On April 29, the FFIEC updated its IT Examination Handbook, revising its Retail Payment Systems booklet to include an Appendix E, Mobile Financial Services. The Retail Payment Systems booklet consists of guidance intended to help examiners evaluate financial institutions’ and third-party providers’ management of risks associated with retail payment systems. Appendix E is designed to address risk management associated with mobile financial services (MFS): “Appendix E contains guidance pertaining to [MFS] risks that supplements existing booklet guidance on other retail payment topics, such as electronic payments related to credit cards and debit cards, remote deposit capture and changes in technology or retail payment systems.” Appendix E outlines risk management practices for the following MFS technologies: (i) short message service/text messaging; (ii) mobile-enabled web sites and browsers; (iii) mobile applications; and (iv) wireless payment technologies. In addition to MFS technologies, Appendix E also addresses management strategies related to (i) risk identification; (ii) risk measurement; (iii) risk mitigation; and (iv) monitoring and reporting.
On May 20, Texas AG Ken Paxton announced that his office reached a settlement agreement with a California-based online payments system to resolve allegations that a money transfer mobile application – of which the payments system is the parent company – violated the Texas Deceptive Trade Practices Act (DTPA). According to the state’s investigation into the payments system, the mobile application allegedly (i) used consumers’ phone contacts without clearly disclosing how it would use the contacts; (ii) failed to clearly disclose how consumers’ transactions and interactions with each other would be shared; and (iii) misrepresented certain communication features. In addition to agreeing that the mobile application will reform its privacy and security disclosure practices, the online payment system must pay the state $175,000.
On November 5, the CFPB published a report titled “Mobile Financial Services” to summarize the results of its June 2014 Request for Information on the opportunities and challenges associated with the use of mobile financial services (MFS) by traditionally underserved consumers. With 44% of unbanked individuals owning a smartphone, the report notes that MFS has the potential to be a promising tool for underbanked and unbanked consumers to manage their finances. According to the report, consumers using MFS save time and money because they can check their balances any time and have access to certain tools that help them manage their money. The report highlights mobile Remote Deposit Capture as particularly attractive to unbanked consumers because it allows them to take a picture of and deposit checks remotely, reducing the limitations of branch hours and locations. Additional key takeaways from the report include: (i) MFS would likely be most effective for underserved consumers if paired with consultative or assistance services; (ii) privacy and security concerns remain a significant risk; and (iii) digital access and digital financial literacy need improvement, such as enhancing affordable access to technology and educating consumers and intermediaries about safe and effective use of the technology.
Federal Reserve Bank of Boston’s Payment Strategies Team Provides Snapshot of Mobile Banking Landscape
On August 17, the Federal Reserve Bank of Boston published a report that outlines the results of a 2014 survey intended to capture “a point-in-time snapshot of mobile banking and payments at [financial institutions]” across five Federal Reserve bank districts. One of the largest U.S. surveys completed on mobile banking and payment services at financial institutions, the collected data mostly came from banks and credit unions – a combined total of more than 600 – with less than $500 million in assets. The survey showed that with the rise of smartphones, consumers are more easily able to use mobile devices for payments, and they demonstrate “growing comfort with mobile and digital wallets as well as willingness to pay with mobile-based solutions.” As competing mobile technologies emerge, such as non-bank technology service providers, the report found the need for financial institutions to “create mobile banking and payment strategies to respond to [the] changing environment” becomes more relevant. The report highlighted that roughly 75 percent of the financial institutions surveyed offer the following mobile services, with a majority of the remaining 25 percent planning to offer them by 2016: (i) checking balances; (ii) transferring funds between a single owner’s account; (iii) viewing statements and transaction history; (iv) ATM / branch locator; and (v) bill payment. The report further suggested that financial institutions should “keep pace” with the growing mobile banking market and “be proactive and help make the best solutions succeed.”
On August 31, Grovetta Gardineer, the OCC’s Deputy Comptroller for Compliance Operations and Policy, delivered remarks at the Association of Military Bankers of America annual workshop in Leesburg, VA. Throughout her presentation, Gardineer highlighted issues affecting financial institutions focused primarily on lending to servicemembers. Gardineer discussed the OCC’s ongoing efforts to identify and correct deficiencies within bank and thrift compliance practices and noted improved Servicemembers Civil Relief Act (“SCRA”) compliance by regulated institutions. Specifically, Gardineer observed that in 2014, the OCC cited sixty-five SCRA violations among large, midsized, and community institutions. For the first quarter of 2015, however, Gardineer reported that OCC examiners cited only seven SCRA violations. Gardineer also referenced recent amendments to the Military Lending Act (“MLA”) which expanded consumer protections to both open-end and closed-end consumer credit for servicemembers; she emphasized that banks should be proactive in updating their internal policies and procedures to reflect the MLA’s changes. Reiterating the OCC’s commitment to cybersecurity, Gardineer advised that OCC examiners intend to use the cybersecurity assessment tool “to supplement exam work to gain a more complete understanding of an institution’s inherent risk, risk management practices, and controls related to cybersecurity.” Finally, Gardineer discussed innovation within the industry, such as the emergence of various mobile payments transfer systems and peer-to-peer lending. She stressed that the OCC intends to facilitate a responsible regulatory environment that will encourage innovative financial products and services while also implementing regulations to ensure adequate consumer protections.