InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Fed to launch FedNow in July
On March 15, the Federal Reserve Board announced a July launch date for its FedNow Service. (Covered by a Special Alert here.) Beginning the first week of April, the Fed will start formally certifying participants, with early adopters completing a customer testing and certification program in preparation for sending live transactions through the system. The certification process “encompasses a comprehensive testing curriculum with defined expectations for operational readiness and network experience,” the Fed explained. “We couldn’t be more excited about the forthcoming FedNow launch, which will enable every participating financial institution, the smallest to the largest and from all corners of the country, to offer a modern instant payment solution,” said Ken Montgomery, First Vice President of the Federal Reserve Bank of Boston and FedNow program executive. “With the launch drawing near, we urge financial institutions and their industry partners to move full steam ahead with preparations to join the FedNow Service,” Montgomery added.
In addition to certifying early adopters for the July launch, the Fed said it will continue to engage with financial institutions and service providers to complete the testing and certification program throughout 2023 and beyond. FedNow “will launch with a robust set of core clearing and settlement functionality and value-added features,” the agency said, explaining that “[m]ore features and enhancements will be added in future releases to continue supporting safety, resiliency and innovation in the industry as the FedNow network expands in the coming years.”
9th Circuit orders district court to reassess $7.9 million civil penalty against payments company
On January 27, the U.S. Court of Appeals for the Ninth Circuit ordered a district court to reassess its decision “under the changed legal landscape since its initial order and opinion” in an action concerning alleged misrepresentations made by a bi-weekly payments company. The Bureau filed a lawsuit against the company in 2015, alleging, among other things, that the company made misrepresentations to consumers about its bi-weekly payment program when it overstated the savings provided by the program and created the impression the company was affiliated with the consumers’ lender. In 2017, the district court granted a $7.9 million civil penalty proposed by the Bureau, as well as permanent injunctive relief, but denied restitution of almost $74 million sought by the agency. (Covered by InfoBytes here.) The company appealed the district court’s conclusion that it had engaged in deceptive practices in violation of the Consumer Financial Protection Act, while the Bureau cross-appealed the district court’s decision to deny restitution. The 9th Circuit consolidated the appeals for consideration.
During the pendency of the cross-appeals, the U.S. Supreme Court issued a decision in 2020 in Seila Law LLC v. CFPB, in which it determined that the director’s for-cause removal provision was unconstitutional but was severable from the statute establishing the Bureau (covered by a Buckley Special Alert). Following Seila, former Director Kathy Kraninger ratified several prior regulatory actions (covered by InfoBytes here), including the enforcement action brought against the company. At issue in the company’s appeal is whether the Bureau has authority to pursue its claims, including whether the agency’s funding mechanism is unconstitutional and whether its case is distinguishable from other actions and is entitled to dismissal for the Bureau director’s unconstitutional for-cause removal provision.
The appellate court declined to offer a position on these issues, and instead left them for the district court to consider. The 9th Circuit noted that since the district court’s 2017 order, “sister circuit courts have split” on the funding issue. “We vacate the district court’s order and remand, allowing it to reassess the case under the changed legal landscape since its initial order and opinion,” the appellate court wrote, directing the district court to “provide further consideration to [the company’s] argument on the constitutionality of the Bureau’s funding mechanism.” With respect to the Bureau’s appeal of the restitution denial, the 9th Circuit remanded the case to allow the district court to consider the effect CFPB v. CashCall and Liu v. SEC may have on the action (covered by InfoBytes here and here), as well as whether the agency “waived its claim to legal restitution by characterizing it only as a form of equitable relief before the district court.”
Credit union to pay $558,000 in cyber fraud case
On January 12, the U.S. District Court for the Eastern District of Virginia ruled that a credit union (defendant) is responsible for $558,000 in compensatory damages for processing a payment order that was allegedly induced through fraud by the beneficiary, but later rescinded its decision to award punitive damages. According to the initial opinion and order, in October 2018, the plaintiff received a “spoofed” email from an unknown third party claiming to be one of the plaintiff’s suppliers. The email instructed the plaintiff to change its banking remittance information for the supplier. However, unknown to the plaintiff, the new banking information contained in the email belonged to an individual who had opened a personal account with the defendant months prior. The order stated that from October to November in 2018, the plaintiff made four payments to the individual’s account held by the defendant, identifying the supplier as the beneficiary. The plaintiff sued alleging that the defendant failed to “comport with basic security standards that resulted in the unlawful diversion of funds.” According to the opinion and order, the court found that Virginia Commercial Code required the defendant to reject the deposits if it knew there was a discrepancy between the intended beneficiary and the account receiving the deposit. The court further wrote that the defendant did not have a duty to “proactively” discover a discrepancy, but found that “the evidence at trial illustrated that [the defendant] did not maintain reasonable routines for communicating significant information to the person conducting the transaction. If [the defendant] had exercised due diligence, the misdescription would have been discovered during the first [] transfer.” Additionally, the court stated the defendant did have “actual knowledge” of the fraud because “the transfers generated real-time warnings that the name of the intended beneficiary [] did not match the name of the owner of the account receiving the [deposits].” The court awarded the plaintiff $558,000 in compensatory damages and $200,000 in punitive damages. However, the court rescinded the punitive damage award stating that the plaintiff has not provided sufficient evidence to support punitive damages.
FTC orders card company to let merchants use other debit networks
On December 23, the FTC ordered a payment card company to stop blocking merchants from using competing debit payment networks. According to an agency investigation, the company allegedly violated provisions of the Durbin Amendment, which requires “banks to enable at least two unaffiliated networks on every debit card, thereby giving merchants a choice of which network to use for a given debit transaction,” and “bars payment card networks from inhibiting merchants from using other networks.” The FTC claimed that the company’s policy requires the use of a token when a cardholder loads a company-branded debit card into an ewallet. Ewallets are used to make online and in-app transactions, the FTC explained, adding that because competing networks cannot access the company’s token vault, merchants are dependent on the company to convert the token to process ewallet transactions using company-branded debit cards. Moreover, since the company allegedly did not provide conversion services to competing networks for remote ewallet debit transactions, the FTC asserted that it is impossible for merchants to route their ewallet transactions on other payment networks.
Under the terms of the proposed order, the company will be required to (i) provide other payment networks with customer account information in order to process ecommerce debit payments, and prohibit any efforts that may prevent other networks from serving as token service providers; (ii) provide notice to affected persons; (iii) provide 60-days advance written notice to the FTC before launching any pilot programs or new debit products that would require merchants to route electronic debit transactions only to the company; (iv) file regular compliance reports with the FTC; and (v) notify the FTC of any events that may affect compliance with the order.
Fed finalizes updates to policy on payment system risk
On December 2, the Federal Reserve Board finalized clarifying and technical updates to its Policy on Payment System Risk (PSR). The changes, which are adopted largely as proposed in May 2021 (covered by InfoBytes here), expand depository institutions’ eligibility to request collateralized intraday credit from the Federal Reserve Banks (FRBs), and ease the process for submitting such requests. The final updates also clarify eligibility standards for accessing uncollateralized intraday credit; modify the PSR policy to support the launch of the FedNow instant-payments platform, which is scheduled for mid-year 2023 (covered by InfoBytes here); and simplify and incorporate the related Overnight Overdrafts policy into the PSR policy. Updates related to FedNow and the Overnight Overdrafts policy will take effect once the FRBs start processing live transactions for FedNow. The remaining updates are effective 60 days following publication in the Federal Register.
CFPB seeks additional public input on big tech payment platforms
On October 31, the CFPB announced it will reopen the public comment period for 30 days on a 2021 notice and request for comment related to the Bureau’s inquiry into big tech payment platforms. In October 2021, the Bureau issued orders to six large U.S. technology companies seeking information and data on their payment system business practices to inform the agency as to how these companies use personal payments data and manage data access to users (covered by InfoBytes here). The Bureau is inviting additional comments to broaden its understanding of the risks consumers face and potential policy solutions on topics related to, among other things, “companies’ acceptable use policies and their use of fines, liquidated damages provisions, and other penalties.” A notice will be published in the Federal Register with additional details on the public comment period in the coming days.
FDIC’s Gruenberg discusses the prudential regulation of crypto assets
On October 20, FDIC acting Chairman Martin J. Gruenberg spoke before the Brookings Institution on the prudential regulation of crypto-assets. In his remarks, Gruenberg first discussed banking, innovation, and crypto-assets, which he defined as “private sector digital assets that depend primarily on the use of cryptography and distributed ledger or similar technologies.” He stated that innovation “can be a double-edged sword,” before noting that subprime mortgages, subprime mortgage-backed securities, collateralized debt obligations and credit default swaps were considered financial innovations before they were “at the center of the Global Financial Crisis of 2008.” Gruenberg further discussed that such innovations resulted in catastrophic failure because, among other things, consumers and industry participants did not fully understand their risks, which were downplayed and intentionally ignored. He then provided an overview of the FDIC’s approach to engaging with banks as they consider crypto-asset related activities, and the potential benefits, risks, and policy questions related to the possibility that a stablecoin could be developed that would allow for reliable, real-time consumer and business payments. He stated that “[f]rom the perspective of a banking regulator, before banks engage in crypto-asset related activities, it is important to ensure that: (a) the specific activity is permissible under applicable law and regulation; (b) the activity can be engaged in a safe and sound manner; (c) the bank has put in place appropriate measures and controls to identify and manage the novel risks associated with those activities; and (d) the bank can ensure compliance with all relevant laws, including those related to anti-money laundering/countering the financing of terrorism, and consumer protection.”
Gruenberg pointed to an April financial institution letter from the FDIC (covered by InfoBytes here), which requested banks to notify the agency if they engage in crypto asset-related activities. He added that as the FDIC and other federal banking agencies develop a better understanding of the risks associated with crypto-asset activities, “we expect to provide broader industry guidance on an interagency basis.” Regarding crypto-assets and the current role of stablecoins, Gruenberg noted that payment stablecoins could be significantly safer than available stablecoins if they were subject to prudential regulation, including issuing payment stablecoins through a bank subsidiary. He cautioned that disclosure and consumer protection issues should be “carefully” considered, especially if custodial wallets are allowed outside of the banking system as a means for holding and conducting transactions. Specifically, he said that “payment stablecoin and any associated hosted or custodial wallets should be designed in a manner that eliminates—not creates—barriers for low- and moderate-income households to benefit from a real-time payment system.” Gruenberg added that if a payment stablecoin system is developed, it should complement the Federal Reserve's forthcoming FedNow service—a faster payments network that is on track to launch between May and July of next year—and the potential future development of a U.S. central bank digital currency. In conclusion, Gruenberg stated that although federal banking agencies have significant authority to address the safety, soundness and financial stability risks associated with crypto assets, there are “clear limits to our authority, especially in certain areas of consumer protection as well as the provision of wallets and other related services by non-bank entities.”
FRBs to adopt new Fedwire format in 2025
On October 24, the Federal Reserve Board published a notice in the Federal Register announcing that the International Organization for Standardization’s (ISO) 20022 message format for the Fedwire Funds Service will be adopted on a single day, March 10, 2025. The Fedwire Funds Service is a real-time gross settlement system owned and operated by the Federal Reserve Banks that enables businesses and financial institutions to quickly and securely transfer funds using either balances held at the Reserve Banks or intraday credit provided by the Reserve Banks. A single-day implementation strategy is preferable to a three-phased implementation approach, the Fed said, explaining it is both simpler and more efficient and is likely to reduce users’ overall costs related to software development, testing, and training. The Fed also announced a revised testing strategy and backout strategy, as well as other details concerning ISO 20022’s implementation.
FSB releases G20 roadmap for enhancing cross-border payments
On October 10, the Financial Stability Board (FSB) published its priorities for the next phase of work under the G20 Roadmap for Enhancing Cross-Border Payments. According to the FSB, the plan includes steps to strengthen external engagement during the next phase of the group’s work. The FSB noted three priorities for the payment program’s next phase, which include: (i) payment system interoperability and extension; (ii) legal, regulatory and supervisory frameworks; and (iii) cross-border data exchange and message standards. The FSB further noted that it will coordinate work to develop further details of the actions that will take place to follow through with the plan, including discussions with industry participants. The updated roadmap will be provided during the first G20 Finance Ministers and Central Bank Governors meeting in 2023.
OFAC issues guidance on instant payment systems sanctions compliance
On September 30, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) published Sanctions Compliance Guidance for Instant Payment Systems, which emphasizes the importance of taking a risk-based approach to managing sanctions risks in the context of new payment technologies, such as instant payment systems, and highlights considerations relevant to managing those risks. According to OFAC, the guidance “encourages developers of instant payment systems to incorporate sanctions compliance considerations and features as they develop these systems.” The guidance, among other things, describes: (i) risk factors and considerations for instant payment systems; (ii) domestic vs. cross-border payment system; (iii) availability of emerging sanctions compliance technologies and solution; (iv) nature and value of payment; and (v) OFAC engagement and resources.