Upload
hoangcong
View
215
Download
0
Embed Size (px)
Citation preview
Regulations That Matter For Third-Party Payment Processors
Jane Hennessy, Head of External Alliances, G2Marsha Jones, President, TPPPA
• A Third-Party Payment Processor (TPPP) is a depository customer of a bank that processes payments, (debits and/or credits,) on behalf of other companies through the TPPP’s bank.− Payroll Processors are considered Third-Party Payment Processors.
• TPPPs customarily referred to processors that process ACH and/or remotely created checks (RCC). However, it has become more broadly known as:− A party that has a contractual relationship with another company to process payments for
that company through the TPPP’s bank; and− The bank does not have a contractual relationship with the company initiating the payment.
• TPPPs are known as Third-Party Senders (TPS) under the NACHA Operating Rules (First defined in December 2004).
What is A Third-Party Payment Processor?
Earliest Guidance on TPPPs
OCC BULLETIN2006-39
• Risk Management Guidance: Automated Clearing House
• September 1, 2006• References
Third-Party Senders
OCC BULLETIN2008-12
• Risk Management Guidance: Payment Processors
• April 24, 2008
FIL-127-2008
• Guidance on Payment Processor Relationships
• November 7, 2008
• Many relationships with banks predated (sometimes by decades) the distinction TPPP or TPS.
• These relationships continued to be treated as direct originators of payments.• TPPPs were often not advised of their expanded compliance responsibilities,
primarily because the banks did not recognize the need to reclassify these relationships.
• TPPPs and banks historically focused on the credit, operational and fraud risks related to these relationships, consistent with direct merchants/originators.
• Recent regulatory enforcement actions emphasize compliance, legal and reputation risk.
Evolution of TPPPs
A radical shift in policy,but what’s the impact to payments?
• Unit within the Financial Fraud Enforcement Task Force• First meeting on February 10, 2012• Formed to “address several areas of concern, including payday lending
and other high-pressure telemarketing or Internet scams, business opportunity schemes, for-profit schools that engage in fraud or misrepresentation, and fraudulent third-party payment processors that facilitate payments on behalf of other fraudsters without the permission of the customer.”
• Members of the Consumer Protection Working Group included (among others):− FTC, CFPB, DOJ and other law enforcement, Bank Regulators, FinCEN, Various
States Attorneys General
Obama’s Policy: Consumer Protection Working Group
• Supervisory Insights Summer 2011 — Managing Risk in Third-Party Payment Processor Relationships– 1st Publication of High Risk List
• FIL-3-2012, Payment Processor Relationships, Revised Guidance – References High Risk List
• FIL-43-2013, FDIC Supervisory Approach to Payment Processing Relationships With Merchant Customers That Engage in Higher-Risk Activities
• FIL-41-2014, FDIC Clarifying Supervisory Approach to Institutions Establishing Account Relationships with Third-Party Payment Processors – High Risk List Disappears
• FIL-5-2015, Statement on Providing Banking Services
FDIC Guidance: A Glimpse of a Shifting Policy
• Executive Order to Reduce Regulation• Requires agencies to appoint regulatory reform task forces led by
regulatory reform officers • Mandate to identify regulations that:
– Eliminate jobs or inhibit job creation – Are outdated, unnecessary or ineffective – Have costs that outweigh their benefits– Are inconsistent with regulatory reform initiatives– Derive from since-rescinded executive orders
• Initial reports are due within 90 days
Trump’s Policy: Reduce Regulation
• Federal Regulations– BSA/AML– Consumer Protection
• State Laws– Consumer Protection
o State Attorneys General
– Money Transmitter Licensingo Emphasis is Consumer Protection
• Payment System Rules
Regulations That Will Continue to Matter
• Federal Trade Commission Act (“FTC Act”) 1914 – Unfair or Deceptive Acts or Practices
(“UDAP”) 1938
• Regulation E– Implementing Electronic Funds Transfer
Act (“EFTA”) 1978– Enforced by the CFPB (formerly by FRB
Board of Governors)
• Telemarketing Sales Rule (TSR)– Implementing the Telephone Consumer
Protection Act (1991)– Enforced by the FTC
• Consumer Financial Protection Act (“CFPA”) 2010– Unfair, Deceptive, or Abusive Acts or
Practices (“UDAAP”)– Enforced by CFPB and States
• Restore Online Shoppers Confidence Act — 2010– Enforced by the FTC violations are
UDAP offense
Consumer Protection Regulations Governing Electronic Payments
• Anti-Money Laundering and Prevention of Terrorist Financing is Global Effort facilitated by multi-national cooperation
• Financial Action Task Force (FATF)– Inter-governmental body established in 1989– Develops Recommendations that are implemented by FATF Members (FATF 40)– Monitors Members adherence to Recommendations– US was recently reviewed and criticized for lack of progress related to
Beneficial Ownership (KYC)
• US AML/BSA and OFAC efforts will not diminish under Trump administration
Anti-Money Laundering and Terrorist Financing
• Joint efforts of FTC, DOJ, FinCEN and States• Alleges willfully failing to maintain an effective anti-money laundering
program and aiding and abetting wire fraud against consumers• Included both Anti-Money Laundering and Consumer Protection violations
UDAP and TSR• $586MM forfeited in FTC/DOJ Action• $184MM in FinCEN penalties
Insights from Western Union Action
• BSA/AML/OFAC and Consumer Protection Regulations predated the Obama Administration
• Due Diligence and Know Your Customer element to both• Both expect monitoring of merchants for suspicious activity on an
ongoing basis• FinCEN, FTC, Bank Regulators and State enforcements will continue with
or without a CFPB• Best practices are designed to address core compliance obligations that
transcend administrations and shifting policy
Conclusion: Stay the Course
“Character is like a tree and reputation like a shadow. The shadow is what we think of it; the tree is the real thing.”
Abraham Lincoln
Case Studies
What Happened• Convinced millions she was “psychic”• Solicited the sick and the
financially desperate• Governments around the world, for
decades, tried shutting her down• The indifference of the payment
processor and at least one bank allowed money laundering and mail fraud to occur
Case of Maria Duval
Send in money and through
Duval’s psychic abilities…
Start seeing improvements in
your future
Duval’s Mail Scam
Victim’s of Maria Duval
WHAT HAPPENED
• CommerceWest Bank charged with ignoring clear warning signs that one of its third-party payment processors — V Internet — was committing consumer fraud
• V Internet operated a network of websites offering payday loans
• Over 750,000 Remotely Created Checks created and deposited totaling $22MM in unauthorized debits
• Resulted in $4.9MM settlement for CommerceWest Bank
Source: https://www.justice.gov/opa/pr/british-man-indicted-wire-fraud-identity-theft-and-money-laundering-victimized-hundreds
US v. CommerceWest Bank
Source: Ripoff Report
“Fastloanfast stole $30 dollars out of my account without me asking for their services or ever going to their website (which along with their phone # does not work). Truthfully do not know if this is the only time. Also their check process customer service # 866-678-3482 is just a voicemail box that is full.”
“This is a payday loan company and they withdrew from my account $30.00 for a loan which I did not apply for or authorize this withdrawal.”
“I checked my bank statement today and saw a $30 charge that I DID NOT Authorize! I will be talking to my bank in the morning!”
Hundreds of Consumer Complaints on Ripoff Report
• Bank is unaware of reputation issues of their customers and their customers’ customers
• Information gaps interfere with monitoring
• Regulators increasingly focused on reputation issues
Challenges G2 Solution
Reputation Monitoring
Using multiple sources create a holistic approach
Examples from a US Bank
Results Impact
• Several customers with poor ratings and/or CFPB complaints
• Ongoing monitoring
• Review ratings and CFPB complaints
• Exit relationships with poor reputation or reputational changes
• Reduce probability of regulatory fines
425 Complaint Board Complaints
176 CFPB Complaints
193 Ripoff Report
Complaints
Outcome for US Bank
• This business customer was the best-selling author of a book on Afghanistan
• The authors were entrepreneurs, offering security services ranging from consulting to provision of heavily armed bodyguards
• But there was a cloud hanging over their operations
• Did selling the book amount to profiting off of past misdeeds?
They Wrote The Book on Afghanistan
“Best Selling Author”
And Promoted It
After pleading guilty to conspiracy and a scheme to defraud the US
government in Afghanistan, the authors opened an account to accept
payments for their book, speaking tours, and consultancy
telling their version of events
Past Wrongdoing
Bank concerned about…
• CFPB expanding UDAAP laws• States enforcing Dodd-Frank• States’ own UDAP laws
...and the risk of law-breaking clients
Bank is able to…• act on this alert• investigate other suspect businesses • avoid regulator penalties
G2 finds Injunction from TX Attorney General
US FI Discovers Client Violating Consumer Protection Laws
• “The Wrath of Conn’s: The Appliance Store That Ignored The Times”
• New CEO − “Ultimately, at the end of the day, the only way to
grow our business is to have a great name and a great reputation.”
State AGs abhor a vacuum, and will fill the void opened by a retreat of the CFPB
“A well-functioning FTC, in conjunction with state authorities, can handle consumer protection and anticompetitive issues.”
Mark Jamison, on Trump transition team assigned to FCC
California, Virginia, Oregon, and Texas AGs, as well as banking regulators in fourteen states, are already partnering with the CFPB on sharing complaint information. Director Cordray urged “every attorney general to take advantage of this technology.”
CFPB Monitor, Feb 26, 2014
Under Dodd-Frank Section 1042, a state AG or regulator is authorized to bring a civil action to enforce provisions of Dodd-Frank Title 10
Goodbye Feds, Hello States
“History has demonstrated that states, not the federal government, have the requisite knowledge and experience to effectively regulate nondepositoryfinancial service providers and guard against predatory and abusive practices.”
NY DFS Superintendent Maria T. Vullo
“[State AGs] have been going after financial services industries in the name of protecting consumers and there’s been really no pushback on the federal side…The federal government might not like it, but it won’t stop them.”
Former MD AG Douglas Gansler
Goodbye Feds, Hello States
• Adjust frequency based on risk level
• Pinpoint business customers with declining reputation or negative news hits
• Consult multiple leading sources of consumer complaints
• Check over 100,000 unique sources of negative news
Holistic Reputation Monitoring
• Regularly review features of consumer products and services. Evaluate product features and promotional materials and determine if any terms fall within the broad definition of UDAAP.
• Evaluate new products for features that could be misunderstood or ones that have been omitted.
• Evaluate written and oral methods of communicating product features to consumers.• Review third-party service provider agreements to develop a clear understanding of
the services surrounding the service being provided.• Review all bank policies and procedures for practices that suggest unfair, deceptive or
abusive practices.• Create a consumer-friendly culture within your organization.• Evaluate customer complaints for signs of more systemic problems.
Source: http://www.slideshare.net/JayPostma/reasonably-designed-bsaaml-primer-for-tppps
Best Practices
White Paper
Why Reputation Monitoring
Matters for Strong KYC
White Paper
Managing TPPPs and TPSs in the Current
Regulatory Environment
Case Study
The Inattentive Payment Processor:
How Fraud Went Unchecked
Learn More
Thank You!Jane Hennessy, Head of External Alliances
G2 Web Services415-867-9293
Marsha Jones, PresidentThird Party Payment Association