The DOJ released a statement regarding a plea agreement made with a former loan officer of the Export-Import Bank. According to the DOJ, the former loan officer accepted bribes totaling over $78,000 in exchange for providing favorable action on loan applications. From June 2006 through December 2013, the former loan officer managed the review of credit underwriting for companies and lenders submitting financing applications to the Export-Import Bank and admitted to recommending the approval of unqualified loan applicants on 19 different occasions. In addition, the former loan officer also pleaded guilty to improperly expediting the process of certain applications. The sentencing hearing is scheduled for July 20, 2015.
DOJ and International Investment Bank Enter Into Plea Agreement to Resolve LIBOR Manipulation Claims, Bank Agrees to Pay $2.5 Billion Penalty
On April 23, the DOJ announced that an international investment bank and its subsidiary agreed to plead guilty to wire fraud for its alleged conduct, spanning from 2003 through 2011, in manipulating the London Interbank Offered Rate (LIBOR), which is used to set interest rates on various financial products. In addition, the DOJ announced that the bank entered into a deferred prosecution agreement to resolve wire fraud and antitrust claims for manipulating both the U.S. Dollar LIBOR and Yen LIBOR. Under terms of the agreement, the $2.5 billion in penalties will be divided among U.S. and U.K. authorities – $800 million to the Commodity Futures Trading Commission, $775 million to the DOJ, $600 million to the New York Department Financial Services, and roughly $340 million to the U.K.’s Financial Conduct Authority. The authorities also ordered the bank to install an independent compliance monitor.
On April 21, the United States Court of Appeals for the Tenth Circuit upheld the dismissal of a bank shareholders’ suit against a bank holding company – and its officers and directors – for breach of fiduciary duty. Barnes v. Harris, No. 14-4002 WL 1786861 (10th Cir. Apr. 24, 2015) The shareholders had filed a derivative suit in 2012 against the officers and directors of the bank holding company after the bank failed in 2010 and was placed into FDIC receivership. The FDIC filed a motion to intervene in the suit, which was granted. Upon a bank’s failure, the Financial Institutions Reform, Recovery, and Enforcement Act of 1989 (“FIRREA”) states the FDIC owns “all rights, titles, powers, and privileges of the [bank], and any stockholder … of such [bank] with respect to the [bank] and the assets of the [bank].” The applicability of FIRREA to a derivative suit against a failed bank’s holding company in this court was a question of first impression and the Tenth Circuit agreed with the Fourth, Seventh, and Eleventh Circuits who have all concluded FIRREA gives the FDIC sole ownership of shareholder derivative claims and state law must be used to determine if the claims are derivative. In this case, though the shareholders were alleging harm to the holding company, all of that harm was due to the failure of the bank, which was the holding company’s only asset. The claims were found to be derivative, with the exception of a poorly pleaded fraud complaint that belonged solely to the holding company, and the district court’s dismissal of all claims was affirmed.
On April 22, the Financial Conduct Authority (FCA) fined a subsidiary of U.S.-based bank approximately £13 million ($19.8 million) for (i) improperly reporting more than 35 million various client transactions, ranging from the identity of counterparties to the trading times of such transactions; and (ii) failing to report an additional 121,000 transactions over a seven-year period. According to the final notice issued by the FCA, many of the reporting issues were self-reported to the British regulator.
CSBS Announces $5.2 Million Multi-State Enforcement Action Against Maryland-Based Mortgage Lender To Resolve Allegations Of Misconduct Relating To Continuing Education And Testing Of Mortgage Loan Originators
On April 13, the Conference of State Bank Supervisors (“CSBS”) announced a settlement agreement and consent order following a coordinated enforcement action launched by 43 states against a non-bank mortgage lender after finding that the lender’s mortgage professionals shared test information from mandatory compliance examinations and the lender’s compliance staff routinely completed continuing education and examination requirements for other employees. The case developed after state financial regulators in New Hampshire and Maryland discovered the misconduct and reported it to the Multi-State Mortgage Committee (“MMC”)—a group composed of state regulators charged with supervising mortgage lenders that operate in multiple states—which opened an investigation. Joined by 41 other states, the settlement agreement also found that many of the lender’s employees dishonestly completed continuing education requirements for other employees, including the mortgage lender’s chief executive officer and chief operating officer. The settlement agreement and consent order issued by the MMC for the breach of these duties included the imposition of a $5.2 million fine and commanded the removal and replacement of the lender’s chief operating officer. The agreement also ordered the lender to (i) prepare a comprehensive plan of improved corporate governance policies approved by the lender’s parent’s board of directors within 270 days, with a follow-up reported to the MMC on implementation of the plan required 270 days later, and (ii) hire an independent auditor to evaluate the lender’s training and education program. The same mortgage lender was also subject to a different and unrelated enforcement action in February 2015. The CFPB recently imposed a $2 million penalty against the lender for deceptive marketing practices and paying kickbacks to customer referrals.
On April 14, the OCC issued the “Real Estate Settlement Procedures Act” booklet as part of the Comptroller’s Handbook, which is prepared for use by OCC examiners in connection with their examination and supervision of national banks and federal savings associations (collectively, “banks”). The revised booklet, which replaces a similarly titled booklet issued in October 2011, reflects updated guidance relating to mortgage servicing and loss mitigation procedures resulting from the multiple amendments made to Regulation X over the past several years. Notable revisions reflected in the revised booklet include: (i) the transfer of rulemaking authority for Regulation X from HUD to the CFPB; (ii) new requirements relating to mortgage servicing; (iii) new loss mitigation procedures; (iv) prohibitions against certain acts and practices by servicers of federally related mortgage loans with regard to responding to borrower assertions of error and requests for information; and (v) updated examination procedures for determining compliance with the new servicing and loss mitigation rules. The OCC notified its applicable supervised financial institutions of the changes affecting all banks that engage in residential mortgage lending activities by distributing OCC Bulletin 2015-25.
On April 6, the Federal Reserve, OCC, and FDIC (Agencies) revealed that their ongoing regulatory review under the Economic Growth and Regulatory Paperwork Reduction Act of 1996 (EGRPRA) will now be expanded to include recently issued regulations. The EGRPRA requires the Agencies and the FFIEC to review and identify outdated, burdensome, or unnecessary regulations at least every 10 years. The regulators have held two public outreach meetings with additional outreach sessions currently scheduled for May 4 in Boston, August 4 in Kansas City, October 19 in Chicago, and concluding on December 2 in Washington, D.C.
On April 6, three prudential banking regulators – the Federal Reserve, OCC, and FDIC – issued interagency guidance to clarify and answer questions from regulated financial institutions with respect to the regulatory capital rule adopted in 2013. The FAQs address various topics, including (i) the definition of capital; (ii) high-volatility commercial real estate exposures; (iii) other real estate and off-balance sheet exposures; (iv) separate account and equity exposures to investment funds; (v) credit valuation adjustment; and (vi) the definition of a qualifying central counterparty.
On April 9, the NYDFS released a report finding potential cyber security vulnerabilities with banks’ third-party vendors, based on a survey of 40 banking organizations regarding the cyber security standards in place for their vendors. Notable findings from the report include (i) nearly one in three banks surveyed currently do not require third-party vendors to notify them in the event of an information security breach or other cyber security breach; (ii) less than half of the banks conduct any on-site security assessments of their third-party vendors; (iii) about one in five of the banks surveyed do not require third-party vendors to represent that they have established minimum information security requirements; (iv) only one-third of the banks require information security requirements to be extended to subcontractors of the third-party vendors; and (v) nearly half of the banks do not require a warranty of the integrity of the third-party vendor’s data or products. According to the press release, NYDFS plans to strengthen cyber security standards for banks’ third-party vendors through regulations, including addressing the representations and warranties banks receive about cyber security protections in place.
On March 30, the FFIEC announced two separate statements regarding cyber attacks at financial institutions: Statement on Destructive Malware and Statement on Compromising Credentials. The statements come in light of the growing number of attacks within the past two years and outline how financial institutions can ensure that the risk management processes and business continuity planning in place are sufficient for mitigating attacks and recovering from attacks that do occur. Noting the FFIEC’s existing guidelines for financial institutions, the report includes, but is not limited to, reminders to do the following: (i) securely configure systems and services; (ii) improve information security awareness and training programs; (iii) protect against unauthorized access to systems; (iv) participate in information-sharing forums; and (v) continually conduct information security risk assessments.
On March 25, Department of the Treasury’s Deputy Secretary Raskin delivered remarks regarding the agency’s efforts to enhance cybersecurity as the number of cyber-attacks continue to increase. Raskin outlined three specific areas where financial institutions can better prepare for cyber threats and enhance “cyber resilience” in the event of a cyberattack: (i) increase information sharing among financial institutions, thereby making this a priority for the financial sector worldwide; (ii) ensure that safeguards are in place for all third-party vendors with access to the financial institution’s data and systems; and (iii) design a cyber-preparedness “playbook” that has a “detailed, documented plan so that the firm can react quickly to minimize internal and external damage, reduce recovery and time costs, and instill confidence in outside stakeholders and the public.”
On March 23, OCC Comptroller Curry delivered remarks at the ABA Mutual Community Bank Conference regarding the agency’s supervision of mutual savings associations and community banks. Curry focused on the agency’s ongoing efforts to assist smaller financial institutions, specifically by reducing some of the unnecessary burden placed on them. Curry outlined three areas in which the agency is urging Congress to take action to reduce burdensome regulation: (i) raising the asset threshold requirement for the 18-month examination cycle from $500 million to $750 million; (ii) exempting community banks from the Volcker Rule requirement; and (iii) making it “easier for thrifts to expand their business model without changing their governance structure.” In addition to recommending actions to Congress, the OCC continues to hold OCC Mutual Savings Association Advisory Committee meetings and support collaboration among community banks to further ensure that smaller institutions can continue to serve their communities.
On March 19, four federal and state agencies –DOJ, the Department of Labor (DOL), the SEC, and New York Attorney General – entered into a proposed $714 million settlement agreement against a large bank to resolve allegations of fraudulent conduct involving the pricing and misleading representation of a specific foreign exchange product. According to the settlement, for over a decade the bank misled clients about the pricing they received on the bank’s automatic platform used to execute trades on the clients’ behalf. The bank quoted clients prices that were at or near the least favorable interbank rate, purchased the most favorable interbank rate for themselves, and sold the highest prices to clients, profiting from the difference. Under the proposed settlement, the bank will pay (i) a $167.5 million civil penalty to the DOJ to resolve allegations brought under federal statutes including FIRREA and the False Claims Act; (ii) $167.5 million to the State of New York to resolve claims brought under the Martin Act; (iii) $14 million to the DOL for ERISA claims, (iv) $30 million to the SEC to resolve violations of the Investment Company Act, and (v) $335 million to settle private class action suits filed by customers. The bank also agreed to end its employment relationship with senior executives involved in the conduct.
On March 16, DOJ Assistant AG Leslie Caldwell delivered remarks at the annual ACAMS anti-money laundering conference regarding the importance of establishing and maintaining robust compliance programs within financial institutions to prevent criminal activity, and recent DOJ enforcement actions taken against financial institutions in the anti-money laundering space. Caldwell outlined the integral parts of an effective compliance program, to include: (i) providing sufficient funding and access to essential resources; (ii) incentivizing compliance and ensuring that disciplinary measures are even handed for low-level and senior employees; and (iii) ensuring that third parties interacting with the institutions understand the institution’s expectations and are serious about compliance management. Caldwell emphasized that the strength of an institution’s compliance program is “an important factor for prosecutors in determining whether to bring charges against a business entity that has engaged in some form of criminal misconduct.” Caldwell highlighted the Criminal Division’s recent actions involving financial fraud and sanctions violations, observing that many have resulted in deferred prosecution agreements or non-prosecution agreements (DPAs and NPAs), enforcement tools the DOJ utilizes in the Criminal Division’s cases. Finally, addressing concerns that the DOJ and other law enforcement authorities have targeted the financial industry for investigation and prosecution, Caldwell stated, “banks and other financial institutions continue to come up on our radar screens because they, and the individuals through which they act, continue to violate the law, maintain ineffective compliance programs or simply turn a blind eye to criminal conduct to preserve profit.”
FinCEN Assesses $75,000 Penalty Against Check Casher Business for Violating Anti-Money Laundering Laws
On March 18, the Financial Crimes Enforcement Network (FinCEN) assessed a $75,000 civil money penalty against a Colorado check casher and its general manager and ordered it to cease all business activities for “willfully violating” registration, reporting, and anti-money laundering provisions of the Bank Secrecy Act (BSA). The Colorado-based check casher had been the subject of three BSA compliance examinations by the Internal Revenue Service, “all of which found significant and repeated violations.” Under the BSA, money services business are required to implement anti-money laundering controls, conduct internal compliance reviews, and provide compliance training for all staff in an effort to prevent the facilitation of money laundering and the financing of terrorist activities. The Colorado check casher failed to employ such programs, which resulted in a significant amount of untimely and inaccurate currency transaction reports.