Portals and Rails, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Portals and Rails and look forward to collaborating with you.
Federal Reserve Web Sites
Other Bank Regulatory Sites
November 24, 2014
What’s Unsettled in Faster Payments?
When I started at the Federal Reserve Bank 27 years ago, the phrase "faster payments" was rarely spoken. Indeed, if people talking of payments were musing on speed (or the lack thereof), two things were a safe bet: first, the conversation was likely among bankers and, second, the talk revolved around check float and the tools for reducing it—check sort patterns, airplanes, or optimized ground routes. Those tools are not part of today's "faster payments" conversations, and the universe of discussants is much broader; it's not just bankers anymore.
Payments essentially comprise two components. The first is messaging—the instruction that delineates who is to be paid, by whom, and in what amount. The second component is settlement. Settlement is the event that finishes a payment. It is also commonly the slowest aspect within any given payment scheme. Settlement is the actual transfer of funds, the account adjustments directed by the messaging components.
For many payments, settlement takes much longer than appears to be the case, particularly from the perspective of the end user. For example, in a typical payment card transaction between a consumer and a retailer, once the card is swiped and "approved," the consumer is considered to have paid and can generally leave with the goods. But the merchant has received only the promise of payment. Settlement between card issuers and acquiring banks must occur before the merchant is paid. This can take more than a day and illustrates one issue with settlement lags: consequential strains on liquidity that merchants experience when they need to replace goods but may not have received payment to fund the resupply.
So will a faster payment solution resolve the liquidity issues currently experienced in many of the extant payment schemes? At this point, the answer is not a simple one. In town hall-style meetings and other updates, Fed speakers have noted that "real-time settlement is not required for real-time availability." This suggests that at least at the outset, a faster payments scheme here may not include immediate settlement. And if settlement does not occur simultaneously with messaging, certain parties in the transaction remain exposed to liquidity as well as other settlement risks. This doesn't mean that a new scheme will be plagued with settlement risk. The UK has successfully offered real-time clearing and availability without real-time settlement. However, other countries have built real-time settlement into their new systems because it does indeed reduce systemic risk. If a new system here is to be built from scratch, it seems important to probe fully the range of design issues and options and consider solving all of the longstanding payment risks that can be feasibly solved.
By Julius Weyman, vice president, Retail Payments Risk Forum at the Atlanta Fed
November 17, 2014
Consumer Prepaid Protections May Be Catching Up with Prepaid Use
On November 13, the Consumer Financial Protection Bureau (CFPB) issued its much-anticipated notice of proposed rulemaking of consumer protections for the prepaid market. This proposed rule covers multiple facets related to the prepaid industry, including disclosure requirements, fraud protection, access to account information, and the provisioning of credit via overdraft. Today's blog will provide a brief, high-level summary of this rule.
What is and isn't covered under this rule?
This rule redefines a "prepaid account" under Regulation E (Reg E). Prepaid products include cards, codes, and other devices capable of being loaded with funds that are not currently covered by Reg E and are usable at multiple, unaffiliated merchants and ATMs, and for person-to-person transfers. Gift cards, and certain related cards, are excluded.
The rule requires that card issuers use two forms to disclose fees. The short form discloses four types of fees: monthly account fees, cash reload fees, ATM transaction fees, and purchase transaction fees. The rule proposes the use of a model form that establishes a safe harbor for compliance to the short-form requirement. The long form describes all of the potential account fees and the conditions under which these fees are assessed, as well as the fees that short form includes. Both disclosures must be made available to the consumer before the opening of an account.
The rule modifies Reg E to require that issuers adopt error resolution procedures and limited liability for prepaid accounts. Reg E coverage limits a prepaid consumer's liability for unauthorized transfers to $50, assuming that the consumer gives timely notice to the financial institution and the card has been registered. Further, financial institutions would be required to resolve certain errors to prepaid consumer accounts.
Access to account information
The rule also modifies Reg E to require that financial institutions provide prepaid account holders with free access to periodic statements or that they make available to the consumer the account balance and at least 18 months of account transaction history. These periodic statements and transaction histories must include a summary of monthly and annual fees in addition to a listing of all deposits and debits.
The rule allows for issuers of prepaid accounts to offer overdraft services and other credit features. However, issuers that offer these services or features for a fee are subject to Regulation Z (Reg Z) credit card rules and disclosure requirements which, among other things, requires them to evaluate whether consumers can repay their debt. The issuer is required to obtain a consumer's consent before adding these services to accounts and must provide consumers with a periodic statement of the credit and provide at least 21 days to repay the debt. Should a product offer overdraft or other credit features, it must be disclosed in the disclosures of the short and long forms.
The CFPB is seeking public comment for a 90-day period, beginning with its publication in the Federal Register.
By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
November 10, 2014
Virtual Currency Environment Still Fluid after Latest Rulings
The end of October was filled with multiple news-grabbing headlines reflecting the growing fears of Ebola, the exciting seven-game World Series, and the release of the first-ever college football playoff rankings. The launch of ApplePay also saw its fair share of headlines, but one piece of payments-related news might have flown a bit under the radar. On October 27, the United States Department of Treasury's Financial Crime Enforcement Network (FinCEN) issued two virtual currency administrative rulings stemming from its March 2013 guidance on regulations to persons administering, exchanging, or using virtual currencies.
The first administrative ruling involves a virtual currency trading platform that matches its customers' buy-and-sell orders for currencies. The company requesting this ruling stated that they operated the trading platform only and were not involved with money transmissions between it and any counterparty. FinCEN determined that money transmission does, in fact, occur between the platform operator and both the buyer and seller. Consequently, FinCEN said that this company and other virtual currency trading platform operators should be considered "exchangers" or "operators" and required to register as money transmitters subject to Bank Secrecy Act (BSA) requirements.
The second administrative ruling involves a company that enables virtual currency payments to merchants. This company receives payment in fiat currency from the buyer (or consumer) but transfers an equivalent amount of virtual currency to the seller (or merchant) using its own inventory of virtual currency to pay the merchant. This particular company asserted that it wasn"t an "exchanger" since it wasn't converting fiat currency to virtual currency because it was using its own reserve of virtual currency to pay merchants. However, FinCEN determined that this company, and similar companies, is a money transmitter because it accepts fiat currency from one party and transmits virtual currency to another party.
These two rulings confirm that if a virtual currency-related company's services allow for the movement of funds between two parties, that company will be viewed as a money transmitter and will be subject to BSA requirements as a registered money transmitter. As financial institutions consider business relationships with these types of companies, they should make sure that these companies are registered as money transmitters and have BSA programs in place.
The virtual currency regulatory environment continues to be fluid. For example, in his recent comments at the Money 2020 Conference, Benjamin Lawsky, superintendent of the New York Department of Financial Services, suggested that his office will soon be releasing its second draft of a proposed framework for virtual currency business operating in New York. Portals and Rails will continue to monitor this regulatory environment at the state and federal level.
By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
October 27, 2014
ISO 20022 in the United States: What, When, Why, and How?
At the October 2014 Sibos conference in Boston, there was considerable discussion about the International Organization for Standardization (ISO) 20022 standard, which many major non-U.S. financial markets began moving toward a few years ago. ISO 20022 is a public international standard for financial sector global business messaging that facilitates the processing and exchange of financial information worldwide.
In Canada, adoption drivers include the use of domestic messaging standards in proprietary ways that created inefficiencies and the need for enhanced remittance data to add straight-through processing and automated reconciliation, according to a Canadian speaker at the conference. A speaker from Australia explained how the new real-time payment system that country is building will use ISO 20022, and one of the drivers is the desire for rich data to enable automation.
The United States is behind in the adoption curve, which raises the question, why? Several Sibos sessions included discussion of a study commissioned by an industry stakeholder group and conducted by the advisory firm KPMG. (The stakeholder group—which consists of representatives from the New York Fed, the Clearing House Payments Company, NACHA–The Electronic Payments Association, and the Accredited Standards Committee X9—formed to evaluate the business case of U.S. adoption of the ISO 20022 standard.)
KPMG interviewed participants of markets already moving toward adoption and found that adoption was largely driven by both infrastructure change, as in the Australian example, and regulatory requirements. In addition, many U.S. firms, beyond the large financial institutions and corporations, lack in-depth knowledge about ISO 20022. Two additional barriers in the United States are (1) the exact costs of ISO 20022 implementation are difficult to pinpoint, in part because they vary by participant, and (2) the country has no industry mandate for adopting the standard.
In one conference session, a speaker categorized some of the strategic reasons the United States should move forward, framing them in terms of the risks of nonadoption. These reasons include:
- Commercial reasons: The U.S. industry will have to bear the incremental costs of maintaining a payments system that does not integrate seamlessly with an emerging global standard.
- Competitive reasons: Many countries are experiencing such benefits of the ISO standard as increased efficiencies and rich data content, but U.S. corporations and financial institutions will fall farther behind.
- Policy reasons: The U.S. market will become increasingly idiosyncratic, with more payment transactions conducted in currencies other than the U.S. dollar.
Recommendations from the KPMG study include initiating adoption of the ISO 20022 standard in this country first for cross-border activity, starting with wires, and then ACH. The U.S. industry should then reassess domestic implementation.
Because communication is keenly important to overcoming the lack of knowledge of ISO 20022 in the U.S. market, the stakeholder group is currently focusing on educating affected groups about the key observations and findings of the KPMG study.
No particular timetable or course of action has been determined for U.S. adoption, which makes it the ideal time for industry input. What's your institution's perspective on the adoption of the ISO 20022 standard in the U.S. market?
By Deborah Shaw, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
- What’s Unsettled in Faster Payments?
- Consumer Prepaid Protections May Be Catching Up with Prepaid Use
- Virtual Currency Environment Still Fluid after Latest Rulings
- ISO 20022 in the United States: What, When, Why, and How?
- Let's Talk Tokens, Part III: What Problem Does Tokenization Solve?
- Mobile Biometrics: Ready or Not, Here They Come
- Starting Off on the Right Note with Mobile Enrollment
- Let's Talk Token, Part II: Distinguishing Attributes
- New ACH Return Rate Threshold on the Horizon
- Let’s Talk Token: Authenticating Payments
- November 2014
- October 2014
- September 2014
- August 2014
- July 2014
- June 2014
- May 2014
- April 2014
- March 2014
- February 2014
- account takeovers
- ATM fraud
- bank supervision
- banks and banking
- card networks
- check fraud
- consumer fraud
- consumer protection
- cross-border wires
- data security
- debit cards
- emerging payments
- financial services
- identity theft
- law enforcement
- mobile banking
- mobile money transfer
- mobile network operator (MNO)
- mobile payments
- money laundering
- money services business (MSB)
- online banking fraud
- payments risk
- payments study
- payments systems
- phone fraud
- remotely created checks
- risk management
- Section 1073
- social networks
- third-party service provider
- trusted service manager
- Unfair and Deceptive Acts and Practices (UDAP)
- wire transfer fraud
- workplace fraud