- The Federal Reserve Board fined Metropolitan Commercial Bank roughly $14.5 million for violating customer identification rules and inadequate risk management practices related to the bank’s issuance of prepaid card accounts, the central bank announced Thursday.
- Separately, the New York-based lender agreed to pay $15 million in penalties under a consent order with the New York State Department of Financial Services, Adrienne Harris, the state’s superintendent of financial services, announced Thursday.
- "During the pandemic, scammers used sophisticated tactics to take advantage of vulnerable New Yorkers at a time when institutions should have been most vigilant,” Harris said in a statement. “MCB failed to prevent a massive, ongoing fraud in the MovoCash prepaid card program, allowing bad actors to abuse the financial system.”
The Fed coordinated its investigation with NYDFS, the state supervisor of Metropolitan. The two penalties add up to approximately $30 million.
The consent order resolves NYDFS's investigation, which found that MCB failed to maintain an effective anti-money laundering program and engaged in unsafe and unsound banking practices in its oversight of MovoCash, a digital prepaid Visa card program.
As the sponsor bank for MovoCash cards, Metropolitan was responsible for ensuring the program complied with applicable laws, including maintaining an effective customer identification program, NYDFS said.
As early as January 2020, fraudsters were able to open MovoCash accounts using illegally obtained personal information, routing direct deposit payroll and government benefits to these fraudulent accounts, NYDFS said.
The passage of the CARES Act in March 2020, expanding unemployment insurance, led to a surge of illegitimate MovoCash account openings, according to NYDFS. Despite observing this spike, Metropolitan failed to remedy the issue and permitted continued account openings, enabling exponential fraud growth over subsequent months, the regulator said. This inaction facilitated the misdirection of over $300 million in pandemic unemployment funds to fraudsters' MovoCash accounts, NYDFS found.
By onboarding prepaid customers through a third party without adequately verifying identities, Metropolitan violated Bank Secrecy Act rules on customer identification, according to the Fed.
The Fed is requiring Metropolitan to enhance its know-your-customer procedures, due diligence policies, and oversight of third-party relationships to prevent abuse of its products and services for potential fraud or illicit activity.
Robust customer vetting and third-party risk management could have disrupted the scheme, the Fed said.
Metropolitan said in a statement Thursday that the consent orders stem from unique challenges that briefly arose at the height of the COVID-19 pandemic. It acknowledged the third-party fraud that blew up within the pandemic relief programs posing oversight difficulties for banks.
“We appreciate that the Federal Reserve and New York Department of Financial Services have acknowledged the actions and enhancements we voluntarily undertook, including terminating the relationship with the third-party program manager at issue in August 2020, and supplementing our oversight mechanisms,” the company said. “We also appreciate our employees’ hard work to stem the tide of fraud that occurred rapidly in these government programs, as a result of which MCB was able to freeze approximately $100 million in fraudulent payments for return to government authorities.”
Metropolitan is a $6 billion-asset bank that operates six branches in New York.
Within 90 days of the effective date of the consent order, Metropolitan must submit to DFS for review a list of all components of its current program for supervising third-party program managers and an interim report detailing any planned, in-progress or implemented changes to the bank's AML compliance program related to oversight of third-party prepaid debit card programs.
Metropolitan also needs to submit a plan to the Fed and NYDFS on enhancements made to the CIP in connection with oversight of third-party prepaid debit card program managers and its customer due diligence program manager responsibilities.
Metropolitan started re-evaluating its third-party ties at the beginning of the year. The lender, which served as a partner for bankrupt exchange Voyager, backed out of crypto in early January, following a volatile year in the token market and the downfall of several prominent exchanges.
“Crypto-related clients, assets and deposits have never represented a material portion of the Company’s business,” CEO Mark DeFazio said at the time, “and have never exposed the Company to material financial risks.”