On October 1, CFPB Director Richard Cordray, on behalf of the FFIEC, responded to correspondence from the American Bankers Association and other trade associations seeking guidance as to their compliance with the Bureau’s Know Before You Owe TILA-RESPA Integrated Disclosure Rule, which will become effective on October 3, 2015. Per Director Cordray’s letter, the FFIEC’s member agencies’ examiners “will expect supervised entities to make good faith efforts to comply with the Rule’s requirements in a timely manner.” Moreover, examiners will take a number of factors into consideration in determining compliance with the Rule, including (i) an institution’s implementation plan; (ii) an institution’s training of its staff; and (iii) how an institution handles any early technical problems or other implementation challenges.
European Court of Justice Ruling on Validity of U.S.-EU Data Sharing Agreement Scheduled for October 6
Following up on an opinion issued on September 23 by the European Court of Justice Advocate General Yves Bot, the European Court of Justice is scheduled to issue its ruling on the validity of the U.S.-EU Safe Harbor Program on October 6. The High Court’s swift decision to issue judgment follows an opinion from the Advocate General advocating that the 2000 data sharing agreement between the U.S. and the European Union is invalid and inadequately protects Europeans’ personal data. Previous InfoBytes coverage can be seen here. The case is Schrems v. Data Protection Commissioner.
On October 1, the U.S. Attorney for the Southern District of New York filed a complaint against New Jersey fund manager William J. Wells charging him with running a “Ponzi” scheme which raised over $1.5 million from investors. According to the complaint, Wells “engaged in a fraudulent scheme to obtain investments by falsely representing that he had achieved consistently positive trading returns in the U.S. equity markets, including through the successful use of options to hedge risk.” Wells allegedly misled investors by claiming that (i) his trading was generating positive returns when it was not; (ii) investors held investments in certain stocks when, in fact, neither Wells nor his firm did; and (iii) sub-accounts had been created for clients, but no such sub-accounts were ever funded. Wells was charged with one count of securities fraud and one count of wire fraud, each carrying a maximum prison sentence of 20 years and a maximum fine of $5 million, or two times the gross gain or loss from the offense.
On October 1, the CFPB ordered an indirect auto lender and its auto title lending subsidiary to pay more than $48 million in restitution and consumer relief over allegations that both companies engaged in unlawful debt collection practices. The CFPB alleged that the companies used a variety of “deceptive” tactics to coerce borrowers into making payments on their remaining loan amounts. The CFPB further asserted that the companies provided inaccurate information in their advertisements to borrowers regarding monthly interest rates, and misled borrowers about the effect of changing payment due dates or the ramifications of extending loan terms, which resulted in additional accrued interest owed over the life of the loan. Under terms of the consent order, the companies agreed to, among other things, provide $44.1 million in restitution and loan balance reductions to affected borrowers and pay a $4.25 million civil money penalty.
On September 30, U.S. Assistant Attorney General John Carlin delivered remarks at the 2015 Cybersecurity Summit hosted jointly by the U.S. Chamber of Commerce and the American Gaming Association. In his remarks, Carlin highlighted a variety of “tools,” including the use of sanctions, the DOJ may employ on individuals or entities that engage in malicious cyber-enabled activities against the U.S. Notably, Carlin discussed certain advantages for increased collaboration among the private sector and government to share information and best practices “to help defend against or disrupt [cyber] attacks before they happen or in real time,” adding that “law enforcement can also enlist the assistance of international partners to help retrieve stolen data or identify a perpetrator.” Concluding his remarks, Carlin urged companies to adopt a strong cybersecurity risk management program.
U.S. House Financial Services Committee Pass Several Financial Regulatory Bills Seeking Regulatory Relief and Stronger Consumer Protection
On September 30, the U.S. House Financial Services Committee approved five pieces of legislation aimed at strengthening consumer protection, providing regulatory relief to publicly traded companies, and seeking expanded oversight of the CFPB. Approved in an overwhelming 56-3 vote, H.R. 957, the Bureau of Consumer Financial Protection-Inspector General Reform Act of 2015, creates an independent Inspector General for the CFPB to be nominated by the President and confirmed by the U.S. Senate. The committee also passed H.R. 2769 in a 50-9 vote. The Risk-Based Capital Study Act of 2015 mandates the National Credit Union Administration to conduct a study of appropriate capital requirements for federal and state credit unions prior to new rules becoming effective.
On September 29, the SEC named William Royer as the Atlanta Regional Office’s Associate Director of the examination program. Since June of this year, Royer has served as the examination program’s Acting Associate Director. In his role, Royer will supervise staff responsible for the examination of broker-dealers, investment advisers, investment companies, transfer agents, along with other SEC registrants. Prior to joining the SEC in 2013 as an Assistant Director within the Office of Compliance and Inspections and Examinations’ Office of the Chief Counsel, Royer worked as a securities attorney in private practice and served as General Counsel for two international investment management firms.
BuckleySandler Webinar Recap: Strategies for Meeting the CFPB’s Expectations for Consumer Complaint Management
On September 29, BuckleySandler hosted a webinar, “Meeting the CFPB’s Expectations for Consumer Complaint Management,” presented by partner Jonice Gray Tucker, counsel Lori Sommerfield, and counsel Kari Hall. This recap covers highlights from their discussion, which included a discussion of the CFPB’s expectations and practical advice for managing consumer complaints in the evolving regulatory environment.
The webinar began with a brief background on the CFPB’s approach to consumer complaints. In particular, the presenters touched upon how the CFPB has used complaints as a driving force in determining priorities in guiding supervisory work, identifying leads for enforcement, and in informing rulemaking efforts. The presenters also discussed how the Bureau may deal with deficiencies in consumer complaint management in examinations and ways in which the outgrowth of such deficiencies may lead to enforcement actions. In addition, the presenters highlighted key elements of effective complaint management programs. Read more…
On September 29, the CFPB issued a report examining public comments and providing policy recommendations to address issues in the student loan servicing market. The report follows a May 2015 Request for Information notice where the CFPB, together with the Department of Treasury and the Department of Education (collectively, the Agencies), sought feedback on ways to improve student loan servicing practices.
In a parallel announcement, the Agencies released an interagency Joint Statement of Principles on Student Loan Servicing, which is expected to serve as a regulatory framework in the reformation of current student loan servicing practices, and establish minimum federal compliance requirements.
On September 28, the Federal Reserve, the FDIC, and the OCC announced that the latest outreach meeting under the Economic Growth and Regulatory Paperwork Reduction Act (EGRPRA) will be held on October 10 in Chicago, Illinois. The meeting will feature panel presentations from industry insiders and consumer advocates. Senior officials from the Federal Reserve, OCC, and FDIC are also scheduled to attend. This meeting will be the fifth of six outreach meetings focused on identifying outdated or burdensome regulatory requirements imposed on financial institutions. The sixth and final meeting is expected to take place on December 2 in Washington, D.C. Previous InfoBytes coverage on EGRPRA can be found here.
On September 28, FinCEN announced its intention to withdraw its February 2011 Notice of Finding and Notice of Proposed Rulemaking identifying a Lebanon-based bank as a “financial institution of primary money laundering concern” under Section 311 of the USA PATRIOT Act. The bank had been linked with Hezbollah and found to be involved in international narcotics and money laundering networks. Accordingly, through the Notice of Finding, FinCEN sought to impose certain “special measures” on the bank which are designed to, among other things, weaken foreign banks suspected of money laundering and financing terrorism, as well as protect American financial institutions. However, given that the bank’s license was revoked in September 2011 by Lebanon’s central bank, the Banque du Liban, and all of its assets were subsequently liquidated, the bank no longer exists as a foreign financial institution and, as such, is no longer subject to the prohibitions set forth in the proposed rule. The withdrawal of FinCEN’s Notice of Finding does not require a comment period and will be effective upon publication in the Federal Register.
On September 28, HUD, the FDIC, and the U.S. Attorney for the Eastern District of New York filed suit against a non-profit housing counseling corporation and certain mortgage lenders for allegedly running a scheme to defraud the United States and various banks out of over $5,000,000 in false claims. Filed in the Eastern District of New York, the complaint alleges that, in order to remain in HUD’s Direct Endorsement Program, a federal program that insures mortgage loans through the FHA, the mortgage lenders sought to fraudulently conceal the high default rates of their loans by funneling money through the corporation to pay their borrowers’ payments, in direct violation of FHA regulations. The mortgage lenders would then sell the federally-insured loans to FDIC-insured banks. Once either a bank’s indemnification or repurchase rights, or the period during which HUD monitored loans for early payment defaults, lapsed, the mortgage lenders would stop making payments, resulting in the ultimate default of the borrowers. The complaint seeks treble damages under the FCA, the FIRREA, and under common law theories of gross negligence, breach of fiduciary trust, and unjust enrichment.
On September 25, the Speaker of the U.S. House of Representatives, Rep. John Boehner (R-OH) issued a statement announcing that he will resign both his Speakership and congressional seat on October 30. No announcement has been made addressing who will replace Boehner as Speaker of the House.
After months of speculation about potential legal ramifications for FIFA President Joseph (“Sepp”) Blatter, the Office of the Attorney General of Switzerland announced that Mr. Blatter is the subject of criminal proceedings in that country. The allegations include criminal mismanagement related to a contract with the Caribbean Football Union that was purportedly against the interests of FIFA, as well as misappropriation related to a payment to the President of the Union of European Football Associations (UEFA). The Office of the Attorney General also reported that Mr. Blatter was interrogated and his offices were searched.
Previous FCPA Scorecard coverage of this investigation can be found here.
In an opinion that has the potential to seriously disrupt how U.S. companies can share data from Europe, on September 23, Advocate General (AG) Yves Bot of the Court of Justice of the European Union (CJEU) declared that the existing framework governing that exchange of data fails to “ensure an adequate level of protection of the personal data which is transferred to the United States from the European Union.” This is because that framework, in AG Bot’s view, contains holes that can allow access to European’s personal data by the NSA and other U.S. security agencies. “[T]he law and practice of the United States allow the large-scale collection of the personal data of citizens of the [EU] which is transferred under the [framework] without those citizens benefiting from effective judicial protection.” And while the FTC and private dispute resolutions have the power to monitor possible breaches of the framework by private companies, neither has the power to monitor possible breaches by U.S. security agencies.
The EU’s 1995 Data Protection Directive (“Directive”) requires that the transfer of personal data from an EU country to another country take place only if the other country ensures an adequate level of data protection. For the past 15 years, per a 2000 decision by the European Commission, U.S. companies participating in the U.S.-EU Safe Harbor Framework for personal data protection have been deemed to be compliant with that requirement. AG Bot’s opinion, however, calls that 2000 decision invalid. “To my mind, the existence of a [Commission] decision” on the sufficiency of a country’s personal data protection regime “cannot eliminate or even reduce” the powers of each EU member state’s Data Protection Authority, under Article 28 of the Directive, to independently assess the sufficiency of that country’s personal data protection regime. This opinion thus turns the power back over to individual EU countries to assess U.S. companies’ personal data protections, potentially leading to a fractured and technologically daunting state of digital commerce in Europe.
Negotiations are underway for a new U.S.-EU Safe Harbor Framework, but if AG Bot’s opinion is followed, no Framework would prevent country-by-country determinations of the sufficiency of a U.S. company’s personal data protections.