A Blog About FTC regulations and happenings
Civil or Criminal Liability: Charging A Payment Processing Case by Coin Toss?
In the eyes of federal investigators, when is a payment processor considered a benevolent alternative to traditional banks, and when is it viewed as a shady facilitator of all things criminal? In other words, is the client another Paypal or Venmo, or are we looking at a potential WireCard AG prosecution? We have noticed in recent cases that prosecutors are across the board in their treatment of payment processors they pursue for wrongdoing, charging some with criminal liability and others with civil liability only.
“Why the difference?” Unfortunately, the answer is not entirely clear: Unlike other areas of federal prosecution, there is no definitive guidance for prosecutors on how to treat payment processors; nor is there an obvious checklist for clients to consider for avoiding government scrutiny. There are, however, some common considerations and assumptions that accompany these types of cases, and while they hardly form a comprehensive playbook to study, it’s at least a start.
In deciphering Department of Justice (“DOJ”) priorities, policies, and practices, we typically look first to the Justice Manual (formerly the U.S. Attorney Manual). The Justice Manual is an ever-burgeoning document that covers broad policies about federal statutes and policies, all the way down to who prosecutors should consult at DOJ when they have a question about indicting an illegal sportsbook operation or using the mail fraud statute. Alas, this isn’t a great help for deciphering prosecutor treatment of payment processors: searching the Justice Manual for payment processing guidance only turns up a string of DOJ press releases. There is no “niche” of prosecutors, nor any sort of Manual guidance for this particular realm. There is simply a growing body of prosecutions around the country.
But we can look at and draw some conclusions from those press releases. While anecdotal, these statements shed light on the DOJ’s direction in enforcement actions against payment processors. Some patterns emerge that may be decent predictors of what the feds are concerned with when it comes to payment processing.
- Vulnerable victims: to the extent that the investigators believe the processors are knowingly (we’ll come back to that) fleecing the elderly, that will always be a hook to support a splashy prosecution. If the processor’s merchants include mass mailers, pyramid schemes, or high yield investment property sales, that can be of interest to the feds because of the target audience of these ploys.
- High dollar volume: While in many ways this can be a deceptive metric, the sheer transactional volume of a processor can grab the attention of federal prosecutors. For purposes of establishing the all-important “loss” amount for the guidelines, the dollar value of processing transactions (clearly not the same as the processor’s profit, of course) can be a big sales point for an agent talking to his or her favorite white-collar prosecutor.
- Red flag merchants: Often payment processors are dragged down by the weight of their criminal clients. If the most profitable merchants are engaged in criminality – anything from fraudulent sweepstakes solicitations to distributing child pornography – it is easy for prosecutors to make the leap to assuming the processor knew of the client’s criminal activity.
- Repeat offenders: Obviously a literal repeat offender, previously convicted of money laundering or wire fraud, will be an easy sell for an agent pitching his case to an Assistant U.S. Attorney, but lesser forms of “repeat offending” are still important. For example, state prosecutions for money remittance without a license, or even cease and desist letters from state regulators, provide fertile evidence for prosecutors who must show the processor’s knowledge of facilitating crime or trafficking proceeds of crime.
Regardless of how federal prosecutors end up charging payment processing cases, the inevitable issue for the individual defendants will be knowledge of the unlawful scheme. That can be relatively easy, if the CEO suddenly cannot account for a “missing” $2.1 billion, as is alleged in the WireCard AG case. Similarly, if a whistle-blower or forensic audit determines that the processor is clearly “cooking the books,” then expect the worst. But a lot of these cases appear to have a much “grayer” story when it comes to proving knowledge. A close look at the company’s Know Your Customer (KYC) compliance and its general use of Due Diligence are likely to be important aspects of the investigation. The company’s willingness to terminate accounts linked to wrongdoing and to issue Suspicious Activity Reports for particular transactions can be important. Conversely, a culture of willful blindness within the organization will go a long way to proving criminal intent.
One fallacy that arises within these prosecutions is the mythical loss calculation. Big dollar seizures and accusations tend to dominate DOJ press releases. Those calculations also color the AUSA’s position regarding pretrial release and, ultimately, on the sentencing guideline range. But the money passing through the processor’s accounts is astronomically higher than the fee taken in by the processor, much less the ultimate profit. And prosecutors tend to lump perfectly legitimate transactions into this headline grabbing sum, so long as some aspect of the operations or operators is crooked.
The allure of payment processing for start-up entrepreneurs is not likely to dissipate anytime soon. Accordingly, expect to see more prosecutions (as well as FTC enforcement actions, such as here and here, which are not the focus of this piece, but are a popular enforcement mechanism) but, hopefully, some increased predictability and regularity as to what triggers these investigations so the lawyers can keep their clients out of harm’s way. But it goes without saying that a robust compliance program, as we discuss here, is an important step to reducing exposure.