Subject to Inquiry

Subject to Inquiry


Government Investigations and White Collar Litigation Group
Anti-Bribery and Corruption, Anti-Money Laundering, Compliance, Enforcement and Prosecution Policy and Trends

UK set to shake up Corruption and Money Laundering Enforcement

UK Bribery ActThe UK Government introduced the Criminal Finances Bill to Parliament today (13 October 2016), which will now start its passage through the parliamentary approval process before becoming law.

The Government hopes that the Bill “will significantly improve the government’s ability to tackle money laundering and corruption, recover the proceeds of crime, and counter terrorist financing”, and describes it as “a key element of one of the most significant changes to our anti-money laundering and terrorist finance regime in over a decade.”

The Bill will make major changes to existing law and will introduce an array of new enforcement powers and safeguards, which we summarise below.

One aspect that is of interest is actually what the Bill does not do.  The UK Government had in May of this year announced plans to extend corporate criminal liability to hold companies criminally liable for failing to prevent fraud and money laundering.

Many anticipated that this Bill would implement those plans.  It does not, and we expect that this omission will form part of the debate that will shape the Bill.

What the Bill will do is:

  • Introduce a criminal offence for corporations who fail to stop their staff facilitating tax evasion, which will have global reach.  The defence to this will be either for the corporate to have “prevention procedures” in place that would be reasonable to expect it to have or for the corporate to show that it is not reasonable to expect it to have any prevention procedures.
  • Enable seizure and forfeiture of the proceeds of crime that are stored in UK assets, extending current law to include value stored in bank accounts and high-value property
  • Create “unexplained wealth orders”, which would require those suspected of corruption to explain the sources of their wealth to enforcement agencies.
  • Enable the sharing of information between regulated companies, helping to ensure that they provide the best possible intelligence for enforcement agencies to investigate.
  • Introduce new powers to assist enforcement agencies investigations into money laundering, including a power to extend the moratorium period in which Suspicious Activity Reports (SARs) can be investigated and giving the UK’s National Crime Agency new powers to request information from regulated companies.
  • Permit investigating agencies to pursue “Disclosure Orders” for money laundering investigations, which powers already exist for corruption and fraud investigations.  A Disclosure Order requires someone suspected of possessing information relevant to an investigation to provide information to an enforcement agency.

We will continue to track the progress of the Bill and provide further analysis in the weeks and months to come.

Enforcement and Prosecution Policy and Trends, Financial Institution Regulation

D.C. Circuit Rebukes CFPB in PHH Case


In a major setback for the Consumer Financial Protection Bureau (“CFPB”), the D.C. Circuit issued a significant ruling today that found the CFPB’s single director structure unconstitutional, ruled against the CFPB on important statutory interpretations – including the Bureau’s position that it was not subject to any statute of limitations in enforcement proceedings – and tossed out a $109 million penalty against a mortgage company.  Today’s decision follows arguments in the case in April, which we reported on here.

As we noted previously, CFPB Director Richard Cordray, in the Bureau’s first appellate decision PHH Corp. v. Consumer Financial Protection Bureau, imposed a $109 million penalty on PHH for alleged Real Estate Settlement Procedures Act (“RESPA”) violations involving improper kickbacks related to mortgage reinsurance where agreements were in place with lenders, a dramatic increase over the $6 million penalty that had been imposed by the administrative law judge at the trial level.  Among the issues on appeal in PHH was Director Cordray’s decision not to follow the Department of Housing and Development’s (“HUD”) previous interpretation of RESPA as it relates to mortgage reinsurance arrangements.  HUD was the agency responsible for enforcing RESPA before the CFPB assumed responsibility for enforcement in 2011.  Other issues on appeal included the CFPB’s position that no statute of limitations applies to administrative actions and whether the Bureau is constitutionally structured.

Today’s decision included four major holdings:

  • The CFPB is unconstitutional as structured, but will survive.

 Unlike other federal agencies governed by nonpartisan or bipartisan commissions or by a director who serves at the pleasure of the President, the CFPB is headed by a single director who is removable only “for cause.”  Moreover, the Bureau receives funding outside of Congressional appropriations, further insulating it from any effective executive or legislative supervisions.  The D.C. Circuit determined that these features of the Bureau’s structure rendered it unconstitutional, expressing particular concern about the lack of protection against arbitrary decisionmaking and abuses of power by the sole director.

However, the D.C. Circuit stopped short of accepting PHH’s argument that the remedy for this constitutional defect should be to shut down the CFPB.  Instead, the court severed the “for cause” removal provision from the Dodd-Frank Act, allowing the CFPB to continue to operate as an executive agency and providing the President with the power to supervise, direct, and remove the CFPB Director at will.

  • The same statutes of limitation apply whether a CFPB action is brought in court or in an administrative proceeding.

The D.C. Circuit also rejected the CFPB’s argument that statutes of limitations are inapplicable in administrative enforcement actions, finding that the Bureau’s administrative enforcement authority (as well as judicial enforcement authority) is specifically tied to the statutes of limitation in the consumer protection laws it is charged with enforcing.  Section 5563 of the Dodd-Frank Act provides the CFPB with administrative enforcement authority for nineteen federal consumer protection laws, in addition to other rules and regulations, “unless such Federal law specifically limits the Bureau from conducting a hearing or adjudication proceeding.”  12 U.S.C. § 5563(a)(2).  According to the D.C. Circuit, “[o]bviously, one such ‘limit’ is a statute of limitations.” (emphasis in original).  It also specifically held that CFPB administrative actions are subject to RESPA’s three-year limitations period.

  • The plain text of RESPA Section 8 permits captive reinsurance arrangements and payments for other services actually performed.

According to the D.C. Circuit, “[t]he basic statutory question in this case is not a close call.”  In the decision on appeal, Director Cordray concluded that captive reinsurance arrangements—where a mortgage lender refers borrowers to a mortgage insurer and the insurer buys reinsurance from a reinsurer affiliated with the referring mortgage lender—violate RESPA.  The D.C. Circuit had no difficulty rejecting this interpretation, holding that the plain language of Section 8(c) of RESPA permits captive reinsurance arrangements – as well as payments for other services actually performed – where mortgage insurers pay no more than reasonable market value for the service, and “specifically bars the aggressive interpretation of Section 8(a) advanced by the CFPB in this case.”  In doing so, the D.C. Circuit explained:

Section 8(a) proscribes payments for referrals.  Period.  It does not proscribe other transactions between the lender and mortgage insurer.  Nor does it proscribe a tying arrangement, so long as the only payments exchanged are bona fide payments for services and not payments for referrals.

  • The CFPB violated PHH’s due process rights.

The D.C. Circuit also determined that even if the CFPB’s interpretation of Section 8 was correct, the Bureau still violated PHH’s due process rights by departing from consistent prior interpretations issued by HUD permitting such conduct and retroactively applying its new interpretation against PHH.  Repeating Judge Kavanaugh’s colorful commentary in oral argument, the court analogized the Bureau’s sanction of PHH to a police officer “tell[ing] a pedestrian that the pedestrian can lawfully cross the street at a certain place” and then “hand[ing] the pedestrian a $1,000 jaywalking ticket” once the pedestrian crossed to the other side.  “The Due Process Clause does not countenance the CFPB’s gamesmanship.”

In summary, the D.C. Circuit’s opinion allows the CFPB to survive, but the court made clear that the CFPB’s attempts to unilaterally reinvent long-standing agency guidance and avoid well-established limitations on actions will not be countenanced.

The next move is up to the Bureau, but it is almost certain that today’s opinion is not the last word.  While the D.C. Circuit remanded the case for further proceedings, potentially including factual determinations as to whether the relevant mortgage insurers paid more than the reasonable market value to the reinsurer, it is likely that the Bureau will seek further review in the form of panel rehearing, rehearing en banc, or petition for certiorari to the Supreme Court.

Compliance, Enforcement and Prosecution Policy and Trends, Financial Institution Regulation

I Can’t Get No (Financial Product) Satisfaction: CFPB Complaint Database Exceeds One Million Complaints

Government-Regulatory-and-Criminal-Investigations.jpgOn September 27, the Consumer Financial Protection Bureau (CFPB) released its Monthly Complaint Report capturing a high-level snapshot of trends in consumer complaints.  In conjunction with releasing its September Report, the CFPB confirmed it has handled over one million consumer complaints.  The CFPB describes consumer complaints as “submissions that express dissatisfaction with, or communicate suspicion of wrongful conduct by, an identifiable entity related to a consumer’s personal experience with a financial product or service.”  Consumers are able to report such complaints to the CFPB’s publicly available Consumer Complaint Database.

In assessing consumer complaints, each monthly report uses a three-month rolling average, comparing the current average to the same period in the prior year to account for monthly and seasonal fluctuations.  When assessing company-level data, the Bureau uses a three-month rolling average of complaints sent to companies for response.  The company-level complaint data lags other complaint data in the report by two months to reflect the 60 days companies have to respond to complaints, confirming a commercial relationship with the consumer.

The CFPB’s September Monthly Complaint Report provided its usual, high-level snapshot about trends in consumer complaints, including a geographic focus on consumer complaints in Pennsylvania, and provided highlights regarding consumer complaints about money transfers across the country.

The September Report showed that the financial products experiencing the biggest percentage increase by volume during the current three-month period (June-August 2016) versus the same period last year (June-August 2015) were student loans.  The largest decrease in consumer complaints during the same period were payday loans.  The Report revealed that debt collection, credit reporting, and mortgage complaints were the top three most-complained-about consumer financial products and services, representing about 67% of complaints submitted in August 2016.  The Bureau added that Alaska, Wyoming, and Colorado experienced the greatest consumer complaint volume percentage increase during the June-August 2015 to June-August 2016 timeframe; Maine, Nebraska, and Idaho experienced the greatest complaint percentage decrease during the same period.

The Bureau’s September Report also provided a focus on customer complaints relating to money transfer services.  Since July 21, 2011, the CFPB has handled approximately 6,900 money transfer complaints, representing 0.7 percent of total complaints.  The Report provided details regarding the types of consumer complaints related to money transfer services, namely, accessing funds, resolving disputes, and frauds/scams.

The CFPB’s August Monthly Complaint Report also captured the same high-level snapshot of trends in consumer complaints, and included a geographic focus on Ohio and the Columbus metro area.  This Report also included consumer complaint statistics related to bank account and services across the country.

Just as the CFPB reported in its September Report, the August Report revealed that the financial products seeing the biggest percentage increase by volume during the three-month period of May-July 2016 versus the same period last year (May-July 2015) were student loans.  The biggest decrease in complaints during this same period were payday loans.  The Bureau reported that debt collection, credit reporting, and mortgage complaints were the top three most-complained-about consumer financial products and services.  These three areas represented two-thirds of complaints submitted in July 2016.  The Bureau also similarly reported that that Alaska, Wyoming, and Colorado experienced the greatest consumer complaint volume percentage increase during the relevant time period while Maine, Delaware, and Hawaii experienced the greatest consumer complaint volume percentage decrease.

The Report offered additional details on bank account or services, which includes products offered by banks, credit unions, and nonbank companies.  The CFPB has handled approximately 94,200 complaints related to bank account or services since July 21, 2011.  Representing 10 percent of total complaints, bank account or services product complaints are the fifth most-complained-about product, according to the CFPB.  The Report detailed numerous complaints related to bank account or services

As we reported back in 2013, the CFPB uses the Consumer Complaint Database to help adjust its risk scope examinations and prioritize enforcement actions.  Companies would be wise to use the information provided in this database, as well as to maintain information regarding their own customer complaints, to stay in front of any potential issues or emerging trends.  Companies that are more responsive to complaints may minimize legal, regulatory, and reputational risk.

Compliance, Financial Institution Regulation

At Long Last, CFPB Issues Final Rule on Prepaid Accounts

document-review-thumb-200x133-156.jpgThe CFPB today finalized its rule on prepaid cards.  Over four years in the making, the final rule, which weighs in at nearly 1700 pages, provides “strong federal consumer protection for prepaid account users,” according to prepared remarks of CFPB Director Richard Cordray.  The final rule covers not only traditional “general purpose reloadable” cards, but also mobile or electronic prepaid accounts, with PayPal and Google Wallet being named specifically as examples.  The CFPB cites the proliferation of prepaid cards – $1 billion in 2003 to an expected $112 billion in 2018 – and the lack of existing protection under federal law as justification for the new prepaid rules.  The final rule requires transparency in prepaid accounts and affords consumers protections similar to those found in traditional checking accounts.

The final rule includes “Know Before You Owe” disclosure requirements that provide transparency.  Prepaid card issuers must provide consumers with both a “short form” and “long form” disclosure statement – examples of both are available through the CFPB’s website.  The short form is meant to help consumers shop for and differentiate between prepaid accounts, by disclosing certain fees that the CFPB deems important, including periodic fees, per purchase fees, ATM withdrawal and balance inquiry fees, cash reload fees, customer service fees, and inactivity fees.  Included in the final rule are several model forms that, if used accurately, provide a safe harbor to financial institutions.  The long form, on the other hand, must include all of a prepaid account’s fees, qualifying conditions, and other pertinent information.  The final rules do not include a model long form, but do provide a sample.  A financial institution is not required to provide a periodic statement to consumers as long as the consumer is able to obtain balance information by telephone, at least 12 months of electronic account transaction history, and, upon request, 24 months of written account transaction history.  However, if periodic statements and transaction histories are provided to consumers, they must contain a summary of all fees assessed against the account on a monthly and annual basis.

The final rule provides protections common to checking accounts to prepaid accounts.  The final rule requires financial institutions to work with consumers to resolve errors in their accounts and restore missing funds.  In some instances, financial institutions will also be required to provide provisional credit to consumers during the investigation if the prepaid account is verified.  The final rules also protect consumers from lost cards and unauthorized transactions by, among other things, limiting a consumer’s responsibility for unauthorized charges to $50.

For prepaid accounts with credit features, the final rule also extends protections from the Truth in Lending Act (TILA) and Credit Card Accountability Responsibility and Disclosure Act (CARD Act) to prepaid accounts.  For such accounts, the final rule also requires financial institutions to separate the prepaid and credit features of the account, e.g., financial institutions cannot take funds loaded on a prepaid account to repay credit, absent consumer consent.

The final rule is effective on October 1, 2017, though financial institutions are not required to submit prepaid account agreements to the CFPB until October 1, 2018.  We will continue to unpack the final rule and monitor its effect on the prepaid industry in the coming weeks and months.

Financial Institution Regulation

CFPB Announces that ECOA Protects LGBT Persons From Discrimination in Lending

This Cashsummer, the Consumer Financial Protection Bureau (CFPB) was asked by an LGBT advocacy group whether the provision of the Equal Credit Opportunity Act (ECOA), 15 U.S.C. § 1691 et seq., that prohibits discrimination on the basis of sex extends to protect LGBT people who sought credit.  The CFPB has said yes: the ECOA does prohibit discrimination against LGBT people.

Services and Advocacy for GLBT Elders (SAGE) had inquired of the CFPB regarding the scope of protection under the ECOA in June.  The CFPB recently responded by letter, stating its position that LGBT people were protected under this law.  Under the CFPB’s interpretation, discrimination against an LGBT person seeking credit subject to the ECOA—such as a mortgage, car loan, credit card, or small business loan—is prohibited.  The letter marked a victory for LGBT advocates, who claimed that their community faced discrimination from lenders for many years.

This letter from the CFPB comes not long after other notable moments for the LGBT community.  Perhaps the best known of these was the Supreme Court’s decision in Obgerfell v. Hodges, 135 S. Ct. 2071 (2015), that homosexual couples have a constitutional right to marriage.  But there has also been action in the executive branch as well.  For example, the Departments of Education and Justice in May 2016 issued a joint letter, interpreting Title IX’s prohibition on sex discrimination to apply to gender identity.  The letter said that schools should allow students to use the sex-segregated facilities that correspond to their gender identity.  Earlier in the spring, the EEOC filed two lawsuits against employers who allegedly discriminated on the basis of sexual orientation.

Legal changes regarding LGBT rights continue at a rapid pace (at least in comparison to much legal change).  Businesses should keep abreast of these changes.  They should also evaluate their policies to determine if those policies comply with the latest legal developments.  The federal government has shown a particular interest in this issue, and as LGBT issues continue to remain in the news, a report from a consumer to the CFPB could mean legal trouble, or at least bad publicity, for a company.

Anti-Bribery and Corruption, Compliance, Energy Enforcement

A Compliance Plan for the Extractive Industries Payment Disclosure Rule

Ipiplinen the prior post we described the SEC’s new Rule 13q-1 that took effect on Monday (September 26). In this post, we discuss steps covered companies should take to comply with the rule.

To review: Rule 13q-1 requires issuers involved in the commercial development of oil, natural gas and minerals to disclose payments they, their subsidiaries and other companies under their control make to the U.S. federal government and to non-U.S. governments in connection with their resource extraction activities.

Covered companies must disclose the type and total amount of payments made on a project-by-project basis, and on a country-by-country basis.

The rule covers companies directly involved in exploration, extraction, processing, export and the acquisition of licenses for any such activity, with ancillary activities excluded (e.g., shipping, provision of tools and equipment, or working as a service provider to an operator).

Covered companies are required to make their first disclosure filings within 150 days after the end of their fiscal year ending on or after September 30, 2018 (some companies will qualify for a longer transition period and an additional one-year delay in reporting payments related to exploratory activities).

*      *      *

Compliance with Rule 13q-1 will require comprehensive payment tracking and diligence protocols to allow covered companies to accurately identify and describe covered payments.

Covered companies must disclose payments made by third parties on their behalf, meaning that the diligence processes will need to extend throughout their supply chains and include partners in their projects.

Many companies are going to want to, and in some cases may need to pursue case-by-case exemptions from the SEC in order to avoid disclosing commercially-sensitive information, and in some cases to avoid running afoul of blocking statutes enacted by resource-rich countries to prevent companies from disclosing resource extraction-related payments to those countries’ governments.

Per the Federal Register notice promulgating the final Rule 13q-1, commenting companies have posited that compliance with the new rule could cost anywhere from $500,000 to $50 million for individual companies.  While the truth likely lies in the middle for most companies, compliance will surely come at some cost in terms of designing payment tracking and diligence protocols, investing in the manpower needed to implement those protocols, and carrying out the rock-breaking of compiling, analyzing and presenting the necessary disclosures.

Along the way, some companies will surely stumble as they closely review their history of payments to and for the benefit of governments and government officials in connection with certain projects.  They will undoubtedly discover irregularities, control and documentation problems, and examples of the corruption that has long plagued the process of pulling hydrocarbons and minerals from the ground in developing countries towards the bottom of the Corruption Perceptions Index rankings.

For all these reasons, companies impacted by Rule 13q-1 should already be taking steps to prepare for their future disclosures.  Steps to consider, particularly for companies not already subject to a similar disclosure requirement outside the U.S., include:

  • For some companies, confirming whether they are or by fiscal year 2018 could be covered by the rule.  As the SEC has explained, “whether an issuer is a resource extraction issuer ultimately depends on the specific facts and circumstances,” and “extraction” and “processing” are sufficiently broad to include midstream production activities such as removal of liquid hydrocarbons from gas, and crushing and processing raw ore, although they do not include downstream activities such as refining and smelting.
  • Identifying the systems, records and personnel needed to identify, track, document and accurately describe covered payments.
  • Developing and testing the diligence protocols that will support the company’s annual Rule 13q-1 disclosure process.
  • Conducting a disclosure diligence “dry run” during the course of fiscal year 2017 to ensure the company has adequately designed its protocols, has adequately resourced the process and does not have any significant issues lurking in its payment history.
  • Engaging with the SEC now to the extent the company knows of or can reasonably identify payments or categories of payments likely to require pursuit of a disclosure exemption in the future.

Throughout this process, companies would be well-advised to seek guidance from internal or external resources with anti-bribery and anti-corruption compliance expertise to ensure the process is properly calibrated to identify red flags indicating potential payment irregularities, internal control weaknesses or other indicia of possible corruption.

Only by investing in diligence and compliance efforts now will companies subject to Rule 13q-1 be adequately prepared when its requirements first come due.

Failure to act could catch them unaware and unprepared, and may even lead to the speculated new rash of FCPA enforcement actions sweeping across the extractive industries as a result of this disclosure requirement.

This post first appeared on The FCPA Blog.

Anti-Bribery and Corruption

How to prepare for the SEC’s Resource Extraction Disclosure Rule

piplineAfter a long and tortured route through the courts, the SEC’s final rule implementing Dodd-Frank’s Resource Extraction Payment Disclosure requirement took effect today.

Many have watched and commented on the new Rule 13q-1, and for good reason. It is likely to have a significant impact — at least in the short term — on the companies required to make disclosures under it.

While it does present some risk of unearthing corrupt payments that could lead to anti-bribery and anti-corruption voluntary disclosure decisions or even enforcement actions, Rule 13q-1 presents a more immediate and pressing diligence and compliance challenge that resource extraction companies and their service providers need to begin addressing now.

Rule 13q-1 will require issuers involved in the commercial development of oil, natural gas and minerals to disclose payments they, their subsidiaries and other companies under their control make to the U.S. federal government and to non-U.S. governments in connection with their resource extraction activities.

Covered companies will have to disclose the type and total amount of payments made on a project-by-project basis, and on a country-by-country basis.

The rule covers companies directly involved in exploration, extraction, processing, export and the acquisition of licenses for any such activity, with ancillary activities excluded (e.g., shipping, provision of tools and equipment, or working as a service provider to an operator).

The covered payments include taxes, royalties, fees, production entitlements, bonuses, community and social responsibility (CSR) payments, dividends and payments for infrastructure improvements.

By including this disclosure requirement in Dodd-Frank, Congress sought to improve transparency in industries that have been historically beset by corruption issues, with the hope that it would force impacted companies to address anti-bribery and anti-corruption compliance shortcomings lest they be required to publicly disclose improper payments to government officials.

As a result, legal writers have touted the new disclosure requirement as likely to trigger a fresh wave of voluntary disclosures, investigations and enforcement actions under the Foreign Corrupt Practices Act and other similar legal regimes outside the United States. That is certainly a risk, particularly as companies begin to stand up the diligence procedures necessary to comply with Rule 13q-1.

The likelihood of increased FCPA activity depends on whether those Rule 13q-1 compliance efforts unearth instances of bribery or books and records issues, as well as whether companies feel eager to voluntarily disclose those potential violations under DOJ’s FCPA Pilot Program. However, other factors may limit the FCPA impact of Rule 13q-1 compliance, including:

  • The disclosure requirement effects a relatively small population of companies that are publicly-traded in the United States and engaged in the commercial development of oil, natural gas or minerals. The SEC estimates that Rule 13q-1 will directly impact 755 companies. While many of these companies will have a multinational presence, some may be involved only in resource extraction within the United States or may have few if any payments crossing the de minimis payment threshold discussed below.
  • Covered companies are required to make their first disclosure filings within 150 days after the end of their fiscal year ending on or after September 30, 2018, with some companies qualifying for a longer transition period and an additional one-year delay in reporting payments related to exploratory activities. That window provides covered companies precious time to organize their diligence processes—and to clean up their acts.
  • Rule 13q-1 sets a de minimis threshold of $100,000 before any payment or series of related payments made during a fiscal year must be disclosed, which will allow any number of significant payments to be excluded.  As it is fairly typical for FCPA enforcement actions to be grounded on a large volume of relatively small corrupt payments being made to foreign officials over a period of time, the $100,000 threshold could well be the proverbial exception that swallows the rule.
  • Corrupt payments tend, by their nature, to be concealed and difficult to identify. Although compliance with Rule 13q-1 will surely result in many improper payments being identified, some may go undetected if compliance efforts fail to thoroughly investigate the nature and intent of government payments.

We should learn soon whether this assessment is correct. Other countries, such as the UK, have enacted rules similar to Rule 13q-1, and covered companies are already required and have begun to make disclosures regarding covered payments.

EU countries and Canada will begin requiring substantively similar disclosures in the near future.

Regardless of whether FCPA enforcement activity increases because of Rule 13q-1, covered companies and companies in their supply chains need to begin preparing for other significant impacts from the rule.

In the next post, we’ll talk about steps to take to prepare for Rule 13q-1.

This post was originally published on the FCPA Blog.

Financial Institution Regulation

House Financial Services Committee Takes Aim at the CFPB

WhiliStock_000005983304-capitol-bldg2e the CFPB has been busy revamping debt collection rules, including those required by the Fair Debt Collection Practices Act (FDCPA), lawmakers are doing a bit of revamping of their own.  Earlier this month, the Financial CHOICE Act passed the House Financial Services Committee by a vote of 30-26.

Largely intended to repeal certain aspects of Dodd-Frank, the CHOICE Act also takes aim at the CFPB.  Specifically, it provides for restructuring the CFPB to achieve greater oversight and accountability and to address recent challenges to the regulator’s unbridled authority.  Proponents of the legislation, including Chairman Jeb Hensarling (R-TX), tout it as providing economic growth for all and bailouts for none.

While the proposed changes to the CFPB are numerous, highlights include:

  • Rebranding the CFPB as the “Consumer Financial Opportunity Commission” to focus not only on consumer protection, but also on market competition.
  • Replacing the current single director with a bipartisan, five-member commission, subject to congressional oversight.
  • Requiring funding from congressional appropriations rather than through transfers from the Federal Reserve as provided by Dodd-Frank.
  • Establishing an independent Inspector General for the “Commission” to deter misuse of federal funds.
  • Increasing the threshold for bank supervision from $10 billion to $50 billion in consolidated assets.
  • Providing defendants in administrative actions the right to remove cases to federal court.
  • Clarifying that Dodd-Frank’s three-year statute of limitations applies to administrative actions initiated by the Bureau.
  • Allowing recipients of civil investigative demands the right to challenge those demands in federal court.
  • Repealing indirect auto lending guidance.
  • Repealing authority to prohibit pre-dispute arbitration clauses in financial services contracts and the authority to ban products or services deemed “abusive.”

The proposed changes address a host of hot-button concerns with the CFPB’s authority and aggressive enforcement priorities, including issues raised in the closely watched case of PHH Corp v. Consumer Financial Protection BureauAs we previously reported, a central issue there is whether the CFPB’s unprecedented single-director structure is unconstitutional.  During oral arguments, a panel of the U.S. Court of Appeals for the District of Columbia, signaled concern over the CFPB’s structure.  Although a decision is expected this year, further appellate action is nearly guaranteed.

The CHOICE Act is not the only current attempt to curb the CFPB’s broad authority under Dodd-Frank.  In July, the House of Representatives approved a fiscal year 2017 appropriations bill (H.R. 5485, the Financial Services and General Government Appropriations Act) containing similar measures.  Like the CHOICE Act, the House appropriations bill would require CFPB funding through congressional appropriations and would replace the single-director leadership with a five-member Board of Directors appointed by the President.  It would also restrict the CFPB’s ability to regulate pre-dispute arbitration agreements among other limitations.

Many industry voices, as well as lawmakers, demand a check on the CFPB’s authority, as this proposed legislation makes clear.  Whether that check becomes reality, however, will likely remain a partisan battle with the presidential election looming large in the background.

Anti-Money Laundering, Compliance, Financial Institution Regulation

FinCEN Associate Director for Enforcement Delivers Remarks at Title 31 Conference, Stresses Importance of Culture of Compliance

On thThinkstockPhotos-76800277_jpge day after his appointment in August 2016, the Associate Director for Enforcement for the Financial Crimes Enforcement Network (FinCEN), Thomas Ott, addressed the National Title 31 Suspicious Activity & Risk Assessment Conference in Las Vegas, Nevada.  In his remarks, he (1) covered recent enforcement actions, (2) sought to dispel myths or misconceptions about suspicious activity reports (SARs), (3) provided context for the value to law enforcement of the Title 31 reporting information, and (4) outlined factors considered when FinCEN sets civil money penalties.  Ott is part of the new leadership of FinCEN, which lost its hard-driving Director, Jennifer Shasky Calvery, to the private sector at the beginning of the summer.  For those working in gaming compliance, Ott’s remarks were notable for several reasons, including their consistency with FinCEN’s recent messages and enforcement actions.

In addressing recent FinCEN enforcement actions, Ott emphasized the importance of creating and maintaining a culture of compliance within a financial institution.  These comments echoed FinCEN’s August 2014 guidance (FIN-2014-A007) that highlighted the importance of a strong culture of BSA/AML compliance for “senior management, leadership and owners of all financial institutions.”  According to Ott, at a minimum, a culture of compliance means the adoption and implementation of policies and procedures that are risk-based and reasonably designed to assure compliance with the BSA.  In describing the enforcement actions, Ott noted that FinCEN’s enforcement actions are intended both to remediate compliance deficiencies – particularly in financial institutions that have failed to correct identified shortcomings – and to educate regulated entities.

In explaining the value of SAR information to law enforcement, Ott set out statistics intended to demonstrate law enforcement’s reliance on reported information, even in the case of “low-dollar SARs.”  He also attempted to dispel certain myths and misconceptions about SARs.  He repeated the message of the former FinCEN Director that under the regulations “casinos are required to be aware of a customer’s source of funds under current AML requirements.”  He observed that under the BSA, casinos must have reasonably-designed procedures that use all available information to identify and report suspicious transactions, which include funds derived from illegal activity and funds or assets derived from illegal activity.  Ott stated that the SAR obligations “explicitly” require casinos to file SARs on funds “derived from illegal activity including ‘ownership, nature, source, location, or control of such funds or assets.’”

We note, however, that while the regulation he apparently cited, 31 CFR § 1021.320(a)(2)(i), does refer to the “source” of funds, that provision arguably refers to a transaction a casino knows, suspects, or has reason to suspect “is intended or conducted in order to hide or disguise funds or assets derived from illegal activity.”  A reasonable interpretation of that provision could be that unless a casino has a reason to suspect the transaction is being conducted or attempted in order to hide or disguise funds (or the source or control of those funds), the regulations do not “explicitly” require a casino to investigate a patron’s source of funds.  Of course a casino must use all available information to assess financial transactions.  And there are countless ways in which suspicion may arise that warrants discussion by casino management whether a SAR should be filed.  But FinCEN has yet to identify the affirmative regulatory obligation for a casino to investigate and determine each patron’s source of funds.

Ott also stressed that a casino cannot avoid its SAR filing obligation by claiming it has a larger appetite for risk or broader experience with unusual behavior and therefore a higher subjective standard for what constitutes suspicious activity.  Risk appetite should not drive the decision to file a SAR.   One casino may be more willing than another to permit a patron to continue gaming, but as Ott said:  “if you have a reason to suspect [illicit activity], then you are required to file.”

             Shifting to liability, Ott noted that it may attach to entities and individuals, and it may not be limited to civil money penalties.  He closed by summarizing the factors and considerations FinCEN evaluates when determining the amount of a civil monetary penalty.  These include:  (1) the nature and seriousness of violations; (2) knowledge and intent; (3) remedial measures; (4) financial condition of the financial institution or individual; (5) payments and penalties related to other enforcement actions; and (6) other factors.

The Associate Director’s remarks indicated a continuation of the overarching policies that FinCEN has followed in the past few years.  The Bank Secrecy Act and the Title 31 regulations impose compliance responsibilities upon financial institutions, which Ott recognized as requiring “significant resources.”  In recognition of these efforts, FinCEN has the stated goal of partnership.  However, a failure to comply – particularly in cases where IRS examinations have previously uncovered deficiencies – will quickly turn the partnership into a supervisory relationship, one with severe penalties and possibly more onerous obligations imposed in the form of “undertakings” than exist in the regulations.  Stated succinctly, financial institutions – including casinos and card clubs – should ensure they have appropriate resources invested in their compliance programs and periodically review the state of their program.

Compliance, Enforcement and Prosecution Policy and Trends, Financial Institution Regulation

Payment Processor Challenges CFPB’s Allegation That It Engaged in Unfair Practices

The 77006468.jpegConsumer Financial Protection Bureau’s (“CFPB”) lawsuit against payment processor Intercept Corporation remains pending, and recent briefing sheds light on what could result in broad implications for the payment processing industry and CFPB enforcement at large.

We previously reported on the CFPB’s suit against Intercept, pending in district court in North Dakota.  The CFPB alleges that Intercept violated the Consumer Financial Protection Act (“CFPA”) by engaging in unfair acts and practices.  Intercept moved to dismiss the CFPB’s complaint, and that motion is now fully briefed.  The Third Party Payment Processors Association (“TPPPA”) filed an amicus curiae brief in support of Intercept’s motion to dismiss.  The pleadings highlight concerns regarding both the scope of the CFPA and the ability of the CFPB to reach businesses that do not interact directly with consumers.

First, Intercept and the TPPPA raised the threshold issue of whether a payment processor is subject to the CFPA even though it is not consumer-facing.  To be governed by the CFPA as a “covered person,” one must engage in “offering or providing a consumer financial product or service.”  Intercept argues this requires that services be provided directly to consumers; however, Intercept provides its ACH processing services to businesses, not consumers.

This holds true for all payment processors, as pointed out in the TPPPA’s amicus brief.  Payment processors do not interface with consumers and only have scant information about the consumer.  As summed up by the TPPPA in arguing that payment processors are not “covered persons” within the meaning of the CFPA:  “Payment processors like Intercept never interact with consumers, nor do they provide payments or other financial data processing products to consumers.  Third party payment processors only provide these services for merchants and merchants are not consumers.”

Not surprisingly, the CFPB disagrees with Intercept’s and the TPPPA’s position that a person must interface directly with a consumer to be a covered person under the CFPA.  The CFPB acknowledges that the statutory language contemplates “use by consumers,” but posits that the statutory language does not differentiate between direct and indirect contact.  To reach its conclusion that covered persons can include people that interact only indirectly with consumers, the CFPB relies on rules of statutory interpretation, such as the use of the term “directly” in nearby provisions and an exemption for web-hosting companies from the definition of financial products or services for consumers.

Intercept warns that the CFPB’s interpretation of covered persons under the CFPA can have far-reaching effects if it is allowed to police companies that provide services to other businesses.  For instance, Intercept argues, the CFPB’s interpretation would extend the CFPB’s authority to consumer-facing businesses unrelated to consumer finance, such as grocery stores, hotels, veterinarians, churches, and hospitals.  This, Intercept continues, will lead to the anomalous result that payment processors would have to learn the laws relevant to each of its customers’ businesses and then monitor its customers’ interactions with consumers to ensure compliance with those laws.

Second, the TPPPA points out what it believes is a “glaring omission” in the CFPB’s claim that Intercept engaged in unfair acts and practices – the failure of the CFPB to allege that Intercept violated a National Automated Clearing House Association (“NACHA”) rule.  NACHA is the industry association that provides industry rules and guidance for ACH transactions.  The NACHA rules incorporate relevant federal rules and regulations.  The TPPPA argues that the CFPB’s omission raises due process concerns because any allegation of unfair practices must be predicated on a violation of the NACHA rules.  Otherwise, a payment processor, or any business that finds itself in the CFPB’s crosshairs, could be liable for conduct that “was not unlawful or forbidden by the rules in place at the time of the alleged conduct.”

The CFPB counters that a person need not violate industry practices or guidance in order to engage in unfair acts or practices, describing the TPPPA’s position as an “everyone else is doing it” defense that “would have the perverse effect of immunizing exactly the harmful conduct that is most widespread.”  But, the TPPPA’s concern remains, if a payment processor is acting within the confines of established rules and regulations, what stops the CFPB from effectively legislating around conduct ex post.

Finally, Intercept argues that the CFPB discovered the conduct at issue in the 2016 complaint through an FTC investigation from 2012.  Intercept provided documents to the FTC in 2012 pursuant to a subpoena, and the FTC did not pursue any action at that time.  Because the CFPB is the FTC’s successor, Intercept argues that the FTC’s knowledge is imputed to the CFPB because the two agencies share regulatory priorities.  Intercept also contends that if the rule were otherwise, the FTC and CFPB would be able to “stack” their statutes of limitations – doubling the time period in which to bring a claim – to bring claims alleging unfair acts or practices.  The CFPB denies that it has imputed knowledge of facts learned by the FTC in its earlier investigation.

If the court reaches any of the issues above, it could have far-reaching implications beyond payment processors: (1) do unfair acts and practices under the CFPA require direct interaction with consumers; (2) must unfair acts and practices claims be predicated on underlying rules violations; and (3) can other agencies’ knowledge be imputed to the CFPB to cut off the statute of limitations for bringing claims.