Portals and Rails

About


Portals and Rails, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Portals and Rails and look forward to collaborating with you.

November 17, 2014


Consumer Prepaid Protections May Be Catching Up with Prepaid Use

On November 13, the Consumer Financial Protection Bureau (CFPB) issued its much-anticipated notice of proposed rulemaking of consumer protections for the prepaid market. This proposed rule covers multiple facets related to the prepaid industry, including disclosure requirements, fraud protection, access to account information, and the provisioning of credit via overdraft. Today's blog will provide a brief, high-level summary of this rule.

What is and isn't covered under this rule?
This rule redefines a "prepaid account" under Regulation E (Reg E). Prepaid products include cards, codes, and other devices capable of being loaded with funds that are not currently covered by Reg E and are usable at multiple, unaffiliated merchants and ATMs, and for person-to-person transfers. Gift cards, and certain related cards, are excluded.

Disclosure requirements
The rule requires that card issuers use two forms to disclose fees. The short form discloses four types of fees: monthly account fees, cash reload fees, ATM transaction fees, and purchase transaction fees. The rule proposes the use of a model form that establishes a safe harbor for compliance to the short-form requirement. The long form describes all of the potential account fees and the conditions under which these fees are assessed, as well as the fees that short form includes. Both disclosures must be made available to the consumer before the opening of an account.

Fraud protection
The rule modifies Reg E to require that issuers adopt error resolution procedures and limited liability for prepaid accounts. Reg E coverage limits a prepaid consumer's liability for unauthorized transfers to $50, assuming that the consumer gives timely notice to the financial institution and the card has been registered. Further, financial institutions would be required to resolve certain errors to prepaid consumer accounts.

Access to account information
The rule also modifies Reg E to require that financial institutions provide prepaid account holders with free access to periodic statements or that they make available to the consumer the account balance and at least 18 months of account transaction history. These periodic statements and transaction histories must include a summary of monthly and annual fees in addition to a listing of all deposits and debits.

Overdraft protection
The rule allows for issuers of prepaid accounts to offer overdraft services and other credit features. However, issuers that offer these services or features for a fee are subject to Regulation Z (Reg Z) credit card rules and disclosure requirements which, among other things, requires them to evaluate whether consumers can repay their debt. The issuer is required to obtain a consumer's consent before adding these services to accounts and must provide consumers with a periodic statement of the credit and provide at least 21 days to repay the debt. Should a product offer overdraft or other credit features, it must be disclosed in the disclosures of the short and long forms.

The CFPB is seeking public comment for a 90-day period, beginning with its publication in the Federal Register.

By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed


November 17, 2014 in consumer protection, prepaid, regulations | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c01bb07ad028f970d

Listed below are links to blogs that reference Consumer Prepaid Protections May Be Catching Up with Prepaid Use:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

October 27, 2014


ISO 20022 in the United States: What, When, Why, and How?

At the October 2014 Sibos conference in Boston, there was considerable discussion about the International Organization for Standardization (ISO) 20022 standard, which many major non-U.S. financial markets began moving toward a few years ago. ISO 20022 is a public international standard for financial sector global business messaging that facilitates the processing and exchange of financial information worldwide.

In Canada, adoption drivers include the use of domestic messaging standards in proprietary ways that created inefficiencies and the need for enhanced remittance data to add straight-through processing and automated reconciliation, according to a Canadian speaker at the conference. A speaker from Australia explained how the new real-time payment system that country is building will use ISO 20022, and one of the drivers is the desire for rich data to enable automation.

The United States is behind in the adoption curve, which raises the question, why? Several Sibos sessions included discussion of a study commissioned by an industry stakeholder group and conducted by the advisory firm KPMG. (The stakeholder group—which consists of representatives from the New York Fed, the Clearing House Payments Company, NACHA–The Electronic Payments Association, and the Accredited Standards Committee X9—formed to evaluate the business case of U.S. adoption of the ISO 20022 standard.)

KPMG interviewed participants of markets already moving toward adoption and found that adoption was largely driven by both infrastructure change, as in the Australian example, and regulatory requirements. In addition, many U.S. firms, beyond the large financial institutions and corporations, lack in-depth knowledge about ISO 20022. Two additional barriers in the United States are (1) the exact costs of ISO 20022 implementation are difficult to pinpoint, in part because they vary by participant, and (2) the country has no industry mandate for adopting the standard.

In one conference session, a speaker categorized some of the strategic reasons the United States should move forward, framing them in terms of the risks of nonadoption. These reasons include:

  • Commercial reasons: The U.S. industry will have to bear the incremental costs of maintaining a payments system that does not integrate seamlessly with an emerging global standard.
  • Competitive reasons: Many countries are experiencing such benefits of the ISO standard as increased efficiencies and rich data content, but U.S. corporations and financial institutions will fall farther behind.
  • Policy reasons: The U.S. market will become increasingly idiosyncratic, with more payment transactions conducted in currencies other than the U.S. dollar.

Recommendations from the KPMG study include initiating adoption of the ISO 20022 standard in this country first for cross-border activity, starting with wires, and then ACH. The U.S. industry should then reassess domestic implementation.

Because communication is keenly important to overcoming the lack of knowledge of ISO 20022 in the U.S. market, the stakeholder group is currently focusing on educating affected groups about the key observations and findings of the KPMG study.

No particular timetable or course of action has been determined for U.S. adoption, which makes it the ideal time for industry input. What's your institution's perspective on the adoption of the ISO 20022 standard in the U.S. market?

Photo of Deborah ShawBy Deborah Shaw, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

October 27, 2014 in financial services, payments, regulations | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c01b8d0855662970c

Listed below are links to blogs that reference ISO 20022 in the United States: What, When, Why, and How?:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

September 22, 2014


New ACH Return Rate Threshold on the Horizon

In a December 2013 post, we asked the question, Is it the right time for lower ACH return rate thresholds? We can now say that the answer is "Yes." The voting membership of NACHA-The Electronic Payments Association recently approved a NACHA Operating Rule amendment that will reduce the unauthorized debit return rate threshold.

The process of returning payment transactions is a pain point for the receiving financial institutions that incur the costs of exception processing, which includes handling customer service inquiries and the returns. Unauthorized transactions are also a pain point for customers who have experienced such postings to their accounts. For the financial institution originating transactions on behalf of businesses and third-party customers, ongoing and proactive monitoring of return rates can help them quickly identify potential problems and determine if those problems have been addressed.

The NACHA Operating Rule amendment will reduce the threshold for returns of unauthorized debit entries from 1 percent to 0.5 percent, effective September 18, 2015. An originating depository financial institution will be subject to possible reporting and fines if they have an originator or third-party sender whose return rate for unauthorized debits exceeds the current threshold.

As NACHA states in its information on the new rule, this 0.5 percent threshold is more than 16 times higher than the average network return rate of 0.03 percent for unauthorized debit entries in 2013. This new threshold will continue to emphasize the importance of institutions focusing on high return rates and working with their customers to bring any excessive rates down. The amendment also establishes a review process for when returns for "administrative" or "overall return" reasons exceed certain levels. For administrative returns, this will be 3 percent, and for overall returns, it will be 15 percent. Administrative returns include debits returned for reasons such as closed account, invalid account number structure, or the account number not corresponding to an existing account. Overall returns for ACH debits include unauthorized and administrative reasons, as well as others such as insufficient funds and stop payments.

Unlike the unauthorized return threshold, breaching return rate levels for administrative and overall return reasons will not result in an automatic requirement to reduce the return rate or undergo a rules enforcement proceeding. Instead, exceeding these return rates will lead to a process to determine if the origination practices of a given originator or third-party sender need to be modified to achieve lower exception levels.

The timeframe for implementing this rule allows originating financial institutions to look carefully at their current return monitoring processes and determine whether customers are near these return rates and to put into place practices that would address problem areas. Will this new rule affect your due diligence processes? Does your current monitoring already show that your customers' return rates are lower than the new thresholds?

Photo of Deborah ShawBy Deborah Shaw, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

September 22, 2014 in ACH, debit cards, regulations | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c01b7c6dede57970b

Listed below are links to blogs that reference New ACH Return Rate Threshold on the Horizon:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

June 16, 2014


Banking on the Financial Institutions as Gatekeepers

With all the changes and new participants in the payment industry, financial institutions remain the participants in the best position to know their customers. They still play a central role in transactions, so laws, regulations, and rules view them as gatekeepers, best able to protect consumers from unauthorized payments and fraudulent business practices. This gatekeeper role has never been simple, but the increase in the number and type of businesses conducting transactions over the internet and mobile devices has added to its complexity and difficulty. Complicating the gatekeeper role further is the increasing number of intermediaries involved in the payments stream.

Over the years, regulators have issued guidance to institutions highlighting issues related to high-risk businesses and service providers. In the fourth quarter of 2013, both the Office of the Comptroller of the Currency and the Federal Reserve Board issued guidance on third-party risk management for financial institutions. The new guidance highlights the growing importance of managing relationships with payment participants and makes it clear that institutions have to focus on managing customer relationships, which starts at onboarding.

Regulatory pressure is one approach to keeping the payments system safe, and so is the pressure that law enforcement agencies put on financial institutions. A recent example includes the crackdown of the New York Department of Financial Services on unlawful payday lending practices.

Payments system rules are also effective in keeping financial institutions focused on indicators of the fraudulent use of a payment type. For instance, NACHA Operating Rules include a provision that says an institution is out of compliance if its businesses have a return rate for unauthorized transactions over 1 percent. (A previous post addressed proposed enhancements to the NACHA Operating Rules to address additional indicators of fraud.)

An even stronger type of pressure exerted on financial institutions is when an agency bans a payment type entirely or restricts its usage. For instance, the Federal Trade Commission issued a proposal last year to ban the use of remotely created checks by telemarketers. If a payment type is banned, the financial institution's role is to enforce the ban with its business clients.

The emphasis on the financial institution's gatekeeper role underscores the continued importance of protecting consumers from fraudulent payment practices. It also highlights the fact that this role is not an easy one and brings with it certain risks and costs.

Photo of Deborah Shaw

June 16, 2014 in banks and banking, regulations, risk management | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c01a73dd9fb1b970d

Listed below are links to blogs that reference Banking on the Financial Institutions as Gatekeepers:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

May 19, 2014


Choking on the Cost of Risk Management

In March 2013, the Department of Justice (DOJ), joined by the Federal Deposit Insurance Corporation (FDIC) and the Consumer Financial Protection Bureau (CFPB), quietly launched the program “Operation Choke Point.” The program’s objective is to cut off fraudsters’ access to consumer bank accounts by restricting—or choking off—their access to the banking system. Normally the fraudsters would be the only ones complaining about officials trying to shut down their business, but this program is also creating new risk management challenges for the banking industry.

While critics of the program readily admit that criminal activities should be fully investigated and prosecuted, they contend that the program has imposed a wider, “chilling,” effect on financial institutions and their third-party payment processors. A number of financial institutions have said that the operational, compliance, and risk costs associated with the increased scrutiny outweigh the benefits of such high-risk but legal business account relationships and can result in their termination.

The agencies defend their actions, stating that the “know-your-customer” and “know-your customer’s customers” requirements have been in place for some time. They say they are targeting only processors and financial institutions that are blatantly exchanging these requirements for due diligence and compliance with the Bank Secrecy Act (BSA) for a sizable fee revenue opportunity.

By September 2013, the DOJ had issued 50 subpoenas to financial institutions and their processors citing the BSA’s requirements for a financial institution to monitor the activities of its customers and its customer’s customers for suspicious activity. In its first enforcement action of the program, in early 2014, the DOJ entered into an agreement with a holding company of a North Carolina community bank for $1.2 million in civil penalties and with certain restrictions with regards to its future processor relationships. The DOJ alleged that the holding company’s management knowingly ignored numerous warning signs that some of its processing customers had clients engaged in illegal business practices, including internet-based payday lending, gambling, and even Ponzi schemes, all to generate large amounts of account service charges and fees. A U.S. District Court judge approved the agreement on April 25 this year. However, the bank didn’t admit to anything in the DOJ complaint nor to any liability.

To help financial institutions better deal with the risk management requirements that Operation Choke Point highlights, a number of associations have developed materials or issued guidelines. An earlier Portals and Rails post discussed the reminders from NACHA on the know-your-customer’s-customer rules and the proposed rules about return item limits that could potentially signal fraudulent or deceptive practices. The Electronic Transactions Association (ETA) has recently published a best-practices guide for processor relationship onboarding and continued oversight. This document, “Guidelines on Merchant and ISO Underwriting and Risk Monitoring,” is available to ETA members only, but the organization has given us permission to make the guide’s executive summary available.

Portals and Rails is interested in your thoughts on Operation Choke Point and the response by some banks, and we pose this question: Are banks properly pricing their services to the business that requires such intense risk management measures?

Photo of Deborah ShawBy David Lott, a retail payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed


May 19, 2014 in banks and banking, law enforcement, regulations, risk management | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c01a73dc5354c970d

Listed below are links to blogs that reference Choking on the Cost of Risk Management:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

May 12, 2014


The Art of Balancing Innovation and Regulation

Several factors have converged in recent years to add complexity to the regulatory oversight of retail payments. These elements include new regulation and oversight along with technology advances that have created new payment types. The challenge for regulators in an environment with an abundance of innovation is to align that innovation with appropriate regulation to ensure consumer protection, data security, and fraud mitigation, and to retain consumer confidence in payments.

The 2008 financial crisis led to an increased focus within the regulatory framework on retail payment risk factors. One new regulation was the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (Dodd-Frank). Dodd-Frank led to many changes—including the creation of a regulatory agency, the Consumer Financial Protection Bureau (CFPB), to focus exclusively on consumer protection. Since the CFPB was created, two of the payments types it has identified as deserving of its oversight are remittances and prepaid cards.

At the same time, evolving technology continues to change the nature of how consumers make payments—moving from the physical to the virtual—and has increased consumers' expectations for speed, control, information, and transparency. Options available for consumers to make payments and for businesses and financial institutions to participate in offering payment services have multiplied as Internet and mobile evolved, cloud-based solutions progressed, and virtual currencies expanded.

Technological advances have led to a retail payments system that is more transparent than ever before, in which all types of entities, from start-up companies to financial institutions, are able to innovate. Nonbank entities are flourishing in retail payments, challenging the historic role of financial institutions as primary payment participants by offering payments products and services in an ever-more complex payments landscape.

While some participants complain that there is too much regulation of payments practices, others call for more or different regulation when problems arise. Still others call for change because they believe the playing field is not level for all participants. Sometimes regulation can be a catalyst for innovation by legitimizing a payments practice after clarifying requirements for all participants. Whatever your perspective, it is a complex undertaking to attain the delicate balance between innovation and oversight.

Photo of Deborah ShawBy Deborah Shaw, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

May 12, 2014 in innovation, mobile payments, regulations, regulators | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c01a73dc1c139970d

Listed below are links to blogs that reference The Art of Balancing Innovation and Regulation :

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

April 28, 2014


Is Personal Data Privacy Going, Going, Gone?

Since last December, it seems that not a week has gone by without a headline about another breach of consumers' payment or personal data. These articles—which are no longer limited to banking or IT industry publications—have created both weariness and concern among consumers. The market research firm GfK conducted a national survey of U.S. consumers in March 2014 to measure the impact of these breaches and better understand how consumers view and manage their personal data. They surveyed 1,000 individuals over the age of 18 and sorted the results by generation. Some of the findings I found most interesting were:

  • All generations are concerned about the protection of their personal data and, overall, 59 percent indicated that their concern has risen over the last 12 months.
    Question: Are you concerned about the protection of your personal data?
  • One-third of the survey participants indicated that they had been the victim of the misuse of their personal data at least once over the past year.
  • Over half (54 percent) of those surveyed don't believe the U.S. government is doing enough to protect their data, with two-thirds of the pre-boomers taking that position.
  • Overall, 80 percent of the respondents believe there should be additional regulations preventing organizations from reselling their personal data to third parties.
  • There is a strong demand from consumers for all consumer-facing industries to change their data privacy and personal data usage policies, but that demand is the highest for credit card companies and social networks.
  • Banks are in the top four trusted organizations regarding the protection of personal data but trailing health care organizations, online payment systems, and online retailers. Social networks, international businesses, and marketers and advertisers are the least trusted.
  • Although more than half of the participants do not agree with the tracking or recording of communication data without their permission, younger generations are not as concerned.
    Agreement with the statement: I accept that my communications data (e.g. phone, online) can be recorded without my approval to prevent crime.

So how are consumers behaving in light of this increased concern? Almost half (48 percent) indicated that they have changed their online practices and are avoiding the use of online auctions, online banking, and online social networks to reduce the likelihood that their personal data might be compromised or misused in some way. I have seen other research indicating that as much as 40 percent of a retailer's customers that have had their personal data compromised through a breach at that retailer will avoid that retailer, at least in the immediate term.

So what is the best approach to develop and maintain safeguards for consumer's personal information and transaction data? The private sector has always championed self-regulation through standards efforts such as PCI-DSS, but we all recognize that being compliant with a common minimum standard is not the same as being totally secure. There has been no shortage of recent congressional discussion on this issue, and future major breaches will likely add to the momentum such that it will be difficult to stop. Is that where you think we are headed—a regulatory fix coming from a legislative mandate? Let us hear from you.

Photo of David LottBy David Lott, a retail payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

April 28, 2014 in consumer fraud, consumer protection, data security, regulations | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c01a3fcfb4cc5970b

Listed below are links to blogs that reference Is Personal Data Privacy Going, Going, Gone?:

Comments

The Target breach, in which 110 million Americans lost critical personal and financial data, is just the latest problem caused by extending legacy payment networks built in the 1960s to internet originated payments.

In the classic New Yorker cartoon, one dog says to the other, "On the Internet, nobody knows you're a dog." Until we solve this problem, the legacy payment networks cannot be made secure. They were not architected with security built into them to do what we are doing today by extending them to payments generated from the internet. The security of any network is only as good as its weakest node. By moving access to the legacy payment systems to the internet, we added tens of millions of nodes to each legacy payment system and most of those nodes are not securely authenticated or truly secure.

A next generation payment system is required that is architected with security and encryption of all data "end to end", with no data ever “in the clear” and in which all users are "strongly authenticated". It is less expensive by orders of magnitude to build a new next generation payment system that can do that, than to retrofit one of the existing legacy payment systems, as I was once told by the former global CIO of VISA International. The existing legacy payment systems are all designed to have required information "in the clear" at multiple points in the transaction cycle.

The rapid rise of Bitcoin, despite its significant flaws, highlights the hunger in the marketplace for a better and more secure internet based global payment system. It would be better if that next generation payment system was also bank-centric and properly regulated, none of which Bitcoin is.

FYI, the New Yorker cartoon was first published in 1994, so this problem has been building for over 20 years.

Posted by: Stephen Lange Ranzini | April 28, 2014 at 05:31 PM

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

January 06, 2014


When It Comes to RCCs, Can We Make the Invisible Visible?

In May 2013, the Federal Trade Commission (FTC) issued a proposal for public comment to amend the telemarketing sales rule to prohibit telemarketers from using certain payment types, including remotely created checks (RCCs). The proposal addressed attributes of RCCs that make their use susceptible to abuse. RCCs, sometimes referred to as demand drafts, are checks that payees issue rather than the consumer or the consumer’s bank, and are not signed by the consumer. The attributes the proposal addresses include the difficulty of distinguishing RCCs from check images, the absence of reliable data on the volume of RCCs and returns, and the lack of centralized fraud monitoring. Together, these attributes make RCCs relatively invisible.

RCCs usually garner attention only when a law enforcement case uncovers their use in fraud, typically when consumers are victimized by unfair and deceptive practices. Still, RCCs are not just a tool for committing fraud—they are used for legitimate purposes and are frequently authorized by consumers as payments for credit cards, charitable donations, and insurance premiums. At times, banks originate the RCCs themselves or on behalf of the payee, so in these instances, the bank monitors returns, identifies issues, and manages them.

In other payment methods, including ACH transactions and cards, the ability to recognize the payment, track volume and returns, and monitor fraud centrally have proven to be beneficial in addressing fraud. For example, ACH operators have data on forward entries and returns for ACH transactions that enable ACH participants to identify and address issues proactively. Adding these layers of data to enable identification and monitoring of RCCs would prove equally beneficial to the depository and paying banks, as well as regulators and law enforcement to potentially identify and address RCC fraud more directly.

How can the industry improve the identification and tracking of RCCs? One option could be to develop some kind of technology that would distinguish between RCCs and check images with a high degree of accuracy. Another option could be to approve a standard for an identifier in the MICR (short for magnetic ink character recognition) line to indicate that this document is an RCC.

Some industry participants have pursued the MICR line identifier in the past, but these efforts did not gain traction within the industry. However, it may be an idea whose time has come given the concerns that regulators and law enforcement officials are raising about the "invisibility" of RCCs. A MICR line identifier would also allow for centralized fraud monitoring. For instance, depository banks could report periodically to their primary regulator on RCC returns. This reporting would provide information to regulators and law enforcement on possible fraud and support banks in their efforts to mitigate improper RCC usage.

Does your institution see value in making RCCs visible in the processing stream and quantifying their use?

Photo of Deborah ShawBy Deborah Shaw, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

January 6, 2014 in fraud, regulations, remotely created checks | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c019b0450ee36970d

Listed below are links to blogs that reference When It Comes to RCCs, Can We Make the Invisible Visible?:

Comments

Another consideration for financial institutions is the liability difference for electronic RCC vs. 'traditional' RCC. eRCC are never printed therefore not allowing the Federal Reserve to provide Check 21 warranties. This method puts all of the liability on the Bank of First Deposit. Normal liability is incurred for the traditional RCC.

Posted by: Brad Smith | January 06, 2014 at 03:40 PM

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

December 16, 2013


Is It the Right Time for Lower ACH Return Rate Thresholds?

Monitoring return rates for automated clearing house (ACH) transactions is an important element of a bank’s risk mitigation program for its business and third-party clients. Recently, NACHA issued a request for comment (RFC) that addresses proposed changes to return rate thresholds included in the NACHA Operating Rules.

The NACHA Operating Rules currently identify a return rate threshold for unauthorized debit entries of 1 percent. The threshold is intended to reduce unauthorized entries transmitted over the ACH network. The NACHA Operating Rules hold an originating depository financial institution (ODFI) that has an originator or third-party sender with an unauthorized return rate over 1 percent subject to ODFI reporting and possible fines if the rate of returns is not reduced in a timely fashion.

According to the RFC, the unauthorized debit return rate declined due to several risk management efforts—including the 1 percent threshold, established in 2008—from 0.06 percent in 2005 to 0.03 percent in 2012. These reduced numbers demonstrate that the monitoring of return rates by banks and other network participants helps to identify issues and leads to fewer problematic transactions.

This RFC proposes three changes to how the NACHA Operating Rules currently address return rate thresholds.

  • A reduction in the return rate threshold for unauthorized debit entries from 1 percent to 0.5 percent.
  • Establishment of a return rate threshold for data quality debit entries (such as invalid account number) of 3 percent.
  • Implementation of an overall debit return rate threshold of 15 percent.

NACHA had issued an RFC in spring 2011 that proposed changes similar to the first two listed items, but ACH participants did not provide sufficient support then and the changes were not implemented. It seems that the time may now be right. The RFC indicates that the environment for this proposal appears to have changed, with ACH participants expressing interest in looking at new thresholds. And the proposal for an overall debit return threshold stresses the need for banks to focus on their overall return rates in addition to specific return reasons.

Regardless of which thresholds are included in the NACHA Operating Rules, banks should monitor for any increase in returns. They should also understand the underlying cause and remedies that their business or processor customers are implementing. A bank focus on return issues is one element of a robust risk management program that helps to ensure the bank’s origination of high-quality payment transactions.

With this proposal on return rate thresholds, is your institution rethinking its internal policies for return rate monitoring?

Photo of Deborah ShawBy Deborah Shaw, a retail payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed


December 16, 2013 in ACH, banks and banking, regulations | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c019b0317a3ef970d

Listed below are links to blogs that reference Is It the Right Time for Lower ACH Return Rate Thresholds?:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

December 09, 2013


What Do Crayons and Virtual Currencies Have in Common?

Coloring with my young boys the other day, I was a bit amazed by the variety in colors. The days of a single blue crayon from my childhood has now expanded to at least 10 different shades of blue with names such as "Pacific blue" and "cerulean." I quickly learned that my regulation of the usage of crayons by the boys also varied by color. For example, the lone black crayon required ample regulation (and was quite challenging to enforce) to prevent an all-out toddler brawl. Because the blue crayons had such variety, they clearly required less and were much easier to enforce.

Just as crayons come in a variety of colors and shades, virtual currencies have a variety of different attributes, including:

  • Open or closed: Closed virtual currencies can be used only within a specific community. Open virtual currencies can be used anywhere the currency is accepted.
  • Unidirectional or bidirectional: Unidirectional flow allows the currency to be obtained at a specific exchange rate using fiat currency. This currency cannot be exchanged back to the fiat currency. Bidirectional currencies are bought and sold according to exchange rates.
  • Centralized or decentralized: A centralized currency has a central authority that issues the currency and operates the system. A decentralized currency does not have a single entity acting as a central issuer or clearing house.
  • Asset backed or demand backed: An asset-backed currency is tied to an asset or assets held in reserve while a demand-backed currency has no tangible value other than the value established by its market.
  • Machine-based or human-based: Monetary policy of machine-based currencies, or crypto-currencies, is managed by computers. A central authority establishes monetary policy with human-based currencies.

The regulation of my children's crayon usage differed depending on the particular crayon being used. In that case, it was a matter of scarcity, so the analogy isn't perfect—but it will also be imperative for the regulation of virtual currencies and their enforcement to differ according to the characteristics of the various currencies. Undoubtedly, a decentralized, demand-backed currency not only poses different risks than a centralized asset-backed currency does but it may also include a unique set of participants not part of other virtual currency schemes.

Most of the regulatory discussion currently taking place is focused squarely on a particular virtual currency. And while this particular currency has an enormous market share of the virtual currency market, there are at least 50 other virtual currencies in the marketplace. If I had regulated the blue crayons in a similar way as the black crayon, my children would likely have left their coloring books and moved on to the train table.

I fear that should regulations be developed based on a single virtual currency and then applied to the market at large, the regulations could drive away the innovators in the virtual currency space that may hold long-term promise if they promote a faster, more secure, and more efficient payment system.

Douglas A. KingBy Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

 

December 9, 2013 in currency, regulations | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c019b027651c7970b

Listed below are links to blogs that reference What Do Crayons and Virtual Currencies Have in Common?:

Comments

While I'm not well versed in virtual currencies, your point about regulations being based on one market mover and then applied to the rest of the industry is interesting. In general, I think most financial regulation is applied in this manner since it serves as a simplifying assumption and since regulation is generally reactive rather than proactive. My guess would be that the other virtual currencies will continue to innovate around whatever regulation is issued. However, I understand that some may exit the industry altogether if that regulation is too stifling.

Posted by: Saba H | December 13, 2013 at 07:47 AM

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

Google Search



Recent Posts


November 2014


Sun Mon Tue Wed Thu Fri Sat
            1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30            

Archives


Categories


Powered by TypePad