On August 21, the DOJ announced that a large financial institution agreed to resolve federal and state mortgage-related claims through what the DOJ characterized as the largest ever civil settlement with a single entity. The agreement actually resolves numerous federal and state investigations related to various alleged practices conducted by the institution and certain former and current subsidiaries that it acquired during the financial crisis. Such allegations relate to the packaging, marketing, sale, arrangement, structuring, and issuance of RMBS and collateralized debt obligations (CDOs), as well as the underwriting and origination of mortgage loans. In total, the institution agreed to pay $9.65 billion in penalties and fines and provide $7 billion in relief to borrowers. Of the more than $9 billion in civil payments, $5 billion resolves several DOJ investigations related to RMBS and CDOs under FIRREA, as well as the allegedly fraudulent origination of loans sold to Fannie Mae and Freddie Mac or insured by the FHA. The origination investigations centered on alleged violations of the False Claims Act in the selling of, or seeking of government insurance for, loans alleged to be defective. Other penalty payments resolve RMBS-related claims by the SEC, the FDIC, and several states. In total, the state participants will receive nearly $1 billion, with California and New York obtaining the largest amounts at $300 million each. An independent monitor will be appointed to oversee the borrower relief provisions, which will require the institution to: (i) offer principal reduction loan modifications; (ii) make loans to “credit worthy borrowers struggling to obtain a loan”; (iii) make donations to certain communities harmed during the financial crisis; and (iv) provide financing for affordable rental housing. The institution also agreed to provide funding to defray any tax liability that will be incurred by borrowers who receive certain types of relief if Congress fails to extend the tax relief coverage of the Mortgage Forgiveness Debt Relief Act of 2007.
On August 21, the CFPB announced the companies that have been selected to participate in its residential mortgage eClosing pilot program. The program is intended to explore how the increased use of technology during the mortgage closing process may affect consumer understanding and engagement and save time and money for consumers, lenders, and other market participants. Specifically, the program seeks to aid the CFPB in better understanding the role that eClosings can play in addressing consumers’ “pain points” in the closing process, as identified by the CFPB in an April 2014 report. The three-month pilot program will begin later this year, and the participants include both technology vendors that provide eClosing solutions and creditors that have contracted to close loans using those solutions.
On August 18, in a speech to the Association of Military Banks of America, Deputy Comptroller for Compliance Policy Grovetta Gardineer described the OCC’s increasing supervisory and enforcement focus on SCRA compliance. Ms. Gardineer explained that given the significant risks presented by a bank’s failure to comply with the SCRA, the OCC has “stepped up its focus on compliance” and “now requires . . . examiners to include evaluation of SCRA compliance during every supervisory cycle”—even though this closer scrutiny is not required by statute. Ms. Gardineer also highlighted the OCC’s concern regarding potential unfair and deceptive practices associated with overdraft and other administrative fees, especially when “poorly worded disclosures about fees” are contained in “page after page of legal notices and disclaimers.” And while Ms. Gardineer stated that the OCC itself is willing to take enforcement actions where necessary, she also stressed the importance of coordination between regulators to more effectively implement rules and help create a “culture that encourages . . . financial readiness” among servicemembers.
On August 19, the FTC approved final orders resolving allegations that two companies: (i) misrepresented the level of security of their mobile applications; and (ii) failed to secure the transmission of millions of consumers’ sensitive personal information. The FTC alleged that one company’s application assured consumers that their credit card information was stored and transmitted securely even though the company disabled a higher level of security validation, which allowed such credit card information to be intercepted. In addition, the company allegedly failed to have an adequate process for receiving vulnerability reports from security researchers and other third parties. The FTC alleged that the second company also disabled enhanced security validation despite claiming that it followed industry-leading security precautions, which also left consumers’ information vulnerable to interception. The final settlement orders require both companies to establish comprehensive programs designed to address security risks during the development of their applications and to undergo independent security assessments every other year for the next 20 years. The settlements also prohibit the companies from misrepresenting the level of privacy or security of their products and services.
On August 20, FinCEN announced an action against a casino employee who admitted to violating the Bank Secrecy Act by willfully causing the casino to fail to file certain reports. FinCEN asserted based in part on information obtained from an undercover investigation that the employee helped high-end gamblers avoid detection of large cash transactions by agreeing not to file either Currency Transaction Reports or Suspicious Activity Reports as required under the BSA. FinCEN ordered the employee to pay a $5,000 civil money penalty, and immediately and permanently barred him from participating in the conduct of the affairs of any financial institution located in the U.S. or that does business within the U.S.
On August 18, FINRA announced a complaint against a financial services and investment firm, alleging that the firm was responsible for systematic supervisory and AML violations in connection with providing direct market access and sponsored access to broker-dealers and non-registered market participants. Specifically, FINRA claims that from January 2008 through August 2013, the firm failed to “ensure appropriate risk management controls and supervisory systems and procedures,” thereby allowing its market access customers to “self-monitor and self-report” possibly manipulative trades. Moreover, FINRA asserts that during the relevant time period, the firm was made aware of these potential regulatory and compliance risks though numerous industrywide notices, disciplinary decisions taken against other industry participants, and multiple self-regulatory organization inquiries and examinations. The firm may request a hearing before the FINRA disciplinary committee. If FINRA’s charges stand, the firm could face suspension, censure, and/or monetary penalties.
On August 20, the OCC issued Bulletin 2014-41, which announces a new “Merchant Processing” booklet of the Comptroller’s Handbook. This booklet replaces the booklet of the same name issued in December 2001 and provides updated guidance to examiners and bankers on assessing and managing the risks associated with merchant processing activities. Specific updates address: (i) the selection of third-party organizations and due diligence; (ii) technology service providers; (iii) on-site inspections, audits, and attestation engagements, including the “Statement on Standards for Attestation Engagement” (SSAE 16) and the “International Standard on Assurance Engagements” (ISAE 3402); (iv) data security standards in the payment card industry for merchants and processors; (v) the Member Alert to Control High-Risk Merchants (MATCH) list; (vi) BSA/AML compliance programs and appropriate policies, procedures, and processes to monitor and identify unusual activity; and (vii) appropriate capital for merchant processing activities.
On August 19, the New York DFS announced a consent order with a British bank to resolve claims that the bank and its U.S. subsidiary failed to remediate AML compliance deficiencies as required by a prior settlement with the DFS that required the bank to, among other things, implement a transaction monitoring program. The DFS states that the compliance monitor appointed as part of the prior agreement determined that the procedures adopted by the bank to detect high-risk transactions contained errors and other problems that prevented the bank from identifying high-risk transactions for further review. The DFS asserts that the bank failed to detect these problems because of a lack of adequate testing both before and after implementation of the monitoring system. The DFS also claims the bank failed to properly audit its monitoring system. Under the latest consent order, the bank must: (i) suspend its dollar clearing operations for high-risk retail business clients of the bank’s Hong Kong subsidiary; (ii) obtain prior DFS approval to open a U.S. Dollar demand deposit account for any customer who does not already have such an account with the U.S. entity; and (iii) pay a $300 million penalty. The bank also must implement additional compliance enhancements, including enhanced due diligence and know-your customer requirements.
On August 18, the New York DFS announced an agreement with a bank consulting firm to resolve allegations related to certain services it performed for a bank charged last year with sanctions violations. The consulting firm allegedly altered an historical transaction review (HTR) report submitted to regulators regarding wire transfers that the bank completed on behalf of sanctioned countries and entities. At the bank’s request, the firm allegedly removed from the original HTR report key information and warning language concerning the bank’s transactions. Specifically, the DFS alleges that the firm: (i) removed the English translation of the bank’s wire stripping instructions; (ii) removed a regulatory term to describe the wire-stripping instructions and a discussion of the activities; and (iii) deleted “several forensic questions” that the firm identified as necessary for consideration in connection with the HTR report. The agreement prohibits the firm from doing business with any DFS-regulated institution for two years and requires the firm to: (i) pay a $25 million penalty; and (ii) implement certain reforms to address the conflicts of interest within the consulting industry. Those reforms are based on a similar agreement obtained by the DFS last year from another consulting firm.
This week, the New York DFS announced the extension of the comment period on its proposal to create a regulatory licensing framework for virtual currency companies, including a so-called BitLicense. Given the “significant amount of public interest in and commentary on” the proposal, the DFS doubled the length of the comment period from 45 to 90 days. Comments are now due by October 21, 2014. Further information about the proposal and related issues is available here.
On August 14, the U.S. Court of Appeals for the Second Circuit affirmed a district court’s holding that the Dodd-Frank Act’s antiretaliation provision does not apply extraterritorially. Liu Meng-Lin v. Siemens AG, No. 13-4385, 2014 WL 3953672 (2nd Cir. Aug. 14, 2014). A foreign worker was allegedly fired by his foreign employer for internally reporting violations of U.S. anti-corruption rules, which he claimed violated the antiretaliation provision of the Dodd-Frank Act. This provision prohibits an employer from firing or otherwise discriminating against any employee who makes a disclosure that is required or protected under Sarbanes-Oxley or any other law, rule, or regulation subject to the SEC’s jurisdiction. The court first determined that the facts alleged in the complaint revealed “essentially no contact with the United States” and rejected an argument that the foreign company voluntarily subjected itself to U.S. securities laws by listing its securities on the New York Stock Exchange. The court also held that, given the longstanding presumption against extraterritoriality and the absence of any “explicit statutory evidence that Congress meant for the provision to apply extraterritorially,” the cited provision does not apply to purely foreign-based claims.
On August 15, the U.S. District Court for the Central District of California held that a bank responded too slowly to a government levy on a customer’s account and was therefore responsible for funds subsequently removed by the customer. The IRS notified the bank of a jeopardy levy on the account of a customer who received an improper tax refund and refused to return those funds to the government. Before the bank acted on the notice, the customer removed the funds from his account and the IRS was unable to recover them. The government then turned to the bank for relief, asserting that under the Internal Revenue Code, any person who fails or refuses to surrender any property subject to a levy is liable to the government. The court held that although the statute does not require the bank to immediately surrender the property, the bank was required, upon receiving notice, “to preserve that property or run the risk of paying the depositor’s tax bill.” The court explained that once the levy was served on the bank, the bank was in the best position to protect the property, and that even if the bank acted reasonably—i.e., without any undue delay—it could still be liable for the levied property.
On August 19, 2014, the CFPB issued Bulletin 2014-01 to address “potential risks to consumers that may arise in connection with transfers of residential mortgage servicing rights.” The bulletin, which is the latest in a series of CFPB regulations, statements, and guidance on this subject, replaces the Bureau’s February 2013 bulletin on mortgage servicing transfers and states that “the Bureau’s concern in this area remains heightened due to the continuing high volume of servicing transfers.” It further states that “the CFPB will be carefully reviewing servicers’ compliance with Federal consumer financial laws applicable to servicing transfers” and “may engage in further rulemaking in this area.”
The bulletin contains the following information, which is summarized in great detail below:
- Examples of policies and procedures that CFPB examiners may consider in evaluating whether the servicers on both ends of a transfer have complied with the CFPB’s new regulations requiring, among other things, policies and procedures reasonably designed to facilitate the transfer of information during servicing transfers and to properly evaluate loss mitigation applications.
- Guidance regarding the application of other aspects of the new servicing requirements to transfers.
- Descriptions of other Federal consumer financial laws that apply to servicing transfers, such as the Fair Credit Reporting Act, the Fair Debt Collection Practices Act, and the prohibition on unfair, deceptive, and abusive acts or practices (“UDAAPs”).
- A statement that “[s]ervicers engaged in significant servicing transfers should expect that the CFPB will, in appropriate cases, require them to prepare and submit informational plans describing how they will be managing the related risks to consumers.” This largely reiterates the Bureau’s statements in its February 2013 bulletin.
In a press release accompanying the bulletin, CFPB Director Richard Cordray stated that: “At every step of the process to transfer the servicing of mortgage loans, the two companies involved must put in appropriate efforts to ensure no harm to consumers. This means ahead of the transfer, during the transfer, and after the transfer. We will not tolerate consumers getting the runaround when mortgage servicers transfer loans.
On August 20, the CFPB announced a consent order with a Texas-based auto finance company to address alleged deficiencies in the finance company’s credit reporting practices. The company offers both direct and indirect financing of consumer auto purchases, and, according to the CFPB, specializes in lending to consumers with impaired credit profiles. In general, the CFPB took issue with the finance company’s alleged failure to implement policies and procedures regarding the accuracy and integrity of information furnished to consumer credit reporting agencies (CRAs) and alleged deceptive acts in the finance company’s representations regarding the accuracy of furnished information.
The CFPB’s action specifically alleged that the finance company violated the Fair Credit Reporting Act (FCRA) by providing inaccurate information to credit reporting agencies regarding how its borrowers were performing on their accounts, including by: (i) reporting inaccurate information about how much consumers were paying toward their debts; (ii) reporting inaccurate “dates of first delinquency,” which is the date on which a consumer first became late in paying back the loan; (iii) substantially inflating the number of delinquencies for some borrowers when it reported borrowers’ last 24 months of consecutive payment activity; (iv) informing CRAs that some of its borrowers had their vehicles repossessed, when in fact those individuals had voluntarily surrendered their vehicles back to the lienholder. The CFPB claims this activity took place over a three-year period, even after the company was made aware of the issue. The CFPB believes the company furnished incorrect information to the CRAs on as many as 118,855 accounts.
The consent order requires the company to pay a $2.75 million penalty to the CFPB. In addition, the finance company must: (i) review all previously reported accounts for inaccuracies and correct those accounts or delete the tradeline; (ii) arrange for consumers to obtain a free credit report; and (iii) inform all affected consumers of the inaccuracies, their right to a free consumer report, and how consumers may dispute inaccuracies. The order also directs the company to sufficiently provide the staffing, facilities, systems, and information necessary to timely and completely respond to consumer disputes in compliance with the FCRA.