MoneyGram Agrees to Extend Deferred Prosecution Agreement, Settle FTC Allegations, Forfeit $125 Million for Anti-Money Laundering and Anti-Fraud Compliance Failures

On November 8, federal authorities in the United States took two coordinated actions pertaining to MoneyGram, a global money services business headquartered in Dallas, and its reported failure to comply with prior anti-money laundering and anti-fraud related obligations.

First, the U.S. Department of Justice announced that MoneyGram “agreed to extend its deferred prosecution agreement and forfeit $125 million due to significant weaknesses in MoneyGram’s anti-fraud and anti-money laundering (AML) program resulting in MoneyGram’s breach of its 2012 deferred prosecution agreement (DPA).”  In addition to the monetary payment and extension of the DPA for an additional 30 months, MoneyGram agreed to enhance its anti-fraud and AML compliance programs.

The DPA dates back to 2012, when MoneyGram agreed to forfeit $100 million and admitted to criminally aiding and abetting wire fraud and failing to maintain an effective anti-money laundering program.  According to court documents related to the DPA and a criminal information filed in the Middle District of Pennsylvania, MoneyGram “was involved in mass marketing and consumer fraud phishing schemes, perpetrated by corrupt MoneyGram agents and others, that defrauded tens of thousands of victims in the United States.  MoneyGram also failed to maintain an effective anti-money laundering program in violation of the Bank Secrecy Act.”

The Justice Department’s 2012 release about the DPA further stated:

Despite thousands of complaints by customers who were victims of fraud, MoneyGram failed to terminate agents that it knew were involved in scams.  As early as 2003, MoneyGram’s fraud department would identify specific MoneyGram agents believed to be involved in fraud schemes and recommended termination of those agents to senior management.  These termination recommendations were rarely accepted because they were not approved by executives in the sales department and, as a result, fraudulent activity grew from 1,575 reported instances of fraud by customers in the United States and Canada in 2004 to 19,614 reported instances in 2008.  Cumulatively, from 2004 through 2009, MoneyGram customers reported instances of fraud totaling at least $100 million.

As part of the DPA, MoneyGram had agreed to enhanced compliance obligations and structural changes to prevent a repeat of the conduct charged in the information, including:

• “Creation of an independent compliance and ethics committee of the board of directors with direct oversight of the chief compliance officer and the compliance program;
• “Adoption of a worldwide anti-fraud and anti-money laundering standard to ensure all MoneyGram agents throughout the world will, at a minimum, be required to adhere to U.S. anti-fraud and anti-money laundering standards;
• “Adoption of a bonus system which rates all executives on success in meeting compliance obligations, with failure making the executive ineligible for any bonus for that year; and
• “Adoption of enhanced due diligence for agents deemed to be high risk or operating in a high-risk area.”

Despite MoneyGram’s agreement to a five-year monitorship – an exceptionally long duration for a corporate monitorship – the Justice Department’s 2018 release about the DPA extension stated that according to the joint motion that it and MoneyGram filed to extend and amend the DPA,

MoneyGram breached its 2012 DPA.  During the course of the DPA, MoneyGram experienced significant weaknesses in its AML and anti-fraud program, inadequately disclosed these weaknesses to the government, and failed to complete all of the DPA’s required enhanced compliance undertakings.  As a result of its failures, MoneyGram processed at least $125 million in additional consumer fraud transactions between April 2015 and October 2016.

As part of the amendment to and extension of the DPA, MoneyGram agreed to additional enhanced compliance obligations.  These included creating policies or procedures

• “to block certain reported fraud receivers and senders from using MoneyGram’s money transfer system within two days of receiving a complaint identifying those individuals;
• “to require individuals worldwide to provide government-issued identification to send or receive money transfers;
• “to monitor all money transfers originating in the United States in its anti-fraud program; and
• “to terminate, discipline, or restrict agents processing a high volume of transactions related to reported fraud receivers and senders.”

Second, the Federal Trade Commission (FTC) announced that MoneyGram agreed to pay $125 million to settle allegations that it failed to take steps required under a 2009 FTC order “to crack down on fraudulent money transfers that cost U.S. consumers millions of dollars.”  The FTC alleged “that MoneyGram failed to implement the comprehensive fraud prevention program mandated by the 2009 order, which requires the company to promptly investigate, restrict, suspend, and terminate high-fraud agents.”

In particular, the FTC alleged that MoneyGram’s failures included:

• Noncompliance of MoneyGram’s standards for taking disciplinary actions with the 2009 order, “because those standards required agents to have unreasonably high fraud rates before they could be suspended or terminated[.]”
• Frequent failure “to promptly conduct the required reviews or to suspend or terminate agents, particularly those from larger locations with high levels of fraud.”
• Failure to “place any restrictions on one large chain agent until approximately mid-2013, even though the chain was the subject of more fraud complaints than any other MoneyGram agent worldwide. Some of the chain’s locations had fraud rates as high as 50 percent of the money transfer activity. When it did take disciplinary action, MoneyGram focused on lower-volume, ‘mom and pop’ agents with high levels of fraud, while treating large chain agents differently[.]”
• “MoneyGram’s computerized monitoring system, aimed at blocking known fraudsters from using its service, malfunctioned for an 18-month period in 2015 and 2016. During that time, MoneyGram failed to block individuals that the company knew or should have known were using its service for fraud or to obtain fraud-induced money transfers.”
• Failure “to properly vet its agents and by not providing appropriate training on how to detect and prevent consumer fraud for all its agents, including locations with high fraud rates.”
• Failure, in some cases, to record the complaints that it received about fraud-induced money transfers and to share that information with the FTC.

In addition to the $125 million payment, MoneyGram agreed with the FTC to “an expanded and modified order that will supersede the 2009 order and apply to money transfers worldwide. The modified order requires, among other things, that the company block the money transfers of known fraudsters and provide refunds to fraud victims in circumstances where its agents fail to comply with applicable policies and procedures. In addition, the modified order includes enhanced due diligence, investigative, and disciplinary requirements.”

Note: In a November 8 MoneyGram press release, MoneyGram Chairman and Chief Executive Officer Alex Holmes stated that “we have taken significant steps to improve our compliance program and have remediated many of the issues noted in the agreements.”  Those reported steps include investment of invested more than $100 million since 2012 in compliance technology, agent oversight, and training programs; implementation of “new, industry-leading consumer verification standards” that prevented approximately $1.5 billion in fraudulent transactions; and engagement of “a leading global consulting firm to support the company’s efforts to enhance its compliance program.”

The fact remains that the information set forth in the amended and extended DPA and the modified FTC order, and public documents related to both actions, indicates an unusually broad range of compliance failures by MoneyGram – the more unusual because the failures relate to specific commitments to which MoneyGram had acceded in 2009 with the FTC and agreed in 2012 with the Justice Department.  Moreover, the list of those failures is likely to be particularly frustrating to law enforcement authorities in the United States and in multiple countries.  As one point of reference, in 2010 the International Mass-Marketing Fraud Working Group (which I once co-chaired), in a threat assessment on mass-marketing fraud, identified the critical role of money-transfer systems such as MoneyGram in receiving funds from mass-marketing fraud victims.  The fact that MoneyGram, over the next eight years, displayed such substantial compliance failures makes it all the more important that it uses the next 30 months to demonstrate to the Justice Department that it is wholeheartedly committed to a culture of compliance.