In This Issue:
- This Week’s Podcast: An Update on Telephone Consumer Protection Act Litigation in the Aftermath of the U.S. Supreme Court’s Decision in Facebook v. Duguid
- New AML Whistleblower Program Highlighted by FinCEN Acting Director
- CFPB Issues Compliance Bulletin on Consumer Reviews
- PPP Enforcement Turns to Lenders
- CFPB Extends Comment Period on Request for Information Regarding Fees Charged with Consumer Financial Products
- Director Chopra Targets Repeat Offenders in Lecture
- A Look at the CFPB’s First Months Under Director Rohit Chopra, with Special Guest Chris Peterson, John J. Flynn Endowed Professor of Law, University of Utah’s S.J. Quinney College of Law
- Lawsuit Filed in CA Federal District Court Alleges Unlawful Discrimination Based on Credit Union’s Denial of Loan Application from DACA Recipient
- Did You Know?
For the latest updates on the COVID-19 pandemic visit the Ballard Spahr COVID-19 Resource Center
This Week’s Podcast: An Update on Telephone Consumer Protection Act Litigation in the Aftermath of the U.S. Supreme Court’s Decision in Facebook v. Duguid
Although the decision narrowed the technology covered by the TCPA’s automatic telephone dialing system definition, the TCPA continues to be very dangerous. We first discuss the plaintiff bar’s case strategy in response to the decision and the decision’s implications for defendants’ case strategy. We then look at the increasing volume of cases alleging violations of the TCPA provisions on calls using an artificial or prerecorded voice and do-not-call, identify the most significant remaining TCPA risks companies face, and offer thoughts on steps companies can take to reduce TCPA risk.
Dan McKenna, Co-Chair of Ballard Spahr’s Consumer Financial Services Group, moderates the conversation, joined by Matt Morr, a partner in the Group.
Click here to listen to the podcast.
New AML Whistleblower Program Highlighted by FinCEN Acting Director
Himamauli Das, the Acting Director of the Financial Crimes Enforcement Network (FinCEN), spoke about the Anti-Money Laundering Act of 2020 (the Act) and FinCEN’s role in its implementation at New York University Law School’s March 25, 2022 Program on Corporate Compliance and Enforcement. After discussing the Act’s emphasis on modernizing and improving the effectiveness of the general U.S. anti-money laundering (AML) framework, Mr. Das devoted the final portion of his talk, denoted as “Compliance and Enforcement” in his prepared remarks, almost entirely to FinCEN’s whistleblower program.
As we have blogged (here, here and here), the Act’s amendment of the Bank Secrecy Act (BSA) greatly expands the options for whistleblowers alleging AML violations and should generate litigation and government actions, similar to what occurred over the past decade in the wake of the creation of the Dodd-Frank whistleblower program. The remarks by Mr. Das highlighted that FinCEN is hiring personnel for its new “Office of the Whistleblower;” is already receiving whistleblower tips; and is actively drafting rules to implement the Act’s whistleblower provision. However, FinCEN still faces a major hurdle – lack of Congressional funding for the program.
Mr. Das prefaced his remarks on the whistleblower program by highlighting FinCEN’s expanded enforcement and compliance efforts with regard to “paper [AML] programs” – i.e., “programs that look functional, but which do not allow an institution to identify and generate meaningful reporting of a significant amount of suspicious activity flowing through the institution.” He emphasized FinCEN’s willingness to take “strong enforcement action” when presented with what it deems to be either “willful violations” of the BSA or “egregious disregard” of the requirements for implementation and maintenance of an AML program that “reasonably guards” against money laundering and terrorist financing. As one example of that willingness, he highlighted the imposition of a $100 million fine on virtual currency derivative exchange BitMEX, for its alleged failure to mount a compliant AML program while facilitating hundreds of millions of dollars in “transactions involving known darknet markets or unregistered money services businesses.” Mr. Das summed up FinCEN’s approach in stark terms: “our enforcement office does not tolerate paper programs.”
Mr. Das then discussed the implementation of the Act’s whistleblower provision by FinCEN’s Enforcement and Compliance Division, which he said “we’re very excited about” despite still being “in the early stages of this effort.” He framed the whistleblower program as something that financial institutions should welcome, calling it their “fourth line [of defense],” after “their lines of business, their compliance departments, and their auditors.”
Mr. Das then highlighted the “statutory guardrails” for the program:
- Predicating eligibility for a monetary award on the information provided leading to a successful enforcement action by DOJ or FinCEN
- A balance between the requirement for DOJ and FinCEN to preserve whistleblower confidentiality and their ability to share the information obtained from the whistleblower with other law enforcement and regulatory agencies
- Robust protections against employer retaliation and discrimination against whistleblowers, including the right to bring an action either in court or before the Department of Labor (DOL), and to seek compensatory damages, reinstatement, and double back pay. (Mr. Das noted that implementation of these protections fall under the aegis of the DOL.)
Finally, Mr. Das acknowledged, diplomatically, that Congress has thus far neglected to actually fund the whistleblower program via appropriations (as called for in the Act.) He said that FinCEN’s work with Congress on this issue has been “constructive” and expressed optimism for “continued progress over the course of the year.” Despite the admission that Congress’ failure to fund the program it called for in the Act “has slowed [FinCEN’s] efforts,” Mr. Das highlighted steps taken thus far, including (1) creation of a FinCEN “Office of the Whistleblower,” and the hiring of “key personnel” to build and supervise the whistleblower program; (2) the ongoing acceptance of whistleblower tips while a “more formal tip intake system” is developed; and (3) the active drafting of rules to implement the Act’s whistleblower provision, for which he “welcome[s] public comment” after the (as yet unscheduled) publication of a Notice of Proposed Rulemaking.
It remains to be seen whether FinCEN’s active promotion of its whistleblower program will bear immediate fruit, or if the budgetary constraints will hamper its ability to process and investigate tips. Still, the full-throated promotion of the program by FinCEN’s acting director seems likely to pique the interest of financial institution staffers who may have previously felt disincentivized to report their concerns and thereby jeopardize their positions.
If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. Please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.
- Meredith S. Dante & Brian N. Kearney
CFPB Issues Compliance Bulletin on Consumer Reviews
The CFPB has issued a compliance bulletin that discusses business practices related to customer reviews that could be considered deceptive or unfair for purposes of the CFPA’s UDAAP prohibition.
The bulletin begins with a discussion of the Consumer Review Fairness Act (CRFA) which was enacted in 2016. The CRFA provides that certain provisions in a “form contract” are void from the contract’s inception. A “form contract” is defined as a contract with standardized terms used in the course of selling goods or services and imposed on an individual without a meaningful opportunity to negotiate the standardized terms. The provisions that are void under the CRFA include provisions that would prohibit or restrict a consumer who enters into a form contract from reviewing the seller’s goods, services, or conduct, or would impose a penalty or fee on the consumer for reviewing the seller’s goods, services, or conduct.
The bulletin provides that it would generally be a deceptive act or practice to:
- Include a restriction on consumer reviews in a form contract because the restriction would be void under the CRFA; or
- Attempt to pressure a consumer to remove a posted negative review by invoking a restriction on consumer reviews that is void under the CRFA.
The bulletin also provides that purported contractual restrictions on reviews can be an unfair act or practice. According to the CFPB, by causing consumers to refrain from posting negative reviews and thereby depriving prospective purchasers of negative information, the restrictions can result in consumers buying products they would not have otherwise bought.
The bulletin also contains a discussion of how deceptive acts or practices can occur even in the absence of contractual restrictions on consumer reviews. According to the Bureau, a company can engage in unfair acts or practices by manipulating consumers’ comprehension of available reviews. The Bureau illustrates this possibility by citing two FTC matters in which the FTC found review manipulation to be deceptive. In one matter, a company instructed its employees to leave reviews of its products on third-party websites and to “dislike” negative reviews left by real customers. (The Bureau notes that companies can also deceive consumers by paying non-employees to post misleading reviews.)
In the other FTC matter, a company automatically posted four- or five-star reviews to its website but did not approve or publish hundreds of lower-starred reviews. The Bureau observes that “there are numerous other ways that firms can improperly manipulate consumer reviews” and warns that it “intends to carefully scrutinize whether covered persons or service providers are skewing consumers’ understanding of consumer reviews in a manner that is deceptive (unfair or abusive).”
PPP Enforcement Turns to Lenders
As we approach the two-year anniversary of the passage of the Coronavirus Aid, Relief, and Economic Security Act (CARES Act), the scope and costs of fraud in connection with its relief programs continues to mount. To date, the Department of Justice has brought criminal charges against over 1,000 defendants with alleged losses exceeding $1.1 billion; seized over $1 billion in Economic Injury Disaster Loan proceeds; and initiated over 240 civil investigations into more than 1,800 individuals and entities for alleged misconduct in connection with pandemic relief loans totaling more than $6 billion.
While these figures represent an enormous amount of fraud, they likely represent the tip of the iceberg in terms of the total amount of fraudulent or otherwise improper spending that has occurred in connection with these pandemic relief programs. A significant amount of fraud in the Paycheck Protection Program (PPP) in particular has been detected since the program’s inception. Indeed, some studies indicate that upward of 15 percent of all PPP disbursements – around $125 billion – might have been improperly made or fraudulently obtained.
To date, prosecutions for PPP fraud have targeted borrowers and often involve the most brazen fraudsters. Lenders that facilitated fraudulent borrowing have, to this point, avoided liability. This dynamic, however, appears to be changing with increasing indications coming from the federal government that it intends to shift its enforcement efforts to complicit lenders.
Potential lender liability for fraudulent PPP loans has been the subject of Congressional scrutiny. Throughout 2021, the House of Representatives Select Subcommittee on the Coronavirus Crisis, headed by Rep. James Clyburn, made several overtures to PPP lenders.
First, on March 3, 2021, Rep. Clyburn sought information from the nation’s largest lenders on their PPP lending policies and compliance efforts, including Anti-Money Laundering (AML) and know-your-customer (KYC) policies. This request was driven by the Select Subcommittee’s dual concerns that lenders both prioritized existing customers for PPP loans over non-customers in need of PPP loans and failed to adequately implement safeguards to prevent fraudulent borrowing.
On May 28, 2021, the Select Subcommittee expanded the scope of its investigation to look at the role FinTech firms and their banking partners played in PPP lending. Specifically, the Select Subcommittee, seizing on reports that FinTech firms originated a hugely disproportionate number of fraudulent PPP loans, sought information and documentation from some of the largest FinTech firms concerning their AML and KYC controls and compliance policies and protocols. Further widening its probe, the Subcommittee issued an additional information request to two other large FinTech firms on November 23, 2021.
While Congress took the lead into examining lender PPP practices in 2021, the Executive Branch has positioned itself to enter the fray in 2022. At his State of the Union Address, President Biden emphasized his intent to dramatically ramp up the Department of Justice’s efforts to detect and prosecute PPP fraud in several key ways. First, he announced he will appoint a Chief Prosecutor to the DOJ’s COVID-19 Fraud Enforcement Task Force to lead specialized teams of prosecutors and agents to target major COVID-19 fraud schemes and pursue more sophisticated cases. These “strike force teams” will be tasked with “connect[ing] the dots on identity theft and other complex fraud schemes committed across state lines or transnationally, as well as investigat[ing] major cases of criminal fraud in programs like the [PPP].” Second, he called on Congress to provide additional resources to fund the “strike force teams” and also to enhance penalties for pandemic-related fraud.
Then, on March 10, 2022, the DOJ announced that Associate Deputy Attorney General Kevin Chambers will serve as Director for COVID-19 Fraud Enforcement. Emphasizing its commitment to using “every available federal tool – including criminal, civil and administrative actions,” the DOJ explained that the “Strike Teams” that would operate under Director Chambers “will include analysts and data scientists to review data, agents to investigate the cases, and prosecutors and trial attorneys to bring charges and try the cases.”
This ramp up in enforcement efforts followed close on the heels of the first criminal prosecution of a PPP lender. On March 1, 2022, the DOJ announced the indictment of the CEO of a non-bank PPP lender, accusing him of falsifying records in order to obtain SBA approval to participate as a lender in the PPP. According to the indictment, after obtaining approval to participate in the PPP, the defendant oversaw the approval of over $932 million in PPP loans, which generated over $71 million in lender fees. On top of that, the defendant allegedly caused his own company to receive a $300,000 PPP loan through false statements concerning the number of its employees.
Clearly, the federal government has moved past the low-hanging fruit stage of PPP enforcement and is now focusing on the more complex, sophisticated, and difficult to detect fraud cases. It is equally clear that the government is now aggressively examining lender behavior in the PPP. With lenders having earned billions of dollars in fees for administering the PPP, the government is ramping up its efforts to determine whether those lenders fully met all applicable obligations. Based on the nature of the investigations into lender practices thus far, we can expect further enforcement actions to arise in at least four different contexts.
First, the government will scrutinize non-traditional lenders to ensure they fully and accurately met all program requirements to participate in the PPP.
Second, the government can be expected to examine borrower fraud cases to determine whether lender insiders aided or facilitated the fraud in any way. If so, the lender itself can face liability.
Third, the government will continue to examine whether PPP lenders adequately maintained and implemented AML and KYC procedures and otherwise met all of their obligations to detect and prevent fraud. Appropriate compliance involves not only preventing potential fraudulent borrowing, but also requires monitoring borrower activity to detect ongoing fraud and filing suspicious activity reports where appropriate. Any compliance failures could lead to sanctions under the Bank Secrecy Act or, if systemic, potential liability under the False Claims Act. While no PPP lender is insulated from an enforcement action stemming from compliance failures, FinTech firms and other non-bank lenders that engaged in large scale PPP lending without robust compliance programs will continue to be the most at risk.
Fourth, the government will continue examining PPP loan data to ensure lenders met all applicable fair lending standards.
While we are two years removed from passage of the CARES Act, we are only just entering the fraud and compliance enforcement stage in earnest.
CFPB Extends Comment Period on Request for Information Regarding Fees Charged with Consumer Financial Products
As previously reported, in January 2022, the CFPB published a “Request for Information Regarding Fees Imposed by Providers of Consumer Financial Products or Services” with a comment deadline of March 31, 2022. The CFPB now has announced an extension of the deadline to April 11, 2022.
The CFPB stated that the “more than 25,000 comments we have received through mid-March show the high-level of public interest on this topic, and the number of people affected by exploitative junk fees. We are extending the deadline for the public to share input and stories on their experiences with exploitative junk fees.”
Ballard Spahr addressed the request for information in a February 17, 2022 webinar and also in a podcast.
Director Chopra Targets Repeat Offenders in Lecture
Delivering the University of Pennsylvania Law School’s 2022 Distinguished Lecture on Regulation, CFPB Director Chopra addressed the following question: “How do we stop large dominant firms from violating the law over and over again with seeming impunity?” His remarks made clear that, under his leadership, large companies charged by the CFPB with repeat violations or new violations of a different kind than previously charged can expect the CFPB to demand significantly more than the payment of large amounts in consumer relief and/or penalties as part of a settlement agreement.
Director Chopra characterized repeat offenders as falling primarily into two general categories. The first category, which he called “the worst type of repeat offender,” is a company that violates a formal court or agency order. According to Mr. Chopra, such companies understand what is required of them but fail to comply “due to dysfunction or they took a calculated risk.” The second category is a company with multiple violations across different business lines where the violations stem from “problematic sales practices incentives or a failure to properly integrate IT systems after a large merger.”
According to Mr. Chopra, while large penalties can threaten the viability of small companies, they only “give the guise of deterrence” for dominant firms. In his view, this means agencies need to consider imposing non-monetary “bright-line structural remedies” on large firms so that they are equally deterred from future violations as small firms. The Dodd-Frank Act (Section 1055) authorizes the CFPB to impose “limits on the activities or functions” of a person as a remedy in an administrative proceeding or court action. Mr. Chopra indicated that the CFPB could rely on such authority to impose the following types of remedies:
- Asset caps and limitations on transferring or acquiring assets
- Limits on or termination of business or product lines
- Divestiture of certain product lines
- Limitations on leverage or requirements to raise equity capital
- Revocation of government-granted privileges (such as loss of access to federal deposit insurance or receivership for depository institutions and, in collaboration with state regulators, suspension or revocation of licenses or liquidation of assets for nonbanks)
He also indicated that more consideration should be given to imposing individual liability on officers and directors, including dismissal and lifetime occupational bans, clawbacks, and forfeitures. A specific change to executive compensation suggested by Mr. Chopra was to defer compensation for longer periods of time and use it as the first source of funds to pay fines.
Mr. Chopra stated that the CFPB is planning to establish dedicated units in supervision and enforcement to enhance the detection of repeat violations. This will include closer scrutiny to ensure orders are being followed and closer coordination with other agencies to ensure there is compliance with each agency’s order.
There is serious doubt whether the CFPB has the authority to impose all of the remedies that Director Chopra identified under the rubric of “limits on the activities or functions,” particularly where the entity is a financial institution that is chartered or whose deposits are federally-insured. Nevertheless, there is no doubt that the CFPB has the power to impose draconian non-monetary relief. That being the case, companies and banks that are already subject to a CFPB or court order need to take steps to ensure that they don’t become recidivists.
While Director Chopra has engaged in a lot of jawboning since he has been in office, so far the CFPB has filed or entered into no more than a handful of complaints or consent orders under his leadership. This may very well turn out to be the lull before the storm.
A video of Director Chopra’s lecture is available here.
A Look at the CFPB’s First Months Under Director Rohit Chopra, with Special Guest Chris Peterson, John J. Flynn Endowed Professor of Law, University of Utah’s S.J. Quinney College of Law
Professor Peterson, who served at the CFPB under former Director Cordray, shares his perspective on the CFPB’s publicly-announced enforcement activities and initiatives under Director Chopra and what they might signal for future enforcement and supervisory activities. The matters discussed include the UDAAP implications of the CFPB’s focus on pricing in its enforcement action against JPay, the CFPB’s use of UDAAP to challenge discrimination not involving credit, and the CFPB’s junk fees initiative and approach to technology. We also discuss the current status of federal and state rate cap legislation and “true lender” challenges to bank/nonbank partnerships.
Alan Kaplinsky, Ballard Spahr Senior Counsel, hosts the conversation.
Click here to listen to the podcast.
Lawsuit Filed in CA Federal District Court Alleges Unlawful Discrimination Based on Credit Union’s Denial of Loan Application from DACA Recipient
In a new lawsuit filed in a California federal district court, a recipient of Deferred Action for Childhood Arrivals (DACA) alleges that a credit union violated the Civil Rights Act of 1866 (42 U.S.C. § 1981) and California’s Unruh Civil Rights Act (UCRA) by denying her loan application based on her status as a DACA recipient.
DACA allows individuals who arrived in the United States as children to receive a renewable two-year period of deferred action from deportation and makes them eligible for an employment authorization card allowing them to work in the U.S. DACA recipients receive a social security number with a special designation indicating that that the holder is not a citizen or a permanent resident.
In her putative class action complaint filed against Alliant Credit Union, Yuliana Camacho alleges that she has been a DACA recipient since 2011 and applied to Alliant in 2021 for a loan to purchase a car. According to her complaint, Ms. Camacho submitted her social security number and her application was pre-approved. To complete the application process, Alliant subsequently asked her to upload an additional form if she was a visa holder, a permanent resident card if she was a permanent resident, or a naturalization certificate if she was a naturalized citizen. After informing Alliant that she was a DACA recipient and not a visa holder, permanent resident, or naturalized citizen, Alliant allegedly informed her that it did not lend on DACA status and sent her an adverse action notice indicating that her credit was denied based on her residency status.
42 U.S.C. § 1981 provides that “[a]ll persons within the jurisdiction of the United States shall have the same right in every State and Territory to make and enforce contracts . . . as is enjoyed by white citizens.” The UCRA provides that “[all persons within the jurisdiction of this state are free and equal, and no matter what their sex, race, color, religion, ancestry, national origin, disability, medical condition, genetic information, marital status, sexual orientation, citizenship, primary language, or immigration status are entitled to the full and equal accommodations, advantages, facilities, privileges, or services in all business establishments of every kind whatsoever.”
In her complaint, Ms. Camacho alleges that Alliant violated Section 1981 because it intentionally discriminated against her by interfering with her right to make and enforce contracts for financial products on the basis of alienage. She alleges that Alliant also violated the UCRA by denying her the opportunity to apply for financial products free of discriminatory conditions imposed on the basis of her immigration status. In addition to injunctive and declaratory relief, the complaint seeks statutory and compensatory damages.
A large bank’s decision to settle two cases involving Section 1981 claims for alleged discrimination in credit decisions based on DACA status after it did not prevail on motions to dismiss has emboldened plaintiffs’ attorneys to continue to file similar lawsuits. The new complaint highlights the continued compliance risks for financial institutions in handling credit applications from nonpermanent residents and DACA recipients. Lenders should take note that in January 2021, HUD reversed its prior policy that prohibited lenders from granting FHA mortgages to DACA recipients to make DACA recipients eligible for FHA mortgages.
South Dakota Enacts Provisions Regarding Remote Work for Employees of Mortgage Lenders
South Dakota recently enacted statutory provisions to allow employees of licensed Mortgage Lenders to work remotely so long as in-person interactions with consumers are not conducted at the remote location, the remote location is not represented to consumers as a business location, and cybersecurity measures are in place, among other requirements.
The provisions become effective on July 1, 2022.
Subscribe to Ballard Spahr Mailing Lists
Copyright © 2023 by Ballard Spahr LLP.
(No claim to original U.S. government material.)
All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, including electronic, mechanical, photocopying, recording, or otherwise, without prior written permission of the author and publisher.
This alert is a periodic publication of Ballard Spahr LLP and is intended to notify recipients of new developments in the law. It should not be construed as legal advice or legal opinion on any specific facts or circumstances. The contents are intended for general informational purposes only, and you are urged to consult your own attorney concerning your situation and specific legal questions you have.