NEW YORK — The New York State Department of Financial Services (NYDFS) submitted last week a final consent judgment to settle its lawsuit against Condor Capital Corporation, a subprime auto lender based in Long Island, and its sole shareholder, Stephen Baron.

Among other violations, the defendants deceptively retained millions of dollars owed to vulnerable borrowers and overcharged them for interest in violation of the Truth in Lending Act, the agency's press release stated.

Under the terms of the final consent judgment, Condor Capital and Baron will make full restitution plus 9% interest to all aggrieved customers nationwide (an estimated $8-9 million), pay a $3 million penalty, and admit violations of New York and federal law. Following a sale of its remaining loans, Condor Capital will surrender its licenses in all states.

The lawsuit against Condor Capital and Baron was the first legal action initiated by a state regulator under section 1042 of the federal Dodd-Frank Wall Street Reform and Consumer Protection Act, which empowers state regulators to bring civil actions in federal court for violations of Dodd-Frank’s consumer protection requirements.

“We will not tolerate companies that abuse New Yorkers and other customers — particularly vulnerable subprime borrowers who can least afford it,” said Benjamin M. Lawsky, superintendent of Financial Services. “This case demonstrates that the Dodd-Frank Act provides a powerful new tool for state regulators to pursue wrongdoing and obtain restitution for consumers who were abused. We hope other regulators across the country will consider taking similar actions when warranted.”

The department filed a complaint and obtained a temporary restraining order against Condor Capital and Baron on April 23. The court granted the department’s motion for a preliminary injunction and appointed a receiver on May 13. The receiver will remain in place until Condor’s loan portfolio is sold, the penalty and restitution are paid, and Condor has surrendered all of its licenses. To date, the receiver has paid more than $5 million in restitution.

As part of the final consent judgment, Condor admitted to violations of the Dodd-Frank Act, the Truth in Lending Act, the New York Banking Law, and the New York Financial Services Law. Baron admitted to violating Dodd-Frank Act by providing substantial assistance to Condor’s law violations.

Condor Capital concealed from its customers and the department the fact that thousands of its customers had refundable positive credit balances (i.e., money owed by Condor to a customer as a result of an overpayment of the customer’s account). Condor retained these positive credit balances for itself and maintained a policy of failing to refund positive credit balances except when expressly requested by a customer.

Furthermore, Condor programmed its website to terminate customers’ access to their account information once their loans were terminated, even if the customers had positive credit balances in their accounts. In addition, Condor represented to the New York State Comptroller that it had no unclaimed property when in fact Condor was required to report its customers’ positive credit balances to the Comptroller.

Condor Capital also violated the Truth in Lending Act by calculating the interest it charged its customers based on a 360-day year and applying the resulting daily interest rate to its customers’ loan accounts each of the 365 days during the year. This practice resulted in a difference in its customers’ APR in excess of the one-eighth of one percent tolerance permitted under the Truth in Lending Act. After being informed by regulators that this practice violated the Truth in Lending Act, Condor attempted on multiple occasions to add an additional one-eighth of one percent interest back to customers’ accounts.

Condor also endangered the security of its customers’ personally identifiable information. Among other information security lapses, Condor left stacks of hard-copy customer loan files lying openly around the common areas of Condor’s offices. Condor also failed — despite repeated directives from the department — to adopt basic policies, procedures, and controls to ensure that its information technology systems (and the customer data they contain) were secure. The final consent judgment submitted to the court requires Condor’s CEO to pay damages to any customer who the department determines suffered identity theft as a result of Condor’s mishandling of their private information.