On March 25, Department of the Treasury’s Deputy Secretary Raskin delivered remarks regarding the agency’s efforts to enhance cybersecurity as the number of cyber-attacks continue to increase. Raskin outlined three specific areas where financial institutions can better prepare for cyber threats and enhance “cyber resilience” in the event of a cyberattack: (i) increase information sharing among financial institutions, thereby making this a priority for the financial sector worldwide; (ii) ensure that safeguards are in place for all third-party vendors with access to the financial institution’s data and systems; and (iii) design a cyber-preparedness “playbook” that has a “detailed, documented plan so that the firm can react quickly to minimize internal and external damage, reduce recovery and time costs, and instill confidence in outside stakeholders and the public.”
On March 26, the FTC announced the results of Operation Ruse Control, “a nationwide and cross-border crackdown” on the auto industry with the intent to protect consumers who are purchasing or leasing a car. Efforts taken jointly by the FTC and its law enforcement partners resulted in over 250 enforcement actions, including the six most recent cases that involved (i) fraudulent add-ons; (ii) deceptive advertising; and (iii) auto loan modification. According to the press release, the FTC recently took its first actions against two auto dealers for its add-on practices, which allegedly violate the FTC Act by failing to disclose the significant fees associated with offered programs or services and misrepresenting to consumers that they would save money. Three auto dealers recently “agreed to settle charges that they ran deceptive ads that violated the FTC Act, and also violated the Truth in Lending Act (TILA) and/or Consumer Leasing Act (CLA).” Finally, at the FTC’s request, the U.S. District Court for the Southern District of Florida temporarily put an end to the practices of a company that charged consumers an upfront fee to “negotiate an auto loan modification on their behalf, but then often provided nothing in return.” The FTC’s recent actions are indicative of its ongoing efforts to prevent alleged fraud within the industry.
On March 23, OCC Comptroller Curry delivered remarks at the ABA Mutual Community Bank Conference regarding the agency’s supervision of mutual savings associations and community banks. Curry focused on the agency’s ongoing efforts to assist smaller financial institutions, specifically by reducing some of the unnecessary burden placed on them. Curry outlined three areas in which the agency is urging Congress to take action to reduce burdensome regulation: (i) raising the asset threshold requirement for the 18-month examination cycle from $500 million to $750 million; (ii) exempting community banks from the Volcker Rule requirement; and (iii) making it “easier for thrifts to expand their business model without changing their governance structure.” In addition to recommending actions to Congress, the OCC continues to hold OCC Mutual Savings Association Advisory Committee meetings and support collaboration among community banks to further ensure that smaller institutions can continue to serve their communities.
On March 5, the U.S. District Court for the Western District of Texas approved a settlement agreement between the FTC and a Texas-based mortgage relief company and its owners (Defendants) to resolve allegations that they charged customers up-front fees for services that were promised to reduce their mortgage interest rates or monthly payments. According to the complaint filed last year, the FTC alleged that the Defendants (i) misled consumers into believing that they would obtain mortgage loan modifications or help consumers avoid foreclosure; (ii) deceived consumers by instructing them to stop payment of their mortgages so that they could afford Defendants’ fees without disclosing that if they did so, consumers “could lose their homes or damage their credit ratings;” and (iii) failed to make required disclosures and illegally charged an upfront fee of, on average, $2,550. Among other requirements, the Order (i) requires the Defendants to pay more than $1.2 million in “equitable monetary relief,” and (ii) prohibits the Defendants from advertising, marketing, promoting or selling debt relief products or services. However, based on an assessment of the Defendants’ financial statements, the judgment will be partially suspended after the FTC receives approximately $68,000.
On March 25, the SEC adopted final rules to amend Regulation A, a current exemption from registration for smaller companies issuing securities. The new rules, which allow smaller companies to offer and sell up to $50 million of securities within a twelve-month period – subject to certain eligibility, disclosure, and reporting requirements – expand Regulation A into two tiers for offering securities. Tier 1 allows eligible issuers to sell up to $20 million of securities without registration so long as security-holders who are affiliates of such issuers sell no more than $6 million in securities, whereas Tier 2 permits such issuers to sell up to $50 million of securities yet caps affiliate sales at $15 million. Moreover, Tier 2 offerings are subject to further supplementary disclosure and reporting requirements (e.g., requiring eligible issuers to provide audited financial statements and file annual and semiannual current event reports), and allow eligible issuers to preempt state registration and qualification requirements for securities sold to “qualified purchasers,” as such term is defined in the rules. The new rules will be effective 60 days after publication in the Federal Register.
On March 23, Department of the Treasury’s OFAC announced a settlement agreement with a large money services business (MSB) for failing to implement an effective compliance program “to identify, interdict, and prevent transactions in apparent violation of the sanctions programs administered by OFAC.” According to the settlement, prior to the MSB’s 2013 “long term solution” to screen its transactions in real time against OFAC’s List of Specially Designated Nationals and Blocked Persons (the “SDN List”), deficiencies in the company’s transaction monitoring compliance procedures allowed for the processing of hundreds of transactions with OFAC-sanctioned individuals and countries. Specifically, OFAC alleged that from October 20, 2009 to April 1, 2013, the MSB processed over 100 transactions to or from an account registered to an individual on the SDN List because its “automated interdiction filter” did not initially identify the account holder as a potential match to the SDN List, and when it did, the MSB Operations Agents dismissed alerts on six separate occasions after failing to obtain or review documentation corroborating the identity of the SDN. Under the terms of the agreement, the MSB will (i) pay over $7 million to the Department of the Treasury and (ii) within six months, provide OFAC a summary of the company’s current policies and procedures as they relate to screening transactions and/or customers” to ensure compliance with OFAC regulations.
On March 25, the DOJ entered into a plea agreement with an oil company that agreed to pay over $230 million and plead guilty for facilitating illegal transactions and participating in trade activities with Iran and Sudan. According to the DOJ, from 2004 through 2010, the oil company’s subsidiaries provided oilfield services to customers in Iran and Sudan, and failed to adhere to U.S. sanctions against Iran and Sudan and enforce internal compliance procedures, resulting in a conspiracy to violate the International Emergency Economic Powers Act. Pending court approval, among other stipulations, the plea agreement also requires the oil company to (i) cease all operations in Iran and Sudan during the probation period; (ii) submit to a three-year period of corporate probation and agree to continue to cooperate with the government and not commit any additional felony violations of U.S. Federal law; and (iii) respond to requests to disclose information related to the company’s compliance with U.S. sanctions laws when requested by U.S. authorities.
On March 19, the CFPB announced the publication of its Final Policy Statement on disclosure of complaint narratives. The Final Policy allows consumers who file complaints with the CFPB to “opt-in” to have the actual narrative of the complaint disclosed in the CFPB’s consumer complaint database, with private information scrubbed out of the narrative. Until now, the database contained only general information. The company identified in the complaint will have the option, for a 180 day period, to select from a pre-set list of structured responses to accompany the consumer complaint narrative. Further, the CFPB will disclose the consumer narrative when the company provides its public-facing response or after the company has been in receipt of the complaint for 60 calendar days, whichever occurs first. On the same day, the CFPB issued a Request For Information regarding the potential collection, identification, and sharing of consumer feedback specific to positive interactions with banks and non-banks in conjunction with the complaint handling process.
On March 17, the CFPB announced a Request for Information (RFI) seeking public comment on key aspects of the credit card market. This RFI is a part of a review mandated by the Credit Card Accountability, Responsibility, and Disclosure Act (the CARD Act)—a law passed in 2009 that requires the CFPB to conduct a review of the credit card market every two years. The review seeks feedback on how the credit card market has functioned over the last two years and the impact new credit card protections have had on consumers. Specifically, the review solicits input on the changing patterns of credit card agreement terms, unfair or deceptive practices within the credit card market, the use of third-party debt collection agencies, and how consumers understand credit card reward products. Information obtained from the review will culminate in a public report to Congress.
On March 19, four federal and state agencies –DOJ, the Department of Labor (DOL), the SEC, and New York Attorney General – entered into a proposed $714 million settlement agreement against a large bank to resolve allegations of fraudulent conduct involving the pricing and misleading representation of a specific foreign exchange product. According to the settlement, for over a decade the bank misled clients about the pricing they received on the bank’s automatic platform used to execute trades on the clients’ behalf. The bank quoted clients prices that were at or near the least favorable interbank rate, purchased the most favorable interbank rate for themselves, and sold the highest prices to clients, profiting from the difference. Under the proposed settlement, the bank will pay (i) a $167.5 million civil penalty to the DOJ to resolve allegations brought under federal statutes including FIRREA and the False Claims Act; (ii) $167.5 million to the State of New York to resolve claims brought under the Martin Act; (iii) $14 million to the DOL for ERISA claims, (iv) $30 million to the SEC to resolve violations of the Investment Company Act, and (v) $335 million to settle private class action suits filed by customers. The bank also agreed to end its employment relationship with senior executives involved in the conduct.
On March 12, the FTC announced its coordination with the CFPB to reauthorize for a three-year term their memorandum of understanding (MOU), which outlines the two agencies’ coordination under the Consumer Financial Protection Act. The interagency agreement outlines processes for, among other things, coordinated law enforcement activities, commencement of or settling investigations and actions and proceedings, intervention in law enforcement actions, consultation on rulemaking and guidelines, sharing supervisory information, sharing consumer complaint information, and coordination to minimize duplicative or burdensome oversight or administrative proceedings.
On March 16, DOJ Assistant AG Leslie Caldwell delivered remarks at the annual ACAMS anti-money laundering conference regarding the importance of establishing and maintaining robust compliance programs within financial institutions to prevent criminal activity, and recent DOJ enforcement actions taken against financial institutions in the anti-money laundering space. Caldwell outlined the integral parts of an effective compliance program, to include: (i) providing sufficient funding and access to essential resources; (ii) incentivizing compliance and ensuring that disciplinary measures are even handed for low-level and senior employees; and (iii) ensuring that third parties interacting with the institutions understand the institution’s expectations and are serious about compliance management. Caldwell emphasized that the strength of an institution’s compliance program is “an important factor for prosecutors in determining whether to bring charges against a business entity that has engaged in some form of criminal misconduct.” Caldwell highlighted the Criminal Division’s recent actions involving financial fraud and sanctions violations, observing that many have resulted in deferred prosecution agreements or non-prosecution agreements (DPAs and NPAs), enforcement tools the DOJ utilizes in the Criminal Division’s cases. Finally, addressing concerns that the DOJ and other law enforcement authorities have targeted the financial industry for investigation and prosecution, Caldwell stated, “banks and other financial institutions continue to come up on our radar screens because they, and the individuals through which they act, continue to violate the law, maintain ineffective compliance programs or simply turn a blind eye to criminal conduct to preserve profit.”
FinCEN Assesses $75,000 Penalty Against Check Casher Business for Violating Anti-Money Laundering Laws
On March 18, the Financial Crimes Enforcement Network (FinCEN) assessed a $75,000 civil money penalty against a Colorado check casher and its general manager and ordered it to cease all business activities for “willfully violating” registration, reporting, and anti-money laundering provisions of the Bank Secrecy Act (BSA). The Colorado-based check casher had been the subject of three BSA compliance examinations by the Internal Revenue Service, “all of which found significant and repeated violations.” Under the BSA, money services business are required to implement anti-money laundering controls, conduct internal compliance reviews, and provide compliance training for all staff in an effort to prevent the facilitation of money laundering and the financing of terrorist activities. The Colorado check casher failed to employ such programs, which resulted in a significant amount of untimely and inaccurate currency transaction reports.
On March 17, the FFIEC released a summary of its cybersecurity priorities for the remainder of 2015. The FFIEC intends to enhance its cybersecurity preparedness in seven main ways: (i) issuing a cybersecurity self-assessment tool that will help institutions to evaluate cybersecurity risk and risk management capabilities; (ii) improving council members’ process for “gathering, analyzing, and sharing information with each other during cyber incidents;” (iii) ensuring that test emergency protocols are set to respond to all cyber incidents in coordination with public-private partnerships; (iv) establishing training programs on developing cyber threats and vulnerabilities; (v) updating the Information Technology Examination Handbook; (vi) increasing focus on technology service providers’ ability to respond to cyber threats; and (vii) collaborating and sharing information with law enforcement and intelligence agencies. The seven action items derive from the FFIEC’s 2014 pilot assessment of cybersecurity readiness at over 500 financial institutions.
On March 18, the FHFA Inspector General released a white paper detailing the challenges faced by the government-sponsored enterprises (GSEs) that could adversely affect their future profitability. According to the white paper, the GSEs’ return to profitability in 2012 was linked significantly to non-recurring sources of income such as the release of valuation allowances against deferred tax assets, settlements of disputed representation and warranty claims, and settlements of legal claims relating to mortgage-backed securities. Specifically, the OIG reported that non-recurring sources accounted for 60% and 45% of net income in 2013 and 2014 respectively. In addition, the white paper cites the GSEs’ requirement to decrease its retained portfolio annually by 15%, requirements to pay a quarterly dividend to Treasury, the possibility of lower guaranty fees, congressional inaction to adopt housing finance reform, and market conditions such as changes in interest rates and home prices as factors that could force the GSEs to draw on the Department of Treasury for a taxpayer-funded bailout.