NY Bank Fined for Failing to Verify Customer Identities

A New York bank settled charges with the Federal Reserve Board ("FRB") and New York Department of Financial Services ("NYDFS") for supervisory and Bank Secrecy Act compliance deficiencies in connection with the bank’s issuance of prepaid card accounts.

In separate Orders (see here and here), the FRB and NYDFS found that the bank issued prepaid cards using a third-party program manager without the bank properly vetting applicant identities. The FRB and NYDFS stated that although the bank had received multiple reports indicating widespread fraud related to its prepaid cards, the bank continued to issue them. As a result, the illicit actors using stolen identities received more than $300 million in state unemployment insurance benefits via the bank's prepaid cards, approximately $200 million of which has not been recovered.

The FRB also found that the bank violated Customer Identification Program ("CIP") requirements (Bank Secrecy Act Rule 1020.220) by failing to implement risk-based procedures to verify a customer’s identity. Separately, the NYDFS found that the bank violated New York Banking Law by failing to maintain an AML program.

To settle the charges with the FRB, the bank agreed to (i) pay a civil monetary penalty of $14,478,676 and (ii) submit respective plans to revise its customer identification program and board oversight. To settle charges with the NYDFS, the bank agreed to (i) pay a civil monetary penalty of $15,000,000, (ii) submit a written description of its current program to supervise its third-party program managers and (iii) submit a status report regarding updates to the bank's BSA/AML compliance program.