Why it matters: The DOJ initiative Operation Chokepoint was basically rendered DOA after congressional hearings into questions of due process and the FDIC’s declaration in January 2015 that banks should take a case-by-case “risk-based” approach when deciding to work with a particular customer rather than having a blanket prohibition on an entire category of customers. But now, with the CommerceWest Bank and Plaza Bank settlements announced on March 10 and 12, respectively, Operation Chokepoint appears to be very much alive, but perhaps only in the context of banks that fail even the most basic risk-based customer due diligence and ignore blatant red flags that particular customers are engaging in fraud. Oh, and there is a fire truck involved as well.

Detailed discussion: The CommerceWest Bank and Plaza Bank consent decrees announced on March 10 and 12, respectively, are only the second and third such settlements reached in connection with the DOJ’s 2013 initiative Operation Checkpoint, which was intended to combat mass-market consumer fraud by investigating U.S. banks and the business they do with third-party payment processors, payday lenders and other companies believed to be at a high risk for consumer fraud and money laundering. The first settlement reached in connection with Operation Chokepoint was in April 2014 with Four Oaks Bank, which provided banking services to a third-party payment processor for high-risk Internet payday lenders. Both before and after the Four Oaks Bank settlement, Operation Chokepoint was roundly criticized for its lack of due process by imposing a chilling effect on banks doing business with, or “choking off,” a blanket category of companies without first determining whether the companies comprising the blanket category are legitimate merchants or fraudsters. Operation Chokepoint was the subject of congressional hearings in May 2014, which recommended that it be “disavowed and dismantled,” and the FDIC and DOJ both launched investigations into the initiative. Just two months ago, in a Financial Institution Letter dated January 29, 2015, the FDIC urged banks to take a “risk-based” approach on a case-by-case basis in assessing whether to do business with such companies, “rather than declining to provide banking services to entire categories of customers without regard to the risks presented by an individual customer or the financial institution’s ability to manage the risk.” After the publication of the FDIC letter, Operation Chokepoint was largely seen to be dead. But, lo and behold, along came the CommerceWest Bank and Plaza Bank settlements in March:

CommerceWest Bank: On March 10, 2015, the DOJ announced that it had reached a $4.9 million criminal and civil settlement with Irvine-based CommerceWest Bank in connection with the DOJ’s investigation into alleged consumer fraud schemes perpetrated by a third-party payment processor which was a customer of the bank. In addition to the settlement, the DOJ said that the bank agreed to a deferred prosecution agreement and a permanent injunction aimed to reform the bank’s practices to prevent such fraud in the future.

The DOJ said in its press release that it had that same day filed a criminal charge and a civil complaint against CommerceWest. The criminal information charged the bank with a felony violation under the Bank Secrecy Act for failure to file Suspicious Activity Reports, and the civil complaint alleged that the bank violated both FIRREA and the civil antifraud injunction statute.

In the press release, the representative of the DOJ’s Civil Division was quoted as saying that “CommerceWest ignored a parade of red flags indicating that a third-party payment processor was defrauding hundreds of thousands of innocent victims,” and it appears that that willful ignorance is at the heart of the settlement.

The findings, as set out in the civil complaint, show a complicated scheme: from December 2011 through July 2013, CommerceWest allegedly knowingly committed consumer fraud by permitting third-party payment processor V Internet LLC, through multiple DBAs such as Altcharge and Check Process (collectively, “V Internet”), to make millions of dollars of unauthorized withdrawals from customer bank accounts on behalf of “fraudulent merchants,” including a questionable telemarketing company and a company that charged unwitting consumers unauthorized $30 payday loan referral fees (at one point in January 2013, V Internet took over the payday loan referral fee scheme and so was operating in that case as both the payment processor and the merchant).

The findings show that the bank did some spotty due diligence on the operations of V Internet and its DBAs and merchants, but what is emphasized is the bank’s willful ignorance of what was going on. The bank was found to have continuously turned a blind eye to clear warning signs that V Internet and its merchants were defrauding consumers, including an over 50% rejection rate for the transactions at issue, many of which were accompanied by sworn affidavits by customers that the withdrawals on their accounts were unauthorized. The bank also allegedly ignored complaints and inquiries from other banks and financial institutions, many of which openly questioned the V Internet transactions as fraudulent. Notwithstanding the warning signs, CommerceWest failed to file Suspicious Activity Reports as required by the Bank Secrecy Act and even is alleged to have actively worked with V Internet to block transactions against accounts held at the complaining banks but to let all others continue.

By May 2013, senior management at CommerceWest could no longer ignore the red flags and was found to have known that the activities of V Internet and its merchants were fraudulent; however, the bank did not terminate V Internet’s access to customer accounts until July 2013, and then only when it was notified that the government was seeking an emergency injunction to shut V Internet down. Over $2.9 million was seized from V Internet’s accounts at CommerceWest. Also seized was property purchased by V Internet’s owner from the fraud proceeds, including five planes, a Land Rover, a Dodge Charger, multiple tractors and all-terrain vehicles and . . . a fire truck.

Plaza Bank: On March 12, 2015, the DOJ announced that it had reached a $1.225 million settlement with another Irvine-based bank, Plaza Bank, also in connection with an alleged consumer fraud scheme perpetrated by a third-party payment processor that was a customer of the bank. In the civil complaint filed on March 12, the DOJ found that, from its formation in 2005 through its purchase in 2009, the bank knowingly permitted fraudulent merchants, through a third-party payment processor (TPPP), to illegally withdraw millions of dollars from consumer accounts. The wrinkle here is that two of the bank’s founders and senior executives (the COO and the Chairman of the Board) had a financial ownership interest in the TPPP, a fact that they did not disclose.

Again, the findings show a complicated scheme, some highlights summarized here. As was the case with CommerceWest, red flags such as a high return rate and complaints from other banks were “brushed aside,” and the compliance officer’s requests that due diligence be performed on the TPPP’s merchants were ignored. Rather than the $10 returned check fee the bank advertised to its customers, the bank only charged the TPPP $0.50 (fifty cents) so that the high return rate had a limited financial impact on its operations. By early 2009, the compliance officer reported via email to the COO that she had been receiving numerous calls from law enforcement wanting to subpoena records regarding the “fraudulent” transactions. In another email to the COO, she reiterated that she had received 37 phone calls over a 10-day period from other banks, law enforcement, and consumers claiming fraud. Also by early 2009, Plaza management was aware that the TPPP had begun to process payments not only for its own fraudulent merchants but also for other “nested” third-party processors that, in turn, had fraudulent merchants (for which no due diligence was done). These additional fraudulent transactions generated even more complaints. The Plaza COO continued to ignore the compliance officer’s repeated emails stating her concerns, but in April 2009 he assured her that the TPPP was going to move the majority of its processing activities to another bank.

Per the findings in the civil complaint, in October 2008, in danger of being closed by regulators, Plaza agreed to be sold to a private equity firm (during the course of the purchaser’s due diligence, it was disclosed that the Plaza COO was a founder of the TPPP). As a condition of receiving regulatory approval for the sale, the purchaser would be required to install a new board and management to run the bank, and it was anticipated that the sale would close by June 2009. During this window before the sale went into effect and the new management took over, knowing that its access to the banking system would soon end (and notwithstanding that it had represented that it would move to a new bank), the TPPP increased the volume of its transactions at Plaza to nearly six times higher than its norm (6,500 in June 2009; 124,000 in July 2009). Regulatory approval for the sale was granted on June 1, 2009, and a new board and management installed shortly thereafter. The Plaza COO left the bank but the Plaza Chairman remained on the board, and both continued their financial interest in and involvement with the TPPP. The findings show that, despite learning about the fraudulent nature of the TPPP’s transactions within a month of taking over, the new management of Plaza delayed a decision for six months, until December 2009, as to whether they should terminate TPPP’s processing capability in light of the revenue generated from the high returns. In December, the new management determined that the profits it was earning from the TPPP no longer justified the risks, and it was determined that the bank’s relationship with the TPPP would be wound down. This did not occur until May of 2010, however, during which time the TPPP fraudulently withdrew an additional $55 million from consumer accounts.

In the consent decree filed on March 12, 2015, Plaza was found to have violated both FIRREA and the civil antifraud injunction statute and ordered to pay the civil penalty of $1 million plus forfeiture of $225,000.

As previously stated, it remains to be seen whether Operation Chokepoint is indeed back in the DOJ’s arsenal as a tool to combat mass-market consumer fraud in the banking industry, or whether it will only be revived in particularly egregious cases of willful ignorance such as with CommerceWest Bank and Plaza Bank. As the DOJ said in the March 10 press release: “As the civil and criminal actions filed against CommerceWest Bank today demonstrate, we will hold financial institutions accountable when they choose unlawfully to look the other way while fraudsters use the bank’s accounts to steal millions of dollars from American consumers.”

Click here to see the Civil Complaint in United States of America v. CommerceWest Bank (CV 15-0039), filed 3/10/15.

Click here to see Civil Complaint in United States of America v. Plaza Bank (CV 15-00394), filed 3/12/15.

For more on these matters, refer to the following:

DOJ’s Press Release in connection with CommerceWest settlement issued on 3/10/15

Criminal Information in U.S. v. CommerceWest Bank (SA CR No. 15), filed 3/10/15

Consent Decree in U.S. v. CommerceWest Bank (CV 15-00379), filed 3/10/15

Deferred Prosecution Agreement in U.S. v. CommerceWest Bank (SA CR No. 15), filed 3/10/15

Consent Decree in U.S. v. Plaza Bank (CV 15-00394), filed 3/12/15