Block has been ordered to pay a combined $255 million by state regulators and the CFPB over AML and fraud failures connected to the Cash App.
In a coordinated enforcement action by 48 state financial regulators, Block will pay an $80 million fine and undertake corrective action for violations of the Bank Secrecy Act (BSA) and anti-money laundering (AML) laws.
In a separate action, the CFPB (Consumer Financial Protection Bureau) has ordered Jack Dorsey's firm to refund and pay other redress to consumers up to $120 million and pay a penalty of $55 million into the watchdog's victims relief fund.
More than 50 million Americans use Cash App, Block’s mobile payment service, to spend, send, store, and invest money.
Under BSA/AML rules, financial services firms are required to perform due diligence on customers, including verifying identities, reporting suspicious activity, and applying appropriate controls for high-risk accounts.
State regulators found Block was not in compliance with certain requirements, creating the potential that its services could be used to support money laundering, terrorism financing, or other illegal activities.
In a settlement, Block has agreed to pay the $80 million penalty to the state agencies, hire an independent consultant to review its BSA/AML programme, and submit a report to the states within nine months. Block then will have 12 months to correct any deficiencies found in the review.
Meanwhile, the CFPB has taken its own action, after concluding the firm has "allowed fraud to proliferate" on Cash App and "employed weak security protocols...and put its users at risk"
While Block is required by law to investigate and resolve disputes about unauthorised transactions, the company’s investigations were "woefully incomplete," says the CFPB. The firm directed users — who had suffered financial losses as a result of fraud — to ask their bank to attempt to reverse transactions, which Block would subsequently deny.
"Block also deployed a range of tactics to suppress Cash App users from seeking help, reducing its own costs," says a statement.
In addition to the financial penalties, the CFPB has ordered Block to set up 24-hour, live-person customer service and fully investigate unauthorised transactions and to provide timely refunds, where appropriate.
“Cash App created the conditions for fraud to proliferate on its popular payment platform,” says CFPB Director Rohit Chopra. “When things went wrong, Cash App flouted its responsibilities and even burdened local banks with problems that the company caused.”
The CFPB is also taking aim at Cash App rival Zelle. Last month, the regulator sued Early Warning Services, JPMorgan Chase, Bank of America, and Wells Fargo for allowing fraud to fester on the payments platform.