Bloomberg News
Comerica Bank authorities independently acknowledged substantial compliance failures in their operation of a Treasury Department program that supplies federal advantages on pre-paid cards to countless unbanked Americans, according to internal files acquired by American Banker.
A Comerica executive stated the Dallas bank dealt with a “serious contract violation” for permitting scams disagreements and information on Direct Express cardholders to be managed out of a supplier’s workplace in Lahore, Pakistan, the files reveal.
Personally recognizable details on veterans, Social Security and impairment receivers were consistently shared and managed by i2c Inc., a supplier based in Redwood City, Calif., with a workplace in Lahore, Pakistan — in infraction of the federal government agreement, the Comerica executive stated. The Treasury’s contract with the bank specifies that all services supplied “shall be performed in the United States or its territories.”
Paul Lawrence, who acted as under secretary for advantages in the Department of Veterans Affairs from 2018 to 2021, stated he remained in “complete shock and disgust” after being informed of the details consisted of in the internal Comerica files.
“All of these government contracts basically say you have to be in the U.S. and the program has to be run by U.S. citizens,” Lawrence, a long time federal government specialist, stated in an interview. “This has all the makings for a really, really bad situation.”
The internal files, in addition to court files submitted in a class action in 2015, paint a more comprehensive image of the $91.2 billion-asset Comerica’s method and third-party oversight of Treasury’s Direct Express program, which serves 4.5 million Americans.
Comerica has actually been bogged down in lawsuits and yearslong disagreements over Direct Express, which it has actually run under an agreement with the Treasury given that 2008. Direct Express deposits approximately $3 billion a month digitally on pre-paid cards to countless federal government recipients who do not have a checking account. The program belongs to a federal government effort to minimize possible scams and expenses by weaning individuals off paper checks.
Comerica has actually contracted out the daily operations of Direct Express to 2 suppliers: i2c and Conduent Inc., a publicly-traded corporation based in Florham Park, N.J.
The internal files consist of a 2020 e-mail from a Comerica executive, who explained sweeping infractions of Regulation E, which governs how a banks addresses mistakes reported by customers consisting of for theft or scams. Nora Arpin, Comerica’s then-senior vice president and director of federal government electronic services, stated the bank remained in breach of its Treasury agreement however that it was not able to get its third-party supplier to make modifications.
“Management for Reg E dispute processing is in Lahore which means that cardholder information is being shared with/sent to Lahore, which is a serious contract violation,” Arpin composed.
Arpin no longer operates at Comerica. Arpin and a lawyer who had actually represented her in the past did not react to ask for remark.
David P. Weber, a medical assistant teacher of accounting at Salisbury University and a previous supervisory counsel and enforcement chief at the Federal Deposit Insurance Corp., stated the bank would require to notify its regulator about the activities of third-party provider.
“It was a clear violation of the contract Comerica held with the Department of the Treasury to locate the vendor in a foreign country when part of the consideration for them being awarded this federal contract was to use American employees and vendors,” stated Weber, who acted as unique counsel for enforcement for more than ten years at the Office of the Comptroller of the Currency.
“Separate and aside from contract fraud, it is inappropriate for a federally-insured depository institution to locate third-party service provider activities in a foreign nation without informing their regulator, and locating the operations in a country in which there are questions about rule of law, which would make supervisory and exam activities as well as protections of American consumers questionable.”
The bank formerly had actually been slammed by the Federal Reserve Bank of Dallas in a “matters requiring attention” order a year previously, which explained “weaknesses” in Comerica’s threat tracking of Direct Express, according to court files. Examiners stated Conduent, the bank’s main supplier, did not supply cardholders reporting scams on their cards with details on how to get a provisionary credit, files reveal.
Comerica was paid $151 million in 2020 to run Direct Express, and got approximately $770 million in overall gross income over a six-year duration, from 2015 to 2020, to run the program, Albert Taylor, a Comerica senior vice president and director of National Bankcard Services, stated in court files.
In reaction to concerns from American Banker, a Comerica spokesperson stated the bank is “proud to have served as financial agent for the Treasury Department’s Direct Express Program since its inception in 2008.”
“Should an issue arise with a third-party vendor involving compliance with the Financial Agency Agreement, Comerica works closely with the vendor to address the situation, in accordance with Comerica’s obligation under the FAA to ensure its vendors’ compliance with the FAA,” the Comerica spokesperson stated in an e-mail. “Additionally, Comerica promptly notifies [Treasury’s Bureau of] Fiscal Service of issues impacting the program and keeps Fiscal Service apprised until they are fully resolved.”
Conduent decreased to comment. Executives at i2c decreased an interview however rather supplied a composed declaration contesting accusations it had actually breached its agreement.
“As a global provider of banking and payment services, we naturally employ a global workforce. One that spans more than six countries — a fact that we are proud of and that our partners are actively made aware of and accept,” i2c stated.
“Let it also be known that i2c’s compliance regarding the access, use, storage, and transmission of cardholder information is independently certified by third parties including, but not limited to an annual [Payment Card Industry Data Security Standard] certification, which requires the encryption or masking of personal identifiable information regardless of geographic location,” checks out the declaration.
The Treasury’s Bureau of Fiscal Service did not return calls looking for remark. The Treasury’s Office of Inspector General stated it had no remark.
Inadequate scams reporting
In an essential internal 2020 e-mail, Arpin, the previous Comerica executive, noted 13 bullet points explaining the practices of i2c. Among the bank’s “serious concerns,” she composed:
● “We are having significant difficulty getting adequate fraud reporting.”
● “We can’t get the Call Center statistics we need.”
● “Reg E adjudication is an issue”
● “Fraud prevention is a serious issue.”
● “Reporting in general is an issue — we aren’t getting the reporting that the [Treasury’s Bureau of] Fiscal Services requires.”
Arpin likewise composed in the internal e-mail that i2c’s CEO Amir Wain “doesn’t have plans to fix those issues.”
Cardholders have actually grumbled for several years about scams, bad client service and high costs in the Direct Express program.
Last year, a federal judge licensed a class action versus Comerica and Conduent brought by Direct Express cardholders who declared their accounts were drained pipes of countless dollars from 2015 to 2022 due to scams. The class action, submitted in the U.S. District Court for the Western District of Texas, declares that Comerica and Conduent rejected refunds to cardholders who declared scams on their accounts.
The court files, integrated with internal files that American Banker got anonymously in the mail, supply a much better understanding of Comerica’s personal and public actions to numerous questions.
Comerica executives were consistently alerted about supplier oversight, possible breaches of the Treasury agreement and shortages in the bank’s compliance management system, stated sources acquainted with the matter who asked that they stay confidential out of worry of retaliation. In-home legal representatives intensified their issues to the bank’s senior management, consisting of Susan Joseph, Comerica’s head of compliance; Jay Oberg, senior executive vice president and primary threat officer; and Peter L. Sefzik, senior executive vice president and primary banking officer.
The Treasury’s Office of Inspector General provided reports in 2014, 2017 and 2020 that were important of compliance, chargeback and conflict processing at Direct Express, which Comerica handles, in addition to the bidding procedure for the federal government agreement. The OIG examines waste, scams and abuse in the company and programs it manages.
In August 2018, Sen. Elizabeth Warren, D-Mass., introduced an examination into Direct Express after cardholders grumbled about not being repaid for scams. In a letter to the Veterans Administration, Warren stated scammers had actually utilized “stolen data to impersonate benefit recipients, made fraudulent purchases, and drained the prepaid cards of the federal benefits.”
Comerica’s Executive Chairman Ralph W. Babb reacted to Warren by specifying that Comerica has actually taken proper actions to root out scams.
Comerica “follows all laws and regulations including the [Federal Financial Institutions Examination Council] guidelines for supplier oversight,” Babb stated in a 21-page reaction in October 2018.
‘Reg E Lite’
Yet, within a month of Sen. Warren’s questions, a Comerica attorney attempted to encourage a Texas bank inspector that Regulation E does not use to the bank or to federal government recipients, the internal files reveal.
The Comerica attorney was reacting to an inquiry from the Texas Department of Banking by declaring that the bank was not completely needed to follow the Electronic Fund Transfer Act, which is executed by Regulation E. The policy sets rigorous timelines for banks to deal with mistakes consisting of examining scams and repaying hurt customers with provisionary credit when cash is taken.
“Program customers only get ‘Regulation E Lite,’ benefits,” a Comerica executive in the bank’s legal department composed in 2018. That attorney explained “why [the] program’s customers are not entitled to all of the provisions and benefits of Regulation E.”
In the e-mail, the Comerica attorney composed that “…neither the Federal Electronic Funds Transfer nor its Regulation E applies to the Comerica Bank under the Program as a ‘financial institution.”
Comerica argued that the Treasury, not the bank, was thought about to be the banks for Direct Express, “which is why we generally state that Program customers are only entitled to ‘Regulation E lite’ benefits.”
By August 2019, Joseph, the head of compliance, had actually forwarded the e-mail about ‘Reg E Lite,” to another Comerica lawyer.
Comerica submitted a glossy, 67-page application to the Treasury in early 2019 in which it described the vendor, i2c, “as a leader in deal processing, security, scams avoidance and development.”
In 2020, Treasury renewed Comerica’s contract after i2c was hired to handle new cardholders. The agreement with the Treasury was signed by Babb, who retired in 2019. Babb was succeeded by Curt C. Farmer, Comerica’s chairman and CEO.
Experts say banks have a general obligation to act in good faith when dealing with customers.
Weber, the accounting professor and former regulator, said the bank’s legal and compliance obligations far exceed Regulation E. He also called into question Comerica’s third-party risk management and operational risk standards.
“The unbanked individuals currently are more susceptible than common bank clients due to the fact that they do not have the ability set or monetary acumen to understand what their rights are, and it’s intensified when they are victims of scams,” Weber said. “At completion of the day, federally guaranteed depository organizations are needed to have proper third-party threat management procedures in location, and it isn’t brand-new to pre-paid cards or advantages.”
Weber noted that Bank of America was hit with a $225 million consent order last year for failing to investigate fraud claims in unemployment benefits.
“The concept in a best world is that in some way the third-party supplier can do it much faster and less expensive than the bank due to the fact that they believe they’re not bound to follow the exact same guidelines,” said Weber, who analyzes counterproductive work behavior. “It’s a functional threat concern if the third-party does not have the policies, treatments and controls to determine systemic problems.”
VA finds a way out
The myriad problems in the Direct Express program, which Comerica manages, forced the Veterans Administration to devote resources to helping veterans find an alternative. By 2019, the VA helped create the Veterans Benefit Banking Program, a consortium of banks and credit unions that offer free checking accounts so veterans can receive their monthly payments via direct deposit.
“We made a super-conscientious effort to get veterans off Direct Express due to the fact that the disappointments were simply gut-wrenching,” said Lawrence, the VA’s under secretary for benefits.
Steve Lepper, a retired U.S. Air Force Major General who is president and CEO of the Association of Military Banks of America, a trade group, worked with the VA to create the program.
“The problems the VA was getting lastly pressed them to the point where we required to produce an option to the Direct Express program,” Lepper said. “Veterans were apoplectic about all of the issues that they were experiencing with the Direct Express program and, naturally, Comerica was accountable for all of the management of the program — consisting of the scams examination and resolution procedures.”
Roughly 240,000 veterans have migrated away from Direct Express and now have bank accounts with direct deposit, Lepper said. About 80,000 unbanked or underbanked veterans still receive their benefits on Direct Express prepaid cards or paper checks.
Lepper credited J.B. Simms, an author and private investigator in Brighton, Tenn., who recently published a book titled, “Comerica, Conduent and the U.S. Treasury Betrayed Veterans and Other Victims.” Simms says he first discovered fraudulent charges on his Direct Express account in January 2017 and a second time later that year. He then sought to help other veterans recover money that was stolen due to fraud, including those in which veterans’ claims were denied.
Alleged violations
Simms and others say Comerica’s failure to address problems with Direct Express should get a public airing.
“The Direct Express cardholders are the most susceptible population of all Social Security receivers, and the majority of do not have checking account and do not have the elegance to challenge any authority,” said Simms. He is one of just eight named plaintiffs in the case.
Another plaintiff, Harold McPhail, a Vietnam veteran, reported that $30,000 was stolen from his Direct Express account in 2018. But he died before getting a resolution, said his daughter Martisha McPhail, who said Conduent initially denied her father’s fraud claim.
Some Social Security recipients who reported fraud have lost hope that they will ever be reimbursed for thousands of dollars they say was stolen off their prepaid cards. Some said they have not been notified of the class action or any efforts by the bank to reimburse them.
Mike Colburn, a retired Las Vegas businessman, alleged that $5,500 was stolen from his Direct Express account in 2018. Colburn said he was unable to make his mortgage payment and had to borrow money from relatives to avoid defaulting. He ultimately was reimbursed $500 by Conduent but was never able to get all of his money back.
“I quit on speaking with that bank,” Coburn said. “They do not return telephone call, they do not return e-mails and Conduent implicated me of taking the cash from myself.”
After money was allegedly stolen from his Direct Express account, Colburn called the Social Security Administration to sign up for paper checks. Now his monthly Social Security check comes with an insert stating that he is breaking the law for not using Direct Express, he said.
Cardholders allege in the class action that they were not given provisional credit when errors were reported and were not sent the results of investigations in a timely manner. Regulation E requires that a financial institution investigate fraud within 10 days of being notified by a cardholder, but the bank can take up to 45 days to investigate if they provide provisional credit in the amount of the alleged error.
“Nobody might get across the call center and the majority of the time individuals never ever sued due to the fact that they got locked out of their accounts,” said Jackie Densmore, a plaintiff in the class action, who is a caregiver for her brother-in-law, Derek Densmore, a disabled Marine. She alleged $800 was stolen from his Direct Express card in 2018 and described hours spent trying to get through to Conduent on the phone and being told to submit a claim in writing.
“There are all these individuals out there who were never ever able to finish a scams package and really sue,” Densmore said.
The vendor had run into problems before with government oversight. Conduent was fined by the Consumer Financial Protection Bureau in 2019 for unfair student loan practices, and in 2017 for sending incorrect information to credit reporting agencies. In 2019, Conduent, which at the time was owned by Xerox Corp., agreed to a $235 million settlement with the Texas attorney general for Medicaid-related claims.
Densmore also switched to paper checks for her brother-in-law, who has post-traumatic stress disorder. Symptoms resurface every month, she said, when he sees the insert from Social Security that states: “Notice of noncompliance. You are needed by law to transform your paper check to direct deposit or the Direct Express card.”
Jackie Densmore
“Every month we relive the nightmare from five years ago,” she said. “Since Derek has a medical condition, I have to explain to him every month about the situation that we have gone through with Direct Express and that he is allowed to get a paper check.”
What’s next for Comerica customers?
Court documents show that in May 2019 alone, Comerica received 15,712 fraud disputes, according to Taylor, Comerica’s director of National Bankcard Services. Taylor said in court documents that Comerica did not have any data to identify cardholders that reported fraud, and the bank didn’t keep track of money refunded or denied for fraud.
The supervisory letter from the Federal Reserve Bank of Dallas in early 2019 identified potential consumer harm, program deficiencies and customer service issues in Comerica’s handling of Direct Express. Specifically, examiners at the Dallas Fed said that Conduent’s call centers were not trained in Regulation E and did not tell cardholders who reported fraud that they could receive provisional credit as part of the process of filing a dispute.
“Only those callers who specifically asked for instructions or inquired about the provisional credit process received any guidance,” the Dallas Fed stated in the supervisory letter sent to Joseph, Comerica’s head of compliance.
In addition, Conduent required that cardholders provide documents and a written statement but did not state that cardholders had 10 days to do so or they may not receive provisional credit.
“While [an] explanation of provisional credit is not a regulatory requirement, the recurring consumer complaints regarding provisional credit indicate consumers are adversely affected,” the Dallas Fed stated.
It also noted more systemic problems in the collection of data.
“There is no root cause analysis of complaints to identify systemic issues and trends that warrant immediate correction,” according to the supervisory letter. “Comerica must establish a method of identifying root causes of complaints originating at Conduent and track complaints with serious allegations or high compliance risk, such as [unfair, deceptive acts and practices.]”
A problem of incentives
In its bid for the Treasury contract, Comerica said it is “committed to delivering a low-cost solution, while providing ready access to funds and protecting both the Direct Express cardholder and the overall program.”
Comerica receives fees, interchange revenue and annual payments from the Treasury that rose to $151 million in 2020, the most recent data available, according to court documents. Of that total, Conduent received $105 million in 2020 from Comerica, Mitch Raymond, a senior director in account management at Conduent, said in court documents.
Comerica also benefits from an estimated $3 billion a month in low-cost, non-interest-bearing deposits from the Direct Express program, sources familiar with the program said. The deposits boost the bank’s liquidity at little cost and can be leveraged, allowing the bank to lend to more customers, sources said.
Last year, Comerica disclosed that the Consumer Financial Protection Bureau is investigating some of its business practices. The Texas bank stated in a regulatory filing in February 2022: “Remedies in these proceedings or settlements may include fines, penalties, restitution or alterations in the corporation’s business practices and may result in increased operating expenses or decreased revenues.”
Weber, the former FDIC enforcement chief, said that regulators typically take into account whether information exists to indicate that a bank “is willfully in noncompliance with the law.” To deter misconduct, regulators may factor into a civil money penalty whether a bank’s executives and board directors believed a potential fine would be lower than the cost of compliance.
“It’s a mixture of misplaced financial incentives combined with failing to have appropriate board and management oversight over different operational areas of the bank,” said Weber, who also served as a former assistant inspector general for investigations at the Securities and Exchange Commission. “When evidence indicates that individual officers or directors have made decisions to allow misconduct and violations of the law to occur, it is well past time to not only hold the bank accountable but to hold the individual officers and directors and the entire board personally accountable.”
Simms, one of the plaintiffs in the class action, lays the blame for the problems on shoddy third-party oversight by the Treasury.
“The Bureau of Fiscal Service, as a part of the U.S. Treasury, allowed Comerica Bank to continue violating federal banking laws and endorsed the contract with Comerica knowing inaccurate information was submitted by Comerica to obtain the contract,” Simms said, citing the OIG reports.
Lepper, who helped create the alternative option for veterans, said he didn’t understand why the most vulnerable citizens were not getting the attention of Comerica top executives.
“Why didn’t they make the obvious improvements to their program to avoid all of this?” Lepper said.
