3 lesson's from the department of justice's march 2015 settlement

© Iden'tyMind Global 2015

3 Lessons from the Department of Justice’s March 2015 Settlement …and how to apply them with IdentityMind


3 Lessons from the Department of Justice’s March 2015 Settlement

In early 2015, the Department of Justice reached a

$4.9M settlement with a California-based bank.

The civil and criminal resolution followed the Department’s investigation into

consumer fraud schemes facilitated by the Bank, in which a third-party payment processor, referred to as “PSP X”, processed transactions for fraudulent merchants

by withdrawing money from consumer’s bank accounts without authorization.

We’ve broken down the resolution to explore the actual charges, lessons from the enforcement, and how you can reinforce your risk program to avoid

similar scenarios.


Understanding the Department of Justice’s $4.9M Settlement

“2014 was marked by record-setting fines and precedent-setting criminal prosecutions and

enforcement actions against financial institutions for violations of BSA/AML and

sanctions laws.” - 2014 Year-End Review of BSA/AML and Sanctions Developments,

Harvard Law

With BSA penalties increasing, it’s crucial to analyze recent enforcement actions to understand what regulators are looking for, and assess the effectiveness of

your own program is comparison with recent enforcement trends.

$0

$2,000,000,000

$4,000,000,000

$6,000,000,000

$8,000,000,000

$10,000,000,000

$12,000,000,000

0

2

4

6

8

10

12

14

2010 2011 2012 2013 2014

BSA/AML Enforcements by Year

Total Number of BSA/AML Penal'es Total Amount


Summary

The March 2015 Enforcement

•  What Happened? •  Third-party PSP processed

transactions for fraudulent merchants

•  The Civil Complaint: •  Knowingly facilitated

consumer fraud

•  The Criminal Charges •  Violation of the Bank

Secrecy Act

Lessons From the Enforcement •  Identify warning signs •  File SARs and

terminate suspicious accounts

•  Integrate fraud prevention and BSA compliance

Reinforcing Your Program with IdentityMind •  Closely monitor your

clients •  Easily file SARs and

close accounts •  Integrate risk

management across fraud prevention and regulatory compliance

Learn More

http://www.identitymindglobal.com/identity-mind-global-contact?utm_campaign=American%20Banker%20Webinar&utm_medium=social&utm_source=slideshare


The Enforcement - What Happened?

From 2011 - 2013:

–  “PSP X” processed transactions for fraudulent merchants, withdrawing funds from consumer bank accounts without authorization.

–  The enforcement specifically mentioned two merchants:

•  A fraudulent telemarketing company •  A company charging for fraudulent payday loan

referral fees

–  The Bank allowed “PSP X” to process millions of dollars of unauthorized withdrawals

–  The Bank did not terminate the account until the Department of Justice sought an emergency injunction.


The Settlement In early 2015, The Department of Justice reached a civil and criminal resolution with the Bank following an investigation into consumer fraud schemes.

The Bank, “knowingly facilitated consumer fraud by permitting the payment processor to make millions of dollars of unauthorized withdrawals from consumer bank accounts on behalf of fraudulent merchants.”

- Department of Justice, Press Release 2015

The Resolution consisted of two parts:

Civil Complaint: Knowingly facilitated consumer fraud

Criminal Charges: Viola'on of the Bank Secrecy Act, specifically regarding their rela'onship with a third-‐party payment processor.


The Charges:

The Civil Complaint •  The DOJ’s civil complaint alleged that the Bank ignored clear warning signs indicating

“PSP X” and it’s merchants were defrauding consumers.

•  This follows a recent trend in which the DOJ has used fraudulent activity as the basis for BSA enforcement actions.

“In most recent cases, the DOJ has invoked FIRREA, usually in conjunction with the False Claims Act, to seek multimillion or multibillion-dollar penalties against some of the largest financial institutions in the United States.”

-  Jones Day, “ FIRREA Civil Money Penalties: The Government’s Newfound Weapon against Financial

Fraud”

What is FIRREA, Section 951 FIRREA, Section 951 is the Civil Money Penalty Provision of the Financial Institutions Reform, Recovery and Enforcement Act of 1989

•  Enacted more than 20 years ago in the wake of the savings & loan crisis

•  Recently resurrected by the DOJ as a tool to combat financial fraud, and residential mortgage fraud.

•  Unlike a criminal prosecution, where the DOJ must prove guilt, under FIRREA, the DOJ must only prove that a defendant committed one of the predicate offenses.


The Charges:

The Criminal Charges The Department of Justice charged the Bank with willful violation of the Bank Secrecy Act for it’s failure to file Suspicious Activity Reports (SARs) regarding the actions of the third-party payment processor.

Despite complaints & inquiries from other banks,

•  The Bank did not terminate the account

•  Did not file any Suspicious Activity Reports

•  Simply blocked transactions to banks who complained, while continuing to allow transactions elsewhere.

“[The Bank] not only failed to comply with its statutory obligation to notify the government of suspicious illegal activity involving consumer fraud, the bank also allowed fraudulent activity to continue through its accounts, to the detriment of the American consumer.”

- Gary Barksdale, Inspector in Charge, USPIS.


Lessons from the Enforcement

1.  Identify Warning Signs

2.  File SARs, and Terminate Suspicious Accounts

3.  Integrate Fraud Prevention and BSA Compliance

The Bank’s fine and criminal charges seem easily avoidable. However, similar situations can occur without proper oversight.


Lesson 1: Identify Warning Signs

Problem: Missed Red Flags

Complaints & inquiries from other banks •  The Bank blocked transactions to other

banks that complained, rather than investigating the account.

High rates of rejected transactions •  The Bank should have been deeply

concerned with high rates of rejected transactions long before they reached 50%.

Red flags listed by the Department of Justice included:


Lesson 1: Identify Warning Signs

Solution: Closely Monitor Your Clients

Configurable rules include: •  Limits on rates of rejected transactions across

the portfolio, or by merchant •  Alerts based on potentially suspicious

transactions - such as the widespread charges by “PSP X”

•  Ability to segment merchants by risk, and set rules according to the risk level of the group.

If regulators ask for additional information, our platform provides you with reports demonstrating your active monitoring, and risk levels across the portfolio.

Using IdentityMind, the Bank could have easily implemented automated alerts based on rates or spikes in rejected/declined transactions, as well as a variety of other factors.

IdentityMind Features


Lesson 2: File SARs, and Terminate Suspicious Accounts

Problem: Failure To File SARs, Or Terminate Accounts

Rather than closing the accounts and filing suspicious activity reports, the bank blocked transactions to banks that complained, and maintained the accounts until the Department of Justice notified the Bank it intended to seek an emergency injunction.

The DOJ cited the Bank’s failure to file SARs following complaints from other banks, and their failure to close the accounts, as willing violation of the Bank Secrecy Act.


Lesson 2: File SARs, and Terminate Suspicious Accounts Solution: Easily File SARs and Close Suspicious Accounts

Using the IdentityMind platform, the bank could have easily filed Suspicious Activity Reports with information straight from the system’s automated alerts.

Pre-populated SAR fields with information from alerts including: •  Transaction •  Name •  Business Name •  IP Address •  Location •  More The easier it is for analysts to file Suspicious Activity Reports, the easier it is to protect your institution. SARs demonstrate your institution is not willingly aiding in suspicious or fraudulent activity.



Lesson 3: Integrate Fraud Prevention and BSA Compliance Problem: Divided Fraud Prevention and Compliance

The Department of Justice has invoked FIRREA in a number of large enforcements, adding BSA Violations as secondary charges.

Since Fraud Prevention and Regulatory Compliance programs operated separately, relevant information about fraudulent activity was not considered by the compliance team.


•  IdentityMind combines risk applications to provide unprecedented control in designing and operationalizing compliance programs tailored to the needs of your institution.

•  Risk Information is leveraged across all applications- payment fraud, account fraud, Know Your Customer, sanctions screening, and AML/BSA compliance.

•  Reinforce your compliance program with fraud limits, alerts, and rules according to recent enforcement trends, or adapt your program to new risk scenarios in real-time.

Lesson 3: Integrate Fraud Prevention and BSA Compliance Solution: Integrate Risk Management across Fraud Prevention and Regulatory Compliance

1a. Risk: Alert when users of a rogue merchant are being defrauded 1b. AML: Use this information to track the attributes of these users to analyze financial crime.

2a. AML: Identify suspicious users and transactions 2b. Risk: Monitor attributes of suspicious users and make sure they aren't involved in fraud scenarios.

Using IdentityMind, risk activity would have been shared across functions, allowing the Bank’s Fraud Prevention and Compliance teams to operate in sync, recognizing and mitigating issues across payment fraud, account fraud, sanctions screening, regulatory compliance, and more, long before it became a problem.



The IdentityMind Platform

•  Our eDNA™ technology builds sophisticated payment reputations, using shared information from our diverse network of Financial Institutions, MSB’s, PSPs, Merchants, and more. This information is portrayed visually to illustrate links within the system.

•  eDNA™ transcends individual institutions to create a collaborative risk environment while protecting the privacy of all individuals involved.

IdentityMind combines risk management across applications to provide leading professionals with the capabilities they need to create cutting edge compliance programs.

Our platform also provides further visibility with our Entity Graph technology, revealing connections between entities and transactions that would otherwise be invisible.

When fraudulent transactions and suspicious activity are clearly linked to their sources, it becomes easy for a bank to investigate the situation further.


With IdentityMind, “PSP X’s” actions would have been obvious to the Bank much earlier on.

Our platform combines Fraud Prevention, AML Compliance, and Merchant Risk Monitoring to provide the complete solution banks need to comply with

recent enforcement trends.

For more information on how our solution can serve the needs of your institution, contact us today:

Request a Personalized Demo today

Automated Merchant Risk Monitoring

Integrated AML & Fraud Prevention

eDNA™ & Entity Graph Analysis

Schedule a Demo

http://www.identitymindglobal.com/identity-mind-global-contact?utm_campaign=American%20Banker%20Webinar&utm_medium=social&utm_source=slideshare