CFPB Proposes Rules, Disclosures on Prepaid Products
With more Americans using prepaid cards and products, the Consumer Financial Protection Bureau is today proposing rules on prepaid products that would formalize many consumer protections already offered by banks that provide these products. “Many people choose prepaid products as a useful alternative to a traditional checking account,” ABA SVP Nessa Feddis commented. “These rules formalize the protections that banks’ prepaid customers already enjoy.”
The proposal would require prepaid issuers to provide periodic statements or make account information available online for free. After a customer registers a card, issuers would also be required to resolve account errors promptly and protect customers against unauthorized or fraudulent transactions -- protections that customers already enjoy due to card network rules.
The proposal also includes a standard set of two disclosures -- one short and one longer -- detailing key account information and fees, plus online posting of account terms. The proposal also includes rules for prepaid products that allow overdrafts and other credit products.
“The disclosure requirements appear consistent with many of the banking industry’s recommendations, and the consumer protections regarding unauthorized transactions and billing disputes seem to reflect current best practices,” Feddis added. “ABA will review the proposed rules closely to ensure they protect bankers’ ability to offer the convenient, affordable prepaid products customers want.” Comments will be due 90 days after publication in the Federal Register. View the model disclosures.
ABA, Financial Groups Rebut Misleading Claims by Retailers
ABA and several other trade groups representing banks and credit unions yesterday wrote to Congress to rebut “inaccurate and misleading” arguments from retailers for a uniform federal law governing data breach notification. ABA and the other financial groups said that a notification standard, though, is not enough.
“Financial institutions have developed and maintain robust internal protections to combat criminal attacks and are required by federal law and regulation to protect this information and notify consumers when a breach occurs that will put them at risk,” ABA and the financial groups wrote. “In contrast, retailers are not covered by any federal laws or regulations that require them to protect the data and notify consumers when it is breached.”
The letter described to congressional leaders the strong data security structure employed by banks and credit unions, noting that retailers do not have similar internal safeguards or external oversight. “It is only when coupled with the development of strong internal data protection standards and robust oversight that the retail community will find itself in a better position to protect consumers and their confidential personal financial information from criminal abuse,” the groups wrote. Read the letter.
FinCEN: Banks Should Not 'De-Risk' Money Transmitters
The Financial Crimes Enforcement Network on Monday issued a statement clarifying its belief that banks should not terminate the accounts of money transmitters indiscriminately in an effort to comply with Bank Secrecy Act requirements. Instead, FinCEN said, banks should assess the risk of serving money service businesses on a case-by-case basis.
Due diligence should be commensurate to the risk each potential MSB customer poses, FinCEN said. “A bank needs to know and understand its MSB customer,” the agency stated. “To do so, it should understand the MSB’s business model and the general nature of the MSB’s own customer base, but it does not need to know the MSB’s individual customers to comply with the Bank Secrecy Act.”
The statement was unveiled on Monday morning by David Cohen, Treasury under secretary for terrorism and financial intelligence, in a speech at the ABA/ABA Money Laundering Enforcement Conference just outside Washington, D.C. Banks should not “de-risk” by shedding whole categories of customers, Cohen said. “With appropriate risk-based controls, banks can manage the risks of MSB accountholders, even those deemed high-risk.”
FinCEN emphasized the role MSBs play in serving the unbanked and contributing to global development through remittances, noting that “[r]efusing financial services to an entire segment of the industry can lead to an overall reduction in financial sector transparency that is critical to making the sector resistant to the efforts of illicit actors.” Read the FinCEN statement.
Fed's Tarullo Fleshes Out 'Tailored Regulation' Ideas
Congress should allow the Federal Reserve to increase its small bank holding company threshold for regulatory relief, Fed Governor Daniel Tarullo said Friday at a community bank conference in Chicago. The threshold, set at $500 million since 2006, should go up to $1 billion, he explained, providing coverage for 89 percent of bank holding companies.
ABA has long supported bipartisan legislation in Congress to raise the small bank holding company threshold. Tarullo’s remarks came in a speech explaining the Fed’s approach to tailoring regulation to be appropriate for different bank sizes and business models. He repeated an earlier call for legislation to exempt community banks from the Volcker Rule and the incentive compensation requirements in Section 956 of the Dodd-Frank Act.
“Many rules and examinations that are important for institutions that are larger, more complex, or both, do not make sense in light of the nature of the risks to community banks,” he explained. “We must avoid importing measures from large bank oversight that make relationship banking more costly.”
Tarullo also reiterated that regulators should not practice “supervisory trickle down,” in which examiners apply large bank requirements and expectations to smaller banks. He acknowledged concerns that examiners have urged banks not subject to stress tests to plan for them and stated that stress tests and capital planning “do not apply to community banking organizations, either explicitly or implicitly. [T]here is simply no reason for examiners to make a $5 billion bank begin to develop capital stress testing capabilities.” Read the speech.
OCC's Curry Calls for Level Playing Field on Data Security
Due to the disproportionate costs banks bear responding to retailers’ data breaches, banks and retailers should be held to the “same expectations” for data security and breach notification, Comptroller of the Currency Thomas Curry said on Friday, joining Tarullo at the Chicago community bank conference.
“Financial institutions are often on the hook to compensate customers for fraudulent charges and replace credit and debit cards and monitor account activity for fraud at significant cost,” Curry said. “That’s not easy for any bank, but it’s a burden that falls especially heavily upon community institutions. When breaches occur in merchant systems, it seems only fair to me that they should be responsible for some of the expenses that result.”
Curry also discussed the OCC’s cybersecurity risk management expectations for the banks it supervises, including its expectations for overseeing third-party service providers. “Banks are particularly vulnerable to events that erode trust, and once an institution’s reputation is damaged, it can take years to repair,” he cautioned. “In the eyes of the customer, it doesn’t really matter whether the breach was occasioned by problems within the bank or thrift itself or by a flaw in a third party’s security.” Read the speech.
FTC Issues First Enforcement Action Against Patent Troll
The Federal Trade Commission last week issued its first enforcement action against a patent troll and its law firm. In a settlement with the agency, a patent assertion entity known as MPHJ Technology Investments was barred from making deceptive representations when asserting patent rights.
Patent trolls, also known as patent assertion entities or non-practicing entities, work by acquiring patents to common processes and technological elements -- such as scan-to-email functionality on a copier or an ATM’s ability to connect to the Internet -- then demanding “licensing fees” and threatening litigation. The cost of litigation is intended to pressure businesses to pay the fee, regardless of the patent’s validity.
MPHJ and its subsidiaries allegedly bought patents to computer scanning technology and sent out more than 9,000 letters to small businesses demanding payment of licensing fees. The FTC action also encompassed a law firm for MPHJ on whose letterhead nearly 5,000 letters were sent.
ABA has strongly advocated for Congress to pass laws strengthening protections against patent trolls for banks and other small businesses. Read more.
|
