Financial Services Law

FinCEN Hits Repeat Offender with $20M Penalty

Why it matters

The $20 million civil money penalty assessed by the Financial Crimes Enforcement Network (FinCEN) against Oppenheimer & Co. is intended to send several strong messages to all types of financial services companies subject to the Bank Secrecy Act (BSA). First, FinCEN demonstrated its lack of tolerance for repeat offenders of the BSA’s various requirements, including maintenance of an adequate anti-money laundering (AML) compliance program.

Second, as noted by the FinCEN director, broker-dealers have the same money laundering risks as other types of financial institutions and “by failing to comply with their regulatory responsibilities, our financial system became vulnerable to criminal abuse.” She said “it is clear their compliance culture must change.” Finally, FinCEN demonstrated little tolerance for the failure of the company to comply with Section 311 special measures and conduct required due diligence on and notify certain foreign correspondent institutions “potentially placed the U.S. financial system at risk.”

Detailed discussion

Oppenheimer, a full-service, self-clearing broker-dealer headquartered in New York, provides brokerage and investment services to customers in the United States and internationally. Almost 10 years ago, it was fined $2.8 million by FinCEN for violations of the BSA.

This time, FinCEN alleged that Oppenheimer willfully violated the BSA over a four-year period in three ways.

First, the firm violated the BSA and its implementing regulations by conducting business without establishing and implementing adequate AML policies, procedures, and internal controls. FinCEN discovered 16 customers—some with multiple accounts—that should have raised “significant red flags” for Oppenheimer.

These customers engaged in patterns of suspicious trading of penny stocks for which no registration statement was in effect for the sale and repeatedly deposited large blocks of securities, many in paper certificate form, sold them shortly after deposit and then almost immediately transferred the proceeds out of the Oppenheimer account, the regulator said.

Other customer activities should also have alerted the firm to potential money laundering, FinCEN said, including customers that opened one or more accounts and immediately deposited large quantities of penny stocks; customers that were the subject of a disciplinary action by the SEC or FINRA as well as news reports suggesting regulatory violations; and incidents where the customer appeared to be acting as an agent for an undisclosed principal.

“Penny stocks are low-priced, generally thinly traded and highly speculative securities. Penny stocks can be highly volatile and vulnerable to manipulation by stock promoters and pump-and-dump schemes,” FinCEN said. “For these reasons, trading in such stocks presents a heightened AML risk.”

Oppenheimer’s customers engaged in activities that further heightened the risk, the regulator said, and the firm “knew, suspected, or had reason to suspect” the actions violated registration requirements and should have caused Oppenheimer to file Suspicious Activity Reports (SARs).

The firm’s compliance structure contributed to its failures by isolating each group of employees responsible for reviewing particular information. For example, the AML Group and the Surveillance Group were both within the Compliance Department, but no mechanism existed for the groups to share information.

“The information silos created by Oppenheimer’s compliance structure prevented the AML Group from receiving the information necessary to understand the full extent of Gibraltar’s activity and contributed to its failure to effectively monitor the account for suspicious activity,” FinCEN said.

Oppenheimer also violated the BSA by failing to conduct the appropriate due diligence on foreign correspondent accounts, the regulator said. Citing one example, FinCEN said the firm “took no steps to assess [Customer’s] risk as a [foreign financial institution] and further failed to conduct adequate due diligence when it opened the account,” despite designating the customer as high-risk.

Finally, the firm ran afoul of Section 311 of the USA PATRIOT Act. FinCEN imposed Special Measures under the Act against three foreign financial institutions relating to money laundering concerns over a one-year period. But Oppenheimer violated the notice requirements of the Special Measures by failing to send the required notice to the firm’s correspondents. Even when informed during a FINRA examination in 2011 of its obligations under the Act, the firm did not fully satisfy its notification requirements until 2014.

“Although no determination has been made that Oppenheimer conducted business with the foreign financial institutions of primary money laundering concern, the firm nonetheless failed to comply with the notice requirement and, in doing so, left the door open for such access to occur,” FinCEN said.

Oppenheimer admitted to the violations and the regulator determined that a $20 million penalty was appropriate, half of which was designated for the Department of the Treasury and half for the SEC, which had conducted a parallel enforcement action.

The SEC ordered Oppenheimer to cease and desist from future violations of federal securities laws and ordered a $10 million payment made up of $5,078,129 in civil penalties, $4,168,400 in disgorgement, and $753,471 in prejudgment interest.

To read FinCEN’s Assessment of Civil Money Penalty in In the Matter of Oppenheimer & Co., click here.

To read the SEC order, click here.

back to top

Subprime Credit Card Company Ordered to Pay $3M by CFPB

Why it matters

Pursuant to a consent order entered into with the Consumer Financial Protection Bureau (CFPB), Continental Finance Company must refund $2.7 million to approximately 98,000 customers and pay a $250,000 penalty to the Bureau. Continental ran afoul of the Credit Card Accountability, Responsibility, and Disclosure (CARD) Act, charging customers primarily in the subprime credit market illegal credit card fees and misrepresenting other fee information. “Continental Finance misled consumers and charged them illegal fees,” CFPB Director Richard Cordray said in a statement about the case. “These excessive fees are especially harmful because the cards were targeted to consumers with subprime credit who are often economically vulnerable.” In addition to the fines, the consent order makes Continental subject to the Bureau’s supervision for the first time. As lenders begin to expand their product offerings to credit-challenged consumers, it is important to bear in mind that the CFPB has a particular focus on protecting consumers it views as especially vulnerable.

Detailed discussion

Targeting economically vulnerable populations, Delaware-based Continental offered the Cerulean Card, the Matrix Card, and the Verve Card, all with low credit limits and high up-front fees, which the Bureau characterized as “fee-harvester credit cards.”

Between April 2012 and July 2013, Continental charged customers illegal credit card fees and misrepresented certain fees, the CFPB alleged. Promotional materials informed consumers they would only be charged a monthly paper statement fee if they “elected” paper billing, for example, but Continental automatically required some customers to pay a monthly fee of $4.95 unless they affirmatively opted out.

Some cardholder agreements stated that the security deposits provided by customers for certain cards would be “FDIC insured.” The problem: the Bureau said that up to $1.8 million in funds were not actually insured by the Federal Deposit Insurance Corporation for a nine-month period.

Continental also violated the CARD Act, the CFPB said. The statute prohibits a lender from charging customers fees in excess of 25 percent of the credit limit during their first year after opening the account. Continental products offered consumers a $300 credit limit with an up-front fee of $75—effectively maxing out the CARD Act limits. But the company continued to charge customers additional fees over the next 12 months—including the paper statement fees—in some cases reaching total fees the first year of 42 percent of the credit limit in violation of the statute, the Bureau alleged.

For the CARD Act violations as well as the deceptive statements, the CFPB ordered Continental to refund customers $2.7 million and imposed a $250,000 fine.

On top of the monetary penalties, Continental will now be subject to the CFPB’s supervision for the first time, allowing the Bureau ongoing oversight of the company, including examinations and monitoring for compliance. The company is further prohibited from engaging in illegal practices, such as violations of the CARD Act or making misrepresentations about the fees associated with Continental credit cards.

To read the consent order in In the Matter of Continental Finance Co., click here.

back to top

CFPB Takes Action Against Mortgage Lender Targeting Veterans, Imposes $2M Penalty

Why it matters

Alleged deceptive marketing by a mortgage lender to veterans was at the heart of the Consumer Financial Protection Bureau’s (CFPB) latest enforcement action. NewDay Financial, LLC, “profited from the trust that veterans place in their veteran service organization,” Bureau director Richard Cordray said in a statement. “Veterans, and any consumers getting a mortgage, deserve honest information about lender endorsements.” NewDay failed to disclose that it paid a veterans’ organization to be named its “exclusive lender” in its marketing materials, an error the CFPB said constituted a deceptive act or practice in violation of the Dodd-Frank Wall Street Reform and Consumer Protection Act. Further, because NewDay paid monthly licensing fees and lead generation fees to the organization—which encouraged members to work with the lender in direct mailings, call center referrals, and via its website—the fees were illegal kickbacks in violation of the Real Estate Settlement Procedures Act (RESPA), the Bureau said. The consent order requires the lender to pay a $2 million civil penalty and submit a compliance plan to the agency, along with other recordkeeping tasks. The CFPB includes an Office of Service Member Affairs, and products involving service members and veterans will get special scrutiny from the CFPB. The action is also a reminder that the CFPB is actively and aggressively enforcing the antikickback provisions of RESPA previously administered by HUD.

Detailed discussion

NewDay Financial’s primary business originates refinance mortgage loans guaranteed by the Veterans Benefits Administration, which are limited to service members, veterans, and their surviving spouses. To generate new customers, NewDay advertises via direct mail campaigns.

In 2010, NewDay reached a deal with a veterans’ organization to receive the right to call itself the group’s “exclusive lender.” In return, NewDay paid a $15,000 monthly licensing fee and provided “lead generation fees” to the veterans’ organization as well as the broker company that facilitated the agreement ranging from $15 to $100 per customer.

Over a three-year period between July 2011 and July 2014, NewDay sent more than 50 million mortgage solicitations by both postal mail and e-mail. In mailings targeted to members of the veterans’ organization, NewDay claimed that its “exclusive” status was based on its high standards for service and excellent value, the CFPB said.

For example, one mailer read: “[Veterans’ Organization] chose NewDay to be our exclusive Reverse Mortgage provider after spending significant time with the company’s management team and watching its loan professionals in action.”

In none of the marketing materials did NewDay disclose its financial relationship with the organization, a failure that violated Dodd-Frank’s prohibition of deceptive acts and practices, the Bureau explained.

The mailers also featured a recommendation from the organization to its members, urging them to use NewDay’s products. Coupled with the organization’s additional efforts on NewDay’s behalf, including telephone and web-based referrals, the recommendations amounted to a referral of settlement service business. Because NewDay paid the veterans’ organization for the referrals, the CFPB said the payments were illegal kickbacks under RESPA.

Pursuant to the consent order with the CFPB, NewDay terminated its relationship with the veterans’ organization and the broker company. Going forward, the lender may not enter into any business relationship involving third-party endorsements unless the deal is consistent with the Federal Trade Commission’s Guides on Testimonials and Endorsements.

Deceptive marketing related to mortgage credit products or assisting others in making misrepresentations is also prohibited and NewDay must no longer make payments for referrals. Within 60 days, the lender is required to submit a compliance plan to the Bureau to ensure that its marketing complies with all applicable federal consumer financial laws as well as the consent order.

The $2 million penalty will be paid to the CFPB’s Civil Penalty Fund.

To read the consent order in In the Matter of NewDay Financial, click here.

back to top

New York Bank Sued for Fair Housing, Lending Violations

Why it matters

New York banks are continuing to face lawsuits over alleged discriminatory lending practices. In September 2014, the state’s Attorney General, Eric T. Schneiderman, filed a “redlining” suit against Evans Bank, N.A., and its holding company, Evans Bancorp, Inc. (collectively, “Evans”), alleging that Evans systematically denied its residential mortgage lending products and services to African Americans in the Buffalo metropolitan area. The latest suit, filed by a nonprofit civil rights organization, the Fair Housing Justice Center (FHJC), alleges discriminatory lending practices against M&T Bank Corporation. The Complaint, filed in federal court on February 3, 2015, avers that FHJC hired nine testers of different racial backgrounds to visit the bank over a two-year period to inquire about obtaining a mortgage as a first-time homebuyer. The FHJC and its testers (the Plaintiffs) claim that the bank’s loan officers engaged in allegedly discriminatory lending practices such as steering testers to certain neighborhoods based on demographics and offering different loan terms and conditions based on national origin or race. The suit seeks broad injunctive relief to halt alleged violations of the Fair Housing Act and state and local human rights laws, as well as money damages.

Detailed discussion

Beginning in 2013, the FHJC launched a two-year investigation into the lending practices of M&T Bank, which the group claims is the 17th-largest commercial bank in the United States.

Based on the experiences of nine testers of different racial and ethnic backgrounds, the FHJC filed suit against the bank in the United States District Court for the Southern District of New York, alleging violations of the Fair Housing Act and the New York State and New York City Human Rights Laws.

According to the Complaint, M&T Bank “uses neighborhood racial demographics to limit the availability of one of its home mortgages, a loan product for first-time homebuyers with advantageous terms such as a lower payment.” The FHJC Complaint alleges that the bank’s loan officers promoted the bank’s first-time homebuyer program (called “Get Started”) with nonwhite testers, but discouraged white testers from applying under the program, instead recommending a conventional loan with less favorable terms. According to the Complaint, the bank intended the “Get Started” program to provide advantageous mortgage terms, such as a low down payment and the ability to finance closing costs, to borrowers in low-moderate income (LMI) areas that are part of a community revitalization effort or in neighborhoods with a majority of minority residents (i.e., greater than 50 percent). The FHJC claims that the racial aspects of the program criteria were concealed by the bank on its website and in its disclosures to first-time home buyers.

The FHJC conducted its investigation by sending female African-American, Hispanic, South Asian, and white testers to M&T Bank’s Park Avenue loan office to inquire about obtaining a mortgage to purchase a single-family home or condominium apartment. Each of the testers presented herself as married with no children and a first-time homebuyer.

While the nonwhite testers were presented with the option of applying for a mortgage through M&T’s Get Started program, limited to homes in “majority minority” neighborhoods or in LMI areas, white testers were discouraged from applying for the product, the Complaint alleged.

In one alleged instance, a loan officer told a white tester that she would need to buy a home in an area “more than 50% minority” if she wanted a loan under the Get Started program, which the loan officer “ ‘highly doubt[ed]’ [the white tester] would want to do.” Consistent with her recommendation, the loan officer allegedly provided the white tester with home price and loan amount details only for a conventional loan product, and did not offer the favorable terms of the Get Started program.

The Complaint also alleges that the bank’s loan officers applied different loan qualification standards to testers on the basis of race and ethnicity. In one such allegation, a loan officer told a Hispanic tester that she would qualify for a home price $100,000 less than that offered to a white tester, and a loan amount $125,000 less, even though the Hispanic tester had a higher annual income, more cash, and a better credit score than the white tester. In another alleged instance, a loan officer told an African-American tester that she was not yet ready to purchase a condominium or co-op because she had not saved enough, while she offered home price and loan amount details to a white tester who had reported a lower household income and cash savings amount, and encouraged the white tester to purchase immediately.

The Plaintiffs further allege that the bank used racial and ethnic criteria to steer testers toward or away from certain neighborhoods. In one such example, a loan officer allegedly encouraged an African-American tester to consider neighborhoods in Queens with a predominantly minority population, while a white tester was steered toward considering a neighborhood with less than a 5 percent African-American population.

According to the Complaint, M&T Bank’s actions violated the Fair Housing Act, New York State Human Rights Law, and the New York City Human Rights Law. The Plaintiffs seek broad injunctive relief to halt the allegedly discriminatory practices as well as money damages, including punitives.

To read the complaint in Fair Housing Justice Center v. M&T Bank Corp., click here.

back to top

SEC’s Risk Alert Offers Observations on Cybersecurity

Why it matters

Joining a growing chorus of regulators, the Securities and Exchange Commission (SEC) released two publications addressing cybersecurity: a Risk Alert based on observations from the Office of Compliance Inspections and Examinations (OCIE) of registered broker-dealers and advisers and an accompanying Investor Bulletin. The Risk Alert detailed how the examined firms handled a host of cybersecurity-related issues from policies, procedures, and oversight processes to whether they had been victims of a cyberattack. The Investor Bulletin offered suggestions on how to safeguard online investment accounts (such as picking a “strong” password and always using caution on public networks and wireless connections). The agency, which examined a cross-section of the industry for the Alert, hoped that its findings will prove beneficial to other firms. “Cybersecurity threats know no boundaries,” SEC Chair Mary Jo White said in a statement about the publications. “That’s why assessing the readiness of market participants and providing investors with information on how to better protect their online investment accounts from cyber threats has been and will continue to be an important focus of the SEC.”

Detailed discussion

In April 2014, the SEC announced a Cybersecurity Examination Initiative. Members of the OCIE examined a total of 57 registered broker-dealers and 49 registered investment advisers, selected to provide “perspectives from a cross-section of the financial services industry and to assess various firms’ vulnerability to cyber-attacks,” the SEC said.

The interviews and data collection of the selected firms focused on a range of issues related to cybersecurity. In the hopes of providing insight for the industry, the OCIE published the finding in the “Cybersecurity Examination Sweep Summary.”

According to the Risk Alert, 93 percent of broker-dealers and 83 percent of advisers have adopted written information security policies, and the majority of both groups conduct periodic audits to determine compliance with such policies. The plans themselves typically address the impact of cyberattacks or intrusions, but only a small minority (30 percent of broker-dealers and 13 percent of advisers) include provisions on how the firms determine whether they are responsible for client losses associated with cyber incidents.

Periodic risk assessments on a firmwide basis occur at the vast majority of the examined entities, although the Risk Alert noted that fewer firms (just 32 percent of the advisers) require cybersecurity risk assessments of their vendors.

A large percentage of both broker-dealers (88 percent) and advisers (74 percent) reported that they had been the subject of a cyber-related incident, either directly or through a vendor. Malware and fraudulent e-mails were the most common types of incidents. For broker-dealers, the incidents were relatively inexpensive, with no single loss in excess of $75,000 and only 26 percent reporting losses of more than $5,000. One adviser experienced a loss over $75,000 as a result of a fraudulent e-mail, the Alert noted, for which the client was made whole.

While almost two-thirds of the broker-dealers that received fraudulent e-mails reported them to the Financial Crimes Enforcement Network (FinCEN) by filing a Suspicious Activity Report, just 7 percent of those firms also reported the e-mails to other regulatory agencies or law enforcement.

More than 90 percent of all firms examined conduct firmwide inventorying, cataloguing, or mapping of technology resources, and almost all of them (98 percent of broker-dealers and 91 percent of advisers) reported using encryption in some form.

When dealing with vendors, however, the Risk Alert noted “varying findings.” Most of the broker-dealers (72 percent) said they incorporated requirements relating to cybersecurity risk into contracts with vendors and business partners while just 24 percent of advisers answered similarly. Even lower numbers—51 percent and 13 percent—told the OCIE they maintain policies and procedures related to information security training for vendors and business partners authorized to access their networks.

Many of the broker-dealers identified the Financial Services Information Sharing and Analysis Center (FS-ISAC) as a means of information sharing with regard to cybersecurity issues.

The question of cybersecurity insurance received mixed answers from the examined firms. More than half of the broker-dealers (58 percent) maintain insurance for cybersecurity incidents while only 21 percent of advisers do. Of the firms that reported the use of such insurance, just one in each category reported they had filed claims.

Noting that the agency is continuing to review the information collected during the cybersecurity examinations “to discern correlations between the examined firms’ preparedness and controls and their size, complexity, or other characteristics,” the SEC reminded the industry that the OCIE “will continue to focus on cybersecurity using risk-based examinations.”

The accompanying Investor Bulletin made suggestions for investors on how to safeguard online investment accounts, such as picking a “strong” password, using two-step verification when possible, avoid clicking on questionable links, and always using caution when on public networks and wireless connections.

Checking statements for discrepancies or inaccurate information is also important, the SEC said, and if an investor finds any mistakes or unauthorized transactions, he or she should contact his or her brokerage firm in writing immediately.

To read the SEC’s Risk Alert, click here.

To read the Investor Bulletin, click here.

back to top