InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Eighth Circuit Holds Bank That Complied With Reasonable Security Procedures Not Responsible For Loss Of Funds From Fraudulent Payment
On June 11, the U.S. Court of Appeals for the Eighth Circuit held that under the Uniform Commercial Code a bank that complied with commercially reasonable security measures was not responsible for a customer’s loss resulting from a fraudulent payment. Choice Escrow & Land Title, LLC v. BancorpSouth Bank, No. 13-1879, 2014 WL 2598764 (8th Cir. Jun. 11, 2014). The customer sued the bank claiming that a $440,000 wire transfer from its account through the bank’s internet wire transfer system was fraudulently initiated by a third-party. The court explained that Article 4A of the Uniform Commercial Code permits a bank to take steps to protect itself from liability by implementing commercially reasonable security procedures, and if the bank complies with these procedures in good faith and in accordance with the customer’s instructions, the customer bears the risk of loss from a fraudulent payment order. The parties agreed that the bank complied with its security procedures in accepting the payment order that resulted in the loss for the customer, but disputed whether (i) the bank’s security procedures were commercially reasonable, (ii) the bank accepted the payment order in good faith, and (iii) the bank accepted the payment order in compliance with the customer’s written instructions. The court concluded that the bank’s security procedures, which included password protection, daily transfer limits, device authentication, and dual control, were commercially reasonable because the bank followed 2005 FFIEC guidelines and further enhanced its security to address threats not considered by that potentially outdated guidance. Moreover, the court held that the customer assumed the risk of failure of security procedures by declining some of those procedures. The court also held that in promptly executing a payment order that had cleared its commercially reasonable security procedures, and absent any independent reason to suspect the payment was fraudulent, the bank acted in good faith in processing the payment. Finally, the court determined that an inquiry from the customer as to whether it would be possible for the bank to stop foreign wire transfers did not constitute an instruction to the bank, and therefore the bank did not violate any written instruction from the customer. Based on these holdings, the court concluded that, under the UCC, the loss of funds from the customer’s account fall on the customer and not the bank.
House Oversight Committee Choke Point Inquiry Shifts To FDIC
On June 9, Darrell Issa (R-CA), Chairman of the House Oversight Committee, and Jim Jordan (R-OH), an Oversight subcommittee chairman, sent a letter to FDIC Chairman Martin Gruenberg that seeks information regarding the FDIC’s role in Operation Choke Point and calls into question prior FDIC staff statements about the agency’s role. The letter asserts that documents obtained from the DOJ and recently released by the committee demonstrate that, contrary to testimony provided by a senior FDIC staff member, the FDIC “has been intimately involved in Operation Choke Point since its inception.” The letter also criticizes FDIC guidance that institutions monitor and address risks associated with certain “high-risk merchants,” which, according to the FDIC, includes firearms and ammunition merchants, coin dealers, and payday lenders, among numerous others. The letter seeks information to help the committee better understand the FDIC’s role in Operation Choke Point and its justification for labeling certain businesses as “high-risk.” For example, the letter seeks (i) all documents and communications between the FDIC and the DOJ since January 1, 2011; (ii) all FDIC documents since that time that refer to the FDIC’s 2012 guidance regarding payment processor relationships; and (iii) all documents referring to risks created by financial institutions’ relationships with firearms or ammunition businesses, short-term lenders, and money services businesses.
House Oversight Committee Report Challenges DOJ's Operation Choke Point
On May 29, the House Oversight Committee released a staff report on Operation Choke Point, DOJ’s investigation of banks and payment processors purportedly designed to address perceived consumer fraud by blocking fraudsters’ access to the payment systems. The report provides the following “key findings”: (i) the operation was created by DOJ to “choke out” companies it considers to be “high risk” or otherwise objectionable, despite the fact that those companies are legal businesses; (ii) the operation has forced banks to terminate relationships with a wide variety of lawful and legitimate merchants; (iii) DOJ is aware of these impacts and has dismissed them; (iv) DOJ lacks adequate legal authority for the initiative; and (v) contrary to DOJ’s public statements, Operation Choke Point is primarily focused on the payday lending industry, particularly online lenders. The findings are based on documents provided to the committee by DOJ, including internal memoranda and other documents that, among other things, “acknowledge the program’s impact on legitimate merchants” and show that DOJ “has radically and unjustifiably expanded its [FIRREA] Section 951 authority.” The committee released the nearly 1,000 pages of supporting documents, which are available in two parts, here and here.
House Financial Services Chairman Questions Regulators' Use Of Reputation Risk
On May 22, House Financial Services Committee Chairman Jeb Hensarling (R-TX) sent letters to the Federal Reserve Board, the OCC, the FDIC, and the NCUA asking the regulators to explain their use of “reputational risk,” and citing Operation Choke Point as an example of the potential for “reputation risk” to become “a pretext for the advancement of political objectives, which can potentially subvert both safety and soundness and the rule of law.” Congressman Hensarling asked each regulator to explain (i) whether it consider reputation risk in its supervision of depositories, and, if so, to explain the legal basis for such consideration and why it is appropriate; (ii) what data are used to analyze reputational risk and why such data are not already accounted for under CAMELS; and (iii) whether a poor reputation risk rating could be sufficient to warrant recommending a change in a depository’s business practices notwithstanding strong ratings under CAMELS.
House Committee Members Express Concerns About Operation Choke Point
On April 8 the House Financial Services Committee held a hearing with the general counsels of the federal banking agencies regarding, among other things, Operation Choke Point, the federal enforcement operation reportedly intended to cut off from the banking system certain lenders and merchants allegedly engaged in unlawful activities. Numerous committee members from both sides of the aisle raised concerns about Operation Choke Point, as well as the federal government’s broader pressure on banks over their relationships with nonbank financial service providers, including money service businesses, nonbank lenders, and check cashers. Committee members asserted that the operation is impacting lawful nonbank financial service providers, who are losing access to the banking system and, in turn, are unable to offer needed services to the members’ constituents. The FDIC’s Richard Osterman repeatedly stated that Operation Choke Point is a DOJ operation and the FDIC’s participation is limited to providing certain information and resources upon request. Mr. Osterman also asserted that the FDIC is not attempting to, and does not intend to, prohibit banks from offering products or services to nonbank financial service providers operating within the law, and that the FDIC’s guidance is clear that banks are neither prohibited from nor encouraged to provide services to certain businesses, provided they properly manage their risk. Similarly, the OCC's Amy Friend stated that the OCC wants to ensure that banks conduct due diligence and implement appropriate controls, but that the OCC is not prohibiting banks from offering services to lawful businesses. She stated the OCC has found that some banks have made a business decision to terminate relationships with some nonbank providers rather than implement additional controls.
Democratic Lawmakers Express Support for DOJ Payment Processor Investigations
On February 26, Senators Jeff Merkley (D-OR), Elizabeth Warren (D-MA), and other Democratic Senators, together with Representatives Elijah Cummings (D-MD), Maxine Waters (D-CA), and other Democratic House members, sent a letter to Attorney General Eric Holder encouraging the DOJ to “continue a vigorous review of potential payment fraud, anti-money-laundering violations, and other illegal conduct involving payments by banks and third-party payment processors.” The lawmakers highlighted a number of specific issues on which the DOJ should focus: (i) know-your-customer obligations, which they believe should include a review of whether a lender holds all required state licenses and follows state lending laws; (ii) use of lead generators, including those that auction consumer data; (iii) high rates of returned, contested, or otherwise failed debits or the regular use of remotely created checks, which they state may indicate payment fraud; and (iv) lenders’ failure to incorporate or maintain a business presence in the U.S., which they assert can be indicative of fraud and other payment system violations, including money-laundering.
CFPB Director Delivers Remarks On Nonbank Supervision, Payment Systems
On November 21, CFPB Director Richard Cordray delivered remarks at The Clearing House Annual Conference, including a review of the CFPB’s efforts to resolve concerns raised by the mortgage market through adoption of new mortgage rules and the objective of evenhanded oversight that is not dependent on charter choice or regulator. Mr. Cordray placed particular emphasis on the CFPB’s ability and efforts to “level the playing field” through its nonbank supervision program.
Notably, Director Cordray raised questions about recent efforts by other regulators and law enforcement authorities to investigate and take action against nonbank entities, like online payday lenders, by focusing on how these nonbanks get paid through bank payment systems. Cordray cautioned that, “[t]he focus of these . . . actions may create burdens that fall disproportionately on individual banks that are participants in the payment systems” and that the referenced approach “may not be the most efficient or effective approach.” Rather, Director Cordray suggested that further attention should be given to “how [payment] systems are designed and how they function for all of the institutions that participate in them.” The Director also expressed interest in working with the Clearing House to improve the CFPB’s understanding of using enhanced computer analytics and communications to identify patterns in payment systems, which he stated would better enable the CFPB to “identify and enforce the law against illegitimate firms that are otherwise able to reduce their own costs by hitching a free ride on the payments system,” as well as to consider necessary changes in law or practice.
FDIC Explains Supervisory Approach to Payment Processing Relationships
On September 27, the FDIC issued Financial Institution Letter FIL-43-2013, which is intended to clarify the FDIC’s policy and supervisory approach related to financial institutions that facilitate payment processing services—directly or through a third party—for merchant customers engaged in “higher-risk activities.” The letter states that banks that perform these services for merchants engaged in activities that “tend to display a higher incidence of consumer fraud or potentially illegal activities” are expected to perform proper risk assessments, conduct due diligence to determine the merchants are operating in accordance with applicable law, and maintain systems to monitor the relationships with payment processors and merchants. Institutions that properly manage payment processing relationships and risks are not prohibited or discouraged from providing such services to businesses operating in compliance with applicable law. The FDIC intends to assess whether institutions are adequately overseeing these activities and addressing related risks. The FDIC’s statement follows concerns raised by certain banks, their representatives in Congress, and third-party payment processors about the scope of the governmental scrutiny of online lenders, payment processors, and their relationships with banks.
CFPB Enforcement Action Targets Debt Settlement Payment Processing
On October 3, the CFPB announced an enforcement action against a leading debt-settlement payment processor and its President/CEO for allegedly assisting clients in the debt-settlement industry charge and collect millions of dollars in unlawful fees since October 2010. According to the complaint, the defendants “knew or consciously avoided knowing” that the company’s services were used to charge illegal upfront fees in violation of the Telemarketing Sales Rule to more than 11,000 consumers across multiple states. The defendants agreed to a consent order that will: (i) prohibit the company from processing payments for debt-settlement companies and for members of the related mortgage-settlement industry going forward; (ii) subject the parties to regular monitoring by and reporting to the CFPB, as well as recordkeeping requirements; and (iii) mandate a civil money penalty of $1.376 million. On the date announced, Deputy Director Steve Antonakes remarked that the action should send a message that the CFPB is “working to ensure federal consumer laws are being followed at every stage of the process, including taking action against those who unlawfully facilitate illegal conduct of others.”
The CFPB has already taken action against the debt-settlement companies themselves, obtaining judgments against two companies in 2012 and 2013 and filing a complaint against four others in May.
FDIC Promises Guidance on Bank Payment Processing
On September 17, FDIC Chairman Martin Gruenberg responded to a letter sent recently by Republican members of the House of Representatives, in which the members objected to the agency’s approach toward online lending and the banks that process payments on behalf of online lenders. In his response letter, Chairman Gruenberg explains the FDIC’s approach to the issue, describes the challenges for banks who do business with online lenders and third party payment processors, and promises “ a Financial Institution Letter . . . to make it clear that the FDIC's focus is the proper management of the banks' relationships with their customers, particularly those engaged in higher risk activities, and not underlying activities that are permissible under state and federal law.”