An appropriate fate — Ocean Bank fined $11 million for poor controls in latest fraud case

August 25, 2011 by Mike Byrnes     No Comments

As my grade 11 accounting teacher used to say, “It all comes out in the wash!” And he was right. Sooner or later, things have a way of “righting” themselves. When you’re in a tough situation and life doesn’t seem fair, this statement is not always easy to believe. But in my experience, somehow, in due time, fate seems to find a way to resolve matters or shine a light on the truth to bring some form of due justice.

Such is the case of Ocean Bank, a Florida-based financial institution, whose fraud detection measures were so poor in 2009 it cost one of its customers more than $360,000. Well, Ocean Bank is involved in another fraud investigation. The FDIC teamed up with other crime-control agencies to fine Ocean Bank almost $11 million in AML fraud violations. This time, Ocean Bank is accused of failing to detect suspicious transaction activity within their systems, having “insufficient policies, procedures and systems in place to assess and mitigate the risks.” In addition, Ocean Bank failed to train staff appropriately in fraud detection.

If you’ve been following news and happenings in the online fraud and cybercrime space (or reading my blogs), you may recall that a court ruling determined Ocean Bank was “not guilty” in the original, highly publicized ACH fraud case. While the judge concluded Ocean Bank had not deployed appropriate security measures to protect their clients, he indicated that Patco Construction, Ocean Bank’s client, was ultimately responsible for the more than $360,000 fraud loss.

To me, and many others in the industry, this seemed dead wrong. Even though the judge conceded that Ocean Bank had poor security measures — “The Bank would have more effectively harnessed the power of its risk-profiling system if it had conducted manual reviews in response to red flag information instead of merely causing the system to trigger challenge questions.” — he still ruled that Patco had “agreed” to the bank’s poor security measures when it signed the contract. I think it’s quite sad when people expect small businesses to be experts in cybercrime security and a judge rules caveat emptor.

It’s encouraging to see the story didn’t end there. That perhaps fate had been running its course. While it’s unfortunate that financial organizations such as Ocean Bank are reluctant to invest in effective security systems to protect their customers and address compliance laws, it’s comforting to know regulators are doing their best to enforce the law. It will, however, be interesting to see how Ocean Bank’s FFIEC audit goes in January.

Filed Under:
Tagged With:
Mike Byrnes

About

Entrust product manager Mike Byrnes has more than 20 years’ experience in product management and technology marketing with a focus on internet security and business communication systems. Mike drives product marketing for the Entrust IdentityGuard authentication platform with a significant focus on mobile solutions. In addition to mobile, his background covers identity and access management, fraud detection, malware protection, and email encryption solutions. Mike serves as vertical market prime for Entrust financial services segment, working with large banks across the globe to roll out solutions to their consumer- and corporate-banking client base.

Add to the Conversation