[co-authors: Stephanie Duchesneau and Samuel Klein]
Weekly Fintech Focus
- Federal financial regulators extend the deadline for responding to its request for information about financial institutions’ use of AI.
- The CFPB issued FAQs on electronic funds transfers under EFTA and Regulation E to address issues related to fraud and private network rules.
- The Federal Reserve proposed a rule to update the Durbin Amendment/Reg. II to ensure two debit networks are available, including for card-not-present transactions.
- The Federal Reserve proposed a rule to apply Regulation J to FedNow transactions and to establish rules for the FedNow Service.
- CSBS seeks comment on its proposed nationwide licensing framework for MSBs.
Federal Financial Regulators Extend Deadline for RFI on AI
On May 17, 2021, five financial regulatory agencies announced a deadline extension for the ongoing comment period on financial institutions’ use of AI from June 1 to July 1. The comment period seeks to provide regulatory agencies a deeper understanding of how financial institutions are using AI, including of what governance structures, risk management, and other controls are in place to manage its use; the challenges such institutions face in adopting AI; and what regulatory clarifications would help institutions embrace AI in a safe and compliant manner.
CFPB Issues FAQs on Electronic Fund Transfers
On June 4, 2021, the Consumer Financial Protection Bureau (CFPB) released questions and answers pertaining to compliance with the Electronic Fund Transfer Act and Regulation E. In particular, the Compliance Aid focuses on unauthorized electronic funds transfers (EFTs) and error resolution and provides the following guidance:
- If a third party fraudulently induces a consumer into sharing account access information that is used to initiate an EFT from the consumer’s account, the transfer meets Regulation E’s definition of unauthorized EFTs.
- If a third party fraudulently induces a consumer to share account access information, subsequent transfers initiated with the fraudulently obtained account information are not excluded from Regulation E’s definition of unauthorized EFTs.
- Financial institutions cannot consider a consumer’s negligence when determining liability for unauthorized EFTs under Regulation E; for instance, consumer behavior that may constitute negligence under state law (e.g., writing the PIN on a debit card) does not affect the consumer’s liability for unauthorized transfers under Regulation E.
- If a financial institution’s agreement with a consumer includes a provision that modifies or waives certain protections granted by Regulation E, the institution cannot rely on its agreement when determining whether the EFT was unauthorized and whether related liability protections apply. For example, this guidance would apply to a scenario where a financial institution’s forms for deposit agreements impermissibly limits a financial institution’s obligations for error resolution under Regulation E.
- Financial institutions cannot rely on private network rules where private network rules provide less consumer protection than federal law; that is, less protective rules do not change a financial institution’s Regulation E obligations.
- Financial institutions cannot require a consumer to file a police report or other documentation as a condition of initiating an error resolution investigation; rather, institutions must begin their investigations promptly upon receipt of notice of error.
- Where a consumer provides notice to a financial institution about an unauthorized EFT, the institution cannot require that the consumer first contact the merchant about the potential unauthorized EFT before initiating its error resolution investigation.
- If a transfer meets Regulation E’s definition of unauthorized EFT, financial institutions may determine the consumer’s liability, if any, by applying Regulation E, § 1005.6; depending on the circumstances, the consumer may or may not have some liability for the unauthorized EFT.
The Federal Reserve Proposes Amendments to the Durbin Amendment
On May 7, 2021 the Federal Reserve announced its first substantive rulemaking for Regulation II (i.e., the Durbin Amendment) in over five years. The Durbin Amendment—part of the 2010 Dodd-Frank Act—is designed to provide merchants with greater choice over which network debit card transactions are routed, by requiring card issuers to enable at least two unaffiliated debit access networks.
The notice of proposed rulemaking clarifies that the debit card issuers should also enable and allow merchants to choose from two unaffiliated networks for card-not-present debit transactions, such as online purchases, which have come to account for a greater share of transactions since the amendment was initially passed. It is intended to respond to information suggesting that in some situations only one network is being provided for such transactions, as well as the expansion of solutions available to support card-not-present transactions. Regulation II was promulgated at a time when the card-not-present market was not very developed.
Comments must be received by July 12, 2021.
The Federal Reserve Issues a Proposed Rule for the Terms of its FedNow Service
The Federal Reserve is proposing a rule regarding the terms and conditions that will apply to funds transfers on the Federal Reserve’s FedNow Service. The proposed rule intends to include FedNow transactions within Regulation J by creating a new subpart C to the regulation to cover the new funds transfer service in addition to the current Fedwire Funds Service. As we have discussed on this blog before, the FedNow Service provides a 24/7/365 real-time payments service.
The proposed rule generally expands Regulation J to cover transfers on the FedNow Service, including applying Regulation J to the parties engaged in FedNow transfers, including senders, receiving banks, beneficiaries, and the Federal Reserve Banks, as well as expanding UCC Article 4A to apply to all such transfers. The proposed rule also intends to provide real-time settlement finality for FedNow transfers and would require a beneficiary bank to make such funds available to a beneficiary immediately after the beneficiary bank accepts the payment order. Customers and other parties would not be granted a private right of action for failure of a FedNow participant to meet this immediate availability requirement.
Comments must be received by August 10, 2021.
State Regulators Seek Public Comment on Nationwide License Requirements for Money Service Businesses
On May 24, 2021, the Conference of State Bank Supervisors (CSBS) issued a request for public comment on proposed nationwide licensing requirements for money service businesses (MSBs).
The proposal aims to establish a uniform national standard for MSBs that includes core requirements for all applicants in all industries, as well as business-specific and license-specific requirements for MSBs within industries. Core requirements refer to a standard set of requested information, such as demographic and other basic information. Business-specific requirements are items generally required for licensing of specific business activities; these requirements are not configurable by state agency and are universal to all companies offering services or products in that business. License-specific requirements include information required by state agencies for their license type and are configured by state agencies; these requirements must not duplicate items found in core and business-specific requirements.
In the press release, CSBS President and CEO John W. Ryan stated that “[t]he goal of the proposal is a national standard that allows the state system to operate as a single network while retaining local accountability and local control.” The proposed structure is based on a set of nationwide requirements reviewed by a lead state agency, while any remaining state-specific requirements will be limited to items not covered by these national standards.
The proposal sets forth the business-specific requirements for MSBs and how these requirements will apply to companies, key individuals, and business locations. CSBS seeks comments and feedback on the following business-specific requirements:
- Companies will be required to provide information and documentation pertaining to a range of items, such as their FinCEN registration number, bank account information, financial statements, flow of funds structure, authorized agents, and BSA/AML policies, among others.
- Companies will be required to provide information and documentation on criminal background checks and credit reports as part of requirements for vetting key individual or control people.
- Companies will be required to provide information and documentation on various types of locations where licensed activity is performed, records are stored, and support staff for licensed activity are located.
Overall, the proposed business-specific requirements aim to create efficiencies through automated processes and the elimination of redundant reviews by multiple regulators.
Comments must be received by July 23, 2021.