Third-Party Payment Processor Update

Slides:



Advertisements
Similar presentations
HIGH-RISK: FOREIGN CORRESPONDENT BANKING
Advertisements

NACARA Annual Conference Industry Perspectives Panel September 29,2014 Boise, Idaho Andy Madden Director State Government Affairs ACA International.
FinCEN Director Jennifer Shasky Calvery stated: “Now that some states have elected to legalize and regulate the marijuana trade, FinCEN seeks to move.
LEADERSHIP + INNOVATION 2013 OLA Conference |October |San Diego Get Educated on the NACHA Rules Marsha Jones, AAP, NCP, Director, TPPPA Lin Fellerman,
©2012 CliftonLarsonAllen LLP Red Flags- Why This Matters to You An overview of the FACT Act Identity Theft Red Flag Rule and its current impact.
Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.
1 Financial Crimes Enforcement Network “FinCEN” Anna Fotias Senior Regulatory Compliance Specialist Office of Regulatory Policy
OLA {DRAFT} BEST PRACTICES Revised 6/25/2013. Payments Landscape Update Ever increasing scrutiny and pressure from every agency OCC (J LaRoche, May, 2013)
Anti-Money Laundering and OFAC Compliance for Transfer Agents SSA Annual Conference July 25, 2008.
Charles E. Constantin Director, Senior Bank Regulatory Compliance Officer Royal Bank of Canada, RBC Capital Markets Institute of International Bankers.
LEGAL ISSUES IN LEAD GENERATION November 1, 2012 Sonoma, California Jeremy T. Rosenblum, Practice Leader Consumer Financial Services Group
Unlawful Internet Gambling Enforcement Act Final Rule Joseph Baressi June 3, 2009.
Anti-Money Laundering (AML)
1 Supplement to the Guideline on Prevention of Money Laundering Hong Kong Monetary Authority 8 June 2004.
This tool can be found in the Banker Tools section of BankersOnline.com. 1 Bank Secrecy, Anti-Money Laundering & OFAC Director Education.
Code of Conduct for Mobile Money Providers 6 November 2014 All material © GSMA The policy advocacy and regulatory work of the GSMA Mobile Money team.
Agenda Overview Updates to the Manual Sections Not Updated
Division of Depositor and Consumer Protection Banker Teleconference Series Third-Party Compliance Risk Management Tuesday, June 5, 2012.
Money Laundering 23 September Contents 1 What is money laundering? 2. The ‘primary’ money laundering offences 3. Failure to report and tipping off.
February 10, 2012 Michelle Hemerley Director, Compliance Consulting
Vendor Risk: Effective Management is Essential
Internal Auditing and Outsourcing
CONSUMER PROTECTION AND LITIGATION: CONSUMER PROTECTION AND LITIGATION: Ryan Mehm Attorney Bureau of Consumer Protection Federal Trade Commission The views.
ABC. Question 1 A deposit account that offers easy access to your money, offers the option to pay bills online or by electronic transfer, and offers the.
July 22, 2013 Eric Dewey, CRCM FDIC Compliance Examiner 1.
Global Treasury Services Latin America Operating Risk.
Risk Management Reconstructed Implementing fraud risk intelligence practices July 2011 KPMG FORENSIC SM.
ANTI-MONEY LAUNDERING TRAINING FOR LENDERS Bill Heyman Offit Kurman
Federal And State Consumer Enforcement Actions. New Federal and State Authority The Bureau of Consumer Financial Protection State Attorneys General.
FTC RED FLAG RULE As many as nine million Americans have their identities stolen each year. Identity thieves may drain their accounts, damage their credit,
© 2009 National Automated Clearing House Association. All rights reserved. Industry Perspectives on Emerging Risks and Public/Private Engagement: Network.
MTRA 16 th Annual Conference November 14, 2006 The Banking Environment for Money Services Businesses Lisa Arquette FDIC Associate Director Anti-Money Laundering.
New Identity Theft Rules Rodney J. Petersen, J.D. Government Relations Officer Security Task Force Coordinator EDUCAUSE.
Technology Supervision Branch Interagency Identity Theft Red Flags Regulation Bank Compliance Association of CT Bristol, CT September 3, 2008.
1 A Presentation for Members of the Bank Compliance Association of Connecticut (BCAC) June 12, 2008 Rebecca Williams FDIC Case Manager (Special Activities)
The CFPB Is Coming! The CFPB Is Coming! NCHER Knowledge Symposium November 7, 2012 Copyright 2014 by Ballard Spahr LLP Christopher J. Willis Practice Group.
May 14, 2014 Presented by Ken Shim. Background April CFPB issued Bulletin Federal Reserve, OCC and FDIC issued similar guidance on vendor.
Challenges and Opportunities in the Caribbean Financial Services Sector Rudolph F. Zepeda, Jr. Federal Reserve Bank of Atlanta Miami Branch.
ANTI-MONEY LAUNDERING COMPLIANCE PROGRAM FCM TRAINING
©2013 Morrison & Foerster LLP | All Rights Reserved | mofo.com FTC Update November 13, 2015 Andrew Smith Morrison & Foerster LLP.
Federal Agencies and Laws for Consumer Rights
Agenda  Background and Purpose  Money Laundering and Terrorist Financing  BSA Program Requirements  Risk Based Program Management  Suspicious Activity.
Banking and Medical Marijuana Division of Financial Institutions Department of Commerce and Consumer Affairs October 2015.
THE FEDERAL RESERVE BOARD'S OVERDRAFT RULES “Outlook Live” Audio Conference Dana Miller, Attorney David Stein, Managing Counsel Division of Consumer and.
1 HIPAA’s Impact on Depository Financial Institutions 2 nd National Medical Banking Institute Rick Morrison, CEO Remettra, Inc.
John Robinson Identity Management: Do You Know Who You Are Doing Business With?
Bank Secrecy Act The Currency and Foreign Transactions Reporting Act of 1970 Choice Lending Corp Training.
Bank Secrecy Act Training For Volunteers
Judy Graham, Program Officer
NCUA Consumer Compliance
THE FEDERAL TRADE COMMISSION UNDER THE TRUMP ADMINISTRATION: PAST, PRESENT, AND FUTURE February 15, 2017.
Bank Secrecy Act SCEFCU June 21, 2005.
Federal Agencies and Laws for Consumer Rights
Financial Service Centers of America
Contract & Consumer Law Chapter 12
FINANCIAL INTELLIGENCE CENTRE
Consumer And Corporate Regulation Division
USA PATRIOT ACT WHAT DOES IT STAND FOR?.
The CFPB’s Legal Minefield for CREDIT UNIONS
The Consumer Financial Protection Agency Act of 2009
Remittances Under UCC Article 4A: Unintended Consequences
Red Flags Rule An Introduction County College of Morris
Leaders Credit Union Board Presentation
Current Privacy Issues That May Affect Your Credit Union
Consumer Law in Legal Assistance CFPB Resources
Business Compromise and Cyber Threat
17th National Forum on Prepaid Card Compliance
A look at the Illinois Transmission of Money Act UDAP and Dodd-Frank
AAP Trainer Module I ACH Primer
Presentation transcript:

Third-Party Payment Processor Update Marsha Jones, President Third Party Payment Processors Association Keith Barnett, Partner Troutman Sanders LLP

What is a TPPP? A Third-Party Payment Processor (TPPP) is a depository customer of a bank that processes payments, (debits and/or credits,) on behalf of other companies through the TPPP’s bank. Payroll Processors are considered Third-Party Payment Processors. TPPPs customarily referred to processors that process ACH and/or remotely created checks (RCC). However, it has become more broadly known as: A party that has a contractual relationship with another company to process payments for that company through the TPPP’s bank; and The bank does not have a contractual relationship with the company initiating the payment. TPPPs are known as Third-Party Senders (TPS) under the NACHA Operating Rules (First defined in December 2004).

Regulations for Electronic Payments Electronic Funds Transfer Act (“EFTA”) and its implementing regulation, Regulation E Consumer Financial Protection Act (“CFPA”) prohibitions against unfair, deceptive, or abusive acts or practices (“UDAAP”) Federal Trade Commission Act (“FTC Act”) prohibitions against unfair or deceptive acts or practices (“UDAP”) Telemarketing Sales Rule (TSR) Fair Debt Collection Practices Act (FDCPA) Bank Secrecy Act/USA PATRIOT Act/Anti-Money Laundering OFAC Payment System Rules

Earliest Guidance on TPPPs OCC BULLETING 2006-39 Risk Management Guidance: Automated Clearing House September 1, 2006 References Third-Party Senders OCC BULLETIN 2008-12 Risk Management Guidance: Payment Processors April 24, 2008 FIL-127-2008 Guidance on Payment Processor Relationships November 7, 2008

Evolution of TPPPs Many relationships with banks predated (sometimes by decades) the distinction TPPP or TPS. These relationships continued to be treated as direct originators of payments. TPPPs were often not advised of their expanded compliance responsibilities, primarily because the banks did not recognize the need to reclassify these relationships. TPPPs and banks historically focused on the credit, operational and fraud risks related to these relationships, consistent with direct merchants/originators. Recent regulatory enforcement actions emphasize compliance, legal and reputation risk.

Consumer Protection Working Group Unit within the Financial Fraud Enforcement Task Force that was created in late 2009 First meeting on February 10, 2012 Announced by the Attorney General Eric Holder shortly after State of the Union Address in 2012, formed to “address several areas of concern, including payday lending and other high-pressure telemarketing or Internet scams, business opportunity schemes, for-profit schools that engage in fraud or misrepresentation, and fraudulent third- party payment processors that facilitate payments on behalf of other fraudsters without the permission of the customer.” Members of the Consumer Protection Working Group included (among others): FTC CFPB DOJ, FBI and Secret Service FDIC, OCC, FRB & NCUA FinCEN Various States Attorneys General

Guidance Since Working Group FDIC FIL-5-2015, Statement on Providing Banking Services FIL-41-2014, FDIC Clarifying Supervisory Approach to Institutions Establishing Account Relationships with Third-Party Payment Processors (High Risk List Disappeared) FIL-43-2013, FDIC Supervisory Approach to Payment Processing Relationships With Merchant Customers That Engage in Higher-Risk Activities FIL-3-2012, Payment Processor Relationships, Revised Guidance (High Risk List) OCC OCC BULLETIN 2013-29, Third-Party Relationships – Risk Management Guidance FRB SR 13-19, 12/5/13, Guidance on Managing Outsourcing Risk FinCEN FIN-2012-A010, Risk Associated with Third-Party Payment Processors

Summary of FDIC Guidance to Banks Ensure that contractual agreements with payment processors include safeguards. Perform a background check of the processor, its principal owners, and merchant clients. Must compare merchant information with public record, fraud databases, and trusted third-party data databases. Be aware of nested processors. Authenticate the processor’s business operations and compliance management systems. Monitor for red flags, including increases in consumer complaints. Act promptly to minimize consumer harm.

FinCEN Guidance on TPPPs Financial institutions providing services to Payment Processors institutions: May find it necessary to update their anti-money laundering programs; Should determine during thorough initial and ongoing due diligence, to the extent possible, whether external investigations or legal actions are pending against a Payment Processor or its owners and operators; Should determine whether Payment Processors have obtained all necessary state licenses, registrations, and approvals; May be required to file SARs if they know, suspect, or have reason to suspect that a Payment Processor has conducted a transaction involving funds derived from illegal activity, including, but not limited to, consumer fraud; and Also may be required to file a SAR where it knows, suspects, or has reason to suspect that a Payment Processor has attempted to disguise funds derived from illegal activity, or has attempted to engage in transactions designed to evade regulations promulgated under the Bank Secrecy Act (“BSA”) or that lack a legitimate business or apparent lawful purpose.

Other Vehicles for Regulating Non-banks Posing Risks: Regulation where the CFPB has reasonable cause to determine that non-bank is engaging, or has engaged, in conduct that poses risks to consumers with regard to the offering or provision of consumer financial products or services. Civil Investigative Demands: Enforcement tool which may be used when the CFPB “has reason to believe that any person may be in possession, custody, or control of any documentary material or tangible things, or may have any information relevant to a violation.” Consent Orders Requirements imposed by the CFPB or FTC on a particular company that has violated some consumer protection regulation or processed payments for a violating merchant

Evolution of TPPP “Guidance” Guidance is high-level and vague regarding specific expectations and does not apply directly to TPPPs. Early enforcement actions were against banks and more heavily focused on RCC and telemarketing fraud. BSA/AML findings related to KYC and KYCC became more prevalent with banks in payment processing soon after and continue today. Consumer Protection focus emerged in 2012 following the creation of the Consumer Protection Working Group under Financial Fraud Enforcement Task Force. Consent orders against TPPPs by the CFPB and FTC are now commonplace and are more targeted and offer more specifics on regulatory expectations which frequently exceed guidance requirements.

No Direct Regulator Regulatory expectations must flow from the financial institution. NACHA Rules enforced through the Originating Depository Financial Institution (ODFI). Unaddressed Regulatory Gap exists between banks and payment processors. Consumer protection regulations typically apply to merchants, however regulators hold TPPPs accountable for facilitating consumer protection violations. TPPP specific guidance tends to come via consent orders.

Enforcement Regulatory and Rulemaking Update – 2016 In Review Lawsuits Against Payment Processors CFPB v. Intercept Returns v. Unauthorized Returns Statute of limitations and due process

Enforcement Regulatory and Rulemaking Update – 2016 In Review Lawsuits Against Lenders CFPB v. CashCall UDAAP for a Violation of State Law The CFPB Is Constitutional CFPB v. PHH Removal “ForCause” Is Unconstitutional? The Statute of Limitations The Due Process Clause

Enforcement Regulatory and Rulemaking Update – 2016 In Review CFPB Proposed Rules On Small Dollar Short Term Lending Cooling Off Period Multiple Attempts to Debit An Account CFPB Proposed Rules on Mandatory Arbitrations Are We Near The End Of Mandatory Arbitration? CFPB Final Rules on Prepaid Accounts Fee Disclosures, Regulation E and Regulation Z

Don’t Get Caught …….. “Financial institutions and processors that fail to adequately manage their relationships may be viewed as facilitating a payment processor’s or merchant client’s fraudulent or unlawful activity and, thus, may be liable for such acts and practices.” - FIL-3-2012 (Revised July 2014)

Thoughts about Derisking Thoughts from FinCEN “De-risking”: When financial institutions and/or payment processors seek to avoid perceived regulatory risk by terminating, restricting, or denying services to broad classes of clients, without case-by-case analysis of risk or consideration of mitigation options. A banking organization’s due diligence should be commensurate with the level of risk presented by the customer as identified in the bank’s risk assessment. As a practical matter, it is not possible for a bank to detect and report all potentially illicit transactions that flow through an institution. But where an institution follows existing guidance and establishes and maintains an appropriate risk-based program, the institution will be well-positioned to appropriately manage such accounts, while generally detecting and deterring illicit transactions.

Don’t Throw Out the Baby with the Bathwater The alternative to Derisking is for Banks, Processors and Merchants to become partners in compliance.

Questions? Marsha Jones, TPPPA mjones@tpppa.org (888) 662-0888 Keith Barnett, Troutman Sanders Keith.barnett@troutmansanders.com (404) 885-3423