With the recent announcement by the U.S. Department of Justice (DOJ) that it had settled separate lawsuits against two small banks charged with facilitating consumer fraud through their relationships with third-party payment processors, reports of the demise of "Operation Choke Point" may be premature. “Operation Choke Point” is the coordinated federal multiagency enforcement initiative targeting banks serving online payday lenders and other target companies that have raised regulatory or “reputational” concerns.

Like the DOJ’s action last year against Four Oaks Bank & Trust Company, the actions against CommerceWest Bank and Plaza Bank were both brought under the Anti-Fraud Injunction Act and the Financial Institutions Reform, Recovery, and Enforcement Act. All of the DOJ’s claims are based on the banks’ alleged commission of a predicate federal criminal offense—knowing participation in a wire fraud scheme.

The complaints alleged that the banks ignored many “red flags,” such as return rates of 50 percent or more for transactions generated by the payment processors, consumer complaints about unauthorized withdrawals, and complaints from other banks whose customers’ accounts had been debited for unauthorized transactions. The merchants serviced by the CommerceWest Bank processor included a telemarketing company and a payday loan finder; the merchants serviced by the Plaza Bank processor included Internet-based merchants offering identify theft protection insurance.

A criminal complaint was also filed against CommerceWest Bank alleging that the bank failed to file suspicious activity reports as required by the Bank Secrecy Act (BSA). Given the extreme nature of both banks’ alleged conduct, it is unclear why the DOJ filed criminal charges against only CommerceWest Bank.

CommerceWest Bank’s settlement requires it to pay a $1 million civil money penalty to the U.S. Treasury and forfeit $1 million to the U.S. Postal Inspection Service Consumer Fraud Fund, representing in total 3.6 percent of the bank’s net worth as of December 31, 2014. The criminal charges are deferred for two years in exchange for the bank admitting its wrongdoing, cooperating in other civil and criminal investigations, and giving up any claim to $2.9 million seized by the Postal Inspection Service from the processor’s account. Plaza Bank’s settlement requires it to pay $1 million to the Treasury as a civil money penalty and forfeit $225,000 to the Fraud Fund, representing in total 2 percent of the bank’s net worth as of December 31, 2014.

In addition to the monetary relief, the consent orders limit the banks’ dealings with third-party payment processors and merchants. Limits relating to third-party payment processors include a prohibition on doing business with a processor that:

• is not duly licensed as a money transmitter in all relevant states (or certified by state authorities as not needing a license) and registered with FinCEN as a money services business; and
• processes payments for any merchant that generated transactions in excess of specified return thresholds (0.5 percent for unauthorized debits, 3 percent for data quality returns, and 15 percent for total returns) unless the bank performs extensive diligence on the merchant within 45 days of its exceeding a threshold and determines to its reasonable satisfaction that the merchant is complying with federal law and the law of any state where the merchant or its customers are located.

The CommerceWest Bank settlement prohibits the bank from providing “bank accounts or banking services” to processors processing payments for high return merchants, while the Plaza Bank settlement also prohibits the bank from providing “ACH or credit card services, access, or processing” to such processors.

The settlements also establish certain conditions the banks must satisfy to do business with merchants. CommerceWest Bank must satisfy such conditions to provide “ACH services, access, or processing” directly or through a third-party payment processor to any merchant engaged in telemarketing or an Internet-based business; Plaza Bank must satisfy the same conditions to provide “banking accounts, banking services, ACH or credit card services, access, or processing” to any merchant through a third-party payment processor.

Such conditions require the banks to conduct, before doing business with a merchant and quarterly thereafter, the due diligence required for direct bank customers and establish, after reasonable inquiry, the merchant’s compliance with federal law, the law of any state where the merchant or its customers are located, and NACHA rules. In addition, Plaza Bank is prohibited from accepting remotely created checks (RCCs) as an originating depository financial institution (ODFI) from a third-party processor in connection with telemarketing or Internet-based businesses; CommerceWest Bank may only accept such RCCs as an ODFI with advance federal authorization.

The limits placed on the banks’ dealings with third-party processors and merchants by the new settlements are similar to those imposed on Four Oaks Bank & Trust Company in the DOJ’s settlement of its first "Operation Choke Point" lawsuit last year. That bank had processed ACH transactions for payday lenders through an arrangement with a third-party payment processor. Based on allegations of inadequate diligence and control over the processor and its customers, the DOJ obtained $1.2 million in monetary relief (representing 2.6 percent of the bank’s net worth as of the calendar quarter ended most recently before announcement of the settlement). The settlement also included injunctive relief addressing the bank's dealings with third-party payment processors and targeted companies. (For more on the settlement, see our legal alert.)

The extreme nature of the conduct alleged in these new cases makes it difficult to determine whether the settlements evidence substantial continuing vitality in “Operation Choke Point.” Regardless of the answer, the operation’s effects will continue for companies in targeted industries. Banks can be expected to closely scrutinize the activities of target companies in deciding whether to establish, retain, or restore relationships with them. Accordingly, these companies must be able to demonstrate to their banks that they are in compliance with applicable federal and state law.

To assist in this endeavor, Ballard Spahr and FTI Consulting, one of the world’s leading consulting companies serving financial services businesses, have launched their own operation—“Compliance Monitor.” Compliance Monitor provides formal assessments and helps companies evaluate and improve their compliance programs, with the goal that those companies that receive positive evaluations will be able to establish, retain. or restore banking relationships.