Top Story Operations Related

The Federal Trade Commission has reported it will require web hosting company GoDaddy Inc and GoDaddy.com, LLC to implement a robust information security program to settle charges that the company failed to secure its website-hosting services against attacks that could harm its customers and visitors to the customers’ websites.

The FTC alleges in its complaint that, since 2018, GoDaddy has failed to implement reasonable and appropriate security measures to protect and monitor its website-hosting environments for security threats, and misled customers about the extent of its data security protections on its website hosting services. GoDaddy’s unreasonable security practices include failing to: inventory and manage assets and software updates; assess risks to its shared hosting services; adequately log and monitor security-related events in the hosting environment; and segment its shared hosting from less-secure environments, according to the complaint. The Commission says that GoDaddy’s data-security failures resulted in several major security breaches between 2019 and 2022 in which bad actors gained unauthorized access to customers’ websites and data.

In its proposed settlement order, the FTC will:

The Pennsylvania Department of Banking and Securities (DOBS) yesterday announced that it has joined 47 other state financial regulatory agencies in coordinated action against Block, Inc., owner of the CashApp mobile payment service, for violations of the Bank Secrecy Act (BSA) and anti-money laundering (AML) laws which are designed to protect the financial system from illicit activity. The enforcement action includes a multistate settlement in which Block has agreed to pay an $80 million penalty, with approximately $1.6 million allocated to each of the 48 participating state regulators. State regulators found that Block failed to meet certain requirements, which created the potential for its services to be exploited for money laundering, terrorism financing, and other illegal activities.

As part of the settlement, Block will hire an independent consultant to assess the effectiveness of its BSA/AML program and provide a report to the states within nine months. Block will then have 12 months to correct any deficiencies identified in the review. The enforcement effort, led by state regulators in Arkansas, California, Massachusetts, Florida, Maine, Texas, and Washington, was coordinated with Block’s cooperation throughout the process.

OFAC has posted a Notice of Recent Actions, including President Biden's signing of two Executive Orders, "Taking Additional Steps with Respect to the Situation in Syria" and "Strengthening and Promoting Innovation in the Nation's Cybersecurity"; North Korea and Sudan designations, a Russia-related designation removal; and a Settlement Agreement between OFAC and Family International Realty LLC and an individual.

Settlement:
OFAC entered into a $1,076,923 settlement with a Miami, Florida-based natural U.S. person and their real estate company Family International Realty LLC regarding their potential civil liability for apparent violations of OFAC's Ukraine-/Russia-related sanctions. Between 2018 and 2023, Family International Realty and its owner engaged in a willful scheme to evade OFAC sanctions by concealing the property interest of two sanctioned Russian oligarchs in luxury condominiums and profiting from the rental and sale of the properties, thereby committing 73 apparent violations of Executive Order 13685. The settlement amount reflects OFAC's determination that the conduct at issue was egregious and was not voluntarily self-disclosed. For more information, see OFAC's Enforcement Release.

The Notice also included additions of four individuals and five entities to OFAC's SDN List, and one deletion. Refer to the Notice for these details.

The Treasury Department has reported it prevented and recovered more than $31 million in fraud and improper payments during a five-month pilot with the Social Security Administration’s (SSA) Full Death Master File. Treasury Fiscal Assistant Secretary David Lebryk said "Congress granting permanent access to the Full Death Master File will significantly reduce fraud, improve program integrity, and better safeguard taxpayer dollars." Congress gave Treasury temporary access to the Full Death Master File for a period of three years, through December 2026.

SSA maintains the most complete federal database of individuals who are reported to have died. The Full Death Master File contains more than 142 million records, with records going back to 1899

UPDATE: The CFPB dropped this lawsuit in late February 2025.

The CFPB has reported it has sued Capital One, N.A., and its parent holding company, Capital One Financial Corp., for allegedly cheating millions of consumers out of more than $2 billion in interest.

The CFPB alleges that Capital One schemed to keep 360 Savings accountholders in their lower-yielding accounts by obscuring 360 Performance Savings’ existence as a distinct product with a higher rate from 360 Savings accountholders. For example, Capital One named and marketed the two products similarly; it eliminated nearly all references to the 360 Savings account product on its website and replaced them with references to the essentially identical 360 Performance Savings account, without notice that 360 Savings continued to exist as a distinct product; it excluded 360 Savings accountholders from a marketing campaign advertising 360 Performance Savings to Capital One’s other existing customers; and it forbade its employees from proactively telling 360 Savings accountholders about 360 Performance Savings.

The Bureau alleges that by misrepresenting the interest rate for the 360 Savings product, Capital One violated the Consumer Financial Protection Act of 2010’s (CFPA) prohibition on deceptive acts and practices; and Capital One, N.A. violated the Truth in Savings Act and Regulation DD. The Bureau also alleges that Capital One violated the CFPA’s prohibition on deceptive acts and practices by misrepresenting that 360 Savings was and would be its only high-interest savings product and the CFPA’s prohibition on abusive acts and practices by taking unreasonable advantage of 360 Savings account holders’ lack of understanding of the material risks and costs of the 360 Savings product. The Bureau seeks, among other things, injunctive relief to prevent future violations and monetary relief in the form of redress to consumers and the imposition of civil money penalties.

• CFPB's Complaint

The OCC yesterday announced enforcement actions against three former senior executives of Wells Fargo Bank, N.A., Sioux Falls, South Dakota. The actions were taken in response to the former executives’ unsafe or unsound banking practices related to the bank’s systemic and widespread sales practices misconduct.

The enforcement actions are described in two written decisions issued by Acting Comptroller of the Currency Michael J. Hsu, covering Claudia Russ Anderson and jointly covering David Julian and Paul McLinko.

• The decision covering Ms. Anderson found that from 2013 to 2016, she failed to credibly challenge the bank’s incentive compensation program, failed to institute effective controls to manage risks posed by sales practices misconduct, failed to escalate known or obvious risks, and repeatedly and consistently downplayed the sales practices misconduct. The decision also noted that Ms. Anderson committed violations of law by failing to provide information or providing false, incomplete, or misleading information to the OCC during its 2015 examinations. Ms. Anderson was issued an order of prohibition and assessment of a $10 million civil money penalty.
• The decision against Mr. Julian and Mr. McLinko resulted in personal cease and desist orders and assessments of civil money penalties of $7 million and $1.5 million, respectively. Julian and McLinko were found to have failed to plan and manage audit activity that would detect and document sales practices misconduct and failed to adequately escalate the sales practices misconduct. Mr. McLinko also failed to maintain professional independence from the Community Bank, the bank’s largest business line that housed the retail branches.

The Federal Reserve Board, FDIC, OCC, NCUA and the California Department of Financial Protection and Innovation have issued a statement that they recognize the serious impact of the California wildfires and straight-line winds on the customers and operations of many financial institutions and will provide appropriate regulatory assistance to affected institutions subject to their supervision. The agencies encourage institutions operating in the affected areas to meet the financial services needs of their communities.

The statement addresses the subjects of temporary facilities, publishing requirements, regulatory reporting requirements, the Community Reinvestment Act, and investments, and provides links to the Interagency Supervisory Examiner Guidance for Institutions Affected by a Major Disaster.

The Federal Reserve Board has published in today's Federal Register amendments to Regulations A and D to change interest rates paid to the Fed for primary and secondary credit (Reg A) and revise the rate of interest paid on reserve balances maintained at Reserve Banks by or on behalf of eligible institutions (Reg D). The amendments reflect reductions in rates approved by the Fed and the Federal Open Market Committee that were announced in December.

• Regulation A (Extensions of Credit by Federal Reserve Banks) — Amendment published at 90 FR 3614
• Regulation D (Reserve Requirements of Depository Institutions) — Amendment published at 90 FR 3615

Both amendments are effective January 15, 2025, and applicable on December 19, 2024.

The CFPB has published [90 FR 3566] in today's Federal Register a proposed rule and request for comment that would add new Part 1027 (Prohibited Terms and Conditions in Agreements for Consumer Financial Products or Services - Regulation AA) to Title X of the Code of Federal Regulations.

The proposal would prohibit covered persons from including in their contracts any provisions purporting to waive substantive consumer legal rights and protections (or their remedies) granted by state or federal law. The proposal would also prohibit contract terms that limit free expression, including with threats of account closure, fines, or breach of contract claims, as well as other contract terms. The proposal would also codify certain longstanding prohibitions under the Federal Trade Commission’s (FTC) Credit Practices Rule.

Comments will be accepted through April 1, 2025.

The CFPB has published [90 FR 3044] in today's Federal Register the withdrawal of its proposed rule to prohibit banks and other financial institutions from charging certain nonsufficient funds (NSF) fees, such as those for declined debit card purchases, ATM withdrawals, and some person-to-person payments. The Federal Register notice indicates that the CFPB will determine whether a more comprehensive approach to also prohibit NSF fees charged for additional types of transactions will better protect consumers from potentially unlawful fees.

The withdrawn proposal was originally published at 89 FR 6031 on January 31, 2024.