During the registration process, you will be required to select a username and a password that are unique to the Account (collectively referred to hereunder as "Login Information"). You may not share the Account or the Login Information with anyone other than as expressly set forth herein.
And then also:
You are responsible for maintaining the confidentiality of your Login Information, and you will be responsible for all uses of your Login Information, whether or not authorized by you.
(Why do legal documents insist on Capitalizing Words that really shouldn't be Capitalized?)
I'll get right to the bottom line: You as an officer have the right to take any action you deem necessary to protect the security of your guild and its bank. There is absolutely no way to tell who is controlling the character of a compromised account, even with voice software. It was your member's decision to break the rules and share their account info, and they are going to have to deal with the consequences, whether you have to take away their bank access or remove all their characters from the guild. You could even report them to Blizzard if you really wanted to be harsh. I'm not advocating or condemning any of these actions yet. I'm just telling you what your immediate options are.
If you know that someone has paid a service to level up their character, it's the same situation: Their account has been compromised and your guild is at risk, so you should take steps to prevent your vault from being ransacked.
Now, the author of this week's e-mail asked a more nuanced question: Is it right to kick someone out in this situation? I would say in general that it is right if that's what you have to do, because they are violating the policies of the game. If someone in your guild was hacking or botting, you wouldn't want them in your guild. Sharing account info seems harmless, and in many cases, as I noted before, they are actually doing it to help others. Even so, it can lead to disastrous consequences for the guild and you are the one responsible for protecting it, so in my opinion you can't be faulted for taking whatever action you feel is appropriate.
However, if the person is a valued and longstanding member of the guild, you may want to find a more reasonable solution. In this case, have the person change their password immediately. If you trust them to take care of this in a timely manner, it's a good fix. But you might want to demote their characters out of the bank in the meantime just to be safe. And you should seek assurances that the person who had your member's account info doesn't have access to their e-mail, too, or else that person could just retrieve the new password -- and then you are back to square one.
Still, it's far better never to face this situation in the first place. So I recommend to all the officers out there before it's too late: Let members know that you won't tolerate account sharing.
There is one particular instance where Blizzard allows you to share an account. The exception is described best on Blizzard's support site:
You may not share your Account or password with anyone, except that if you are a parent or guardian, you may permit one (1) minor child to use the Account instead of you (in which case you may not use that Account at the same time).
In any case, the author of this week's e-mail is in a bad situation. When someone leaves due to drama but still has access to guild characters, all those characters' equipment and items, and potentially the guild bank, it's pretty much a worst-case scenario. Unlike an unscrupulous leveling service or a hacker, that player is personally motivated to do your guild harm. I hope you've come out of it unscathed, but let it serve as a warning to others!
Send Scott your guild-related questions, conundrums, ideas, and suggestions at firstname.lastname@example.org. You may find your question the subject of next week's Officers' Quarters!