On October 6, 2021, Deputy Attorney General Lisa O. Monaco announced the launch of the Department of Justice’s Civil Cyber-Fraud Initiative. As Kellen Dwyer, Kim Peretti ,and Jon Knight report on the Privacy, Cyber & Data Strategy Blog, the Department plans to use civil enforcement tools to “pursue…those who are government contractors who receive federal funds, when they fail to follow required cybersecurity standards.”
Department of Justice
DOJ Trustee Program Settles with Servicers
A&B ABstract:
On December 7, the Department of Justice U.S. Trustee Program (“USTP”) announced that it has entered into agreements with three servicers to address mortgage servicing deficiencies impacting borrowers in bankruptcy.
Issues
Addressing allegations that the entities failed to comply with the Bankruptcy Code and the Federal Rules of Bankruptcy Procedure, the agreements reflect issues with the servicing of mortgages for more than 60,000 borrowers in bankruptcy dating back to 2011.
According to the USTP, the issues included application of payments, inaccurate, missing, and untimely bankruptcy filings; and delayed escrow statements. Specifically, the USTP alleges that:
- Two of the servicers failed to run annual escrow analyses for borrowers in bankruptcy;
- Two of the entities failed to accurately apply payments in bankruptcy cases;
- One servicer failed to file timely and accurate proofs of claim in bankruptcy cases; and
- All three entities failed to: (1) file timely and accurate notices of changes to mortgage payments for borrowers in bankruptcy; (2) file timely and accurate notices of fees assessed during bankruptcy cases; and (3) provide an accurate final accounting of payments made by borrowers during bankruptcy cases.
Settlement Terms
To resolve these issues, the USTP entered into memoranda of understanding with two of the servicers, and a letter of acknowledgment with the third. Altogether, the servicers will pay more than $74 million in credits and refunds; additionally, one entity will waive approximately $43 million in fees and charges.
Takeaway
While the issue of servicing mortgages for borrowers in bankruptcy received significant attention with the CFPB’s most recent revisions of the Mortgage Servicing Rules, the USTP’s settlements serve as a reminder that additional obligations arise under the Bankruptcy Code and the Federal Rules of Bankruptcy Procedures. Servicers should review their practices against the USTP’s allegations to ensure that they are compliant with all applicable provisions.
DOJ Issues Third Iteration of Its Corporate Compliance Guidance
The Department of Justice’s Criminal Division began June 2020 by issuing revisions to its Evaluation of Corporate Compliance Programs guidance. First published in 2017, and later updated in April 2019, the guidance provides insight into how the Criminal Division assesses a company’s compliance program. Further, it allows companies to proactively implement and strengthen compliance programs to align closely with the DOJ’s considerations and focuses.
The substance and tenor of the guidance remains largely unchanged from its prior versions, but the revisions continue to reflect an ongoing commitment by the DOJ to provide transparency into its compliance program policies and priorities. For example:
- The revisions demonstrate the importance of a dynamic and evolving compliance program that emphasizes well-documented internal processes and continually incorporates lessons learned and solutions to issues as they are identified.
- While the prior version included language about individual determinations in each case, the update now specifies the factors the DOJ will consider in this determination.
- The revisions focus on the need to create a culture throughout all levels of the business, not just at the top.
Notwithstanding the many disruptions the coronavirus (COVID-19) pandemic has caused to businesses, it’s clear that legal compliance and corporate accountability remain a focus within the Criminal Division.
Key Updates
While the overall tone of the guidance remains the same, the update provides additional guidance in several key areas. The following are some notable revisions or additions to the April 2019 guidance:
- Individualized assessment – the DOJ articulated some of the specific factors it will consider in making each company’s individualized compliance program assessment, including the company’s size, industry, geographic footprint, and regulatory landscape.
- Resourced and empowered program – emphasis on ensuring a company’s compliance program is adequately resourced and empowered to effectively function.
- Access to data – emphasis on ensuring that compliance and control personnel have sufficient direct or indirect access to the relevant sources of data to ensure timely and effective monitoring and testing of the company’s compliance policies and controls.
- Lessons learned – emphasis on companies having a process for tracking and continually incorporating lessons learned from the company’s own prior issues or those of other companies operating in the same industry or region.
- Reporting and training – companies should ensure employees have a forum to ask questions during training and continue to test the company’s hotline and other resources.
- Culture of compliance – companies should demonstrate a commitment to compliance at all levels of the company, not just the top, and perform due diligence of third-party partners at onboarding and throughout the duration of the relationship.
Takeaways
Without significant change, the revisions continue to provide additional insight into the DOJ’s considerations for robust compliance programs. The DOJ’s decision to expressly require compliance functions to be adequately resourced is somewhat surprising, given the financial difficulties that many companies face during the coronavirus pandemic. And what is absent is any recognition of the current challenges that have come with the pandemic and companies’ inability to spend as much as they would otherwise want to on compliance functions while struggling to stay alive. However, the evolution of the guide over the past three years demonstrates the DOJ’s willingness to listen to the business community and provide more guidance based on feedback.
As the pandemic continues, we would hope that the DOJ will provide additional guidance that further expands on how compliance should or could change based on the crisis. Nevertheless, what is clear is that the DOJ remains focused on requiring companies to “show their work” and to be able to document compliance efforts through data. The DOJ’s decision to update this guidance now emphasizes that companies should continue to prioritize compliance programs even while dealing with the ramifications of the global pandemic.