On March 10, 2015, the Justice Department announced a settlement with a regional bank over allegations that the bank permitted a third-party payment processor to process fraudulent payments through the bank. As part of the settlement, the DOJ filed a criminal information alleging a felony violation of the Bank Secrecy Act for failing fo file supsicious activity reports and a civil complaint alleging violations of FIRREA before the U.S. District Court for the District of California in connection with the bank’s relationship with a third-party payment processor. The payment processor allegedly opened an account at the bank for the purpose of processing electronic check transactions on behalf of fraudulent businesses. The fraudulent businesses allegedly obtained consumers’ bank account and routing numbers and charged consumers for purchases they did not make. The payment processor and the bank allegedly knew the transactions were fraudulent, but permitted the processors to collect the payments anyway, generating significant fee income for both the bank and the third-party payment processors. Because of the third-party payment processors’ conduct, the complaint alleges that consumers experienced an abnormally high rate of rejected transactions. Although the monies were eventually returned to consumers that complained, allegedly, the consumers had to wait for upwards of weeks before receiving their money, and only then, if the consumers signed affidavits under penalty of perjury stating that the transactions were fraudulent. The complaint alleges that the bank ignored explicit red flags of possible fraudulent conduct by the third-party payment processors.
As part of a deferred prosecution agreement, the bank settled the criminal complaint by agreeing to admit wrongdoing, giving up any claim to the $2.9 million seized from the payment processor’s account and agreeing to cooperate fully in other civil or criminal investigations. The bank settled the civil complaint by paying $1 million in civil penalties to the U.S. treasury and forfeiting $1 million to the U.S. Postal Inspection Service’s Consumer Fraud Fund as proceds for the Bank’s conduct. The bank is prohibited from providing bank accounts or banking services to any third-party process unless the third-party process is (i) licensed as a money transmitter in the state or the third-party processor has provided evience from the state licensing authorities that no state licensing is required; and (ii) registered with the Financial Crimes Enforcement Network (FinCen) of the U.S. Department of Treasury as a “Money Services Business” or has provided proof from FinCen that no registration is required. The bank is also required to implement policies designed to detect fraud by third-party payment processors including prohibiting the bank from delegating to the third party payment processor responsiblity to conduct due diligence, implement new policies to monitor potential conflicts of interest, and is subject to on-going monitoring.