"Troubled" Axiom Bank Retaliated Against AML Whistleblowers, Ex-Staffers Say
Mastercard-Backed TomoCredit "Pivoted" After Defaulting on SVB Debt, Still Isn't Paying Its Bills, Faces Putative Class Action Suit
Hey all, Jason here.
We’re in the final countdown to what some refer to as fintech’s Super Bowl, though I always think of it more like fintech summer camp. By the time of next week’s newsletter, I’ll already be in Las Vegas for Money2020 (wish me luck!)
My calendar is already overflowing, but, if we don’t already have something scheduled, hopefully I’ll run into you around the conference or at one of the innumerable happy hours, dinners, or other events. If I’m able to stay awake, I’ll plan to be at the This Week In Fintech kickoff on Sunday, alongside my friends and colleagues from Baselayer and Taktile — more info & request access here.
If you enjoy reading this newsletter each Sunday and find value in it, please consider supporting me (and finhealth non-profits!) by signing up for a paid subscription. It wouldn’t be possible to do what I do without the support of readers like you!Is Your Organization Agile Enough To Navigate The Changing Data Landscape?
There are constantly emerging new sources of data to help banks and fintechs better assess identity, fraud, credit, and related risks. But, for many financial institutions, making sense of the changing data landscape is complicated by organizational challenges around identifying, onboarding, integrating, and testing new data sources.
I’ll be discussing these challenges and more in my first Taktile Expert Talks session with industry experts Jonathan Gurwitz, Credit Lead at Plaid, Manpreet Dhot, Chief Risk Officer at Pipe, and independent credit consult and advisor, Kevin Moss, who has previously served as Chief Risk Officer at SoFi and Wells Fargo’s consumer lending group.
Register now for the session taking place this Wednesday, October 23rd, at 12:00pm ET.
"Troubled" Axiom Bank Retaliated Against AML Whistleblowers, Ex-Staffers Say
Earlier this month, another fintech partner bank, approximately $850 million asset Axiom Bank, entered into a formal agreement with its primary federal regulator, the Office of the Comptroller of the Currency, stemming at least in part from its banking-as-a-service activities.
However, the enforcement action tells only part of the story.
Court filings from the bank’s now-former Chief Compliance Officer, Wesley Ward, Chief Administrative Officer, Paul Ciccotto, and Executive Vice President of Retail, Raamie Ibrahim, allege the bank and its Chief Executive Officer, Ross Breunig, retaliated against them for raising concerns about Axiom’s banking-as-a-service activities, overdraft lending programs, core banking provider, and AML control gaps, among other issues.
According to a breach of contract and whistleblower complaint Ward filed against Axiom, he joined the bank as its CCO in October 2021 and, around the spring of 2023, “became uncomfortable with certain practices and activities in which the Bank began to become involved.”
In Ward’s opinion, the bank’s practices “jeopardized” its compliance with anti-money laundering laws, safety and soundness requirements, (emphasis added throughout) “and compliance with specific OCC regulations and requirements that were particularly imperative due to the fact that the Bank was already considered a Troubled Institution,” his original complaint, initially filed in US District Court in New Jersey in October 2023, states.
According to their separate, simultaneously filed suits against Axiom, Ciccotto’s and Ibrahim’s concerns broadly echoed the issues raised by Ward.
Being designated a “troubled institution” can carry a variety of consequences, including by limiting a bank’s ability to receive expedited regulatory review of certain filings, requiring a bank to notify its regulators before adding or replacing board members, and requiring a bank to receive prior approval from relevant regulators before entering into agreements to make severance or indemnification payments to “institution-affiliated parties,” which functionally can restrict “golden parachute” payments to bank executives.
Ward, Cicotto, and Ibrahim later requested the court make redactions to versions of their complaints that had been filed in US District Court in Florida, after the OCC informed them that their complaints “made unauthorized disclosures of non-public OCC information.”
However, the original complaints Ward and Cicotto had initially filed in their respective jurisdictions were not redacted nor removed from their respective dockets.
Compliance chief Ward’s concerns included that, through the bank’s BaaS partners, it was extending “millions of dollars” in unsecured credit in the form of overdrafts without charging fees or interest and “without knowledge of the creditworthiness of the borrowers,” exposing the bank to potentially significant credit losses.
According to their complaints, Cicotto and Ibrahim also raised concerns about the bank’s overdraft practices.
How Axiom approached launching new third-party programs troubled Ward, as, his complaint says, the bank did so “without first obtaining non-objection letters from the OCC and without review by the Bank’s internal New Product Risk Committee, as required by written Bank policy and OCC regulations.”
Per his complaint, Ibrahim also objected to the bank’s approach to launching new programs on the same grounds, specifically flagging one such program, DolarApp, “as it entailed cross-border movement of funds, which triggered significant concerns as to whether the Bank’s BSA/AML controls are sufficient, among other things.”
When Ibrahim raised concerns about DolarApp to Axiom CEO Breunig, “he told Ibrahim to the effect that ‘he did not want to hear it’ and shut down the conversation,” according to Ibrahim’s complaint.
While compliance officer Ward didn’t specifically name DolarApp, per his complaint, he “objected to programs involving the cross-border movement of funds, apparently without any monetary limit, and without regard to whether the Bank’s existing internal controls were sufficient for Anti-Money Laundering purposes.”
According to DolarApp’s cofounder and CEO, Fernando Terrés, while the companies discussed partnering, DolarApp never launched any products or services with Axiom.
Administrative officer Cicotto, whose purview included oversight of third-party risk management and banking-as-a-service, objected to how the bank handled third-party due diligence and onboarding, including “Axiom’s routine practice of granting exceptions to vendors with missing documentation and false finances.”
According to Cicotto’s complaint, “most vendors did not pass Axiom Bank’s third-party risk standards.”
Axiom’s core banking system, from CSI, faced “significant and systematic deficiencies,” according Cicotto, which led him to look for a replacement, only to be blocked by CEO Breunig, Cicotto’s complaint states.
As a result, “Ciccotto recommended that the Bank suspend its BaaS program until the outstanding problems could be fixed because there were too many monitoring deficits creating safety and soundness risks, as well as consumer risks,” according to his complaint.
Ward also raised concerns about the adequacy of the bank’s core system to meet the regulatory and compliance obligations of its third-party programs — including “whether personal relations between the CEO and certain Board members with involvement in CSI… were being prioritized over legitimate concerns pertaining to the Bank’s safety and soundness.”
Ibrahim’s complaint echoed Ward and Cicotto’s concerns about the suitability of the CSI core and also raised concerns about legitimate safety and soundness concerns taking a backseat to the CEO’s relationship with certain board members who had involvement with CSI.
One of Axiom’s board members, Tom Shen, also sits on the board of its core provider, CSI, and the board of one of Axiom’s third-party partners, BankiFi, creating at least the appearance of, if not an actual, conflict of interest.
According to all three former employees’ complaints, on or around June 12, 2023, after having their concerns repeatedly rebuffed by Axiom CEO Breunig, Ward, Ibrahim, Ciccotto, and the bank’s now-former CFO/COO reported their concerns about the bank’s overdraft practices, banking-as-a-service program, third-party risk management, core banking platform, AML deficiencies, and relationship with core provider CSI to the Federal Reserve Board.
Axiom Terminated Whistleblowers “Almost Immediately” Before OCC Visit, Lawsuits Allege
As a result of raising these concerns, Axiom CEO Breunig began a pattern of retaliation against Ward, Ibrahim, Ciccotto, and other employees, all three allege in their respective complaints.
For example, Ward, the compliance chief, alleges Bruenig prevented him from having any contact with the OCC, apart from materials that had been pre-approved by Bruenig, with Bruenig eventually going so far as to instruct Ward that he was no longer permitted to speak to the OCC.
Ward, Ibrahim, and Ciccotto were increasingly sidelined from meetings, had responsibilities and employees that had reported to them reassigned to others, who were more amenable to Breunig’s strategies, and were advised not to raise or self-identify their concerns to the OCC, their complaints allege.
With their internal efforts stymied, the employees raised their concerns directly to the Federal Reserve Board in June 2023, per their complaints — but, when the OCC subsequently raised additional inquiries into Axiom’s practices, the bank and its CEO “knew or strongly suspected” that they were responsible, their complaints allege.
Ultimately, the employees who had raised concerns to the Federal Reserve, Ward, Ibrahim, Ciccotto, and others, were terminated, purportedly as part of a reduction in force and elimination of their positions, the complaints say.
The timing of the terminations is notable, as, the complaints state, they occurred “almost immediately before the OCC’s follow-up visits scheduled after the suspected complaints” were made to the Federal Reserve.
Despite claiming the terminations were due to eliminating the roles, rather than for cause, within 90 days, the bank had made new hires to staff the same roles, the complaints state.
Ultimately, Ward’s, Ibrahim’s, and Ciccotto’s suits against the bank for breach of contract, unjust enrichment, and whistleblower retaliation were referred to mediation and settled for undisclosed amounts.
What’s In The Formal Agreement?
It’s worth noting that the employees’ whistleblower complaints and Axiom’s formal agreement with the OCC come approximately 12 years after the bank entered into a formal agreement over somewhat similar regulatory and compliance issues.
Known as Urban Trust Bank and under different leadership at the time, the 2012 enforcement action highlighted issues with its oversight of third-party vendors, the management of its third-party prepaid card programs, the adequacy of the bank’s staffing, management information systems, and internal controls, suspicious activity reporting, loan portfolio management, and consumer compliance risk management, among numerous other issues.
Given the allegations in the whistleblowers’ lawsuits and current trends in enforcement actions against fintech partner banks, the requirements in Axiom’s latest formal agreement with the OCC are hardly surprising.
In addition to BankiFi, Axiom works with savings platform Raisin and MAJORITY.
Majority purports to offer accounts to immigrants in the US who may lack typically required identity documents, like a US Social Security number, by supporting other forms of internationally-issued identity documents, such as foreign passports, driver’s licenses, and consular IDs.
Axiom also supports prepaid programs QuyanaCard, CashRepublic, ReleasePay, and ACCOUNTable Card and various merchant acquiring programs and capabilities.
The requirements and restrictions of the formal agreement Axiom entered into with the OCC earlier this month include:
Developing a BSA/AML action plan detailing the necessary actions and timelines to remediate the bank’s issues, subject to regulatory review and non-objection
Developing appropriate policies and procedures to identify and control money laundering and terrorist financing risks, “with particular attention to the Bank’s pre-paid card and merchant processing partnership programs”
Developing a written, appropriate customer due diligence program, effective management information system, procedures to maintain an accurate and complete list of high-risk customers, procedures for review and resolution of CIP deficiencies, and procedures for ensuring its internal controls address risks related to third-parties, among other requirements
Adopting a written suspicious monitoring and reporting program to ensure the timely and appropriate identification, review, and disposition of unusual activity, and the filing of SARs as appropriate
Developing a written plan, including proposed scope and timeline, to conduct a SAR “lookback” for activity from January 1, 2023 to June 30, 2024
Ensuring the bank maintains a qualified BSA Officer vested with sufficient independence, authority, and resources to fulfill the duties and responsibilities of the position and ensure compliance with the requirements of the Bank Secrecy Act and its implementing regulations
Adopting a written BSA/AML training program, including confirming that third parties performing BSA/AML compliance functions receive sufficient and ongoing training to perform their tasks effectively
Developing an acceptable written program to effectively assess and manage the risks posed by third-party relationships, including assessing inherent risks of activities performed by third parties, a BSA risk assessment for each third-party relationship, written contracts that outline the rights and responsibilities of all parties, ongoing monitoring, clear roles and responsibilities, and contingency plans for terminating third-party relationships in an effective manner, among other requirements
Axiom’s formal agreement further explicitly prohibits the bank, as of the date of the agreement, from adding new merchant processing partnerships, prepaid card partnerships, or additional merchants to a merchant processing partnership, without supervisory non-objection.
Seemingly in an effort to get ahead of the OCC’s regulatory action, Axiom recently added a 35-year OCC vet to its board of directors, former Senior Deputy Comptroller for Supervision Risk and Analysis Blake Paulson.
Still, taking the seriousness of the former employees’ whistleblower complaints at face value — and the cultural challenges at the bank they suggest — it may take some time for Axiom to remediate its issues and repair its relationship with its regulators.
Representatives for Axiom Bank did not immediately respond to a request for comment sent outside of standard business hours.
Update 10/21/2024: This post was updated to reflect that, while DolarApp and Axiom discussed partnering, DolarApp did not ultimately launch any product or service with the bank.
Looking to learn more about banking-as-a-service, both in the United States and around the world? My book on the topic, Banking-as-a-Service: Opportunities, Challenges, and Risks of New Banking Business Models is available for preorder, prior to its publication date this December. Learn more and preorder your physical or digital copy here.Mastercard-Backed TomoCredit "Pivoted" After Defaulting on Silicon Valley Bank, Still Isn't Paying Its Bills, Faces Putative Class Action Suit
Things seem to be going from bad to worse for TomoCredit.
The company, once valued at $222 million in its 2022 Series B round that included participation by name-brand investors like Mastercard and Morgan Stanley, “paused” its “no credit score needed” charge card last year, telling users that the company was making “system updates.”
Despite raising $22 million in mid-2022, Tomo has stiffed a number of its vendors, leading to numerous lawsuits for unpaid bills, as first reported by Fintech Business Weekly earlier this year.
And, last week, Forbes reported on the excessive number of complaints from unhappy users unable to cancel the credit builder product Tomo shifted to after “pausing” its charge card.
The barriers users face in canceling their subscriptions expose Tomo to potential liability under the Restore Online Shoppers Confidence Act (ROSCA), the same legislation under which the FTC pursued cases against small-dollar lenders FloatMe and Brigit, as well as potential liability under the FTC’s UDAP and the CFPB’s UDAAP authorities.
But focusing on users’ cancellation challenges misses the point — the trade line data Tomo is furnishing to help users “build” their credit appears to be entirely fake, including promises to furnish an “instant history” by backdating data for the non-existent accounts Tomo reports to the bureaus.
Alex Johnson pointed out these serious issues with Tomo’s credit build offering nearly a year ago, including the company’s abysmal reviews across social media sites and the Better Business Bureau.
Tomo promises users it will report trade lines “up to $30,000” that would would help users “build credit fast,” seemingly giving examples of typical outcomes being an increase of 100 or more points.
Yet, some users have complained that the trade lines Tomo furnished had no credit limit specified, were not reported to all three bureaus as promised, weren’t reported at all, or disappeared from their credit reports when they stopped paying Tomo’s monthly fees, which run as high as $129.99 a month for its “VIP” plan.
Now, the reasons for Tomo’s abrupt “pivot” from its charge card product to the dubious TomoBoost credit builder offering and, more recently, a purported cash flow-based credit score have become more clear: Tomo defaulted on its Silicon Valley Bank-provided debt facility, ultimately being sued by the bank for more than $5 million, according to court records first reported on by Fintech Business Weekly (Forbes ran a similar story later the same day.)
New York state court filings reveal Tomo had at least seven instances of default on its debt facility agreement with SVB, including by, SVB alleges, inappropriately using the bank’s collateral to pay Tomo's operational expenses and third-party vendors.
Tomo entered into a forbearance agreement with SVB in April 2023, but quickly defaulted on that as well by failing to remit a required $1.75 million payment, ultimately leading to SVB’s lawsuit in July 2023 (my earlier social media posts mis-typed this as a $1.5 million payment; the correct amount is $1.75 million.)
Tomo’s lawyers made the dubious argument that the suit should be dismissed because SVB lacked standing as a result of the bank’s failure in early 2023 and acquisition by the FDIC, as receiver, and ultimate acquisition by First Citizens.
The judge ruled in favor of SVB’s motion for summary judgment in the matter, ultimately awarding the bank just over $5 million, which SVB promptly filed a motion seeking an order of attachment in order to preserve its ability to collect.
SVB’s December 2023 filing supporting that motion alleged that Tomo, at the time, “continue[d] to misappropriate, misapply and/or convert Collections and other amounts, including, without limitation, by converting millions of dollars in Collateral to pay third parties” and that Tomo had “expressed its intent to use Collateral solely for its own purposes without turning over any portion to SVB.”
Tomo ultimately paid the approximately $5 million it owed SVB in early 2024.
Despite shutting down the charge card program around September 2023, apparently as a result of repeatedly defaulting on its debt facility and the SVB lawsuit, Tomo continued to actively market the card as recently as February 2024 as if it were available, when it does not appear that that was the case.
Even with the SVB matter behind it, Tomo faces other legal challenges.
Tomo eventually came to a settlement with the card fulfillment vendor to which it owed more than $700,000. According to the terms of the settlement, Tomo would repay a discounted amount of $560,000 over 14 monthly installments.
After making the first payment on time, Tomo was late with its second payment, only making it after the vendor alerted Tomo’s counsel, according to new litigation the company filed against Tomo this June.
Tomo also made its January payment late, after the vendor chased Tomo’s counsel.
After making subsequent payments on time for several months, Tomo again failed to make its payment owed in June, after which the vendor chose to exercise its rights under the settlement agreement. The card fulfillment vendor filed a new suit and is currently seeking just over $500,000 from Tomo.
Tomo also faces multiple civil suits, including a putative class action, for its alleged repeated violations of the Telephone Consumer Protection Act (TCPA) due to sending “mass spam… unsolicited text messages,” even to users whose numbers were listed on the national Do Not Call registry and after users attempted to opt out.
Other Good Reads
CFPB Buy Now, Pay Later Rule Hit With Fintech Group Lawsuit (Bloomberg Law)
How could Trump overhaul US financial regulators if he wins on Nov. 5? (Reuters)
Understanding and Responding to Supervisory Messages (Federal Reserve System)
The Mushrooming Regulatory Challenges to Banking-as-a-Service: A Field Guide (Jason Mikula for The Financial Brand)
About Fintech Business Weekly
Looking to work with me in any of the following areas? Email me.
Pre-order my book, Banking as a Service: Opportunities, Challenges and Risks of New Banking Business Models, here
Vendor, partner & investment opportunity advice and due diligence
Fintech advising & consulting
Sponsoring this newsletter
News tip or story suggestion — reach me on Signal at +1-316-512-1571