The $81 billion payroll processing business in the US is normally bedrock solid, made up of longtime players and innovative new payroll-as-a-service (PaaS), cloud-based fintech startups.
Like the former subprime mortgage market, the US payroll industry seems too big to fail. MyPayrollHR just proved that thesis wrong to the tune of $35 million in payroll and tax accounts missing from its client and employee bank accounts.
A massive scramble by regulators, NY government officials, and the FBI is underway to untangle the strange story of how $35 million in payroll for more than 4000 companies could simply disappear up in smoke from the cloud.
How did $35 million go missing?
Apparently, Michael Mann, the President of ValueWise Corporation, the parent company of MyPayrollHR, decided to put the “human” back into HR fraud and is now the Invisible Mann.
In an excellent overview, security consultant Brian Krebs explains how MyPayrollHR operated:
“The company that handled that process for MyPayrollHR is a California firm called Cachet Financial Services. Every other week for more than 12 years, MyPayrollHR has submitted a file to Cachet that told it which employee accounts at which banks should be credited and by how much.
According to interviews with Cachet, the way the process worked ran something like this: MyPayrollHR would send a digital file documenting deposits made by each of these client companies which laid out the amounts owed to each clients’ employees. In turn, those funds from MyPayrollHR client firms then would be deposited into a settlement or holding account maintained by Cachet.”
According to Cachet, on September 4 something unusual happened with the data instructions file from MyPayrollHR. “MyPayrollHR requested that all of its clients’ payroll dollars be sent not to Cachet’s holding account but instead to an account at Pioneer Savings Bank that was operated and controlled by MyPayrollHR,” Krebs reports.
Cachet called Pioneer Bank chasing the missing $26 million payment and learned MyPayrollHR’s bank account was frozen. Meanwhile, the MyPayrollHR file began withdrawing funds from Cachet to carry out client payroll instructions. Cachet tried to reverse the instructions, but in the interim multiple banks carried out instructions to debit funds from, not deposit into, client company and employee payroll and tax accounts.
On Friday payday, thousands of employees got a shock. They had lost one or two payrolls worth of funds through false withdrawals from their bank accounts.
Companies using MyPayrollHR’s services received a terse note announcing the company’s closure and advising clients to seek services elsewhere.
One animal shelter employee in Tennessee called her employer to say she had a negative bank balance of $999,999 because funds had been withdrawn instead of deposited into her account. The charity manager said the bank told her employee it could be 45 to 60 days before the problem is cleared up.
Cachet is now reaching out to more than 100 receiving banks to reverse the instructions but it’s not certain if funds will be returned or how long it will be before Cachet or employees of client companies will actually have funds returned to their bank accounts.
Due diligence is critical
Bob Jones, Senior Advisor at Shared Assessments pointed out the importance of due diligence on third-party service providers:
“This is a stark reminder of the importance of performing effective due diligence on prospective third parties. In banking, lenders look for three primary characteristics in their prospective borrowers: Capacity (the wherewithal to repay the loan), Collateral (of sufficient value to make the bank whole in case the borrower defaults), and Character (the borrower’s reputation, determined by trade references, criminal and civil record searches, etc.).”
“As Krebs notes, reports of third parties as victims are far more common than as perpetrators. And because of that, third party risk professionals’ natural tendency is to focus on their providers’ information security practices, paying less attention to the character of their providers’ principals’ character. That is why including fraud professionals in the TPRM due diligence process makes sense,” Jones added.
FBI is on the case
Enter regulators, investigators, and the FBI who sent out the following message on Twitter on Monday, September 9.
Meanwhile, ValueWise President Michael Mann is nowhere to be found, $35 million is missing, and the search for answers is just beginning.
Employee and business outrage on Twitter
Twitter lit up with hundreds of client, company and employee complaints almost immediately pointing fingers not only at MyPayrollHR but also at Pioneer Bank, Cachet, dozens of other banks, and regulators as well.
The Twitter feed makes informative yet sad reading for the payroll and payments industry.
“Man oh man. A lot of small and midsize companies are not having good days. I had a second reversal this morning from these #mypayrollhr clowns. Remember your employer didn’t do this. A service provider did. #stayloyal”
“What’s happening to #mypayrollHR victims is disgusting. As a former small business owner, I would never think about doing what’s been done. Reportedly, someone “very, very, very” smart manipulated the ACH file and redirected the monies elsewhere. So many victims. #mypayrollHR”
“@slavkinLaw, you have encouraged us to get our facts straight re: #mypayrollhr and @cachetfs You understand that has been hard to do. If you could point us to the facts, that would be great. It has been #wagetheft chaos for us since Thursday. Lack of facts is a major reason.”
“People are suffering at the hands of @CachetFS who refuses to take responsibility and prefers to cry victim. #mypayrollhr ”
“@GavinNewsom @NYGovCuomo please direct your attorneys general to investigate the egregious actions of @cachetFS retracting hundreds of thousands of dollars from tens of thousands of individual workers’ personal accounts. THIS CANNOT STAND. #PAYTHEPEOPLE #mypayrollHR #nowaycachet “
“Banks who refuse to help #mypayrollhr victims get their hard-earned wages back are complicit in this mass #wagetheft. We are taking note and won’t be silent about it. @CachetFS @BankofAmerica @Chase @WellsFargo @usbank @UnionBank @Citibank @pioneerbank @PNCBank #paythepeople“
“Why hasn’t their website been taken down?? https://mypayrollhr.com/en/“
Meanwhile, lame-brain sales and marketing vultures at payroll provider competitors by the dozens were quick to invite former business clients of the failed company on social media to contact them in the hopes of feeding off the remains of the MyPayrollHR carcass to generate new clients. Another unseemly aspect of the unfortunate fraud.
Confusion and finger-pointing in this case are everywhere. It’s like a circular firing squad with everyone pointing rifles at each other.
MyPayrollHR tells clients to go elsewhere and shuts its doors. Cachet says it was a victim of fraud. Banks say they were simply following client instructions. Small businesses are scrambling to pay employees the old-fashioned way. Many employees are trying to get banks to restore their stolen funds and trying to pay their bills.
A completely ironic client testimonial is still live on the MyPayrollHR company website.
It’s a developing story and a reminder for small and midsized business to exercise due diligence in partnering with any technology, payments or financial service providers.
There are so many potential benefits of payroll-as-a-service from automation, efficiencies, cost savings and regulatory compliance for businesses to higher security, transparency, innovative new services such as payday advances or loans, and improved financial well-being for employees. It would be a shame for one bad actor to spoil the benefits of PaaS.
We can only stand by and hope that regulators, banks and all the parties involved work together to ensure that the little guys – hard-working employees and small businesses – get their money back with better protection in the future.