In an action that appears to signal stepped-up scrutiny of non-bank prepaid card distributors by federal banking regulators, the Federal Deposit Insurance Corp. on Friday announced it is fining Achieve Financial Services LLP $110,000 and forcing it to pay at least $1.1 million in restitution to consumers.
The FDIC also levied a $600,000 civil penalty on First California Bank, Westlake Village, Calif., which issues a MasterCard-branded prepaid card managed by Austin, Texas-based Achieve.
In separate consent orders dated May 28, the banking regulator alleges the bank and the program manager deceptively promoted services, pricing, and features linked to the MasterCard product, including “free” online bill-pay services that actually carried fees, other features that weren’t available, and fees that weren’t clearly spelled out.
Specifically, the agency said the practices violated Section 5 of the Federal Trade Commission Act as well as the Treasury Rule, which covers use of the automated clearing house system to send government benefits to prepaid cards.
The restitution funds will be used to reimburse more than 64,000 cardholders. Achieve and First California agreed to issuance of the consent orders without admitting any violations.
While seen strictly as an overseer of banks, the FDIC in this case used a theory that intimately links banks and the prepaid program managers they hire as a basis for its enforcement action against Achieve. Under this theory, the agency refers to Achieve as an “institution-affiliated party” of FCB. Some experts who follow the industry say this theory could lead to more such actions by regulators.
“It definitely puts the industry on notice that they may end up in an environment that is as heavily regulated as any banking environment,” says Ben Jackson, an analyst at Mercator Advisory Service, Maynard, Mass., who follows prepaid cards. “Part of this is a recognition on the part of regulators that they can’t effectively regulate if they can’t examine those acting in the bank’s name.”
Others who follow the payments business more broadly say the extension of federal reach beyond banks could soon affect the fledgling business of mobile payments, particularly digital wallets that include prepaid payment instruments offered by partnerships between bank and non-bank players. Regulators “are definitely laying the groundwork for non-card prepaid,” notes Erin Fonte, an attorney at Austin, Texas-based law firm Cox Smith whose practice embraces payments issues. “This [Achieve case] opens the door [to increased scrutiny] for anyone who’s partnering with a bank.”
The consent orders for both Achieve and FCB not only prescribe penalties but also lay out a long series of detailed and ambitious actions the entities must take to ensure misleading or deceptive practices don’t recur. For Achieve, these include requirements that the company hire a compliance officer and consultant, that it devise a compliance plan, and that its compliance reports receive review from the FDIC and from the company’s board of directors.
The move against Achieve follows a recent trend among federal regulators to issue warnings about the actions of non-bank entities in the payments industry and to look more closely at their relationships with financial institutions.
This is also not the first time the FDIC has moved against a third-party card vendor. Last August, it announced a settlement with The Bancorp Bank and program manager Higher One Inc. in a case involving non-sufficient funds (NSF) fees on student debit cards. The agency, ordered Higher One to pay $11 million in restitution to about 60,000 cardholders along with $110,000 in fines. The Bancorp Bank was hit with a $172,000 fine.
As in the case against FCB and Achieve, the FDIC linked the third party provider to the bank by calling Higher One an “institutionally affiliated party” of The Bancorp Bank.
The Achieve-FCB case also follows a June 2011 guidance for national banks from the Office of the Comptroller of the Currency that spelled out a number of steps to control risks in prepaid card programs, including steps to better manage third-party distributors and program managers. In the guidance, the OCC included a recommendation that banks include in their contracts with third parties “a clause outlining the OCC’s authority to examine the third-party service provider under the Bank Service Company Act, and assess the provider’s ability to perform under its contractual obligations.”
Some experts see the OCC’s insertion of itself in banks’ negotiations with third-parties as having laid the foundaton for the FDIC’s action against Achieve. “Everyone has waited for this shoe to drop since the OCC [guidance],” says Jackson. “The OCC guidance led the way.”
It seems likely, indeed, that any future actions against non-banks could come from a broad range of regulatory agencies. Both Jackson and Fonte note with interest that the latest enforcement action comes from the FDIC, not the Consumer Financial Protection Bureau, which was formed under the 2010 Dodd Frank Act explicitly to regulate firms that offer financial services to consumers. “It’s an assertion [by the FDIC] that we’re not abdicating our responsibility, that the CFPB is not the final word on regulation.”