CFTC enforcement stance leads regulatory roundup

CFTC updates its enforcement guide, bank regulators update fair lending rules, 48-state settlement over computer error.

At an event at New York University Law School last week, Commodity Futures Trading Commission (CFTC) Enforcement Director Ian McGinley said his agency intends to push for heavier fines, particularly on repeat offenders, and will increasingly eschew settlements that allow firms to avoid admitting fault, as we reported last week.

The CFTC, which polices derivatives markets, will crack down in particular on repeat offenders, and it instructed its enforcement staff accordingly. Recidivist firms can expect to see monitors put in place to oversee compliance as part of their settlements, the memo said.

The use of what are known as no-admit, no-deny settlements will also be dialed back as well, and the goal behind the deliberate shift is to deter misconduct by making it more costly for firms that violate the law.

“Companies must be more diligent when handling consumers’ data and payment information to not cause worry and panic among consumers.”

Letitia James, New York Attorney General

McGinley said that in the most recent fiscal year the CFTC filed 96 enforcement actions and secured orders requiring targets to pay $4.3 billion, with recent lawsuits being ones against FTX and Binance.

As with the Justice Department’s cooperation policies – which have gone through several updates over the years – the CFTC acknowledges that investigating corporate crime relies heavily on businesses reporting their own wrongdoing and cooperating with the government, and the CFTC intends to preserve the incentives that motivate firms to supply such assistance.

Firms that come forward to self-report and cooperate will likely receive a reduced penalty, and are less likely to have a monitor imposed as part of a settlement, McGinley said in his prepared remarks. Settling firms typically work to avoid the imposition of a monitor, which is often seen as costly and intrusive. And although the focus will be on firms that have been involved in repeated wrongdoing, the analysis of what constitutes a repeat offender will be nuanced, McGinley said.

New bank rules modernize fair lending standards

US banking regulators have adopted new rules to modernize fair lending standards under the Community Reinvestment Act (CRA) for banks, requiring them to take into account more than their physical presence to ensure they are adequately servicing communities.

The final rule was issued by the Federal Reserve Board, the Federal Deposit Insurance Corporation, and the Office of the Comptroller of the Currency. It concludes a multiyear effort by regulators to rewrite regulations that had been in place since 1995, and would expand areas where banks can be graded beyond just where they are physically located to include parts of the country where they engage in significant mortgage and small business lending.

The changes reflect the rise of online banking and the reduced role physical branches play in providing services to consumers. Under the final rule, the agencies will evaluate bank performance across the varied activities they conduct and communities in which they operate so the CRA continues to be an effective tool to address inequities in access to credit and financial services.

There is also a new metrics-based approach to evaluating bank retail lending and community development financing, using benchmarks based on peer and demographic data, and the agencies plan to develop data tools using reported loan data that give banks and the public insight into how the banks are performing.

ACI Worldwide settles with 48 states

Payment processor ACI Worldwide agreed to pay $20m to settle allegations a 2021 computer testing error resulted in its inadvertently withdrawing more than $2 billion from the accounts of mortgage holders.

A multistate investigation determined the unauthorized withdrawals through ACI’s Speedpay payment-processing technology were made as a result of “significant defects in ACI’s privacy and data security procedures and technical infrastructure,” said the New York Attorney General’s Office, which participated in the settlement alongside attorneys general in 48 states, the District of Columbia and Puerto Rico. 

As part of the $20m, ACI is paying an additional $10m in a settlement with a group of 44 state regulators, led by Arkansas, Connecticut, Maryland and Texas. The company’s ACI Payments unit is a money-services business licensed in nearly all states, according to the Conference of State Bank Supervisors, the national organization of bank regulators.

“Hundreds of thousands of homeowners nationwide and thousands of New Yorkers had money wrongfully withdrawn from their accounts because of ACI’s failure,” said Attorney General Letitia James. “Companies must be more diligent when handling consumers’ data and payment information to not cause worry and panic among consumers. I thank my fellow attorneys general for their partnership to hold ACI accountable for the harm and stress it caused homeowners.” 

“Firms that come forward to self-report and cooperate will likely receive a reduced penalty, and are less likely to have a monitor imposed as part of a settlement.”

Ian McGinley, head of enforcement, CFTC

ACI Payments, a subsidiary of ACI Worldwide Corp, is a payment processor for a variety of third-party clients, including mortgage servicers. Nationstar Mortgage, known publicly as Mr Cooper, offered ACI’s Speedpay product to its customers so they could schedule and electronically pay their monthly mortgage payments through the Automated Clearing House system. On April 23, 2021, ACI was testing the Speedpay platform when it erroneously submitted live Mr Cooper consumer data into the clearing house system.

This resulted in ACI erroneously attempting to withdraw mortgage payments from hundreds of thousands of Mr. Cooper customers on a day that was not authorized or expected. In many cases, consumers were subjected to the attempted withdrawal of multiple mortgage payments from their personal bank accounts. While the vast majority of withdrawals did not ultimately go through or were reversed, 1.4 million transactions totaling $2.3 billion were processed, affecting 477,000 Mr. Cooper customers.

While ACI took corrective steps to minimize the impact of the testing error, in some cases consumers were not able to access their money and were forced to incur overdraft or insufficient funds fees.

Affected consumers have received full restitution from ACI and through other related settlements, as the state authorities and ACI note in their related press releases.

The multi-state settlement requires ACI to take steps to avoid any future incidents, including requiring ACI to use artificially created data rather than real consumer data when testing systems or software, and requiring ACI to segregate any testing or development work from its consumer payment systems.