InfoBytes Blog

CFPB highlights risks associated with BNPL products

On August 4, the CFPB released a report highlighting risks associated with new product offerings that the agency claimed blur the line between payments and commerce. The report examined the development of new capabilities—like “super apps,” buy now, pay later (BNPL), and embedded commerce—that have the potential to streamline payments, facilitate commerce, and enhance user experience, but may also create opportunities for companies to aggregate and monetize consumer financial data. With respect to “super apps,” the Bureau warned that these services have “morphed” into a “bank in an app” model, providing a “wide array of financial, payment and commerce functions within a single app.” These financial services super apps may seem to be more convenient than having multiple relationships with different organizations, the Bureau said, but cautioned that using these products may limit consumer product and service choice. “While consumers can opt to use a payment offering outside an app, such super apps create the potential for providers to steer consumers to specific solutions and/or limit access to some products.”

The report also raised concerns about tech firms offering their own lending or BNPL products. The Bureau pointed out that BNPL options, which provide unsecured short-term credit allowing consumers to split purchases into four equal interest-free payments at the point of sale, have “soared in recent years” as a popular alternative to credit cards. The Bureau noted it is “carefully focused on the shift toward real-time payments in the United States,” and is “seeking to mitigate the potential consequences of large technology firms moving into this space.”

The Bureau further stressed it is “carefully monitoring the payments ecosystem as part of a multifaceted effort to promote fair, transparent, and competitive markets for consumer financial services,” and said it is currently working on Dodd-Frank Act rules that would give consumers more control over the personal financial data that they choose to share with finance and payment apps. The Bureau also stated that it is “assessing new models of lending integrated with payments and ecommerce, such as BNPL,” and plans to issue a report on its findings and make a determination as to whether any regulatory interventions are appropriate. Last year, the Bureau issued a series of orders to five companies seeking information regarding the risks and benefits of the BNPL credit model (covered by InfoBytes here).

Federal Issues CFPB Payments Consumer Finance Buy Now Pay Later Dodd-Frank

Fed to implement new Fedwire message format in March 2025

On June 27, the Federal Reserve Board announced the final timeline and implementation details for the adoption of the International Organization for Standardization’s (ISO) 20022 message format for its Fedwire Funds Service—a real-time gross settlement system owned and operated by the Federal Reserve Banks that enables businesses and financial institutions to quickly and securely transfer funds. (See notice here.) The final details are “broadly similar” to the Fed’s proposal issued last October (covered by InfoBytes here). The Fed confirmed that ISO 20022 will be adopted on a single day as previously proposed instead of in three separate phases. Additionally, the Fed extended the implementation timeframe from a target date of November 2023 to March 10, 2025, based on comments received in response to the initial proposal. The Fed also provided information concerning its revised testing strategy and backout strategy, as well as other details concerning the implementation of the new message format.

Bank Regulatory Federal Issues Agency Rule-Making & Guidance Federal Reserve Payments Payment Systems Federal Reserve Banks

Special Alert: Fed finalizes rule for FedNow platform

The Federal Reserve Board recently issued a final rule for its FedNow instant-payments platform that offers more clarity on how the new service will work while essentially adopting the proposed rule. FedNow will stand alongside private sector initiatives and, like more modern payments systems, will feature credit payments to push funds rather than debit payments to pull funds, offering faster processing.

Highlights of the new rule and FedNow

• Not yet open for business. The Fed continues to target release of FedNow for sometime in 2023. It will implement the 24x7x365 real-time payments service in stages, each with additional features and enhancements.
   
• Not a consumer or business app or service. Depository institutions that are eligible to hold Reserve Bank accounts will be able to use FedNow, which will be administered by the 12 Reserve Banks. Consumers and businesses may not participate in FedNow directly, and therefore, could not send payment orders to a Reserve Bank through it. They would instead send instant payments through their depository institution accounts.
   
• Bank v. nonbank direct participation in FedNow. Eligible institutions include banks, savings associations, credit unions, U.S. branches and agencies of non-U.S. banks, Edge or agreement corporations, some systemically important financial market utilities, and government-sponsored entities (including Fannie Mae and Freddie Mac). We use the term “banks” throughout to simplify the discussion.

Bank Regulatory Federal Issues Agency Rule-Making & Guidance Special Alerts Federal Reserve FedNow Payments Regulation J Bank Compliance

FTC orders credit card payment ISO to comply with heightened monitoring practices

On May 24, the FTC finalized an order against an independent sales organization and its owners (collectively, “respondents”) to settle allegations that they violated the FTC Act and the Telemarketing Sales Rule by helping scammers launder millions of dollars of consumers’ credit card payments from 2012 to 2013 and ignored warning signs that the merchants were fake. According to the FTC’s administrative complaint, the respondents, among other things, created 43 different merchant accounts for fictitious companies and provided advice to the organizers of the scam on how to spread out the transactions among different accounts to evade detection (covered by InfoBytes here).

Under the terms of the final order, the respondents are required to make several substantial changes to their processes, and are prohibited from engaging in credit card laundering, as well as any other actions to evade fraud and risk monitoring programs. Additionally, the respondents are banned from providing payment processing services to any merchant that is, or is likely to be, engaged in deceptive or unfair conduct, and to any merchant that is flagged as high-risk by the credit card industry monitoring programs. Furthermore, the respondents are required to screen potential merchants who are engaged in certain activities that could harm consumers, and monitor and designate as necessary current merchants who may require additional screening. The FTC noted that it is unable to obtain a monetary judgment in this action due to the U.S. Supreme Court’s decision in AMG Capital Management v. FTC, which held that the FTC does not have statutory authority to obtain equitable monetary relief under Section 13(b) of the FTC Act (covered by InfoBytes here).

Federal Issues FTC Enforcement Payments Credit Cards Consumer Finance FTC Act TSR

NYDFS fines money transmitter $8.25 million for AML compliance failures

On March 16, NYDFS announced the imposition of an $8.25 million fine on a money transmitter alleged to have violated anti-money laundering (“AML”) requirements and New York law by failing to adequately supervise local agents in New York City that processed an unusual volume of suspicious transactions to China. NYDFS conducted an examination and enforcement investigation, which found that the company “did not adequately oversee the activity of six agents that saw a large spike in transaction volume of business with China.” According to the investigation, there were roughly 7,500 transactions aggregating approximately $30 million in 2014. These figures rose to more than 25,000 transactions aggregating more than $100 million during the period between January 2016 and May 2017. Most of these transactions were processed by small, store-front independent agents—“a clear indicator of increased money laundering risk, particularly given that the destination was known to carry a high AML risk,” NYDFS stated, adding that the company should have also addressed risks resulting from a suspicious pattern of different senders transmitting money to the same recipient. NYDFS acknowledged that the company, when alerted to the increased transaction activity, severed its relationship with the problematic agents and implemented remedial measures to improve supervision of its agents. Under the terms of the consent order, the company will pay an $8.25 civil money penalty and is required to submit a report to NYDFS outlining enhancements made with respect to new and existing agents, suspicious activity reporting program, and special transaction limitations. Additionally, NYDFS announced that the company will also update the Department on improvements to the policies and procedures of its Bank Secrecy Act/AML compliance program and will provide data to NYDFS for ongoing monitoring purposes.

State Issues State Regulators NYDFS Enforcement Compliance Money Service / Money Transmitters Payments Anti-Money Laundering Bank Secrecy Act SARs Of Interest to Non-US Persons China

FTC sues sales organization in business opportunity scam

On March 15, the FTC filed an administrative complaint against an independent sales organization and its owners (collectively, “respondents”) for allegedly opening merchant accounts for fictitious companies on behalf of a business opportunity scam previously sued by the FTC in 2013. According to the complaint, the scammers promoted business opportunities to consumers that falsely promised they would earn thousands of dollars. From its previous 2013 lawsuit, the FTC obtained judgments and settlements of over $7.3 million (covered by InfoBytes here). The complaint alleged that respondents violated the FTC Act and the Telemarketing Sales Rule by helping the scammers launder millions of dollars of consumers’ credit card payments from 2012 to 2013 and ignoring warning signs that the merchants were fake. The FTC claimed that the respondents, among other things, (i) opened merchant accounts based on “vague” business descriptions; (ii) ignored the fact that for most of the merchants, the principals or business owners had poor credit ratings, which should have raised questions about the financial health of the merchants; (iii) neglected to obtain merchants’ marketing materials or follow up on signs that the merchants were engaged in telemarketing; and (iv) ignored inconsistencies related to the bank accounts listed on several of the merchants’ applications. The FTC further claimed that the respondents created 43 different merchant accounts for fictitious companies on behalf of the scam and even provided advice to the organizers of the scam on how to spread out the transactions among different accounts to evade detection.

Under the terms of the proposed consent order (which is subject to public comment and final FTC approval), the respondents would be prohibited from engaging in credit card laundering, as well as any other tactics to evade fraud and risk monitoring programs. The respondents would also be banned from providing payment processing services to any merchant that is, or is likely to be, engaged in deceptive or unfair conduct, and to any merchant that is flagged as high-risk by credit-card industry monitoring programs. Furthermore, the respondents would be required to screen potential merchants and monitor the sales activity and marketing practices of current merchants engaged in certain activities that could harm consumers. The FTC noted that it is unable to obtain a monetary judgment due to the U.S. Supreme Court’s decision in AMG Capital Management v. FTC, which held that the FTC does not have statutory authority to obtain equitable monetary relief under Section 13(b) of the FTC Act. (Covered by InfoBytes here.)

Federal Issues FTC Enforcement Payments Credit Cards Fraud FTC Act Telemarketing Sales Rule UDAP

Fed reshaping “novel institutions” guidelines

On March 1, the Federal Reserve Board announced that it is soliciting comments on a supplement to a previous proposal intended to ensure that the Fed’s banks utilize a transparent and consistent set of factors when reviewing requests to access Federal Reserve Bank accounts and payment services. The framework, which builds on a proposal from May 2021 (covered by InfoBytes here), would establish a three tier system. Tier 1 would consist of eligible institutions that are federally-insured, and would be “subject to a less intensive and more streamlined review.” Tier 2 would consist of certain eligible institutions or holding companies that are not federally-insured but subject to prudential supervision, and would generally receive an “intermediate” level of review. Tier 3 would consist of eligible institutions that are “not federally insured and not subject to prudential supervision by a federal banking agency at the institution or holding company level,” and, given their potential higher risk, “would be subject to the strictest level of review.” Comments close 45 days after publication in the Federal Register.

Bank Regulatory Agency Rule-Making & Guidance Federal Reserve Federal Reserve Banks Federal Register Payments Fintech

Chopra highlights consumer protection topics

On February 10, CFPB Director Rohit Chopra answered questions during a Washington Post Live session on several consumer protection topics. Citing auto lending as a top concern for the Bureau, Chopra noted that it is important for consumers to be able to shop around, refinance loans, and navigate a competitive market. He also discussed recent Bureau initiatives related to junk fees and overdraft/insufficient funds fees, and said the Bureau intends to sharpen its supervisory scrutiny in these spaces. Chopra stated that, as part of a fair and competitive market consumers want to know when they are being charged these fees, noting that financial institutions have started to transition away from dependency on these types of fees and instead implement programs that will allow a bank to determine what shortfall they will allow on an individual consumer basis. He added that the Bureau may eventually see if rulemaking will increase competition and upfront pricing.

Chopra also discussed the role agencies play in the future regulation of cryptocurrency. He noted that while most of the cryptocurrency market is currently related to speculative trading, this could change if one of the big tech payment platforms decides to expand its services to cryptocurrency. Chopra highlighted several concerns, including how payment data from these systems will be used, how money will be transacted, and how consumers will report fraud. He stated that the Bureau is closely monitoring this space and any regulation will be an interagency effort. While Chopra also discussed the need for transparency with respect to how big tech companies are tracking, monetizing, and harvesting consumer data, he stated it is too early to tell whether there is a need for rulemaking in this area. Chopra also discussed topics related to the buy-now-pay-later industry and student lending, and stated that the Bureau is monitoring both areas carefully.

Federal Issues Digital Assets CFPB Auto Finance Fees Consumer Finance Cryptocurrency Fintech Privacy/Cyber Risk & Data Security Buy Now Pay Later Student Lending Payments Overdraft

Fed releases synthetic identity fraud mitigation toolkit

Recently, the Federal Reserve released a synthetic identity fraud mitigation toolkit to help financial institutions, businesses, and consumers improve awareness, detection, measurement, and mitigation of identity fraud. The Fed emphasized that synthetic identity fraud (in which fictitious people are created to penetrate the financial system) is a challenge facing the payments industry and other businesses and continues to grow in frequency and impact. Synthetic fraud accounted for an estimated $20 billion in losses to U.S. financial institutions in 2020, the Fed stated, stressing the need for synthetic identity fraud awareness and continued discussions about detection and mitigation strategies. The toolkit contains several modules, including resources on the basics of synthetic identity fraud, how fraudsters use synthetic identities, what to do when synthetic identities become a reality, and how to detect synthetic identities. Additional resources will be added in the future, including more on synthetic identity fraud detection and mitigation.

Bank Regulatory Federal Issues Federal Reserve Privacy/Cyber Risk & Data Security Synthetic Identity Fraud Payments

FTC comments on CFPB’s big tech payments inquiry

On December 21, FTC Chair Lina M. Khan submitted a comment in response to the CFPB's Notice and Request for Comment inquiring about the CFPB’s October orders issued to six large U.S. technology companies seeking information and data on their payment system business practices. (Covered by InfoBytes here.) In her comment, Khan noted her three areas of concern that she hopes can help to inform the CFPB’s inquiry, including that big tech companies’ (i) “participation in payments and financial services could enable them to entrench and extend their market positions and privileged access to data and AI techniques in potentially anticompetitive and exploitative ways”; (ii) “use of algorithmic decision-making in financial services amplifies concerns of discrimination, bias, and opacity”; and (iii) “increasingly commingled roles as payment and authentication providers could concentrate risk and create single points of failure.” Khan noted that “[t]he potential risks created by Big Tech’s expansion into payments and financial services are notable and demand close scrutiny,” and stated that she will be monitoring “this inquiry and the findings it produces to help inform the FTC’s work.”

Federal Issues FTC CFPB Payments Artificial Intelligence Discrimination