This article was originally published on Nov. 11, 2020, and has been updated.
Settlement agreements (or consent orders) are widely used to settle civil and criminal complaints targeting banks and auto lenders, as well as violators of sanctions, data security laws, the False Claims Act and the Foreign Corrupt Practices Act. Settlement agreements continue to be used to resolve enforcement actions because of their efficacy in avoiding prolonged litigation and expediting the desired resolution.
For example, the following regulatory compliance actions were taken targeting predatory lending and false statements related to health care matters.
Thirty-four state attorneys general reached a $550 million agreement with one of the nation’s largest subprime auto lenders to settle charges that it engaged in predatory lending and allegedly violated state consumer protection laws. Under the settlement, the lender is required to pay $65 million in restitution, waive loan balances ($45 million) and waive deficiency balances (approximately $433 million). Additionally, it agreed to implement changes to its lending practices to prevent the abusive and illegal practices outlined in the complaint.
Under the settlement agreement, a monitoring committee will be created to oversee this subprime auto lender’s compliance with the terms of the settlement. The lender must be able to demonstrate compliance with the terms of the settlement agreement to the monitoring committee for a period of at least three years. The monitoring committee is comprised of several of the 34 state attorneys general.
A pharmaceutical company pleaded guilty to a one-count felony for false statements relating to health care matters and agreed to pay a total of $600 million to resolve criminal and civil liability associated with the marketing of an opioid addiction treatment drug. In connection with its guilty plea, the company admitted to making false statements to promote a version of a drug to a state Medicaid program relating to its safety around children. The resolution includes a criminal fine, forfeiture and restitution totaling $289 million.
Under the civil settlement, the company agreed to pay a total of $300 million to resolve claims that the marketing of the drug caused false claims to be submitted to government health care programs. In addition to the criminal and civil resolutions, the company’s compliance with the terms of the settlement agreement will be monitored for a five-year period under the oversight of the Department of Health and Human Services Office of Inspector General (HHS-OIG).
In the example of the subprime auto lender, its pitfalls are equally applicable to any subprime consumer lender, and other auto and consumer finance companies should take notice. Regulators take action when abusive practices that violate regulatory compliance laws result in harm to consumers, and such practices are pervasive in the industry. Regulators will usually target the companies with the most egregious practices in the industry and move to the next competitor, getting the industry participants’ attention. Through this ripple effect, regulators effect changes in industry practices.
The second example of an enforcement action is for violating a federal law against knowingly making a false record or filing a false claim regarding any federal health care program, which includes any plan or program that provides health benefits directly through insurance funded by the United States government or any state health care system. These enforcement actions have resulted in settlement agreements that require companies to develop or improve their compliance and risk management programs to prevent the illegal acts or bad practices that resulted in the investigation and complaints filed against the companies.
Key compliance and risk management considerations to avoid enforcement actions
In both instances, direct competitors or companies in similar businesses face the same regulatory risks—significant fines and multiyear compliance monitoring.What can an organization, particularly ones that serve the same industries as the examples above, do to ensure the proper compliance is in place to avoid the same fate?
