“Consumer Protection” Is Already Failing Americans
Mercury's "Bereshit" Problem, Celtic Hit with RICO Allegations, CA DFPI Orders Synapse/Evolve Program to Cease & Refrain, CFPB Narrows Scope of Non-Bank Supervision
Hey all, Jason here.
To my American readers, happy Labor Day, the unofficial end of summer (and start of conference season). It’s not a holiday here in the Netherlands, which I guess is good, because I still have a ton of prep work to do before heading to the U.S. later this week.
I’ll be in NYC for about a week for Finovate, and then heading out to the Salt Lake City area for events with MX and LoanPro.
If you’re attending Finovate, I’ll be doing a book signing on Monday, September 8th. If you buy direct from the publisher before September 3rd and use code “SALE40” you can get 40% off — no promises that the book actually makes it to you on time so that I can sign it though!
“Consumer Protection” Is Already Failing Americans
[Deep sigh] I really try to avoid being overly editorial, in favor of letting facts and analysis speak for themselves. But today, I’ll be deviating from that, at least on this story.
People in industry who follow Alex Johnson or me are, no doubt, familiar with the broad outlines of the TomoCredit aka TomoBoost story (collectively “Tomo”).
The company was most well known for its unique (and, it turns out, legally problematic) “No FICO” credit card.
But, as I was the first to report, Tomo had to stop offering the card after repeatedly defaulting on its Silicon Valley Bank-provided debt facility.
Many startups struggle to find product-market fit and make one or even multiple pivots!
But Tomo’s next iteration was even more dubious: furnishing fake tradelines.
Apparently taking advantage of the fact that Tomo, which partnered with Community Federal Savings Bank (CFSB) to issue its credit card, was already furnishing data to the credit bureaus — albeit chock full of errors, according to numerous lawsuits against the company — Tomo began charging as much as hundreds of dollars per month to report bogus trade lines of up to $30,000 to the credit bureaus in order to artificially inflate users’ credit scores.
The bureaus seem to have eventually caught on to the scheme and revoked Tomo’s ability to furnish data — even going so far as to purge all historically furnished data, according to one lawsuit against the company and two of the three major bureaus.
But that hasn’t stopped Tomo from continuing to aggressively market its fake tradeline-as-a-service offering, including by misleadingly implying in marketing emails that it’s offering an actual credit card product.
The image used in an email I received just last week (despite opting out of the ceaseless stream of marketing from the company) even includes the Mastercard logo — which should be quite the embarrassment for Mastercard, which is actually an investor in the company!
Among the 20 lawsuits filed against Tomo is a case from I.C. Security Printers, which produced Tomo’s cards. The company sued Tomo for non-payment. The parties reached a settlement and payment agreement, which Tomo promptly defaulted on.
Another case involves a trademark dispute with Prism Data over Tomo’s improper use of Prism’s registered trademark “Cashscore,” in which Tomo functionally admits to submitting fake blog posts as “evidence” in the case.
TomoCredit filed a case against Tomo Mortgage, an unrelated company, seeking to hijack the company’s tomo.com domain — even though the mortgage company had held and used the domain since 1996, literally decades before TomoCredit existed.
There are a plethora of cases around CAN-SPAM, a law intended to combat aggressive marketing emails, and the Telephone Consumer Protection Act, intended to reduce robocalls and unsolicited marketing text messages.
But the most illuminating — and alarming — suits relate to Tomo’s now-defunct credit card.
A case in the Northern Florida U.S. District Court, Davis v. TomoCredit, Inc., is illustrative.
The suit, originally filed as a putative class action, alleges violations of the Fair Credit Reporting Act (FCRA), the Florida Consumer Collections Practices Act (FCCPA), the Florida Telemarketing Act (FTA), and the Electronic Funds Transfer Act (EFTA).
The plaintiff alleges that Community Federal Savings Bank, the issuer of Tomo’s credit card, “failed to notice some red flags,” including that Tomo required users to consent to electronic payments as a condition of credit, in violation of EFTA, and that Tomo required users to make payments weekly, in violation of 15 U.S.C. § 1637, which requires issuers to provide a statement at least 21 days before a payment being due.
According to the suit, as Tomo’s financial condition worsened, it made increasingly aggressive attempts to collect on debts, including by:
“Sending out collection e-mails at all hours of the night (often after midnight), despite the laws of many states, including Florida, prohibiting collection communications after 9 p.m.”
“Stating in some collection communications it was ‘illegal’ not to re-pay credit card debt”
“Threatening that failure to pay would cause a consumer’s credit score to fall off a cliff (literally showing a cliff and a ball labeled ‘credit score’ falling)”
“and that non-payment would result in balances being sent to True Accord, a collection agency, even though no contract to collect debt between Tomocredit and True Accord existed, and no accounts were ever referred there”
Davis’ suit and numerous others also complain that the data Tomo furnished to credit bureaus on their cards was inaccurate, whether through negligence or as an intentional gambit to extort repayment. The suit alleges such inaccuracies included:
reporting the same account twice as two purportedly different accounts but with different balances,
reporting accounts as “past due” despite payments being made on time,
reporting past due amounts which exceeded the total balance reported owed.
The complaint includes examples of Tomo furnishing what it says is obviously incorrect data:
in March 2023, Tomo reported the status of Davis’ card as “past due” to Experian, while also reporting $465 of payments had been made, that the payment had been received on March 15th, and that the monthly payment was $0;
in April 2023, Tomo reported that the account was 60 days past due with a balance of $330, of which $339 was past due;
in October 2023, after Tomo began shutting down its card program, it began reporting duplicate tradelines of some its credit card accounts, which the suit describes as “a pattern of intentional behavior by Tomocredit.”
According to the Davis suit, “[w]hen disputed, Tomocredit would simply verify its information as accurate, even though a bare-minimum investigation would have quickly revealed the information reported to the CRAs was flawed.”
When Tomo was forced to wind down its card program after repeatedly defaulting on its debt facility, the company “began aggressively attempting to collect any and all existing past-due balances, emailing, texting and calling consumers at all hours of the day and night (often after midnight), making all manner of threats, including one in which it asserted, bizarrely, that it was illegal under United States law to fail to repay a credit card debt,” according to the suit.
Davis says in her suit that, despite having fully paid her debts, Tomo aggressively tried to collect on the purported balances, including by:
sending emails stating “Your Account is Default [sic]” and directing Davis to make payment immediately to “prevent your account from being Charged Off status [sic]”
sending emails with the subject “Avoid LEGAL ACTION” that claimed “Failure to satisfy your obligation may result in legal action through our 3rd party legal debt collection firm.”
sending emails with the subject “Delete October Delinquency Reporting” that stated “If you pay your $192.57 balance by 11/6/23 midnight PST, we will delete delinquency reporting to the credit bureaus for the month of October.”
sending emails with the subject “*13 HRS to DELETE DELINQUENCY*” with a picture of a “delinquency” going into a trash can.
In other suits against Tomo, plaintiffs with small past-due balances allege Tomo sent emails threatening that failure to pay could result in “asset seizure,” a 100-point drop in credit scores, and falsely claiming that not repaying a debt is illegal under United States law.
Even though Davis did not owe Tomo any outstanding balance, the company continued to attempt to initiate ACH debits against her account, the suit says, more than 30 times in total.
Community Federal Savings Bank, TomoCredit, and Experian ultimately reached settlements with Davis. Davis’ suit against TransUnion remains in process.
Davis is hardly the only plaintiff to reach settlements with CFSB, Tomo, and the credit bureaus.
TomoCredit also settled somewhat similar cases:
Blanchard v. TransUnion et. al, for alleged FCRA violations. Both Tomo and TransUnion reached settlements with the plaintiff.
And another putative class action, Brown v. TomoCredit Inc. et al, which also named CFSB, Experian, and Equifax, stemming from alleged violations of FCRA, the Fair Credit Billing Act, and the Florida Consumer Collections Practices Act. All four firms reached settlements with the plaintiff.
What Is the Role of Government in Consumer Protection?
It shouldn’t be a surprise to frequent readers of this newsletter that I favor stronger vs. weaker consumer protections in financial services.
The power dynamic between an individual consumer and a commercial enterprise is inherently unequal, and even where consumers have recourse available, like filing disputes with credit bureaus or with the CFPB, such processes are often perfunctory at best and heavily favor the business over the individual.
The negative impacts from failing to protect consumers can be catastrophic, both at the individual and at the aggregate level (see: 2008).
I don’t believe it’s the government’s responsibility to prevent every possibility of harm to consumers. But in a system that is already heavily tilted in the favor of businesses over individuals, consumers should have a viable route to recourse, preferably outside of the court system, which is only accessible to those with sufficient resources.
In the case of TomoCredit, seemingly every party has failed at every turn to prevent harm and, in most cases, offer redress to consumers who were harmed:
Tomo’s investors: firms that include Morgan Stanley and Mastercard made equity investments into Tomo, and Silicon Valley Bank provided the debt facility for its credit card. Did their due diligence not uncover any issues, including that the card product’s design (7-day repayment cycles via required electronic direct debits) appeared to violate multiple laws?
Tomo’s bank partner: for its card product, Tomo was technically a third-party service provider to Community Federal Savings Bank. CFSB also didn’t notice any issues in the design of the card program or Tomo’s alleged collections practices?
Tomo’s card network: again, Mastercard — same issues as mentioned above.
The credit bureaus: taking the civil cases at face value, Tomo was furnishing data that was obviously wrong on its face, driving a stream of disputes and complaints. But even when consumers did file disputes, according to the suits, the bureaus and Tomo failed to conduct meaningful investigations, allowing Tomo to simply assert that what had been furnished was correct.
The CFPB: the Bureau received hundreds of complaints about Tomo. Of those complaints, three consumers received “non-monetary relief,” such as fixing incorrect credit reporting data, and a single consumer received monetary relief.
Other regulatory and law enforcement entities: the CFPB isn’t the only game in town. The Federal Trade Commission also has the ability to enforce certain causes of action, including around unfair and deceptive practices, and state regulators and attorneys general can also pursue action to protect their residents. Yet, as far as I’m aware, none have taken action against TomoCredit.
Are We Entering America’s Golden Age… Of Scams?
Federal Reserve Governor Waller, who is quite clearly gunning for the job of Fed Chair, gave a pretty remarkable answer during a question and answer session at The Economic Club of Miami on Friday, which is worth quoting at length:
“The GENIUS Act is a great start, but it’s never going to be perfect right out of the gate. We’re going to learn. there are going to be some issues, some problems, but we’ll fix them as we go. And that’s the critical thing.
We’re not going to just shut everything down because we’re afraid somebody might lose a dollar or somebody might get scammed, somebody might lose money in their assets. You just have to take risk, and that’s what we are going to do. That’s how an economy grows and gets better, you take risks. If you don’t want to take risks, you become Europe. Sorry to my European friends.”
(as someone who lives in Europe, I’ll say it really isn’t that bad over here, but I digress…)
On the one hand, I agree with Waller, in the sense that risk is necessary in order to earn a return.
But I would disagree with him both in a narrow and in wider sense.
Earlier in that talk, he described stablecoins, which will become regulated under GENIUS, as comparable to a bank account. As a society, we’ve collectively decided people shouldn’t generally “lose money” held as bank deposits, up to a given threshold. If government and industry want consumers to trust stablecoins in the way in which they trust the banking system, that trust must be earned and deserved.
And in a wider sense, I’d argue how risks are distributed across society and the proportionality to the potential upside should be considered. In the case of the federal government’s current orientation towards stablecoins and crypto — across both parties, by the way — it’s clear this is not how they’re evaluating and implementing policy.
Mercury & Choice’s “Bereshit” Problem
Bereshit Royalty LLC was formed in Florida in November 2022.
While the company listed an address in Doral, Florida, the authorized persons associated with Bereshit, Gabriel Cavallini Solano and Jorge Carmona Madrigal, both listed addresses in Costa Rica, according to the LLC’s articles of organization.
The company’s website is no longer active, but an archived version shows that it purported to offer real estate, investment advisory, crypto investment, and crypto exchange services.
Although it listed a Florida address as its principal place of business, the contact phone numbers shown on the site have a Costa Rican country code, +506.
While Bereshit purported to employ real estate agents, there are no records of anyone affiliated with the company being licensed as such.
Bereshit purported to offer financial advisory services, but a search of Finra reveals no records that the company was a registered investment advisor (RIA) or any individuals associated with the firm that had relevant licensing.
Despite these obvious red flags, the company seems to have had no problem opening a business bank account at Choice Bank via its third-party service provider, Mercury.
Last October, a bit over $40,000 was seized from that account, according to an asset forfeiture complaint filed in U.S. District Court in South Carolina.
According to the complaint, those funds were the “commission” that Madrigal, one of the people associated with the LLC, earned for laundering about $935,000 that originated from a “sweepstakes” scam.
The fraud is a fairly simple one, with the perpetrators convincing victims, who are often elderly, that they’ve won a substantial amount of money, but that they need to pay fees and taxes before they can receive the prize.
In this case, the victim who was scammed of $935,000 sent the money to a Wells Fargo account on May 9th, 2024. On the same day, $300,000 was wired from the Wells Fargo account to a Bank of America account in the name of “Rogas Management,” the complaint says.
The Rogas firm purported to be a management and consultant company for professional athletes, but was actually an illicit crypto exchange, according to the complaint. Upon receiving the $300,000, an equivalent amount of funds in USDT, a stablecoin also known as Tether, was transmitted to a crypto wallet in Costa Rica, per the court filing.
Also on May 9th, 2024 — months after Choice was hit with an enforcement action stemming in part from its BSA/AML failures and its relationship with Mercury — $42,100 was wired from Wells Fargo to a Bereshit Royalty LLC’s Mercury-provided account at Choice Bank.
On May 13th, 2024, the remaining $593,345 balance in the Wells Fargo account was withdrawn as a cashier’s check and deposited to the same Bank of America account, which was ultimately frozen by the asset forfeiture complaint.
To be fair to Choice and Mercury, even this single asset forfeiture complaint makes clear that these kinds of scams and money laundering operations are not unique to fintechs like Mercury, though upstarts like Mercury who have taken a more “move fast and break things” approach to complying with Bank Secrecy Act and anti-money laundering regulations are often perceived as low-hanging fruit for fraudsters.
Even a cursory examination of Bereshit’s formation records or its website should have invited further scrutiny — an LLC whose members list a Florida address for the entity, but reside in Costa Rica? A janky looking website that describes the business as operating crypto investing and exchange services?
Scammers and fraudsters are becoming increasingly sophisticated in how they execute their schemes. But when banks like Choice and fintechs like Mercury can’t stop seemingly obvious fraudulent actors like Bereshit Royalty LLC, it’s ultimately consumers who end up paying the price.
Representatives for Choice Bank and Mercury did not respond to questions and requests for comment for this story.
Fintech Business Weekly remains committed to covering the financial services industry without fear or favor.
This approach hasn't always won me friends, with several companies covered in this publication retaliating by baselessly threatening legal action, spreading untruths about me, or illegally interfering with my contractual relationships with other companies.
If you want to help support Fintech Business Weekly, please consider upgrading to a paid subscription, if you don't have one already.
It wouldn't be possible to do what I do without the support of loyal readers like you.Celtic Bank Engaged in Conspiracy to Defraud, Lawsuit in Water Station Ponzi Alleges
An explosive new lawsuit filed by victims of the alleged Water Station Ponzi scheme accuses Celtic Bank of a pattern of racketeering and engaging in a fraud conspiracy.
The suit, filed last week in U.S. District Court in Utah, stems from government-backed SBA loans Celtic originated that were used to make “investments” in the water purification retailer’s “franchise” opportunity.
Celtic is well known in the fintech space as a partner bank for card issuing and lending, but it’s also a top 10 SBA lender. Celtic originated more than $500 million in the SBA’s flagship 7(a) program in FY2025.
The new suit is filed on behalf of nine individuals who serve as guarantors for the SBA loans their affiliated companies used to make the purported “investments” in Water Station.
One of the individual plaintiffs, Tyler Sadek, served as now-defunct Water Station's chief financial officer.
The suit names Celtic and the bank’s head of SBA lending, Scott Foster, as defendants. Foster, together with his wife Jennyfer, took an SBA loan through an LLC they controlled from another bank to invest in Water Station, publicly available SBA records show.
But, Celtic and Foster failed to disclose this conflict of interest, plaintiffs in the suit claim.
Water Station steered potential investor franchisees to Foster and Celtic, and, despite knowing that Water Station's franchise model should not qualify for the SBA 7(a) program, which only permits “active,” not “passive,” franchises, Celtic provided over $17 million in SBA-backed financing, the suit says.
Foster benefited from facilitating these loans by striking a side deal with Water Station to earn a higher rate of return and, when he began to suspect the company was not legitimate, demanded and received repayment of his investment, according to the complaint.
Celtic benefited from packaging fees, collateral review, documentation fees, and interest payments on the loans, which amounted to millions of dollars, the plaintiffs say.
Now, Celtic is threatening legal action up to and including foreclosure of real property, including some borrowers' residential homes — and has commenced foreclosure proceedings against certain individual plaintiffs, the filing says.
The complaint argues that Celtic was part of a RICO enterprise along with Foster, the various Water Station entities, Water Station founder Ryan Wear (who was recently criminally charged), and two other banks, UniBank and First Fed, which are not named defendants in this complaint.
The suit argues numerous causes of action, including fraud, conspiracy to defraud, negligence, breach of fiduciary duty, RICO violations, and securities violations.
Among other relief, the plaintiffs ask the court to find the loan agreements and personal guarantees to be void and unenforceable.
Everything Else: CA DFPI Takes Action Against Synapse/Evolve Program, CFPB Seeks to Narrow Non-Bank Supervision
The California Department of Financial Protection and Innovation, the state’s financial regulator, took action last week against Juno, a third-party service provider to Evolve Bank & Trust via bankrupt middleware platform Synapse. But the cease and refrain order may amount to too little, too late.