On August 7, OCC Comptroller Thomas Curry delivered remarks at the Federal Home Loan Bank of Chicago, which was hosting a conference highlighting the future of financial services. Specifically, Curry discussed innovation in the emerging financial technology industry, or “fintech,” noting the risks and benefits associated with mobile payments, virtual currency, and peer-to-peer lending products within the U.S. banking system. With respect to virtual currency, Curry stressed how important it is for financial institutions to implement adequate procedures to deter money laundering and terrorist financing. Curry also recognized that the OCC is “still early in the process” of evaluating a regulatory framework to examine some new and innovative products and services. Rounding out his remarks, Curry expressed his growing concerns with so called “neobanks,” which operate primarily online but provide similar services to brick and mortar retail branch banks, including the heightened privacy risks that neobanks present in light of recent cybersecurity attacks.
FinCEN Determines That Issuing a Digital Certificate Evidencing Ownership in Precious Metals, and Buying and Selling Precious Metals, Are Subject to The BSA
On August 14, FinCEN issued an Administrative Ruling, FIN-2015-R001, determining that a company who: i) provides Internet-based brokerage services between buyers and sellers of precious metals; ii) buys and sells precious metals on its own account; and iii) holds precious metals in custody, opens a digital wallet, and issues a digital proof of custody certificates evidencing ownership of such metals, is subject to the BSA.
FinCEN determined that, as a broker or dealer in e-currencies and e-precious metals, the company did not fall under the e-currencies or e-precious metals trading exemption from money transmission: “when the Company issues a freely transferable digital certificate of ownership to buyers, it is allowing the unrestricted transfer of value from a customer’s commodity position to the position of another customer of a third-party, and it is no longer limiting itself to the type of transmission of funds that is a fundamental element of the actual transaction necessary to execute the contract for the purchase of sale of the currency or the other commodity.” As such, it is acting as a convertible virtual currency administrator (the freely transferable digital certificates being the commodity-backed virtual currency). Further, the purchases and sales of precious metals made on its own account render the Company a dealer in precious metals (subject to certain monetary thresholds and other considerations), and thus a financial institution for purposes of the BSA.
Digital Insights & Trends: Regulating Faster Electronic Payments – More Complexity or Improved Consistency?
In January of this year, the Federal Reserve System issued a white paper titled “Strategies for Improving the U.S. Payments System.” The white paper notes that current technological developments (including the widespread availability of high-speed data networks, the ubiquity of mobile devices, and the increasing use of real-time commercial transaction processing) are outpacing the functional ability of the payments system to handle electronic payment authorization and processing. In an effort to develop strategies for addressing this growing gap, the Federal Reserve has established a Faster Payments Task Force (“FPTF”). The FPTF, which had its first meeting in June, seeks to engage a wide range of stakeholders to “identify and evaluate alternative approaches for implementing safe, ubiquitous, faster payments capabilities in the United States.”
A key question raised by such an initiative is this: what should the legal and compliance requirements for a modern electronic payments system include, especially in connection with consumer transactions? Current U.S. regulations for electronic fund transfers form a cumbersome patchwork — the rights and obligations of the parties to the transaction vary by the payment method used, and in some cases may change during the course of the transaction as the payment method is converted from one form to another (for example, the time frames within which a consumer may identify and reverse unauthorized or erroneous payments are often very different, depending on the form of payment).
The Consumer Financial Protection Bureau (“CFPB”), which is participating in the FPTF, has just issued a position paper on “Consumer Protection Principles” for faster electronic payments. The CFPB has identified the following as key elements of the legal and compliance framework: Read more…
On July 30, the Federal Reserve announced the appointment of Sean Rodriguez as its Faster Payments Strategy Leader. Rodriguez serves as a Senior Vice President at the Chicago Federal Reserve Bank. In his new role, Rodriguez will lead the Federal Reserve’s Faster Payments Task Force focusing on improving the speed and efficiency of various current and emerging payment systems. More information related to the Federal Reserve’s efforts to improve the U.S. payment system is available at fedpaymentsimprovement.org.
On July 21, the Federal Reserve Board of Governors announced the members of the Faster Payments and Secure Payments Task Force as described in the Strategies for Improving the U.S. Payment System white paper released earlier this year. The committees will advise the Federal Reserve task force chair on meeting agendas, and help prioritize various task force activities, among other payments initiatives. The members include various interest groups representing industry, tech, and government, among others. More information about the task forces and the Fed’s payments improvement initiatives can be found at fedpaymentsimprovement.org.
On July 9, the CFPB issued a set of guiding principles aimed to help private industry better protect consumers as new, faster electronic payment systems continue to emerge. “While American consumers benefit from and make use of these payment systems, there remain opportunities to improve efficiency, reduce transaction costs for consumers, and reduce credit and fraud risks,” the CFPB’s announcements stated. Accordingly, the principles advocate for more secure, transparent, accessible, and affordable networks for consumers, and recommend proposals concerning funds availability, fraud and error resolution, and privacy concerns. The Bureau’s announcement comes as the Federal Reserve is currently engaged in an initiative to improve the U.S. payment systems network.
Just returning from a blockchain workshop in London, where I worked with a number of incredible people to consider solutions to some of the pressing regulatory issues impacting the blockchain technology. While considering these issues I wondered if Bitcoin had gained popularity solely as a protocol and not as a currency, would it have evolved faster and more readily. The almost instantaneous (compared to current standards) transfer of value across the globe would be just one component of the potential possibilities for the technology as recognized by the mainstream public. A secure ledger of property ownership, notarization, recordation of wills and trusts, claims for corporate names and intellectual property – all would be pursued at a much faster, or perhaps more public, pace. Currently, progressive financial institutions have announced their active experiments with the technology, while others quietly research the potential use cases.
The opportunities for developing a cryptographic, distributed, public ledger are endless, rendering predictions for the future, even 5 years from now, difficult. What is clear is that the way we conduct financial transactions will be forever altered – for the better. Payments and payment systems will be more efficient, secure, faster, and less expensive for all in the ecosystem and will also lead to financial inclusion. Government regulation – while antithetical to the original thesis of the Bitcoin protocol – is a necessary component of the “algorithm” as the protection of the public from acts of terrorism and other crimes is in everyone’s interest. So let’s work with it, think creatively about it, and help prepare the protocol, governments and the public for the next 5 years.
Financial Action Task Force Issues Guidance Urging Risk-Based Approach to Virtual Currencies and Services
On June 29, the Financial Action Task Force (FATF) issued a report, Guidance for a Risk-Based Approach to Virtual Currencies,part of a staged approach focusing on the points of intersection that provide gateways to the regulated financial system, in particular, convertible virtual currency exchangers. The Guidance explains the application of the risk-based approach to AML/CFT measures in the virtual currency context, identify the entities involved in virtual currency payment products and services (VCPPS), and clarify the application of the relevant FATF Recommendations to convertible virtual currency exchangers. The guidance provides, among other things, recommendations and encourages member nations to adopt regulations and guidelines similar to those applicable to traditional financial institutions to reduce risk exposure to the banking system.
On June 25, Federal Reserve Governor Jerome Powell delivered remarks at a payments conference hosted by the Federal Reserve Bank of Kansas to discuss improvements to the U.S. payments system. Specifically, Powell advised that payment system participants must work together to improve the payment system, stating “[A]t a minimum, banks, merchants, and other institutions that process or store sensitive financial information need to keep their hardware and software current to the latest industry standards.” He noted that the Federal Reserve has established two task forces regarding the U.S. payment system, one geared towards faster payments and the other geared towards payment security. Powell cited the use of EMV chip cards and tokenization technology as examples of effective payment security measures. In addition, Powell discussed the importance of proactive efforts to implement preventative measures to prepare for potential cyber-attacks or data breaches.
On June 8, Net 1 UEPS Technologies, Inc., a South Africa-based mobile payments company incorporated in Florida, announced that the SEC had closed a FCPA investigation arising out of a contract with the South African Social Security Agency. The SEC and the DOJ opened parallel investigations in November 2012, and the DOJ investigation remains ongoing. Net 1 has asserted that the investigation was instigated by one of the losing bidders on the contract.
OCC Comptroller Discusses Emerging Payment Systems Technology and Cybersecurity, FFIEC Set to Release Cybersecurity Assessment Tool
On June 3, in prepared remarks delivered at the BITS Emerging Payments Forum, OCC Comptroller Thomas Curry advised that as financial institutions continue to develop payment systems, banks need better preparation for potential cyber-risks. Curry warned that “[c]yber criminals will also probe emerging payment systems for vulnerabilities that they can exploit to engage in money laundering[.]” In addition, Curry advocated for more regulatory oversight of digital currencies and non-bank mobile payment providers, such as ApplePay and Google Wallet. Addressing cybersecurity concerns, Curry called for increased information-sharing to promote best practices and strengthen cybersecurity readiness among the banking industry. In particular, he urged financial institutions – of all sizes – to participate in the Financial Services Information Sharing and Analysis Center, or FS-ISAC, a non-profit founded by the banking industry to facilitate the sharing and dissemination of cybersecurity threat information. Moreover, Curry confirmed that the FFIEC will soon be releasing a Cybersecurity Assessment Tool for financial institutions to use when evaluating their cybersecurity risks and risk management capabilities, observing that the tool will be particularly helpful to community banks as cybersecurity threats continue to increase.
On May 27, the Governor of New York State announced that the state Department of Labor published new proposed rules intended to better regulate employers who pay their employees using debit cards. The proposed regulations detail the responsibilities of employers that use debit cards to pay employees, and prohibit employers from profiting from or passing along costs to employees. In addition, the proposed rules prohibit employers from imposing fees (such as those for customer service, account maintenance, overdraft, and inactivity), and require employers to (i) obtain advance consent, which must be documented and kept on record for six years; (ii) make known to employees the local locations where their wages can be accessed for free; and (iii) provide unlimited free ATM withdrawals within a local network, including a method to withdraw the full amount of wages each pay period without penalty. The regulations will take effect following a 45-day notice and comment period.
On May 5, a virtual currency company and its subsidiary agreed to pay a $700,000 civil money penalty for violating multiple provisions of the Bank Secrecy Act (BSA), in which both companies acted as a money service business and seller of virtual currency without properly registering with FinCEN, as well as, failed to implement and maintain an adequate anti-money laundering (AML) program. Furthermore, according to a Statement of Facts and Violations, FinCEN also charged the subsidiary for not filing or untimely filing suspicious activity reports related to several financial transactions. In addition to the civil money penalty, terms of the agreement require both companies to, among other things, (i) engage in remedial steps to ensure future compliance with AML statutory obligations; and (ii) enhance their current internal measures for compliance with the BSA. In a separate DOJ announcement, both companies entered into a settlement agreement to resolve potential criminal charges with the U.S. Attorney’s Office in the Northern District of California. Under terms of the DOJ settlement, both companies agreed to forfeit a total of $450,000, which will be credited to satisfy FinCEN’s $700,000 penalty, in exchange for the government not criminally prosecuting the companies for the aforementioned conduct.
On May 7, NYDFS granted its first charter to a New York-based commercial Bitcoin exchange. In February, the company requested a charter under the NYDFS’s application process, which included a thorough review of the company’s anti-money laundering, capitalization, consumer protection, and cyber security standards. Under the New York Banking Law, the company can start its operations immediately, but is subject to continual supervision by the NYDFS. Indeed, Superintendent Lawsky noted, “regulation will ultimately be important to the long-term health and development of the virtual currency industry.”
Tennessee Enacts Legislation Requiring Payment Service Providers to Provide Adequate Disclosures to Merchants
On April 17, the Tennessee Governor Bill Haslem signed H.B. 547, which requires the disclosure of fees and other details in contracts entered into by payment service providers with merchants located within the state. The legislation requires the payment service providers to provide merchants with information detailing where the merchant can obtain access to operating rules, regulations, and bylaws under the agreement. In addition, the law requires payment service providers to disclose (i) the effective date of the agreement; (ii) terms of the agreement; (iii) any provisions relating to early termination or cancellation of the agreement; and (iv) a full schedule of all payment services fees with respect to the credit card, debit card, or other payment services under the agreement. The law also requires payment service providers to supply merchants with a monthly statement of fees, total value of transactions, and in some cases the aggregate fee percentage.