In a recent line of enforcement actions, the Consumer Financial Protection Bureau (CFPB) has signaled that it will hold payment processors liable if the CFPB believes the processors know or should have known that transactions processed for their processing customers are fraudulent or illegal. The most recent of these enforcement actions was filed on June 6 against Intercept Corporation, an Automated Clearing House (ACH) payment processor, and its owners for allegedly enabling its customers to make fraudulent and illegal ACH debits against consumer accounts in violation of the prohibition on unfair, deceptive, or abusive acts or practices under the Consumer Financial Protection Act.¹

The CFPB alleged that Intercept’s clients (which include debt collectors, payday lenders, auto title lenders and sales finance corporations) were initiating large numbers of unauthorized, fraudulent, and illegal transactions and that Intercept was processing those transactions even though it knew, or consciously avoided knowing, that the transactions were not legitimate. The CFPB alleged that the payment processor failed to conduct adequate due diligence and monitoring of its clients’ activities and ignored numerous red flags, including:

• Repeated consumer complaints regarding unauthorized transactions. 
• Numerous warnings and complaints from Intercept’s bank partners regarding high rates of rejected transactions, discrepancies in transaction information, and other suspicious activity. According to the CFPB, if one of these banks terminated its relationship with Intercept, Intercept would find a new bank to continue processing transactions for Intercept’s clients, rather than investigate the suspicious activity. 
• Excessively high levels of rejected transactions (some of Intercept’s clients had rejected transactions at more than 25 times the national average). 
• Federal and state law enforcement actions against Intercept’s clients regarding illegal business conduct, unauthorized transactions and other activity that could have raised Intercept’s suspicion.

In a press release related to the enforcement action, CFPB Director Richard Cordray admonished the payment processor for ignoring “clear signs of brazen fraud” and stated that “[c]ompanies cannot turn a blind eye to wrongdoing when they process payments from consumer banking accounts on behalf of clients that are breaking the law.” The complaint alleged that Intercept either knew or should have known of the illegal behavior of its clients, and therefore played a critical role in enabling the unlawful and deceptive conduct of its clients.

The Intercept enforcement action follows a recent 2015 enforcement action by the CFPB alleging that payment processors facilitated their clients’ large-scale fraud by enabling them to accept credit and debit card payments from consumers when the processors knew or should have known that their clients were engaging in unlawful debt collection practices. The CFPB alleged that the processors did not follow their own credit and underwriting policies, failed to perform adequate diligence on their debt collector clients, failed to investigate red flags, and ignored numerous indicators that the merchants were conducting fraud.

Based on this line of CFPB enforcement actions, the CFPB is sending a clear message to processors that it expects them to actively monitor for, and take action with respect to, red flags and other suspicious activities related to the transactions they process, and that the CFPB will seek regulatory enforcement against processors that turn a blind eye to indications of fraudulent and illegal transactions.
                                         

¹12 U.S.C. §§ 5531(a) and 5536(a)(1)(B).