On March 12, 2015, the Justice Department announced a settlement with a regional bank over allegations that the bank violated FIRREA by permitting an intermediary third-party payment processor to process fraudulent payments through the bank. The payment processor opened an account at the bank for the purpose of processing electronic check transactions on behalf of fraudulent businesses. The fraudulent businesses obtained consumers’ bank account and routing numbers, and charged consumers for purchases they did not make. The payment processor and the bank allegedly knew the transactions were fraudulent, but permitted the processors to collect the payments anyway, generating significant fee income for both the bank and the third-party payment processors. Because of the third-party payment processors’ conduct, the complaint alleges that consumers experienced an abnormally high rate of rejected transactions. Although the monies were eventually returned to consumers that complained, allegedly, the consumers had to wait for upwards of weeks before receiving their money, and only then, if the consumers signed affidavits under penalty of perjury stating that the transactions were fraudulent. The complaint alleges that the bank’s chief compliance officer raised concerns about red flags of fraud with these payment processors, but those concerns were brushed aside by the bank’s chief operating officer, who was one of two corporate officials who also were part-owners of the third-party payment processor.
The settlement and proposed consent decree, which is subject to court approval, requires the bank to pay a $1 million civil penalty and forfeit $225,000 to the U.S. Postal Inspection Service’s Consumer Fraud Fund as proceeds of the bank’s conduct. The bank is prohibited from providing bank accounts or banking services to any third-party process unless the third-party process is (i) licensed as a money transmitter in the state or the third-party processor has provided evidence from the state licensing authorities that no state licensing is required; and (ii) registered with the Financial Crimes Enforcement Network (FinCen) of the U.S. Department of Treasury as a “Money Services Business” or has provided proof from FinCen that no registration is required. The bank is also required to implement policies designed to detect fraud by third-party payment processors including prohibiting the bank from delegating to the third party payment processor responsibility to conduct due diligence, implement new policies to monitor potential conflicts of interest, and is subject to on-going monitoring.