Portals and Rails, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Portals and Rails and look forward to collaborating with you.
Federal Reserve Web Sites
Other Bank Regulatory Sites
December 08, 2014
Under Pressure: The Fate of the Independent ATM Operators
The ATM industry in the United States is facing many challenges. For one, the interchange rates that networks pay to ATM owners have been halved over the last five years, transaction surcharges are topping off, and operating expenses are escalating. These financial strains may be hardest for the thousands of small business entrepreneurs in the United States who own and operate ATMs independent of those that belong to financial institutions (FIs). (Non-FI owners/operators are responsible for an estimated 65 percent of all U.S. ATMs.) For another, at least for the small-business independents, a changing landscape is placing pressure on the relationships the independent owners/operators have with their FIs.
I recently attended and spoke at the National ATM Council's (NAC) annual conference. NAC is a nonprofit national trade association that represents the business interests of these non-FI ATM owners and operators. During the conference, I spoke with many of the attendees to learn more about the key drivers and concerns of their business. The biggest concern many owners/operators expressed is their sponsoring FI will classify them as a high-risk business and terminate their banking relationship. (Many FIs are in the process of "de-risking" their portfolios.) FIs may mistakenly classify these operators as money service businesses (MSB), since they dispense cash, even though state regulators do not consider them as such. Two factors are contributing to this confusion: guidance from the FFIEC's examiner manual that cautions financial institutions that criminals can use ATMs to launder funds, and an organizational structure that has sub-ISOs (that is, independent sales organizations), which can make ownership of all the ATMs unclear.
In actuality, the ability of ATM operators to launder money through an ATM is quite restricted beyond the initial funds placed in the terminal. The processors and networks, which are totally independent from the owners, generate financial reports that show the amount of funds that an ATM dispenses in any given period. So if the reports show an ATM paid out $5,000 in a month, the ATM owner can only justify resupplying the ATM with $5,000, plus a little reserve. In other words, controls maintained by independent parties clearly document the funds flowing through the ATM. Additionally, the non-FI sponsorships are dominated by four highly regarded financial institutions with strict AML/BSA programs that validate the initial funding of the ATM and monitor ongoing activity.
My advice to the group to try to avoid having their business relationship questioned or, worse, terminated, was to work proactively with the financial institution providing their settlement service and cash supply needs. Make sure their account officers understand how their businesses operate and know the controls that are in place to make money laundering unlikely to happen. And if you work for an FI that works with non-FI ATM owners/operators, don’t be surprised if they come calling on you.
By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
November 24, 2014
What’s Unsettled in Faster Payments?
When I started at the Federal Reserve Bank 27 years ago, the phrase "faster payments" was rarely spoken. Indeed, if people talking of payments were musing on speed (or the lack thereof), two things were a safe bet: first, the conversation was likely among bankers and, second, the talk revolved around check float and the tools for reducing it—check sort patterns, airplanes, or optimized ground routes. Those tools are not part of today's "faster payments" conversations, and the universe of discussants is much broader; it's not just bankers anymore.
Payments essentially comprise two components. The first is messaging—the instruction that delineates who is to be paid, by whom, and in what amount. The second component is settlement. Settlement is the event that finishes a payment. It is also commonly the slowest aspect within any given payment scheme. Settlement is the actual transfer of funds, the account adjustments directed by the messaging components.
For many payments, settlement takes much longer than appears to be the case, particularly from the perspective of the end user. For example, in a typical payment card transaction between a consumer and a retailer, once the card is swiped and "approved," the consumer is considered to have paid and can generally leave with the goods. But the merchant has received only the promise of payment. Settlement between card issuers and acquiring banks must occur before the merchant is paid. This can take more than a day and illustrates one issue with settlement lags: consequential strains on liquidity that merchants experience when they need to replace goods but may not have received payment to fund the resupply.
So will a faster payment solution resolve the liquidity issues currently experienced in many of the extant payment schemes? At this point, the answer is not a simple one. In town hall-style meetings and other updates, Fed speakers have noted that "real-time settlement is not required for real-time availability." This suggests that at least at the outset, a faster payments scheme here may not include immediate settlement. And if settlement does not occur simultaneously with messaging, certain parties in the transaction remain exposed to liquidity as well as other settlement risks. This doesn't mean that a new scheme will be plagued with settlement risk. The UK has successfully offered real-time clearing and availability without real-time settlement. However, other countries have built real-time settlement into their new systems because it does indeed reduce systemic risk. If a new system here is to be built from scratch, it seems important to probe fully the range of design issues and options and consider solving all of the longstanding payment risks that can be feasibly solved.
By Julius Weyman, vice president, Retail Payments Risk Forum at the Atlanta Fed
November 17, 2014
Consumer Prepaid Protections May Be Catching Up with Prepaid Use
On November 13, the Consumer Financial Protection Bureau (CFPB) issued its much-anticipated notice of proposed rulemaking of consumer protections for the prepaid market. This proposed rule covers multiple facets related to the prepaid industry, including disclosure requirements, fraud protection, access to account information, and the provisioning of credit via overdraft. Today's blog will provide a brief, high-level summary of this rule.
What is and isn't covered under this rule?
This rule redefines a "prepaid account" under Regulation E (Reg E). Prepaid products include cards, codes, and other devices capable of being loaded with funds that are not currently covered by Reg E and are usable at multiple, unaffiliated merchants and ATMs, and for person-to-person transfers. Gift cards, and certain related cards, are excluded.
The rule requires that card issuers use two forms to disclose fees. The short form discloses four types of fees: monthly account fees, cash reload fees, ATM transaction fees, and purchase transaction fees. The rule proposes the use of a model form that establishes a safe harbor for compliance to the short-form requirement. The long form describes all of the potential account fees and the conditions under which these fees are assessed, as well as the fees that short form includes. Both disclosures must be made available to the consumer before the opening of an account.
The rule modifies Reg E to require that issuers adopt error resolution procedures and limited liability for prepaid accounts. Reg E coverage limits a prepaid consumer's liability for unauthorized transfers to $50, assuming that the consumer gives timely notice to the financial institution and the card has been registered. Further, financial institutions would be required to resolve certain errors to prepaid consumer accounts.
Access to account information
The rule also modifies Reg E to require that financial institutions provide prepaid account holders with free access to periodic statements or that they make available to the consumer the account balance and at least 18 months of account transaction history. These periodic statements and transaction histories must include a summary of monthly and annual fees in addition to a listing of all deposits and debits.
The rule allows for issuers of prepaid accounts to offer overdraft services and other credit features. However, issuers that offer these services or features for a fee are subject to Regulation Z (Reg Z) credit card rules and disclosure requirements which, among other things, requires them to evaluate whether consumers can repay their debt. The issuer is required to obtain a consumer's consent before adding these services to accounts and must provide consumers with a periodic statement of the credit and provide at least 21 days to repay the debt. Should a product offer overdraft or other credit features, it must be disclosed in the disclosures of the short and long forms.
The CFPB is seeking public comment for a 90-day period, beginning with its publication in the Federal Register.
By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
November 10, 2014
Virtual Currency Environment Still Fluid after Latest Rulings
The end of October was filled with multiple news-grabbing headlines reflecting the growing fears of Ebola, the exciting seven-game World Series, and the release of the first-ever college football playoff rankings. The launch of ApplePay also saw its fair share of headlines, but one piece of payments-related news might have flown a bit under the radar. On October 27, the United States Department of Treasury's Financial Crime Enforcement Network (FinCEN) issued two virtual currency administrative rulings stemming from its March 2013 guidance on regulations to persons administering, exchanging, or using virtual currencies.
The first administrative ruling involves a virtual currency trading platform that matches its customers' buy-and-sell orders for currencies. The company requesting this ruling stated that they operated the trading platform only and were not involved with money transmissions between it and any counterparty. FinCEN determined that money transmission does, in fact, occur between the platform operator and both the buyer and seller. Consequently, FinCEN said that this company and other virtual currency trading platform operators should be considered "exchangers" or "operators" and required to register as money transmitters subject to Bank Secrecy Act (BSA) requirements.
The second administrative ruling involves a company that enables virtual currency payments to merchants. This company receives payment in fiat currency from the buyer (or consumer) but transfers an equivalent amount of virtual currency to the seller (or merchant) using its own inventory of virtual currency to pay the merchant. This particular company asserted that it wasn"t an "exchanger" since it wasn't converting fiat currency to virtual currency because it was using its own reserve of virtual currency to pay merchants. However, FinCEN determined that this company, and similar companies, is a money transmitter because it accepts fiat currency from one party and transmits virtual currency to another party.
These two rulings confirm that if a virtual currency-related company's services allow for the movement of funds between two parties, that company will be viewed as a money transmitter and will be subject to BSA requirements as a registered money transmitter. As financial institutions consider business relationships with these types of companies, they should make sure that these companies are registered as money transmitters and have BSA programs in place.
The virtual currency regulatory environment continues to be fluid. For example, in his recent comments at the Money 2020 Conference, Benjamin Lawsky, superintendent of the New York Department of Financial Services, suggested that his office will soon be releasing its second draft of a proposed framework for virtual currency business operating in New York. Portals and Rails will continue to monitor this regulatory environment at the state and federal level.
By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
- Under Pressure: The Fate of the Independent ATM Operators
- What’s Unsettled in Faster Payments?
- Consumer Prepaid Protections May Be Catching Up with Prepaid Use
- Virtual Currency Environment Still Fluid after Latest Rulings
- ISO 20022 in the United States: What, When, Why, and How?
- Let's Talk Tokens, Part III: What Problem Does Tokenization Solve?
- Mobile Biometrics: Ready or Not, Here They Come
- Starting Off on the Right Note with Mobile Enrollment
- Let's Talk Token, Part II: Distinguishing Attributes
- New ACH Return Rate Threshold on the Horizon
- December 2014
- November 2014
- October 2014
- September 2014
- August 2014
- July 2014
- June 2014
- May 2014
- April 2014
- March 2014
- account takeovers
- ATM fraud
- bank supervision
- banks and banking
- card networks
- check fraud
- consumer fraud
- consumer protection
- cross-border wires
- data security
- debit cards
- emerging payments
- financial services
- identity theft
- law enforcement
- mobile banking
- mobile money transfer
- mobile network operator (MNO)
- mobile payments
- money laundering
- money services business (MSB)
- online banking fraud
- payments risk
- payments study
- payments systems
- phone fraud
- remotely created checks
- risk management
- Section 1073
- social networks
- third-party service provider
- trusted service manager
- Unfair and Deceptive Acts and Practices (UDAP)
- wire transfer fraud
- workplace fraud