‘Merchant services program’ found to lead to unsafe, unsound practices for unprofitable Illinois bank

Practices of remote check creation (RCC) and merchant credit card processing (MCC) have earned an Illinois bank enforcement actions for unsafe and unsound bank practices, according to actions for July reported by the federal bank deposit insurance agency Friday.

According to the Federal Deposit Insurance Corp. (FDIC), Vermont State Bank of Vermont, Ill., engaged in the unsafe or unsound practices and violated laws and regulations under the anti-money laundering Bank Secrecy Act (BSA). The practices, among other things, have led the bank to be unprofitable since 2018.

The agency said it seeks a cease and desist from violations of law or regulation and is asking an administrative law judge to take affirmative action to correct the conditions resulting from such violations.

The FDIC said the bank’s “merchant services program” (as examined in 2022 and 2023 and including an exam of the bank’s compliance with the BSA) included the RCC and MCC services. RCC, the agency said, is a check authorized by a bank customer remotely, by telephone or online, and does not bear the customer’s handwritten signature. MCC processes credit card transactions for merchants.

The FDIC said that both services (RCC and MCC) carry inherent risks. In RCC’s case, the agency said, the service may expose financial institutions to various risks including money laundering, fraud, information security, and other illicit transactions, “which result in the need for an AML/CFT program that includes policies and procedures that are appropriately implemented.”

MCC, the agency said, “involves a variety of inherent risk types that need to be assessed to ensure appropriate internal controls are in place and that the Bank’s board of directors fully understands the risk accepted.” The process, like RCC, the agency said, “exposes the bank to various risks including money laundering, fraud, information security, and other illicit transactions, which result in the need for an AML/CFT program that includes policies and procedures that are appropriately implemented.”

The agency said the bank, for December 2023, processed more than $1.6 million in RCC deposits and north of $5.5 million in net MCC sales. “Combined, these items represent 126.18% of Tier 1 Capital as of Dec. 31, 2023,” the agency said.

In spite of the risks, the FDIC said, the bank had an inadequate anti-money laundering/countering financial terrorism (AML/CFT) program, including “a failure to provide for a system of internal controls, a failure to designate an individual responsible for coordinating day-to-day compliance, and a failure to provide training for appropriate personnel.”

That led to the bank violating three of the four components of federal law for AML/CFT by “failing to provide for the continued administration of an AML/CFT Program reasonably designed to assure and monitor compliance with the BSA.”

Additionally, the agency found that the bank’s earnings in both 2022 and 2023 were deficient, leading to a deficient rating for earnings in both years. In fact, the agency pointed out, the bank has not been profitable since 2018 and has had operational losses for five straight years.

FDIC Enforcement Decisions and Orders for July 2024