3 Lesson's from the Department of Justice's March 2015 Settlement
-
Upload
geo-coelho -
Category
Business
-
view
580 -
download
1
Transcript of 3 Lesson's from the Department of Justice's March 2015 Settlement
© Iden'tyMind Global 2015
3 Lessons from the Department of Justice’s March 2015 Settlement …and how to apply them with IdentityMind
© Iden'tyMind Global 2015
3 Lessons from the Department of Justice’s March 2015 Settlement
In early 2015, the Department of Justice reached a
$4.9M settlement with a California-based bank.
The civil and criminal resolution followed the Department’s investigation into
consumer fraud schemes facilitated by the Bank, in which a third-party payment processor, referred to as “PSP X”, processed transactions for fraudulent merchants
by withdrawing money from consumer’s bank accounts without authorization.
We’ve broken down the resolution to explore the actual charges, lessons from the enforcement, and how you can reinforce your risk program to avoid
similar scenarios.
© Iden'tyMind Global 2015
Understanding the Department of Justice’s $4.9M Settlement
“2014 was marked by record-setting fines and precedent-setting criminal prosecutions and
enforcement actions against financial institutions for violations of BSA/AML and
sanctions laws.” - 2014 Year-End Review of BSA/AML and Sanctions Developments,
Harvard Law
With BSA penalties increasing, it’s crucial to analyze recent enforcement actions to understand what regulators are looking for, and assess the effectiveness of
your own program is comparison with recent enforcement trends.
$0
$2,000,000,000
$4,000,000,000
$6,000,000,000
$8,000,000,000
$10,000,000,000
$12,000,000,000
0
2
4
6
8
10
12
14
2010 2011 2012 2013 2014
BSA/AML Enforcements by Year
Total Number of BSA/AML Penal'es Total Amount
© Iden'tyMind Global 2015
Summary
The March 2015 Enforcement
• What Happened? • Third-party PSP processed
transactions for fraudulent merchants
• The Civil Complaint: • Knowingly facilitated
consumer fraud
• The Criminal Charges • Violation of the Bank
Secrecy Act
Lessons From the Enforcement • Identify warning signs • File SARs and
terminate suspicious accounts
• Integrate fraud prevention and BSA compliance
Reinforcing Your Program with IdentityMind • Closely monitor your
clients • Easily file SARs and
close accounts • Integrate risk
management across fraud prevention and regulatory compliance
Learn More
© Iden'tyMind Global 2015
The Enforcement - What Happened?
From 2011 - 2013:
– “PSP X” processed transactions for fraudulent merchants, withdrawing funds from consumer bank accounts without authorization.
– The enforcement specifically mentioned two merchants:
• A fraudulent telemarketing company • A company charging for fraudulent payday loan
referral fees
– The Bank allowed “PSP X” to process millions of dollars of unauthorized withdrawals
– The Bank did not terminate the account until the Department of Justice sought an emergency injunction.
© Iden'tyMind Global 2015
The Settlement In early 2015, The Department of Justice reached a civil and criminal resolution with the Bank following an investigation into consumer fraud schemes.
The Bank, “knowingly facilitated consumer fraud by permitting the payment processor to make millions of dollars of unauthorized withdrawals from consumer bank accounts on behalf of fraudulent merchants.”
- Department of Justice, Press Release 2015
The Resolution consisted of two parts:
Civil Complaint: Knowingly facilitated consumer fraud
Criminal Charges: Viola'on of the Bank Secrecy Act, specifically regarding their rela'onship with a third-‐party payment processor.
© Iden'tyMind Global 2015
The Charges:
The Civil Complaint • The DOJ’s civil complaint alleged that the Bank ignored clear warning signs indicating
“PSP X” and it’s merchants were defrauding consumers.
• This follows a recent trend in which the DOJ has used fraudulent activity as the basis for BSA enforcement actions.
“In most recent cases, the DOJ has invoked FIRREA, usually in conjunction with the False Claims Act, to seek multimillion or multibillion-dollar penalties against some of the largest financial institutions in the United States.”
- Jones Day, “ FIRREA Civil Money Penalties: The Government’s Newfound Weapon against Financial
Fraud”
What is FIRREA, Section 951 FIRREA, Section 951 is the Civil Money Penalty Provision of the Financial Institutions Reform, Recovery and Enforcement Act of 1989
• Enacted more than 20 years ago in the wake of the savings & loan crisis
• Recently resurrected by the DOJ as a tool to combat financial fraud, and residential mortgage fraud.
• Unlike a criminal prosecution, where the DOJ must prove guilt, under FIRREA, the DOJ must only prove that a defendant committed one of the predicate offenses.
© Iden'tyMind Global 2015
The Charges:
The Criminal Charges The Department of Justice charged the Bank with willful violation of the Bank Secrecy Act for it’s failure to file Suspicious Activity Reports (SARs) regarding the actions of the third-party payment processor.
Despite complaints & inquiries from other banks,
• The Bank did not terminate the account
• Did not file any Suspicious Activity Reports
• Simply blocked transactions to banks who complained, while continuing to allow transactions elsewhere.
“[The Bank] not only failed to comply with its statutory obligation to notify the government of suspicious illegal activity involving consumer fraud, the bank also allowed fraudulent activity to continue through its accounts, to the detriment of the American consumer.”
- Gary Barksdale, Inspector in Charge, USPIS.
© Iden'tyMind Global 2015
Lessons from the Enforcement
1. Identify Warning Signs
2. File SARs, and Terminate Suspicious Accounts
3. Integrate Fraud Prevention and BSA Compliance
The Bank’s fine and criminal charges seem easily avoidable. However, similar situations can occur without proper oversight.
© Iden'tyMind Global 2015
Lesson 1: Identify Warning Signs
Problem: Missed Red Flags
Complaints & inquiries from other banks • The Bank blocked transactions to other
banks that complained, rather than investigating the account.
High rates of rejected transactions • The Bank should have been deeply
concerned with high rates of rejected transactions long before they reached 50%.
Red flags listed by the Department of Justice included:
© Iden'tyMind Global 2015
Lesson 1: Identify Warning Signs
Solution: Closely Monitor Your Clients
Configurable rules include: • Limits on rates of rejected transactions across
the portfolio, or by merchant • Alerts based on potentially suspicious
transactions - such as the widespread charges by “PSP X”
• Ability to segment merchants by risk, and set rules according to the risk level of the group.
If regulators ask for additional information, our platform provides you with reports demonstrating your active monitoring, and risk levels across the portfolio.
Using IdentityMind, the Bank could have easily implemented automated alerts based on rates or spikes in rejected/declined transactions, as well as a variety of other factors.
IdentityMind Features
© Iden'tyMind Global 2015
Lesson 2: File SARs, and Terminate Suspicious Accounts
Problem: Failure To File SARs, Or Terminate Accounts
Rather than closing the accounts and filing suspicious activity reports, the bank blocked transactions to banks that complained, and maintained the accounts until the Department of Justice notified the Bank it intended to seek an emergency injunction.
The DOJ cited the Bank’s failure to file SARs following complaints from other banks, and their failure to close the accounts, as willing violation of the Bank Secrecy Act.
© Iden'tyMind Global 2015
Lesson 2: File SARs, and Terminate Suspicious Accounts Solution: Easily File SARs and Close Suspicious Accounts
Using the IdentityMind platform, the bank could have easily filed Suspicious Activity Reports with information straight from the system’s automated alerts.
Pre-populated SAR fields with information from alerts including: • Transaction • Name • Business Name • IP Address • Location • More The easier it is for analysts to file Suspicious Activity Reports, the easier it is to protect your institution. SARs demonstrate your institution is not willingly aiding in suspicious or fraudulent activity.
IdentityMind Features
© Iden'tyMind Global 2015
Lesson 3: Integrate Fraud Prevention and BSA Compliance Problem: Divided Fraud Prevention and Compliance
The Department of Justice has invoked FIRREA in a number of large enforcements, adding BSA Violations as secondary charges.
Since Fraud Prevention and Regulatory Compliance programs operated separately, relevant information about fraudulent activity was not considered by the compliance team.
© Iden'tyMind Global 2015
• IdentityMind combines risk applications to provide unprecedented control in designing and operationalizing compliance programs tailored to the needs of your institution.
• Risk Information is leveraged across all applications- payment fraud, account fraud, Know Your Customer, sanctions screening, and AML/BSA compliance.
• Reinforce your compliance program with fraud limits, alerts, and rules according to recent enforcement trends, or adapt your program to new risk scenarios in real-time.
Lesson 3: Integrate Fraud Prevention and BSA Compliance Solution: Integrate Risk Management across Fraud Prevention and Regulatory Compliance
1a. Risk: Alert when users of a rogue merchant are being defrauded 1b. AML: Use this information to track the attributes of these users to analyze financial crime.
2a. AML: Identify suspicious users and transactions 2b. Risk: Monitor attributes of suspicious users and make sure they aren't involved in fraud scenarios.
Using IdentityMind, risk activity would have been shared across functions, allowing the Bank’s Fraud Prevention and Compliance teams to operate in sync, recognizing and mitigating issues across payment fraud, account fraud, sanctions screening, regulatory compliance, and more, long before it became a problem.
IdentityMind Features
© Iden'tyMind Global 2015
The IdentityMind Platform
• Our eDNA™ technology builds sophisticated payment reputations, using shared information from our diverse network of Financial Institutions, MSB’s, PSPs, Merchants, and more. This information is portrayed visually to illustrate links within the system.
• eDNA™ transcends individual institutions to create a collaborative risk environment while protecting the privacy of all individuals involved.
IdentityMind combines risk management across applications to provide leading professionals with the capabilities they need to create cutting edge compliance programs.
Our platform also provides further visibility with our Entity Graph technology, revealing connections between entities and transactions that would otherwise be invisible.
When fraudulent transactions and suspicious activity are clearly linked to their sources, it becomes easy for a bank to investigate the situation further.
© Iden'tyMind Global 2015
With IdentityMind, “PSP X’s” actions would have been obvious to the Bank much earlier on.
Our platform combines Fraud Prevention, AML Compliance, and Merchant Risk Monitoring to provide the complete solution banks need to comply with
recent enforcement trends.
For more information on how our solution can serve the needs of your institution, contact us today:
Request a Personalized Demo today
Automated Merchant Risk Monitoring
Integrated AML & Fraud Prevention
eDNA™ & Entity Graph Analysis
Schedule a Demo