoma governor signed HB 1387 to permit the state’s Administrator of Consumer Credit to enter into certain cooperative, coordinating, information-sharing agreements with other agencies in place of conducting a separate examination or investigation. According to the Act, the information-sharing agreements apply to any agency that has “supervisory or regulatory responsibility over any entity that has been or may be licensed by the Department of Consumer Credit or any organization affiliated with or representing one or more” such agency, as well as the Oklahoma State Banking Department. The Act is effective November 1.
CFPB issues RFI on Remittance Rule
On April 25, the CFPB issued a Request for Information (RFI) on two aspects of the Remittance Rule, which took effect in 2013, and requires financial companies handling international money transfers, or remittance transfers, to disclose to individuals transferring money information about the exact exchange rate, fees, and the amount expected to be delivered. The RFI seeks feedback on (i) whether to propose changing the number of remittance transfers a provider must make to be governed by the rule, as well as the possible introduction of a small financial institution exception; and (ii) a possible extension of a temporary exemption to the Rule set to expire July 21, 2020, that allows certain insured institutions to estimate exchange rates and certain fees they are required to disclose (the RFI states that the EFTA section 919 expressly limits the length of the temporary exemption and does not authorize the CFPB to extend the term beyond the July 21 expiration date unless Congress changes the law). The RFI also seeks feedback on the Rule’s scope of coverage, including whether the Bureau should change a safe harbor threshold that allows persons providing 100 or fewer remittance transfers in the previous and current calendar year to be outside of the Rule’s coverage. Additionally, the RFI includes a consideration of issues discussed in the Bureau’s assessment of the Rule, which examined if the Rule had been effective in achieving its goals. Comments on the RFI are due 60 days after publication in the Federal Register.
Separately, on April 24, the CFPB released a revised assessment report of its Remittance Rule to “correct an understatement of the dollar volume of remittance transfers by banks in the original report,” which increases the share of the remittance dollars transferred by banks. The Bureau notes that the correction does not affect the report’s conclusions. (See previous InfoBytes coverage of the October 2018 assessment report here.)