The Bank of Lithuania says Spanish payment app owned by Block risked breaking anti-money laundering and terror financing laws.
Verse, a European mobile payments provider owned by Jack Dorsey’s $50 billion fintech giant Block, has been told by its financial regulator to address concerns about money laundering and checks on the identities of users. If it doesn’t, it risks a penalty, including a fine, Forbes has learned.
Acquired by Block in 2021, Barcelona-based Verse is much the same as Cash App, the payments company under which it operates, providing a quick and easy way to transfer funds over a mobile device. While Cash App is only available in the U.S. and the U.K., Verse can be used across Europe and is Block’s play for more business on the continent. Such peer-to-peer payment apps have proven hugely popular with consumers, but increasingly, regulators in Europe are examining the risks that come with the technology, said Kathryn Westmore, a former PwC fraud investigator. In particular, there is “huge concern” around the verification of user identities as it pertains to fraud, she said.
On December 29, 2021, Verse received a “mandatory instruction” notice from its European financial provider, the Bank of Lithuania, which is often used by fintech companies because it offers quick access to the European market. The Vilnius institution, which provides Verse with its banking license in Europe and monitors compliance with financial legislation, said the company had until July 2022 to address concerns about guaranteeing the identities of customers. The bank said by failing to do so, Cash App’s sister business risked breaking anti-money laundering and terrorist financing laws. In the letter, the bank provided no more detail on which customers it was concerned about, or what specific updates to identity verification it required from Verse.
Cash App’s communications team, which also represents Verse, declined to comment on the bank’s action.
A source with knowledge of the investigation, who wasn’t authorized to talk on record, said Cash App compliance staff had visited Verse in Spain earlier this year to assist in responding to the notice. Giedrus Sniukas, a spokesperson for the Bank of Lithuania, told Forbes it was currently reviewing whether or not the requisite changes had been made. “Regarding the mandatory instruction, it was related to the procedures of client identification, which were not in line with the requirements of legal acts,” he said. “The company was instructed to update its procedures and not to provide services for those clients whose identity had not been adequately checked.”
“If you have the license revoked, it would be very difficult to see how you could quickly get back into business.”
While the Bank of Lithuania published a short release on its issues with Verse in December, there was no mention of Cash App or its owner Block. This is the first time Cash App’s involvement in the bank’s order has been made public. Block, a public company listed on the New York Stock Exchange, had not mentioned it in any SEC filings.
According to Francine Mckenna, a financial accounting lecturer at the University of Pennsylvania Wharton Business School, disclosures in SEC filings are only necessary when it is “reasonably possible” that a breach of the law will result in a recordable loss. “Sometimes the SEC opens investigations and even issues subpoenas and companies do not disclose. A warning from an enforcement agency about a potential criminal violation — like money laundering — is more serious but it’s just a warning,” she added.
The Bank of Lithuania spokesperson Sniukas said he was unable to reveal what spurred the bank into making the order. He confirmed that if any company fails to address the bank’s concerns, it could result in either a fine or a suspension of the banking license, though that’s a much rarer outcome due to the severity of the measure. In previous punitive actions for money laundering issues, the bank has imposed small fines, most recently on another European fintech company, Revolut, which was hit with a €200,000 penalty in March for failing to implement “internal control procedures for the prevention of money laundering and terrorist financing.”
Neither fines nor reputational damage offer much of a threat to companies that breach anti-money laundering law, said Westmore, the ex-fraud investigator, now senior research fellow for the financial crime center at U.K.-based think tank RUSI. The bank also has the power to revoke or suspend a license, which could be an existential threat, Westmore added. “If you have the license revoked, it would be very difficult to see how you could quickly get back into business,” Westmore said. “Frankly, nobody’s going to want to touch you.”
When Block, formerly known as Square, announced the Verse acquisition in 2020, it promised the company, which had raised nearly $40 million before it sold, would continue to operate independently. Since the initial concerns about money laundering were raised in Lithuania at the start of the year, though, the company has lost its chief executive, Bernardo Hernandez, and its chief technology officer. Neither had provided comment on the nature of their departure at the time of publication. The Verse.me team page includes no CEO or CTO, indicating no replacements have been found. Cash App declined to comment on the changes to Verse leadership.
Block has problems closer to its San Francisco headquarters with Cash App, which was responsible for roughly half of the Dorsey business’ $1.5 billion quarterly revenue in its most recent results. Due to concerns over fraud, some American merchants are now either limiting or blocking the debit and credit cards Cash App offers, according to a Forbes report last year. Block said at the time it took fraud seriously and had dedicated teams at Cash App to resolve its merchant issues.
Revealed in an SEC filing earlier this year, Cash App is also facing probes by the Consumer Financial Protection Bureau and multiple state Attorneys General over its handling of customer complaints and disputes. After the consumer watchdog claimed Cash App was failing to provide documentation for the investigation, the company said it was “disappointed” as it believed it had been in consistent dialogue and claimed it was, in fact, waiting on the CFPB to respond to its latest proposed timeline. Most recently, in September, a class action lawsuit was filed alleging “negligent” security relating to a cybersecurity breach that exposed data on over 8 million Cash App Investments users in December. Cash App declined to comment on the suit.