About


Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.

Take On Payments

December 4, 2017


What Will the Fintech Regulatory Environment Look Like in 2018?

As we prepare to put a bow on 2017 and begin to look forward to 2018, I can’t help but observe that fintech was one of the bigger topics in the banking and payments communities this year. (Be sure to sign up for our December 14 Talk About Payments webinar to see if fintech made our top 10 newsworthy list for 2017.) Many industry observers would likely agree that it will continue to garner a lot of attention in the upcoming year, as financial institutions (FI) will continue to partner with fintech companies to deliver client-friendly solutions.

No doubt, fintech solutions are making our daily lives easier, whether they are helping us deposit a check with our mobile phones or activating fund transfers with a voice command in a mobile banking application. But at what cost to consumers? To date, the direct costs, such as fees, have been minimal. However, are there hidden costs such as the loss of data privacy that could potentially have negative consequences for not only consumers but also FIs? And what, from a regulatory perspective, is being done to mitigate these potential negative consequences?

Early in the year, there was a splash in the regulatory environment for fintechs. The Office of the Comptroller of the Currency (OCC) began offering limited-purpose bank charters to fintech companies. This charter became the subject of heated debates and discussions—and even lawsuits, by the Conference of State Bank Supervisors and the New York Department of Financial Services. To date, the OCC has not formally begun accepting applications for this charter.

So where will the fintech regulatory environment take us in 2018?

Will it continue to be up to the FIs to perform due diligence on fintech companies, much as they do for third-party service providers? Will regulatory agencies offer FIs additional guidance or due diligence frameworks for fintechs, over and above what they do for traditional third-party service providers? Will one of the regulatory agencies decide that the role of fintech companies in financial services is becoming so important that the companies should be subject to examinations like financial institutions get? Finally, will U.S. regulatory agencies create sandboxes to allow fintechs and FIs to launch products on a limited scale, such as has taken place in the United Kingdom and Australia?

The Risk Forum will continue to closely monitor the fintech industry in 2018. We would enjoy hearing from our readers about how they see the regulatory environment for fintechs evolving.

Photo of Douglas King By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

 

 

December 4, 2017 in banks and banking, financial services, innovation, mobile banking, regulations, regulators, third-party service provider | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

September 18, 2017


The Rising Cost of Remittances to Mexico Bucks a Trend

From time to time, I like to look back at previous Risk Forum activities and see what payment topics we've covered and consider whether we should revisit any. In September 2012, the Risk Forum hosted the Symposium on 1073: Exploring the Final Remittance Transfer Rule and Path Forward. Seeing that almost five years have passed since that event, I decided I'd take another, deeper look to better understand some of the effects that Section 1073 of the Dodd-Frank Act has had on remittances since then. I wrote about some of my findings in a paper.

As a result of my deeper look, I found an industry that has been rife with change since the implementation of Section 1073 rules, from both a regulatory and technology perspective. Emerging companies have entered the landscape, new digital products have appeared, and several traditional financial institutions have exited the remittance industry. In the midst of this change, consumers' average cost to send remittances has declined.

Conversely, the cost to send remittances within the largest corridor, United States–Mexico, is rising. The rising cost is not attributable to the direct remittance fee paid to an agent or digital provider but rather to the exchange rate margin, which is the exchange rate markup applied to the consumer's remittance over the interbank exchange rate. As remittances become more digitalized and the role of in-person agents diminishes, I expect the exchange rate margin portion of the total cost of remittance to continue to grow.

Even though the average cost of sending remittances to Mexico is on the rise, I found that consumers have access to a number of low-cost options. The spread between the highest-cost remittance options and the lowest-cost options is significant.

Figure-11

With greater transparency than ever before in the remittance industry, consumers now have the ability to find and use low-cost remittance options across a wide variety of provider types and product options. To read more about the cost and availability of remittances from the United States to Mexico and beyond in a post-1073-rule world, you can find the paper here.

Photo of Douglas King By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

 

September 18, 2017 in payments risk, regulations, regulators, remittances, Section 1073, transmitters | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

January 30, 2017


Pssst…Have You Heard about PSD2?

No, I'm not talking about the latest next-generation video gaming console. I am referring to the revised Directive on Payment Services (PSD2) that the European Parliament adopted in October 2015 and that will serve as the legal foundation for a single market for European Union (EU) payments. The original PSD was adopted in 2007 but, according to official statements, the Parliament found that an update was necessary to incorporate new types of payment services, improve consumer protection, strengthen payment transaction security, and increase competitiveness with an expected result of lower consumer fees in the payments processing market. PSD2 applies only to digital payments and must be in force in all EU countries by January 13, 2018.

The directive and subsequent implementation rules that the European Banking Authority* is developing make a number of major changes in the European banking landscape, including:

  • Opens up the regulated financial services system to merchants and processors who might initiate payments on their consumer customer's behalf as well as data aggregator firms. In particular, PSD2 will apply to any financial institutions already operating within the scope of the PSD but will also apply to third parties such as operators of e-commerce marketplaces, gift card and loyalty plans, bill payment service providers, public communication networks, account access services, mobile wallets, and those who receive payment by direct debit.
  • Requires financial institutions, upon the request of their customers, to allow these approved nonbank, third parties significant, but not unlimited, access to the customer's account and transaction data through APIs (application program interfaces). Many financial institutions see having to turn over customer data to potential competitors as a significant threat to the retention of their customer's business as well as concerns with data security.
  • Sets out two-factor customer authentication as an absolute minimum, with additional security such as one-time passwords required for higher-value transactions. The card issuer must actively authenticate all transactions above 10 euros. Critics of these provisions point out that the criminals will have fixed transaction amounts and authentication methodology information to modify their attacks.
  • Supplementing card interchange limits imposed in December 2015, prevents merchants from adding surcharges to payment card transactions. Under the original directive, each country established rules regarding surcharging on card payments. It has been a common practice of European merchants to levy a surcharge on payment card transactions to offset the interchange fee paid to issuers.

While such a comprehensive single package of regulations is unlikely to occur in the United States, various flavors of these items have been and continue to be discussed. Do you favor such types of regulation here in the United States? I suspect the answer depends on your role in the payments ecosystem. I am interested in hearing from you.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed



_______________________________________

* Final rules are expected to be published in January 2017.


January 30, 2017 in emerging payments, mobile payments, payments, payments risk, payments systems, regulations, regulators, risk | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

January 9, 2017


The Year in Review

As we move into 2017, the Take on Payments team would like to share its perspectives of major payment-related events and issues that took place in the United States in 2016, in no particular order of importance.

Cybersecurity Moves to Forefront—While cyber protection is certainly not new, the increased frequency and sophistication of cyber threats in 2016 accelerated the need for financial services enterprises, businesses, and governmental agencies to step up their external and internal defenses with more staff and better protection and detection tools. The federal government released a Cybersecurity National Action Plan and established the Federal Chief Information Security Office position to oversee governmental agencies' management of cybersecurity and protection of critical infrastructure.

Same-Day ACH—Last September, NACHA's three-phase rules change took effect, mandating initially a credit-only same-day ACH service. It is uncertain this early whether NACHA will meet its expectations of same-day ACH garnering 1 percent of total ACH payment volume by October 2017. Anecdotally, we are hearing that some payments processors have been slow in supporting the service. Further clarity on the significance of same-day service will become evident with the addition of debit items in phase two, which takes effect this September.

Faster Payments—Maybe we're the only ones who see it this way, but in this country, "faster payments" looks like the Wild West—at least if you remember to say, "Howdy, pardner!" Word counts won't let us name or fully describe all of the various wagon trains racing for a faster payments land grab, but it seemed to start in October 2015 when The Clearing House announced it was teaming with FIS to deliver a real-time payment system for the United States. By March 2016, Jack Henry and Associates Inc. had joined the effort. Meanwhile, Early Warning completed its acquisition of clearXchange and announced a real-time offering in February. By August, this solution had been added to Fiserv's offerings. With Mastercard and Visa hovering around their own solutions and also attaching to any number of others, it seems like everybody is trying to make sure they don't get left behind.

Prepaid Card Account Rules—When it comes to compliance, "prepaid card" is now a misnomer based on the release of the Consumer Financial Protection Bureau's 2016 final ruling. The rule is access-device-agnostic, so the same requirements are applied to stored funds on a card, fob, or mobile phone app, to name a few. Prepaid accounts that are transactional and ready to use at a variety of merchants or ATMS, or for person-to-person, are now covered by Reg. E-Lite, and possibly Reg. Z, when overdraft or credit features apply. In industry speak, the rule applies to payroll cards, government benefit cards, PayPal-like accounts, and general-purpose reloadable cards—but not to gift cards, health or flexible savings accounts, corporate reimbursement cards, or disaster-relief-type accounts, for example.

Mobile Payments Move at Evolutionary, Not Revolutionary, Pace—While the Apple, Google, and Samsung Pay wallets continued to move forward with increasing financial institution and merchant participation, consumer usage remained anemic. With the retailer consortium wallet venture MCX going into hibernation, a number of major retailers announced or introduced closed-loop mobile wallet programs hoping to emulate the success of retailers such as Starbucks and Dunkin' Brands. The magic formula of payments, loyalty, and couponing interwoven into a single application remains elusive.

EMV Migration—The migration to chip cards and terminals in the United States continued with chip cards now representing approximately 70 percent of credit/debit cards in the United States. Merchant adoption of chip-enabled terminals stands just below 40 percent of the market. The ATM liability shift for Mastercard payment cards took effect October 21, with only an estimated 30 percent of non-FI-owned ATMs being EMV operational. Recognizing some of the unique challenges to the gasoline retailers, the brands pushed back the liability shift timetable for automated fuel dispensers three years, to October 2020. Chip card migration has clearly reduced counterfeit card fraud, but card-not-present (CNP) fraud has ballooned. Data for 2015 from the 2016 Federal Reserve Payments Study show card fraud by channel in the United States at 54 percent for in person and 46 percent for remote (or CNP). This is in contrast to comparable fraud data in other countries further along in EMV implementation, where remote fraud accounts for the majority of card fraud.

Distributed Ledger—Although venture capital funding in blockchain and distributed ledger startups significantly decreased in 2016 from 2015, interest remains high. Rather than investing in startups, financial institutions and established technology companies, such as IBM, shifted their funding focus to developing internal solutions and their technology focus from consumer-facing use cases such as Bitcoin to back-end clearing and settlement solutions and the execution of smart contracts.

Same Song, Same Verse—Some things just don't seem to change from year to year. Notifications of data breaches of financial institutions, businesses, and governmental agencies appear to have been as numerous as in previous years. The Fed's Consumer Payment Choices study continued to show that cash remains the most frequent payment method, especially for transactions under 10 dollars.

All of us at the Retail Payments Risk Forum wish all our Take On Payments readers a prosperous 2017.

Photo of Mary Kepler
Mary Kepler
Photo of Julius Weyman
Julius Weyman
Photo of Doug King
Doug King
Photo of David Lott
Dave Lott
Photo of Jessica Trundley</span>
</div>
Jessica Washington
Photo of Steven Cordray
Steven Cordray

 

January 9, 2017 in ACH, ATM fraud, cards, chip-and-pin, cybercrime, debit cards, emerging payments, EMV, fraud, mobile banking, mobile payments, P2P, prepaid, regulations | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

August 1, 2016


FFIEC Weighs In On Mobile Channel Risks

In late April, the Federal Financial Institutions Examination Council (FFIEC) released new guidance regarding mobile banking and mobile payments risk management strategies. Titled "Appendix E: Mobile Financial Services," the document becomes part of the FFIEC's Information Technology Examination Handbook. While the handbook is for examiners to use to "determine the inherent risk and adequacy of controls at an institution or third party providing MFS" (for mobile financial services), it can also be a useful tool for financial institutions to better understand the expectations that examiners will have when conducting an exam of an institution's MFS offering.

Consistent with examiners' focus on third-party relationships for the last several years, the document points out that MFS often involves engagement with third parties and that the responsibilities of the parties in those relationships must be clearly documented and their compliance closely managed. Other key areas the document reviews include:

  • Mobile application development, maintenance, security, and attack threats
  • Enrollment controls to authenticate the customer's identity and the payment credentials they are adding to a mobile wallet
  • Authentication and authorization, emphasizing that financial institutions should not use mobile payment applications that rely on single-factor methods of authentication.
  • Customer education efforts to support the adoption of strong security practices in the usage of their mobile devices

The document also identifies and reviews strategic, operational, compliance, and reputation risk issues for the various elements of a financial institution's MFS offering. The final section of the document outlines an examiner's work plan for reviewing an MFS program with seven key objectives. I believe that it would be time well spent for the institution's MFS team to assume the role of examiner and use the work plan as a checklist to help effectively identify and manage the risks associated with an MFS program.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

August 1, 2016 in bank supervision, banks and banking, financial services, mobile banking, mobile payments, regulations, regulators, third-party service provider | Permalink

Comments

Looking forward to welcoming David Lott to our upcoming Next Money Tampa Bay meetup.

David will be our keynote on Wednesday, Sept 21, 2016 6:00 ~ 8:00 PM

Tampa Bay Wave Venture Center
500 East Kennedy Boulevard 3rd FL
Tampa Florida 33602

All are welcome to attend RSVP at

https://www.meetup.com/NextMoneyTPA/events/233171815/

Posted by: Bruce Burke | August 6, 2016 at 05:22 PM

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

January 11, 2016


Prisoner Release Cards: How to Protect the Interests of Recently Released Inmates?

I recently watched a late-night comedian criticize prison reentry programs in the United States. The segment focused on the resources—or lack thereof—that are provided to released inmates. One of these resources, I have recently learned, is increasingly a prepaid card.

Upon imprisonment, inmates are given a trust account to hold money that they receive for prison work and from family and friends. When they are released, they may also receive start-up funds to help with the reentry process. According to the Federal Bureau of Prison's Inmate and Custody Management Policy, "an inmate being released to the community will have suitable clothing, transportation to inmate's release destination, and some funds to use until he or she begins to receive income. Based on the inmate's need and financial resources, a discretionary gratuity up to the amount permitted by statute may be granted." While the policy expands the details of what constitutes suitable clothing and the method of transportation, there is no mention of how to disburse funds to the released individuals.

Enter prison-release prepaid cards. Many state and federal prison systems enter into contracts with prepaid card providers pursuant to a public bidding process to provide prison release funds through a prepaid card as an alternative to cash or checks. This shift in disbursement methods may be attributable to concerns about cash controls in the prison setting and the high check-cashing fees some inmates who lack traditional bank accounts incur, to name a couple of possibilities. Regardless of the disbursement method that the correctional agency chooses, this vulnerable population depends on every last penny.

Some people maintain that account fees are too high on these prepaid cards and that agreements with cardholders contain forced arbitration clauses. Could the correctional agency negotiate better terms on behalf of the released prisoner? Or could the inmate possibly be given options for the trust fund distribution—cash, check, prepaid card, or even a Paypal account?

A late-night comedian may have the ability to isolate one slice of the problem with prison release programs, but our regulations shouldn't piece together a solution to an overarching issue. Likewise, there are challenges with creating blanket regulations for a product category like prepaid cards that contains many different products meeting a wide variety of distinct needs, each with unique characteristics and different users. Isn't the goal is to provide released prisoners the freedom to use money that belongs to them, as for any other citizen?

Photo of Jessica J. Trundley By Jessica J. Trundley, AAP, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

January 11, 2016 in prepaid, regulations | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

November 23, 2015


Bitcoin's Bright Side

My kids' anticipation for the holiday season is at an all-time high because of the upcoming release of the new Star Wars movie. They are fans of Yoda, Chewbacca, and Luke, but are obsessed with the "Dark Side" and its band of characters, most notably Darth Vader. There is something about the mystery of the "dark side" that draws people in. Perhaps that is one reason that so much of the media coverage and discussion of Bitcoin has been focused on its being the preferred payment instrument for criminal enterprises.

Because the Bitcoin protocol does allow for a level of anonymity that is attractive to criminals, the Bank Secrecy Act (BSA)/Anti-Money Laundering (AML) Act compliance risks are heightened for transactions with bitcoin. Over the past several years, companies have emerged within the Bitcoin ecosystem seeking to make it more accessible to obtain and easier to use for legitimate payments. But how do they manage the BSA/AML compliance risks?

To minimize these risks, companies in the Bitcoin ecosystem are adopting policies, practices, and procedures that leverage the transparency but also minimize risks associated with the level of anonymity Bitcoin offers. These practices are intended to make Bitcoin a safer payment system, while also enhancing the ability of financial institutions, which might otherwise be cautious about the BSA/AML risks, to bank Bitcoin-related companies successfully.

The Retail Payments Risk Forum took a deep dive into the types of companies entering the Bitcoin ecosystem, assessing the regulatory landscape and identifying measures that these companies can take to fulfill regulatory obligations and minimize BSA/AML regulatory compliance risks. Among one of the measures identified in a paper available on the Atlanta Fed's website, Bitcoin-related companies should have a BSA/AML compliance program in place that is led by a dedicated compliance officer with support from a staff of professionals.

Just as in the Star Wars movies, which depict the ongoing struggle between the good guys—the Rebels—and the Dark Side, Bitcoin will continue to have a tug of war between the good forces and the bad. While the criminal element will continue to force attention to the risks of Bitcoin, it will be up to the new entrants into the Bitcoin ecosystem to mitigate these risks if Bitcoin is to enter the mainstream. Details on managing BSA/AML risks associated with Bitcoin can be found in the paper.

By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

November 23, 2015 in regulations, regulators | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

November 2, 2015


Will NACHA's Same-Day ACH Rules Change Be an Exception-Only Service, At Least in the Short Term?

In May 2015, the 40-plus voting members of NACHA contingently approved mandating the acceptance of domestic same-day ACH payments by receiving banks. The voting members approved a three-phase development lasting 18 months. The first phase, starting in September 2016, is limited to credit pushes, followed one year later by debit pulls in the second phase. All payments are subject to a $25,000 maximum. By the final phase in March 2018, receiving banks will be required to make credit payments available to the receiving account holder by 5 p.m. local time to the receiving bank. Funds availability in the earlier phases is by the receiving bank's end-of-processing day. The service offers both a morning and afternoon processing window. A same-day return-only service is offered at the end of the business day. Lastly, originating banks are obligated to pay a 5.2 cent fee for every payment to recover costs to receiving banks.

Last month, the Federal Reserve Board of Governors removed the contingent part of the above approval by allowing the participation of FedACH, which serves as an ACH operator on behalf of the Reserve Banks. Approval followed a review of comments submitted by the public, of which a preponderance of the responses was favorable to FedACH participating in the service.

This was not the first time NACHA tried to mandate same-day ACH. Back in August 2012, a ballot initiative to mandate acceptance failed to receive a supermajority required for passage. Failure was due to a variety of reasons, and it was difficult to discern one overriding reason.

I think that most observers would agree that the earlier rollout of the Fed's proprietary opt-in, same-day service in August 2010 and April 2013 set the groundwork for mandating same-day.

As with any collaborative organization like NACHA, compromises were needed to garner sufficient votes for passage. The compromises included:

  • Same-day payment eligibility rules change due to a multi-phase development cycle requiring one-and-half years to complete from start to finish.
  • Providing certainty to the receiver that funds availability will be expedited on the day of settlement as part of the final phase, rather than earlier, which only requires posting by the receiving bank's end-of-processing day. The bank's end-of-processing day can be as late as the morning of the following business day.
  • Delaying a debit service by one year after the rollout of the phase one credit service will, to the potential surprise of the payment originator, delay settlement of debits one business day later than would occur for credits.
  • Any payment amount over $25,000 will settle one business day later than the payment originator may have expected if the payment originator is not aware of the payment cap.

Given these compromises, what do you think financial institutions can do to accelerate broader adoption of same-day?

By Steven Cordray, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

November 2, 2015 in ACH, regulations, regulators | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

September 21, 2015


Mimicking Mother Nature

A few months ago, we had a large colony of bats take up residence in our house. With the issue now resolved, and with everything we had to do to get rid of them, I realize how the whole experience was similar to the tactics of fraudsters and the challenges faced by their victims in taking preventive, detective and corrective action.

We learned of the initial intrusion purely by accident. Previously, we have never had any sign of vermin being able to gain entry, so I thought we had a solid defense. My wife had noticed a small amount of droppings on the back porch but we thought they were from squirrels. Imagine my shock when my adult son informed me we had been invaded by bats. He had discovered them one morning following an overnight stay. Departing for an early tee time, he noticed a swarm of bats flying into a soffit vent crevice. Incredulous, I waited for dusk only to see for myself a constant stream of small brown bats exiting the soffit crevice.

My wife went a little bat crazy as she imagined hoards bats swooping down to carry off one of our grandkids. Actually, she was more concerned about the real threat of respiratory disease from their droppings as well as the potential for rabies. We began to do some research, and I soon learned that bats are a protected species, so they cannot be disturbed unless they are posing an immediate health threat. They weren’t, since they were not in our living space. But the problem intensified, which I realized one evening when I saw an even larger colony emerging from our chimney.

We began contacting companies that specialize in wildlife removal. We found a wide variety of suggested courses of action and prices. We selected one company based on its reputation, process, guaranteed results, and pricing. The company’s first step was to inspect the entire house to identify any other potential points of entry and to seal them. We notified our neighbors so they could be on the lookout to make sure the bats didn’t settle inside their houses. The next step was to install one-way excluders that would permit the bats to leave but not get back in. This seemed to be working well until a group of the bats somehow got word they were being evicted. Trying to find another way into the house, they navigated an interior wall and became trapped. Without water, they soon died and a putrid smell began to emerge. After cutting several holes in the wall, the technicians were able to locate the source and remove the carcasses. After a couple of weeks, the excluders were removed and the entry points sealed so we thought the problem was resolved.

Imagine our further surprise when we returned from vacation and found about 50 dead bats in our unfinished basement. It seems a group had remained and found a chase route from the attic to the basement seeking water. With the disposal of those bats, the problem seems to have finally been resolved. As fall approaches and bats migrate to warmer climates, the threat diminishes, but I can assure you we will be on the alert next spring.

So how does this relate to the payments fraud environment? Some similarities:

  • We thought we had a strong defense perimeter and were safe, but the bats found a way inside given they require an opening of only three-eighths of an inch.
  • While our discovery came shortly after their initial entry, it was only by sheer luck. We could have acted earlier if we had not ignored the early warning sign of their droppings.
  • We thought we had identified the sole location of the problem, but they then migrated to a second entry point.
  • Regulations limited the potential range of actions we could take to deal with the issue.
  • We shared information about the situation with our neighbors so they could be on the alert.
  • We analyzed several different options for dealing with the issue and preventing its recurrence.
  • Despite what we thought was a successful process, other issues arose and required action before there was a final resolution.

This experience with Mother Nature has provided us a learning opportunity and we are better informed and on the alert for future such events.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

September 21, 2015 in fraud, regulations, risk, risk management | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

August 24, 2015


Payroll Cards at Interstate Speed

State lines happen fast in New England, which is where I call home. In this part of the country, it's not uncommon for people living in one state to commute for employment to a neighboring state. One could pay property tax enjoying the motto "Live free or die" (New Hampshire) while paying income tax to the Bay State (Massachusetts). Employees may not take much notice of state employment law, but employers almost certainly do. I'm thinking that minimum wage, tax rates, and corporation law would be key factors for an employer to consider, but do payroll card laws also fit into the evaluation?

Payroll cards are prepaid cards onto which an employer loads wages. They offer an alternative to paychecks or direct deposits, and are subject to a different sort of regulation. Outside of a federal law prohibiting an employer from mandating the exclusive use of a payroll card, states are generally free to develop their own legislation governing payroll cards. In Maine, for example, employers can offer payroll cards if they give their employees free access to full pay. Connecticut goes one step further, requiring employers to provide certain disclosures and prohibiting overdrafts and certain fees. Massachusetts does not have any law for or against payroll cards. Somewhere in the middle is Vermont, which allows payroll cards with certain disclosures as long as employees receive three free transactions monthly. Proposed New York legislation would go so far as to require employees to sign a written consent form—printed with a large, 12-point font—to be retained for six years following the cessation of the employment relationship.

And that's only in my home of New England. Out of 50 possibilities, I've mentioned only fragments of only five state laws. Outside of this area, payroll-card-related legislation is being introduced or pending in 12 states.

Regulation E has covered payroll cards since 2006. Regulation E includes (i) protection to employees so they do not have to receive wages via electronic funds transfers with a particular institution; (ii) access to statements, balances, and transaction histories; (iii) clear and conspicuous disclosures; and (iv) error resolution and limited liability. In January 2016, we expect the final version of the Consumer Financial Protection Bureau's Rule on Prepaid to be published.

Because payroll cards are already covered under Regulation E, only two significant issues are applicable in the pending rule. First, credit and overdraft services, while not prohibited, will be subject to compulsory use provisions and Regulation Z's definitions of credit and periodic statement requirements. Second, disclosures will carry a bold print warning, "You do not have to accept this payroll card. Ask your employer about other ways to get your wages."

What federal regulation doesn't touch is the type and amount of fees assessed on payroll cards. Regulation E provides only that fees are disclosed. Certain industry stakeholders such as National Branded Prepaid Card Association, Consumer Action, MasterCard, and the Center for Financial Services Innovation have worked to develop industry standards. Simply speaking, most agree that cardholders should have access to full wages each pay period without cost and that they should be able to perform basic functions without incurring unreasonable fees.

Best practices give the industry the ability to fill gaps and stay nimble to changing technology, fraud schemes, and consumer needs. The CFPB even says in their proposed rules, "Employees may not always be aware of the ways in which they may receive their wages, because States may have differing and evolving requirements." Does state-by-state regulation ultimately fill the gaps needed, especially in a system that crosses state lines so often?

And in case you didn't know it, National Payroll Card Week starts September 7, a day that also happens to be Labor Day.

Photo of Jessica J. Trundley By Jessica J. Trundley, AAP, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

August 24, 2015 in prepaid, regulations, regulators | Permalink

Comments

Studies by the Federal Reserve and others show the least expensive and most convenient method for a LMI employee to receive their pay is a payroll card. As noted in this article it is also the most regulated. Why so much attention is given to payroll cards when 80% of employees are direct deposit and faced with exorbitant bank fees for overdrafts and minimum balance is mind boggling. The premise that if it is offered by the employer it must be bad for the worker is painting an entire population with the same prejudicial brush

Posted by: Carl Morris | August 25, 2015 at 11:45 AM

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

Google Search



Recent Posts


December 2017


Sun Mon Tue Wed Thu Fri Sat
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31            

Archives


Categories


Powered by TypePad