A First Horizon shareholder sued TD in federal court in May, alleging the Canadian lender made a series of misleading statements regarding its anti-money laundering practices and regulator resistance to the $13.4 billion tie-up between the banks.

TD’s handling of suspicious customer transactions sparked reluctance on the part of the Office of the Comptroller of the Currency and the Federal Reserve to sign off on the Toronto bank’s acquisition of First Horizon, The Wall Street Journal reported. TD had flagged just 28 customer transactions as suspicious “in recent years,” the lawsuit claimed, citing the Journal article.

TD and First Horizon terminated their deal May 4.

The Arbitrage Fund is suing on behalf of shareholders who bought First Horizon stock between Feb. 28, 2022 — when the deal was announced — and May 3, 2023.

As part of the deal, TD pledged to pay $25 per share for First Horizon, a 37% premium as of February 2022. The lawsuit noted that shares of First Horizon rose to $24.77 by Feb. 28 of this year, but fell 10.6% on March 1, when First Horizon disclosed to the Securities and Exchange Commission that TD said it did not expect to receive regulatory approval on the deal by an amended May 27 termination date. Further, First Horizon told the SEC, “TD cannot provide a new projected closing date at this time.”

First Horizon’s share price continued to drop — to $15.05 by May 3, and then another 33%, to $10.06, on May 4, when the deal was terminated, according to the suit.

Perhaps a complicating factor in the Arbitrage Fund’s case is that a crisis of confidence struck regional banks in general, beginning in mid-March with the failures of Signature and Silicon Valley Bank. If the case were to proceed to a trial, it may be difficult for a jury to discern which fluctuations in First Horizon’s value stemmed from TD-related uncertainty and which came amid the SVB and Signature fallout.

First Horizon’s stock price fell by as much as 33% on March 13 — the day after Signature failed. Trading was halted, but even after it resumed, First Horizon shares had slumped 20% on the day. 

TD, for its part, told Seeking Alpha its “public disclosures are accurate.”

"The lawsuit is without merit and TD will vigorously defend it,” the bank said in a statement.

Filed in the U.S. District Court for the Southern District of New Jersey, the suit points to several statements TD and its executives made while the deal was in process. 

“Our expectation is that this will get approved and get closed around the 9-month mark,” the lawsuit quoted TD CEO Bharat Masrani as saying during the Feb. 28, 2022, call announcing the merger. 

TD appeared confident enough in the deal at first that it offered to pay an additional $0.65 per share if the transaction wasn’t closed by Nov. 27, 2022.

The lawsuit also highlighted Masrani’s alleged response in August to an analyst on a conference call who asked if TD knew of any “regulatory or other issues that may delay the deal.” 

Masrani replied he had “no reason to believe that,” the lawsuit asserted. 

“It is following its normal process within the US regulatory requirements,” Masrani said, according to the suit.

Three weeks later, on an earnings call, Masrani said the deal “continues to progress in the normal course,” the lawsuit claimed. “There is nothing out there to suggest that is different this time around.” 

Masrani maintained much the same tone after TD began to publicly estimate a later closure timeline. The bank in December said it expected the transaction to be complete in the first half of fiscal 2023.

At that point, on a call where an analyst asked if the delay was because U.S. regulators were “taking a closer look at anything,” Masrani, according to the lawsuit, said, “No I’m not aware of anything of the sort you’re mentioning.” 

Masrani, the lawsuit claimed, had earlier said, “We at TD pride ourselves in having excellent regulatory relationships.”

Masrani and two other TD executives — U.S. CEO Leo Salom and CFO Kelvin Tran — are named as defendants in the Arbitrage Fund’s suit.

The plaintiffs took issue, too, with various risk management and AML-related statements from TD, citing the bank’s code of ethics, which stated, “TD is committed to taking all reasonable and appropriate steps to detect and deter persons engaged in money laundering from utilizing TD products or services to do so.” 

The lawsuit also highlighted TD’s assertion that it shared an “aligned culture and risk management framework” with First Horizon. 

“Like TD, First Horizon has a strong team with a growth mindset and a disciplined risk culture,” the lawsuit quoted from a slide it said was shown to First Horizon investors when the tie-up was announced.

The lawsuit also spotlighted a potential expression of surprise at the deal’s collapse, citing a Royal Bank of Canada analyst, who wrote, “We may never know the precise reasons for the regulatory resistance, but it must [be] more serious than we had assumed.”

“TD’s credibility as an acquirer has been dealt a blow,” the analyst wrote, according to the suit.

Sen. Jack Reed of Rhode Island and four other Senate Democrats urged the Federal Reserve, the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corp. and the National Credit Union Administration in March to closely supervise the customer reimbursement and anti-money laundering practices of financial institutions that use the Zelle network.

“Although Zelle is marketed as a convenient and inexpensive way to transfer money within the supervised banking system, its model has opened the door to fraud and scams on a tremendous scale,” Reed wrote in a letter also signed by Sens. Elizabeth Warren, D-MA; Sherrod Brown, D-OH; Robert Menendez, D-NJ; and Mark Warner, D-VA.

The lawmakers are also asking the Fed and the OCC to examine Early Warning Services, the company that operates Zelle, on an ongoing basis. And the senators want the agencies to coordinate their supervisory approach with the Consumer Financial Protection Bureau.

It’s hardly the first time lawmakers have targeted Zelle. Warren in October released a report that found the seven banks that own Zelle reimbursed 47% of the amount customers reported to have lost in fraud on the platform in 2021 and the first half of 2022. Warren then blasted Wells Fargo for withholding key information that other banks provided for the report.

Weeks earlier, several bank CEOs defended their reimbursements on the platform at a hearing on Capitol Hill.

“Anything that’s unauthorized, we do cover,” Dimon told Warren in September.

That language is one area where Reed and the other senators are focusing their attention.

“Depository institutions appear to have forced their customers to foot the bill in the vast majority of these circumstances, often relying on ambiguity over whether a payment is classified as ‘authorized,’ ‘unauthorized,’ or an ‘error’ to avoid reimbursing customers who have been victims of fraud,” the senators wrote in March. “When banks or credit unions participating in Zelle evade responsibility for reimbursing their customers if they are fraudulently induced to send money to scammers through the app, those customers may lose confidence in their depository institution for offering a product that places their money at risk.”

The senators are asking regulators to ensure the 1,800 depository institutions participating in the Zelle network are complying specifically with the Electronic Fund Transfer Act and the Bank Secrecy Act.

“If the agencies uncover any unsafe or unsound practices, or uncover any legal violations, those deficiencies must be addressed promptly,” the senators wrote. “Additionally, there is risk of unfair, deceptive, or abusive practices if bank or credit union communications lead customers to expectations of safety that are not met.”

As of November, JPMorgan Chase, Bank of America and Wells Fargo had engaged in advanced discussions to create standardized refund procedures for customers scammed through Zelle, sources told The Wall Street Journal.  

Sponsored content

By GIACT

Open banking is transforming financial services, benefiting banks, corporates and consumers.

Over the past decade, API-based open banking infrastructure has increasingly allowed individuals around the world to grant trusted third parties secure access to their bank account data. By empowering customers to share their financial information – ranging from their name to transaction history – with third parties, open banking creates new opportunities for payments and bank account authentication.

The US has taken a different approach to open banking compared to much of the rest of the world. Regulators in Europe and the UK have mandated open banking. In the US, the Consumer Financial Protection Bureau (CFPB) issued only non-binding guidelines on how banks can allow customers to make their data and account actions available to third parties, although a push by the CFPB to mandate open banking is expected soon. Instead, US banks and other financial institutions (FIs) have led efforts to develop an open banking infrastructure.

Banks have traditionally collaborated and established infrastructure, such as clearing houses and faster payment services, to improve customer service. But in permitting new third-party providers to access bank data and infrastructure (with customer consent), open banking represents a profound shift that could foster product innovation, price competition, and greater accessibility to financial services.

Delivering immediate and long-term benefits

The adoption of open banking is gathering pace in the US but its implications are only just starting to be felt; many firms are still figuring out how these tools can apply to their business. Banks, non-bank FIs (such as credit card companies, mortgage lenders and brokerages), e-commerce retailers and businesses in any sector that use a large volume of ACH transactions need to assess how the open banking ecosystem will evolve, and what role they will play in it.

Organizations that are considering incorporating open banking solutions into customer journeys or product design can start by assessing their existing approach. Then they can evaluate how they can use the emerging suite of open banking tools to enhance security, improve convenience, lower costs, and deliver other benefits that would advantageously position them for the future. While the immediate benefits of open banking solutions are likely to be enhanced security and customer satisfaction, in the longer term they could revolutionize customer journeys and facilitate business model innovation.

Early adoption of open banking tools has the potential to futureproof a business. Demographics, technology trends, and growing investments in open banking infrastructure suggest that these solutions will become the preferred approach for many consumers, who increasingly expect transparency, simplicity and seamless integration. Open banking paves the way for feature innovation that can deliver these benefits and transform the customer journey across payments, KYC/AML vetting, identity capture, pre-population of applications and many other areas.

Firms can also use customer transaction data to provide more personalized services or integrate payment processing where they or their customers currently rely on third parties, reinforcing their relationships with customers and growing their business.

A smart approach to implementation

Open banking will require a new mindset and potentially significant investment on the part of banks, FIs and other ecosystem participants, but the benefits of early engagement are significant for everyone.

Banks and FIs will gain an opportunity to improve security, customer satisfaction and differentiate themselves with new services, while customers should benefit from lower pricing from increased competition, as well as gaining access to personalized services and easier provider switching. Third-party providers stand to gain better data for underwriting and a reduced KYC workload. And all of this looks attractive from the perspective of regulators.

The way that open banking is implemented is important, however. Firms may be reluctant to embrace open banking because of concerns that some of their customers may prefer their current customer journey. But any potential downsides of open banking can be easily managed through smart adoption. Instead of compelling customers to take one approach over another, firms can adopt a waterfall approach that combines open banking and traditional approaches.

Take account authentication as an example. A traditional approach (such as a bank database check) can be used in the first instance. For customers who cannot be easily validated in this way, an open banking solution can be deployed. This combined approach gives firms the best of both worlds. They are able to achieve the highest levels of security and customer convenience today while positioning themselves to expand their use of open banking tools in the future.

Attendees at Nacha’s Smarter Faster Payments conference in April were coasting through a late-morning panel discussion on fraud just before lunch when one panelist’s comments stirred up the ballroom.

Consolidated Edison Director Frank D’Amadeo, who leads treasury operations at that utility, was asked by a moderator about “pain points” faced by companies amid rising payments fraud. With his response, D’Amadeo took on the banking and payments professionals packed in the room.

“There is a need in our country for fraud to be stopped before it even gets to us, and there’s a lot of data out there where, if the banking community shared information, they could prevent a good amount of fraud before it even occurred,” D’Amadeo said. “The banks need to do a lot more,” he said during an earlier panel, making the message clear for those attending the annual conference in Las Vegas.

His remarks sparked a mini-debate in the ballroom over whether banks are doing enough, jointly, to thwart criminals who shift from one bank to another, undeterred, in search of new victims.

JPMorgan Chase, the biggest bank in the U.S., didn’t respond to a request for an interview on the topic, but the moderator for one of D’Amadeo’s panels, JPMorgan Executive Director Steven Bernstein, opened with this: “Fraud is prevalent.”

Fraud has become a big problem for payments players, which include banks, processors, card networks and a host of intermediaries and fintechs. Now, the rise of faster digital payments, including the impending launch of the FedNow real-time system, and artificial intelligence innovations threaten to exacerbate the trouble.

Here’s how Thomas French, a senior fraud consultant at software company SAS Institute, described the current environment: “That's just a basket full of awful there, between scams, scams, scams and more scams. When you combine scams with faster payments, you get faster fraud.”

While there has always been fraud, it has worsened in the past year to 18 months, said French, who spent 27 years working for banks, including Bank of America and the former Wachovia and First Union. “It's the industrialization of fraud, where you’ve got different criminal rings doing different things,” he said in an interview this month. “I’ve never seen it so sophisticated, so fast, and so full of crooks in my 30-plus years.”

Bank customers have suffered alongside their financial institutions. The amount of money American consumers reported losing to fraud last year jumped 30% to $8.8 billion compared to 2021, the Federal Trade Commission said in February, and much of that fraud flowed through some part of the payment system. Those frauds took place in business, shopping, investment and online dating settings, among others. 

The FTC was able to identify a payment method for 17% of consumer fraud reports last year. Of those methods documented, the biggest losses were in bank transfers and payments, with those losses more than doubling to nearly $1.6 billion last year, compared with $762 million in 2021. That payment channel constituted the single biggest area of fraud losses for the past three consecutive years, the FTC data showed.

While the most dollars were lost through bank payments last year, the highest number of fraud reports were regarding credit cards, according to the FTC.

Businesses looped into losses

With such large losses, it’s not just consumers being targeted for the frauds. It’s also companies of all sizes, including D’Amadeo’s power company servicing the New York City area. With respect to incoming customer payments, the utility receives 500 to 600 fraudulent receipts daily from valid debit accounts, but they are accounts for which a fraudster likely bought information on the dark web. In some cases, they even brazenly use Con Edison account numbers. That fraud is minimal, relative to the utility’s 3 million customers, he said. 

But D’Amadeo worries more about outgoing payments. The company is “constantly” targeted by email scams in which con artists, purporting to be Con Edison executives or vendors, seek payments, putting hundreds of millions of dollars at risk. For instance, a firm to which Con Edison owes money may have been hacked, and the hacker sends the utility an invoice with accurate information, but an altered bank account directing money to the fraudster. 

“The biggest concern we have is on the disbursement side where we’re being compromised and duped into changing payment instructions to a counterparty and, look, if you don’t catch it within the first 24 hours, you’re not getting that money back,” he said.

Smaller companies are targets too. Jefferson Grace, a Las Vegas detective who also spoke at the conference, described how one local business owner that had been in business for 30 years went belly-up after he misdirected $1.1 million in payments to a crook impersonating a vendor. He explained how fraudsters take over or mimic email addresses and glean executive names from social media sites, like LinkedIn, to send persuasive emails.

Email schemes that trick corporate executives into sending payments to swindlers has become a major stumbling-block. “We’ve put so much trust into email that was never designed to be there,” Grace said. Multiple speakers at the conference stressed the importance of executives following explicit payment processing instructions to avoid fraud.

A big part of the problem is valid accounts being tapped by bad actors. In that “synthetic identity fraud” trend, some pieces of authentic information are used to create the appearance of normalcy.

“Synthetic identity is a concerning and growing threat factor,” Visa’s head of U.S. risk, Dustin White, said at another April industry conference, the ETA's Transact conference in Atlanta. “It's fairly sophisticated, and it's very devastating because it's not a $500, $1,000, $2,000 fraud run that a financial institution has to deal with. These are like $80,000, $100,000, $150,000 bust-out schemes, per instance,” he said. 

The Federal Reserve Bank of Boston estimated that synthetic identities cost the U.S. $20 billion in 2021, White noted. “It's a very prevalent and growing threat vector,” he said.

The conundrum for payments and banking industry professionals alike is fixing the fraud without introducing too much “friction.” With the industry having made significant headway in making digital payments easy for consumers to use, banks and companies are reluctant to unwind features that have fostered more commerce, especially online.

Nacha pivots to fight fraud

Nonetheless, a consensus is emerging that something has to be done, and industry organizations capable of bringing the banks and payments communities together are mulling new approaches. One Citi executive at the Nacha conference caught up in the debate said: “It’s coming.”

A key player in any new effort would be Nacha, formerly known as the National Automated Clearing House Association. Indeed, it’s discreetly pressing for changes within its own community, including among its big bank operators, so financial institutions take more responsibility to counter fraud.

Nacha in May posted for public comment the outline of a new “risk management framework” it has under development in what it called a new era of fraud, where funds are mistakenly “pushed” by users into accounts where they shouldn’t be. The updated approach would address increasing fraud threats and attacks on ACH credits, wires, cards and other instant and digital payments, Nacha said.

“As a new risk management strategy, the Framework is intended to bring the ACH Network and the broader payments community together to address an emerging and important area of need, and to provide an overarching direction for new initiatives, guidance, rules and industry tools,” according to the May 2 Nacha executive summary.

The aim of the new framework is to increase awareness of the illicit push schemes; reduce the success of those attempts at fraud; and improve the chances of recovering funds after the scams have occurred, Nacha said. A Nacha spokesperson, Dan Roth, didn’t respond to repeated requests for comment on the new framework.

Obstacles to cooperation

Part of the challenge in addressing the problem has been banks’ reluctance to share customer data with each other that might otherwise be helpful in fighting fraud, said Mark Dixon, vice president of education at the New England Automated Clearing House Association in Burlington, Massachusetts.

Banks have long been sensitive to sharing information in any way that might undercut their proprietary interests, but that attitude might be changing now, at least slightly.

“The industry is looking at how can we be more proactive with our communication,” Dixon said, pointing to Nacha’s new framework concept and a Nacha contact registry designed to help institutions talk to one another. “A challenge is going to be making sure all the institutions get on board with that.”

Increasing the difficulty is the fact that there are nearly 10,000 U.S. banks, creating a daunting task in allowing them to communicate with each other. 

As part of the effort, Nacha developed the contact registry in 2020 and had taken on the arduous task of asking bank personnel to sign in. So far, the registry has 45,000 contacts.

Nacha’s operating rules require financial institutions to provide the contacts so professionals from other institutions can reach them if need be, and all of them are supposed to be willing to share information as a part of the reciprocity of receiving it.

“The intent of the registry is to provide consistent and accurate information for a financial institution that may need to reach another financial institution regarding fraud scenarios like business email compromise and vendor impersonation,” Jeanette Fox, Nacha’s senior director for risk investigation and ACH network risk management, said in an emailed statement.

Early Warning Services, the bank-owned operator of the payment tool Zelle, also operates a national shared database to which the largest U.S. banks contribute account information, but professionals note it has a significant gap in coverage because smaller banks have more than a quarter of accounts.

Banks launch another initiative

Other banking organizations also are brainstorming new ways of combating fraud. The American Bankers Association is working on a new anti-fraud prevention project with Early Warning Services, according to one well-placed industry source who asked not to be identified.

That effort is starting out with just a handful of banks participating and is about to kick off a pilot phase, the source said, declining to provide further details. 

Sarah Grano, an ABA spokesperson, declined to comment, as did Meghan Fintland, a spokesperson for Early Warning Services.

Professionals from those organizations meet regularly to discuss fraud and risks, but French still has concerns that banks aren’t capturing and sharing as much information as they might. He notes that bankers are steeped in policies that keep them from sharing information with third parties. Also, some professionals say they lean away from broadcasting new techniques for fear of tipping off fraudsters. “There is some sharing, but I think there’s a need and a desire for more sharing of different information,” said French, whose firm sells fraud analytics software.

Still, plenty of companies have been stepping up public campaigns to sell new fighting-fraud tools in recent months, including SAS Institute, card network company Mastercard, credit bureau Experian and a parade of fintechs introducing new services and products.

Europeans explore a new approach

Across the Atlantic in Europe, there has been more movement in terms of a collective industry response. A new concept of “authorized push payments” has taken root, with a sense of shared liability among banks for wayward payments, said Donna Turner, a former chief operations officer at Early Warning Services who is now a consultant for the auditing firm Ernst & Young.

European financial institutions on the sending side are now taking as much responsibility for fraud as those on the receiving end, Turner said. Increased data sharing among banks in Europe has unfurled with the open banking trend following a 2016 adoption of the European Union’s Second Payment Services Directive, known as PSD2.

Bank and payment actors on either side of a transaction have an increased incentives to change their behavior to fight fraud, Turner said in an interview. “It’s about protecting the ecosystem,” she added.

Participants in the U.S. payments ecosystem may be starting to embrace the same approach as they seek to build stronger industry defenses against fraud.

 

Crypto bank Anchorage Digital announced eight executive moves in January designed to boost the company’s compliance.

The bank hired Mark duBose to serve as its chief compliance and risk officer. He previously filled similar roles at Circle and Centre, and spent two years as Santander’s Boston-based chief operational risk officer. He also worked for four years as a senior vice president at Bank of America, according to his LinkedIn profile.

Rachel Anderika, previously Anchorage Digital’s chief risk officer, will become the bank’s chief operating officer. In that role, she will manage Anchorage Digital’s day-to-day bank operations, including new asset support, tech infrastructure, model development and planning, the bank said.

Anderika and duBose’s appointments are pending supervisory non-objection from the Office of the Comptroller of the Currency.

Anchorage Digital hired Dustin Palmer to serve as its interim Bank Secrecy Act officer. Palmer comes to the digital bank from Berkeley Research Group, where he serves as managing director of its financial institutions advisory service. Anchorage Digital wants Palmer to further develop its anti-money laundering controls. Palmer has significant legal experience in government, having served as an attorney for the Department of Homeland Security and as a senior adviser to the Treasury Department’s general counsel on financial crimes enforcement, AML and countering the financing of terrorism, according to his LinkedIn profile.

Anchorage Digital also hired Frieder Weichelt as its chief information security officer. Weichelt previously served as chief risk officer at the crypto platform BitGo.

The executive moves come roughly nine months after the OCC ordered Anchorage Digital to overhaul its AML program and hire a BSA officer. The regulator found the bank failed to implement internal controls for customer due diligence and procedures for monitoring suspicious activity. Anchorage Digital also had failed to implement adequate BSA training for its staff, the OCC said.

In a January statement, the bank affirmed it has “set out to meet the highest regulatory requirements, and [is] committed to continuing to work aggressively to do so.”

“We’re reinforcing our commitment to strong regulatory standards and controls today by ushering in new leadership and capabilities that advance a forward-thinking path for regulated crypto,” the bank said.

Anchorage Digital became the first crypto firm to receive a national trust bank charter in January 2021.

For his part, Anchorage Digital CEO Nathan McCauley touched on the timeliness of the C-suite changes.

“Recent market events have reaffirmed what we have long believed: that security and regulation are key to increasing trust in the crypto economy,” he said. “Selecting a federal charter has been the cornerstone of our mission to best protect our clients, and we believe the addition of these members to our team is just the latest step in our longstanding commitment to compliant, secure-by-design digital asset banking.”

The bank named four other executives to new roles. Mo Abdoolraman, an alum of Chime, Goldman Sachs and Citi, will serve as Anchorage Digital’s interim head of know-your-customer. 

Daniel Sankey will lead Anchorage Digital’s financial intelligence unit. Sankey previously served as head of financial crimes compliance at Brex and has held various BSA compliance, reporting and investigative roles at Coinbase, Square and Wells Fargo. 

Anchorage Digital also named Scott Schwartz as its deputy BSA officer, in addition to retaining his duties as Office of Foreign Assets Control officer. 

Jessica Perkins will become Anchorage Digital’s enterprise risk management lead, expanding on her role overseeing third-party risk management, the bank said.

Several fintechs that facilitated loans through the $800 billion Paycheck Protection Program had lax anti-fraud standards that hampered their abilities to stop “obvious and preventable fraud,” according to a scathing report released in December by the House Select Subcommittee on the Coronavirus Crisis.

The panel, which investigated the role fintechs played in the program, claims the nonbank lenders accrued massive profits through PPP administration fees while failing to properly vet applicants.

The 130-page report, which Rep. James Clyburn, D-SC, the subcommittee’s chairman, shared with the Justice Department, also found that multiple banks admitted to having no formal program to monitor fintech partners or to detect fraud in the PPP loans they submitted.

Fintech firms’ lack of fraud controls made them the “paths of least resistance” for criminal gangs and fraudsters looking to exploit the coronavirus relief program, the subcommittee’s report concluded.

“Even as these companies failed in their administration of the program, they nonetheless accrued massive profits from program administration fees, much of which was pocketed by the companies’ owners and executives,” Clyburn said in a statement accompanying the report.

The committee’s investigation into PPP fraud among fintechs Kabbage and Bluevine was spurred by a May 2021 report by ProPublica, which detailed how Kabbage made 378 PPP loans totaling $7 million to fake business entities.

The subcommittee expanded its investigation to include Blueacorn and Womply, which the report concluded were the worst offenders. (Update: The Small Business Administration, which ran PPP, would bar Blueacorn and Womply from working with the agency “in any capacity” a week after the report was published.)

Womply, which collected $2 billion in PPP fees, and Blueacorn, which took in $1 billion, “failed to implement systems capable of consistently detecting and preventing fraudulent and otherwise ineligible PPP applications,” the subcommittee said.

The fintechs’ lending partners, Capital Plus and Harvest, “did little to oversee the activities of the companies to which they delegated their responsibilities,” the panel added. 

Blueacorn chased higher fees by giving priority and less scrutiny to high-dollar loans, designating them as “VIPPP,” according to the report.

“Blueacorn’s ownership directed reviewers to prioritize ‘monster loans [that] will get everyone paid,’” while urging employees to dismiss applications for smaller loans, the committee wrote.

Womply’s fraud prevention practices were criticized by the fintech’s lending partners, one of which described its systems as “put together with duct tape and gum,” according to the report.

Womply also refused to cooperate with the SBA inspector general’s office and lending partner Fountainhead, which requested information to investigate potential fraudulent loan activity carried out by PPP borrowers.

Fountainhead was forced to get “a temporary restraining order against [Womply], so they can’t destroy these [PPP loan] documents,” according to the report.

Blueacorn and Womply did not immediately respond to requests for comment.

‘Sh***y rules’

In Kabbage’s case, the subcommittee cited internal documents that showed the fintech missed “clear signs of fraud” in a number of its PPP applications. 

The firm’s 2020 acquisition by American Express exacerbated its PPP issues, the subcommittee found. 

“PPP borrowers were left at the mercy of an underfunded and understaffed spin-off company that failed to properly service their loans and would later file for bankruptcy,” the panel said.

In a statement to ProPublica, Kabbage said it was proud of the role it played in supporting businesses during the pandemic. 

“Kabbage’s existing online lending platform was able to process the sudden flood of loan applications, in a timely manner, in the midst of a national crisis and in light of ever-changing federal lending rules,” the company said. “Kabbage adhered to the applicable rules and regulations in good faith.” 

While Bluevine initially had its own issues with fraud, the fintech adapted to ongoing threats better than Kabbage, Womply and Blueacorn, because its partner bank, Celtic Bank, urged the fintech to invest in fraud controls and comply with SBA standards, the subcommittee found.

Bluevine, however, still faced difficulties in facilitating timely reporting of fraud to law enforcement, according to the report. 

Those delays caused Celtic Bank to submit late suspicious activity reports, which likely impeded law enforcement efforts to address ongoing fraud, the subcommittee concluded.

As fintechs and lenders observed high rates of PPP fraud, some placed the blame on the SBA and the Trump administration, the panel reported.

“[T]he industry should push hard to make sure the SBA accepts the fraud risk,” Reese Howell, CEO of Celtic Bank, said in an internal email obtained by the subcommittee.

The report also cited a September 2020 email in which Kabbage’s head of policy wrote: “At the end of the day, it’s the SBA’s sh***y rules that created fraud, not [Kabbage].” 

A spokesperson for Bluevine told Reuters the company “has remained committed to establishing and maintaining robust internal controls and governance processes" since its founding in 2013. 

A Celtic Bank spokesperson told the wire service the bank "made extensive and effective” efforts to combat fraud, “as recognized in the report.” 

Impact on future programs

The report follows an SBA proposal to end a 40-year moratorium on admitting new nonbank lenders to its flagship 7(a) lending program, a move that would allow fintech firms to participate for the first time. 

The report’s authors, however, urged Congress and the SBA to exercise caution when weighing whether fintechs should be involved in future government lending programs.  

“Based on these findings, Congress and the SBA should consider carefully whether unregulated businesses such as fintechs, many of which are not subject to the same regulations as financial institutions, should be permitted to play a leading role in future federal lending programs,” the report’s authors wrote. “In addition to requiring stricter oversight during emergency programs, the experience of the PPP should inform the SBA’s ongoing activities.” 

Greater oversight by the SBA must accompany any expansion of the agency’s programs to unregulated lenders or agents, the authors wrote.

Charlie Javice, the founder of the college financial planning site Frank — which JPMorgan Chase bought and later shut down — pleaded not guilty in May to charges of wire fraud, bank fraud, securities fraud and conspiracy to commit bank and wire fraud.

Javice, who was arraigned by video conference, had not entered a plea in the nearly seven weeks between her arrest (and release on a $2 million bond) and her indictment.

JPMorgan acquired Frank for $175 million in September 2021, but sued Javice in December, claiming she vastly exaggerated the platform’s customer base in an attempt to persuade the bank to make a deal. The bank asserts Javice then created fake student accounts to back up her claims.

In pitch materials and verbal presentations, Javice claimed Frank had 4.25 million users, but the platform’s actual customer base numbered fewer than 300,000, JPMorgan said in its suit.

Javice has denied the allegations, and sued JPMorgan in Delaware Chancery Court, alleging the bank launched an internal investigation of the Frank deal and later fired her from her role as head of student solutions to get out of paying her a $20 million retention bonus.

The Justice Department and Securities and Exchange Commission charged Javice in April on four counts. Javice has been in talks with prosecutors to settle the charges, according to a May 4 court filing seen by Bloomberg.

Javice’s case has seen at least two notable twists during her time in custody. Javice agreed, as part of the case, not to contact JPMorgan employees, but a magistrate judge later allowed her to be in touch with certain bank workers because the bank held her mortgage.

In another misfortune, Javice — shortly after JPMorgan put her on administrative leave — moved her money out of accounts with the bank because she “no longer wanted to bank with an entity that was retaliating against her,” she said.

But she transferred her money to Signature Bank, which would fail in March.

“As it happened, that timing was ill-fated,” Javice’s lawyer said, according to Bloomberg.

Lake Shore Bancorp CEO Daniel Reininga is resigning two months earlier than planned after an Office of the Comptroller of the Currency consent order found the lender in “troubled condition,” the Dunkirk, New York-based lender said in a March filing with the Securities and Exchange Commission.

Jeffrey Werdein will serve as the bank’s interim principal executive officer. Werdein has served as executive vice president of the bank’s commercial division since 2014. 

A July 2022 written agreement with the OCC found “unsafe or unsound” practices at the bank, including weakness in information technology security and risk governance. The OCC ordered the bank to create a compliance committee to monitor the bank’s progress and stipulated that it meet quarterly and submit reports to the board and the OCC along that interval.

However, a Feb. 9 consent order from the OCC overrode the July agreement. The OCC, in the February order, said Lake Shore is in “substantial noncompliance” with the written agreement. Further, the agency said the bank engaged in unsafe and unsound practices, including not adhering to the rules of the Bank Secrecy Act.

Lake Shore neither admitted nor denied the OCC’s findings, according to the consent order. But as part of the consent order, the bank must ensure it is led by efficient management, including the CEO. The lender also must receive the OCC’s approval before making any changes to its board or senior management team.

“I have been privileged to work with extraordinary bankers, as well as board and community members during the last 12 years,” Reininga said in a December press release announcing his intended May retirement. “I will treasure that work, but more so the relationships attached to it. And, above all, I know I am leaving the bank in capable hands as we continue to follow our mission of Putting People First.”

Lake Shore said in December it would conduct a national search for Reininga’s permanent replacement.

The bank serves western New York state with 11 branches in Chautauqua and Erie counties.

Reininga took Lake Shore’s helm in 2011 and grew its assets from $488 million to around $700 million, the bank said.

Lake Shore ceased its quarterly dividend and promised to use the capital to focus on “operational, compliance and governance deficiencies described in the order.”

The bank told the SEC of a cybersecurity breach that exposed customer personal information to hackers, in a filing in March 2022.

TD Bank, HSBC and McKinney, Texas-based Independent Bank have collectively agreed to pay $1.35 billion to settle litigation related to a Ponzi scheme orchestrated by disgraced financier R. Allen Stanford and uncovered in 2009, the banks announced in February.

The settlements came on a day when a trial on the matter was set to begin in the U.S. District Court for the Northern District of Texas. 

TD will pay the lion’s share of the settlement: $1.205 billion. The Canadian bank “provided primarily correspondent banking services” to Stanford’s firm, Stanford International Bank Ltd., and “maintains that it acted properly at all times,” it said in a statement.

“As has been the case throughout these proceedings, TD expressly denies any liability or wrongdoing … and makes no admission in connection to any Stanford matter,” the bank said. “TD elected to settle the matter to avoid the distraction and uncertainty of continuing a long legal proceeding.”

TD will record a provision of roughly 1.2 billion Canadian dollars ($880 million) after tax in the first quarter of 2023, it said. 

If the trial had proceeded, investors would have asked jurors to award damages of up to $10 billion each against TD and HSBC, and as much as $6.5 billion against Independent Bank, according to Bloomberg.

"Given all the challenges faced by the receivership since 2009, this is nothing short of a monumental recovery," Kevin Sadler, the Baker Botts partner who represents the receiver and the Official Stanford Investors Committee, told Reuters.

TD, HSBC and Independent are not the only banks to have settled in the Stanford case. French bank Societe Generale agreed earlier in February to pay $157 million to settle the suit. Jackson, Mississippi-based Trustmark agreed Dec. 31 to pay $100 million.

Independent Bank in February agreed to pay $100 million, an amount the bank called “consistent with the terms of prior Stanford-related settlements that have been approved by the Court and were not successfully appealed,” though the bank warned, “it is possible that the Court may decide not to approve the Settlement Agreement or that the Fifth Circuit Court of Appeals may decide to accept an appeal thereof.”

In its statement, Independent denied any liability or wrongdoing in connection with the Stanford suit. Like TD, the bank cited a desire to “avoid the cost, risks and distraction of continued litigation.”

Independent said it expects to recognize a $100 million expense in the first quarter of 2023 related to the settlement. The bank said it inherited the lawsuit in 2014, when it acquired the Bank of Houston.

Unlike TD and Independent, HSBC appears not to have issued a statement on the settlement. The bank did not respond to requests for comment from Bloomberg or Reuters, but both outlets reported HSBC will pay $40 million to settle the lawsuit.

The case

Investors assert the banks should have known Stanford’s promises of above-market returns on certificates of deposit were false, considering the financier’s bank was making hefty wire transfers, along with daily shipments of checks between Antigua and Stanford’s U.S. accounts. 

In previous court filings, the banks alleged they “provided routine banking services” to Stanford “and did not know — and could not have known — about the Ponzi scheme,” according to Bloomberg.

Investors, however, allege Trustmark, in a 2006 email trail, expressed “concerns” over an unusual pattern of “wire activity” among Stanford’s entities.

Investors asserted, therefore, the banks “had actual knowledge of the wrongdoing” but “nevertheless, aided and stood by and watched,” according to a November summary of the claims made by a U.S. district court judge and seen by Bloomberg.

By December 2008, Stanford International Bank claimed to have 30,000 clients from 131 countries and $8.5 billion in assets, mostly from sales of CDs. Rather than putting the money in conservative, liquid assets as promised, the funds went into risky projects and resort developments in Antigua, Bloomberg reported. 

Investors began cashing the CDs at an unsustainable rate as the financial crisis came to a head in late 2008, and Stanford halted redemptions, according to Bloomberg. While the financier told employees the bank had $5 billion in “excess liquidity,” Stanford’s controller determined it had $173 million on hand.

Stanford is serving 110 years in prison after being convicted in 2012 on fraud and money laundering charges. 

In an earlier round of Stanford litigation, a Canadian court ruled in TD's favor and found no liability, the bank said. The Ontario Court of Appeal affirmed the ruling, but an application for leave to appeal went to the Supreme Court of Canada.

“Evidence at trial would’ve shown that TD took in almost $7 billion in CD purchase money from investors, far more than any other bank,” with transfers that “bore numerous red-flag indications of money laundering,” Sadler told Bloomberg.

Charlottesville, Virginia-based Blue Ridge Bank named Kirsten Muetzel, a 10-year veteran of the Federal Reserve, as president of its fintech division, the bank announced in January.

The move comes roughly four months after the Office of the Comptroller of the Currency ordered the bank to improve its oversight of third-party fintech partnerships.

Blue Ridge and another Virginia-based bank, FVCB, terminated a planned merger in January 2022, about two months after delaying the transaction over “certain regulatory concerns” the OCC found with Blue Ridge.

“Kirsten is a respected thought leader in the industry, and she brings the perfect combination of banking supervision experience coupled with fintech industry knowledge and business acumen,” Blue Ridge CEO Brian Plum said in a statement. “Kirsten will be instrumental as we continue building the necessary infrastructure to support current partnerships while preparing the foundation upon which to build future success.”

Muetzel served in a host of roles for the Federal Reserve Bank of San Francisco between 2008 and 2019. She specialized in financial sector policy and analysis and counterparty credit risk analysis before serving as chief of staff for the region’s financial institutions supervision and credit unit, and capping her tenure as a central point of contact, according to her LinkedIn profile. 

She later served as head of finance for two fintechs, Metal and EarnUp, and chief risk officer for two more: Synctera and Fundid. Muetzel also spent more than three years focused on capital raising and mergers-and-acquisitions advisory services at Goldman Sachs.

At Blue Ridge, Muetzel is set to manage a portfolio of partners, strengthen regulatory compliance and advance the bank’s banking-as-a-service strategy. 

“There continue to be significant opportunities for banks to develop relationships with fintech firms and create new revenue streams while in turn enhancing products and services to existing customers,” Muetzel said. “Many of these fintech arrangements are focused on improving access to financial services, which can make a real difference in someone’s day-to-day life, and thereby inspires me.”

Under the OCC’s order, Blue Ridge must obtain the regulator’s non-objection before entering into any new contracts with fintech partners or adding new products in cooperation with existing partners.

The bank also agreed to show, in an “action plan,” how it would better monitor suspicious activity, including “high risk customer activity involving … third-party fintech partners.”

A Blue Ridge-appointed compliance committee must also provide quarterly details of corrective actions the bank intends to implement, the timelines to complete them, the names of the people responsible and status updates on those measures.

Appointing a fintech division chief presumably puts a new name atop that list.

The Consumer Finance Protection Bureau has received 8,300 crypto-asset complaints since October 2018 with the majority of those in the past two years, according to a November bulletin.

Consumers listed fraud and scams as the main issue in 40% of the crypto-related complaints registered since October 2018, the agency said.

“Our analysis of consumer complaints suggests that bad actors are leveraging crypto-assets to perpetrate fraud on the public,” CFPB Director Rohit Chopra said in the bulletin. “Americans are also reporting transaction problems, frozen accounts, and lost savings when it comes to crypto-assets.”

Complaints surged with the rise of price volatility and the adoption of crypto assets in recent years, the bureau said.

The bulletin comes in the wake of a proposed — and later canceled — acquisition of crypto exchange FTX by competitor Binance. 

Binance CEO Changpeng Zhao said Nov. 8 he would bail out FTX amid a “liquidity crunch.” Zhao reversed course the next day, after looking at FTX’s balance sheet. (FTX would file for bankruptcy protection on the day this story was published.)

The Securities and Exchange Commission, Commodity Futures Trading Commission, and Justice Department, incidentally, are investigating whether FTX improperly handled customer funds.

The drama that unfolded on social media prompted Rep. Patrick McHenry, R-NC, to ask for tougher regulations around digital assets.

Money transmission licenses primarily regulate most cryptocurrency exchanges at the state level, but there is a lapse from the federal government, American Banker reported. Many businesses dealing with digital assets are registered with the Financial Crimes Enforcement Network, but not all follow the anti-money laundering guidelines the agency issues.

Poor customer service was the common theme running through most of the complaints, the CFPB found. Transactional issues made up one-quarter of the complaints, while lack of availability when needed made up 16%.

“Hacks by malicious actors have marred crypto-assets, and led to significant financial loss by consumers with no recourse for recovering stolen funds,” the bulletin indicated.

Fraudsters know their way around crypto exchange platforms and can obscure their movement of crypto assets to other accounts making it difficult and time-consuming for regulators and law enforcement to trace the stolen crypto assets, the CFPB said.

The bureau also cautioned against romance and “pig butchering” scams, and other tricks employed by “malicious actors” to extort money. Since there are no government agencies or financial regulators to insure crypto assets, clients must rely on the online resources of the Federal Trade Commission and the CFPB to identify scams, the agency said.

“People should be wary of anyone seeking upfront payment in crypto-assets, since this may be a scam,” Chopra said. “We will continue our work to keep the payments system safe from fraudsters targeting Americans.”