On November 10, FinCEN released a statement to reiterate that banking organizations can serve Money Services Businesses (MSB) while meeting obligations under the Bank Secrecy Act. FinCEN noted that there is concern that banks may be terminating the accounts of MSBs on a wholesale basis because of potential regulatory scrutiny and that as a result MSBs are losing access to banking services. FinCEN stated that they do “not support the wholesale termination of MSB accounts without regard to the risks presented or the bank’s ability to manage the risk.” Rather, the risks presented by a given MSB can vary and, therefore, financial institutions should assess the risks on a case-by-case basis. FinCEN expects that banking organizations will manage the risks associated with MSB accounts and are committed to addressing the “wholesale de-banking of an important part of the financial system.”
On November 13, the CFPB held a field hearing in Delaware to discuss its proposed rule regarding prepaid products. The proposal, which would amend Regulation E and Regulation Z, requires prepaid companies to provide certain protections under federal law.
In his opening remarks, Director Cordray noted that the many prepaid card consumers are some of the most economically vulnerable among us and that such cards have few, if any, protections under federal consumer financial law. Cordray outlined the reasons the Bureau’s proposed rule would “fill key gaps” for consumers. First, the proposed rule would provide consumers free and easy access to account information. Second, the proposed rule would mandate that financial institutions work with consumers to investigate any errors on registered cards. Third, the proposed rule would protect consumers against fraud and theft. Fourth, the rule includes “Know Before You Owe” prepaid disclosures, which would highlight key costs associated with the cards. Fifth, where prepaid card providers also extend credit to consumers such offers would be treated the same as credit cards under the law.
On November 2, New York Superintendent Lawsky delivered remarks at the Money 20/20 Conference on the state’s virtual currency and Bitcoin regulation. In October, Lawsky publicly stated that, as a result of the comments received on New York’s proposed BitLicense framework, there would be important changes made to the July 17 proposal. This week, on behalf of the NYDFS, Lawsky announced that additional changes are being considered to address “concern about the compliance costs of regulation on new or fledging virtual currency enterprises.” Specifically, Lawsky introduced the concept of a Transitional BitLicense, which would allow certain small, money transmitting startups to begin operating without huge compliance costs. Lawsky noted four main factors the NYDFS would consider when deciding whether or not to grant a Transitional BitLicense: (i) the nature and scope of the business and the associated risks for consumers; (ii) projected transactional and business volume; (iii) registration status as a Money Services Business with FinCEN; and (iv) previously established mitigating risk controls.
Recently, the Payment Card Industry (PCI) Security Standards Council published guidance to help organizations strengthen their security awareness. The guidance, developed by retailers, banks, and technology providers, details three recommendations for implementing a security awareness program: (i) Assembling a security awareness team, (ii) Developing appropriate security awareness content for your organization, and (iii) Creating a security awareness checklist. The PCI Security Standards Council is an open global forum comprised of more than 650 organizations, including banks, merchants, processors, and vendors, responsible for the development, management, education, awareness, and standards to increase payment data security.
On November 3, a large financial services company announced the rollout of its Token Service (Service) for online, mobile app, and in-store mobile purchases. The Service is designed to increase security and reduce magnetic-stripe card fraud. Based on EMVCo’s Payment Tokenization Specification and Technical Framework, the Service offers four main features: (i) token vault to store and designate tokens; (ii) ability to issue tokens; (iii) lifestyle management services to manage tokens; and (iv) anti-fraud and risk management services for institutions issuing the cards. The Service is currently available in the U.S. and is scheduled to launch internationally in 2015.
On October 28, the Federal Reserve announced its final rule to amend Regulation HH, standards for financial market utilities (FMUs) that have been designated as systemically important by the FSOC. The new rule will implement a common set of risk-management standards for all designated FMUs and revise certain definitions. Further, the Fed also announced final revisions to part 1 of its Federal Reserve Policy on Payment System Risk. The final rule and revisions to the policy are based on the Principles for Financial Market Infrastructures, which were developed jointly by the Committee on Payment and Settlement Systems and the International Organization of Securities Commissions. Specifically, the amendments and revisions will establish (i) separate standards to address credit risk and liquidity risk; (ii) new plans for recovery and orderly wind-down; (iii) new standards on general business risk and on tiered participation arrangements; and (iv) increased requirements on transparency and disclosure. The final rule will be effective on December 31, 2014. FMUs have until December 31, 2015 to comply with specific additional requirements set forth in the rule.
On October 14, Superintendent Lawsky delivered remarks on virtual currency and Bitcoin regulation in New York City. Specifically, Lawsky addressed the comments received in connection with the DFS’s July 17 proposal to establish a licensing regime for virtual currency businesses. Lawsky clarified the following five areas of concern: (i) who will be required to obtain a BitLicense; (ii) which type of license, money transmitter and/or virtual currency, a business will be required to obtain, confirming that, if both are required, the application process will be streamlined; (iii) the requirements that banks providing virtual currency services will need to comply with; (iv) the regulation of mining when a miner engages in virtual currency services; and (v) the “compliance costs of regulation on new or fledging virtual currency enterprises.” Noting that the DFS hopes that companies will work with the DFS as opposed to “run[ning] from regulation,” Lawsky emphasized the significance of appropriate regulation as it pertains to safeguarding customers’ money at financial companies.
Eastern District Court Of Texas Enjoins Bitcoin Investment Scheme And Orders Founder To Pay Civil Penalty
On September 18, the U.S. District Court for the Eastern District of Texas held that the defendant’s bitcoin investment program was a Ponzi scheme, and enjoined the founder and the investment program from violating Section 10(b) of the Securities Exchange Act of 1934 and Sections 5 and 17(a) of the Securities Act of 1933. S.E.C. v. Shavers, No. 4:13-CV-416 (E.D. Tex. Sep. 18, 2014). The court ruled that the founder knowingly and intentionally operated the bitcoin investment program as a sham and Ponzi scheme by repeatedly making misrepresentations, both to investors and potential investors alike, concerning: (i) the use of their bitcoins; (ii) how he planned to generate the promised returns; and (iii) the safety of the investments. The founder used new bitcoins received from investors to make payments on outstanding bitcoin investments, and diverted investors’ bitcoins for his own personal use. The court granted Plaintiff’s uncontested motion for summary judgment or, in the alternative, for default judgment, and, in addition to the injunctions, ordered Defendants jointly and severally liable for disgorgement of approximately $40 million in profits, and ordered each Defendant to pay civil penalties in the amount of $150,000.
FinCEN Rules Regulations on Money Services Businesses Do Not Apply to ISOs and Exempt Payment Processors
On August 27, FinCEN issued FIN-2014-R009, an administrative ruling clarifying that Independent Sales Organizations (“ISOs”) and exempt payment processors are not money transmitters subject to Bank Secrecy Act (“BSA”) regulations applicable to Money Services Businesses (“MSBs”). Under BSA MSB regulations, the term “money transmitter” applies to any person that provides money transmission services or otherwise engages in the transfer of funds. The term “money transmission services” includes the acceptance of currency, funds, or other value that substitutes for currency from one person and the transmission of currency, funds, or other value that substitutes for currency to another location or person by any means. Applying these standards, FinCEN determined that BSA MSB regulations do not apply to an ISO, so long as it: (i) merely solicits merchants to offer them the credit and debit card processing services of two counterparties; and (ii) does not take possession or control of merchant funds at any point. However, FinCEN concluded that BSA MSB regulations will apply to a payment processor unless the payment processor qualifies for the payment processor exemption established by 31 CFR § 1010.100(ff)(5)(ii)(B) and clarified by FIN-2013-R002. Under this exemption, BSA MSB regulations do not apply to a payment processor, so long as it: (i) facilitates the purchase of goods or services, or the payment of bills for goods or services (other than money transmission itself); (ii) operates through clearance and settlement systems that admit only BSA-regulated financial institutions; (iii) provides its services pursuant to a formal agreement; and (iv) the agreement itself is at a minimum with the seller or creditor that provides the goods or services and receives the funds. For a copy of the ruling, please see: Application of Money Services Business Regulations to a Company Acting as an Independent Sales Organization and Payment Processor.
This week, the New York DFS announced the extension of the comment period on its proposal to create a regulatory licensing framework for virtual currency companies, including a so-called BitLicense. Given the “significant amount of public interest in and commentary on” the proposal, the DFS doubled the length of the comment period from 45 to 90 days. Comments are now due by October 21, 2014. Further information about the proposal and related issues is available here.
On August 11, the Consumer Financial Protection Bureau (the CFPB or Bureau) issued a “consumer advisory” concerning virtual currency and also announced that it would begin accepting consumer complaints about virtual currency or virtual currency companies. These actions are the consumer agency’s first foray into virtual currencies, and they follow a recent GAO report that recommended the CFPB play a larger role in the development of federal virtual currency policy. Read more…
On July 17, the New York Department of Financial Services (NYDFS) proposed a rule intended to govern the virtual currency marketplace. The proposed rule is extremely broad and as currently drafted would appear to capture products provided by traditional brick and mortar banks and other regulated financial institutions. For example, as proposed, the rule could regulate:
- Reward programs, “thank you” offers, or digital coupons that offer cash back or statement credits;
- Generated numbers that access cash;
- Prepaid access and other cards that will allow customers to receive cash, including those customarily exempt such as government funded transfers;
- P2P transfers; and
- Wallet providers where the customer can access cash.
If left unaddressed, these apparent unintended consequences could create a confusing regulatory environment for certain bank and card products. It is also noteworthy that the rule does not provide any customary exclusions for chartered entities, raising substantial preemption questions. Read more…
BuckleySandler Webinar Recap: Top 10 Things You Need to Know About the New York BitLicense Proposed Rule
On August 6, BuckleySandler hosted a webinar, Top 10 Things You Need to Know about the New York BitLicense Proposed Rule. Michael Zeldin, Special Counsel at BuckleySandler, moderated the panel, which featured presentations by Partner Margo H. K. Tank and Counsel Amy Davine Kim of BuckleySandler’s Digital Commerce and Payments Group.
Overall, our presenters agreed that the regulatory framework proposed by the New York Department of Financial Services (DFS) would establish a different and more difficult standard for the virtual currency industry than for the traditional money transmitter industry. The rigorous data security, consumer protection, and anti-money laundering provisions may unintentionally operate as a high barrier to entry into the virtual currency industry while favoring established companies with experience and resources to handle these issues. Our presenters also offered specific areas of improvement and clarification for organizations to take into account when drafting comments on the proposal.
The following provides a more detailed summary of the discussion: Read more…
On August 1, the FTC released a staff report on the agency’s review of shopping apps—those used for comparison shopping, to collect and redeem deals and discounts, and to complete in-store purchases. The FTC staff examined information available to consumers before they download the software onto their mobile devices—specifically, information describing how apps that enable consumers to make purchases dealt with fraudulent or unauthorized transactions, billing errors, or other payment-related disputes. The staff also assessed information on how the apps handled consumer data. The FTC staff determined that the apps studied “often failed to provide pre-download information on issues that are important to consumers.” For example, according to the report, few of the in-store purchase apps provided any information prior to download explaining consumers’ liability or describing the app’s process for handling payment-related disputes. In addition, according to the FTC, most linked privacy policies “used vague language that reserved broad rights to collect, use, and share consumer data, making it difficult for readers to understand how the apps actually used consumer data or to compare the apps’ data practices.” The FTC staff recommends that companies that provide mobile shopping apps to consumers: (i) disclose consumers’ rights and liability limits for unauthorized, fraudulent, or erroneous transactions; (ii) clearly describe how they collect, use, and share consumer data; and (iii) ensure that their strong data security promises translate into strong data security practices. The report also includes recommended practices for consumers.
On August 1, the U.S. Senate passed by unanimous consent H.R. 4386, which will permit FinCEN, in fulfilling its responsibility to supervise registered money services businesses (MSBs), to rely on state agency examinations of MSBs. The bill also covers other non-bank financial institutions such as gaming establishments and jewel merchants. The bill passed the House by voice vote in May. The President, who sought this authority for FinCEN in budget requests, is expected to sign the bill.