After breaching DPA, MoneyGram forfeits $125 million, agrees to further improve AML, fraud tactics
Saturday, November 10, 2018
Posted by: Brian Monroe
By Brian Monroe
November 9, 2018
One of the country’s largest money transmitters has agreed to forfeit $125 million after breaching the provisions of a 2012, $100 million settlement for broad failures in financial crime compliance programs and for not adequately identifying agents engaged in fraudulent funds transfers.
The U.S. Department of Justice (DOJ), Federal Trade Commission (FTC) and other federal authorities stated Thursday that Dallas-based MoneyGram International Inc. had breached the provisions of its 2012 deferred prosecution agreement (DPA), which gave the company five years to improve its anti-money laundering (AML) and counter-fraud programs – a deadline that was up in 2017.
Authorities allowed MoneyGram to extend the DPA to November of this year, but was still found to have “significant weaknesses” in uncovering and preventing rogue agents from engaging in fraudulent transfers from a range of domestic and foreign scammers, a cabal typically preying on the elderly and vulnerable by making wild claims, like a person won a sweepstakes or lottery, and only needed to pay the “taxes or fees.”
To read the full DOJ report, click here.
“During the course of the DPA, MoneyGram experienced significant weaknesses in its AML and anti-fraud program, inadequately disclosed these weaknesses to the government, and failed to complete all of the DPA’s required enhanced compliance undertakings,” according to prosecutors.
“As a result of its failures, MoneyGram processed at least $125 million in additional consumer fraud transactions between April 2015 and October 2016,” according to the DOJ.
To remedy that, the remitter has agreed to forfeit $125 million – $25 million more than the original penalty figure – and must pledge to further enhance its AML programs to prevent similar problems from festering unaddressed. The funds are earmarked to go to victims who lost money in the various schemes.
The penalty continues a regulatory trend in recent years where non-monetary enforcement actions against financial institutions, if the compliance issues are not addressed to the depth or timeliness of examiners’ expectations, mushroom into hefty penalties.
In that same vein, in several recent cases, financial institutions that negotiated high-profile DPAs and other settlements have had their terms lengthened or been required to pay higher fine figures and engage in more aggressive remediations – in many instances while a corporate monitor closely reviews progress or lack thereof to update federal regulators and investigative agencies.
Five-year DPA nearly doubles to decade
For MoneyGram, along with the forfeiture, federal authorities have extended its DPA compliance deadline another 2-1/2 years.
The 2012 settlement cited a host of gaps in MoneyGram’s programs to counter money laundering and jettison agents who were, in some cases, actively helping fraudsters fleece innocent consumers, including:
- Not terminating specific MoneyGram outlets after being presented with information that strongly indicated that the outlets were complicit in consumer fraud schemes
- Not implementing a policy for terminating outlets that posed a high risk of fraud
- Structuring MoneyGram’s AML program in a way that information aggregated by MoneyGram’s Fraud Department on outlets, including the number of consumer fraud reports that particular outlets had accumulated over specific time periods, was not generally provided to the MoneyGram analysts who were responsible for filing suspicious activity reports (SARs) with FinCEN.
In the amended DPA, MoneyGram must raise the level of its financial crime program in several areas, going beyond what it had to do in the prior settlement, including creating policies or procedures:
· to block certain reported fraud receivers and senders from using MoneyGram’s money transfer system within two days of receiving a complaint identifying those individuals;
· to require individuals worldwide to provide government-issued identification to send or receive money transfers;
· to monitor all money transfers originating in the United States in its anti-fraud program; and
· to terminate, discipline, or restrict agents processing a high volume of transactions related to reported fraud receivers and senders.
Agent oversight continues to vex MSB sector
The challenge of agent oversight and preventing scammers from abusing the ease of wiring money internationally, particularly if the figures are in smaller, under-the-radar increments, is not unique to MoneyGram.
In early 2017, fellow remitter industry titan Western Union paid pay nearly $600 million to U.S. authorities, the largest compliance-related penalty ever against a money services business, for enabling a range of frauds and financial crimes, failures in agent oversight, and not filing thousands of suspicious activity reports.
In the order, Englewood, Colorado-based Western Union forfeited $586 million and entered into a DPA as well with DOJ, FTC and other authorities on charges of wire fraud and having a criminally lax AML program.
At its heart, the order centered around one the money services business (MSB) sector’s most oft-criticized and weakest links, their far-flung networks of often diminutive agents.
These are frequently one or two-person operations doing business on behalf of a larger remitter, and in many cases can be working for several remitters at one time, making paying attention to the obligations of any one a chore.
The Western Union order focused on actions between 2004 and 2012, where Western Union violated U.S. AML laws and anti-fraud statutes by “processing hundreds of thousands of transactions for Western Union agents and others involved in an international consumer fraud scheme,” involving rogue agents and sub agents in and doing business with jurisdictions including Mexico, Latin America, the United Kingdom and China.
The penalty, like the MoneyGram action, is also another reminder – for any entity considered a financial institution, not just MSBs – that obligations to stop financial crime do not end at creating, staffing and filing suspicious activity reports (SARs) under explicit AML rules and guidance.
The clear message from the cumulative actions against these money remitters and record penalties against banks is that the AML program must tacitly go further into the realm of fraud.
This includes understanding when transactions give hints of, say, "Nigerian prince" and romance scams, and when it appears customers are being taken advantage of, a connection that could be made at the teller level with proper convergent AML and fraud training on classic and emerging red flags.
Concern from DOJ, contempt from the FTC
In an interlinked case, MoneyGram also faced contempt charges from the FTC, with the agency stating the remitter also violated its 2009 order requiring the company to implement a more rigorous fraud prevention program.
Specifically, MoneyGram promised to take a more proactive and comprehensive approach to investigate and cull agents associated with higher numbers of fraud complaints or linked to suspicious transactions to countries known to be associated with scams.
Not only did that not happen to the FTC’s pleasure, the remitter continued to allow high-fraud agents to dupe consumers and support fraudsters.
“MoneyGram was aware for years of the high levels of fraud and suspicious activities involving certain agents, including large chain agents, but failed to promptly conduct required reviews or suspend or terminate agents, as required by the 2009 order,” according to the FTC.
Regardless of MoneyGram’s issues to sanction recalcitrant agents, authorities have not tarried in their aggressive approach to counter them.
To date, the U.S. Attorney’s Office of the Middle District of Pennsylvania has charged 37 MoneyGram agent owners for conspiracy, money laundering and fraud-related violations, with 28 of those ending in convictions.
In its own updated and strengthened order, the FTC is requiring MoneyGram to more forcefully “block the money transfers of known perpetrators of fraud schemes and provide refunds to fraud victims in circumstances where its agents fail to comply with applicable policies and procedures,” and similar to the remitter’s banking brethren, employ classic AML conceits, including, “enhanced due diligence, investigative, and disciplinary requirements.”
It's not only federal authorities who are heavily scrutinizing how MoneyGram complies with the latest lengthened agreements.
In early 2016, the company paid $13 million to settle an investigation by U.S. states originating from customer complaints that scam artists duped them into wiring funds via the money transfer service, state attorneys general said at the time.
The settlement eventually negotiated with attorneys general in 49 states and Washington, D.C., included $9 million for a nationwide fund collected to better facilitate the return of money to some defrauded customers and $4 million to cover states' costs and fees.
Similar to the federal agreements, MoneyGram, also made a bevy of ovations stating it would improve fraud-detection measures across a global network of approximately 350,000 locations where money transfers are sent and received.