Financial institutions want law enforcement agencies to commit more time and resources to helping combat fraud in real-time payments even as the Consumer Financial Protection Bureau is looking into holding banks and payment processors liable for errors made by consumers.
Amid a massive increase in fraud, banks and payment processors claim they cannot be held liable when a consumer is tricked into sending a payment that later turns out to be a scam.
CFPB Director Rohit Chopra has sounded the alarm by calling the amount of fraud in the payments system “frightening,” though he has not stated whether the bureau plans to issue guidance to address it. In the meantime, financial institutions want law enforcement to prosecute scams that have grown dramatically in the past two years.
“There are things that banks have no control over, and it is vitally important that the government commit the resources and the time to combat fraudsters and scammers that are hurting both consumers and banks,” said Rob Hunter, deputy general counsel at The Clearing House, a payments company that operates the private sector’s real-time payments network, RTP.
The issue of fraud in payments is complicated because the 1970s-era law governing electronic payments — the Electronic Fund Transfer Act of 1978 — was written before cellphones, digital wallets and real-time payments existed. Lawmakers apparently never envisioned that consumers would transfer money to criminals or someone they do not know in response to an unexpected text or phone call.
Moreover, the implementing law, Regulation E, specifically defines an unauthorized transaction as a transfer that was not initiated by a consumer. Banks and payment processors are required under Reg E to investigate and reimburse consumers for so-called “unauthorized” transactions. But payments authorized by a consumer, and later found to be fraudulent, are not currently considered errors under Reg E, experts say. As a result, there is no requirement that institutions investigate any fraud or scams in authorized transactions.
“There is no legal basis under the regulation to say the bank is on the hook when a consumer sends money by mistake,” said Chris Willis, a partner at Troutman Pepper’s consumer financial practice group.
To get an idea of how complicated the law is, The Clearing House on Monday released a highly technical, 37-page white paper meant to be used as a resource for financial institutions about the error resolution requirements in Reg E. The paper describes the responsibilities of different financial institutions when it comes to investigating and resolving errors.
“If a payment is authorized by the consumer, it is not an error under Reg E,” said Stephen Krebs, vice president and associate general counsel of The Clearing House, who authored the paper.
Bankers also told lawmakers in congressional hearings last week that broader partnerships with law enforcement will be necessary for banks to aid in catching criminals.
“We also need to focus on working together, in partnership with law enforcement, regulatory agencies, to actually catch the criminals who are perpetuating their fraud against our consumers,” said William H. Rogers Jr., the CEO of Truist Financial, a $545 billion-asset bank in Charlotte, N.C.
Banks and credit unions have said that they are likely to sue the CFPB if it tries to assign broad liability for fraudulent payments authorized by consumers. Experts that follow the CFPB also are quick to point out that Chopra, who is not a lawyer, is nevertheless a very careful reader of statutes and may have little wiggle room to make broad changes not supported by the statute. Yet Chopra also is focused on making the real-time payments system safer because there is undeniably consumer harm being facilitated by payments technology that is controlled by large banks, experts say.
In last week’s congressional hearings, bank CEOs were grilled by Sen. Elizabeth Warren, D-Mass., about the bank-owned peer-to-peer payments platform Zelle. The six bank CEOs that own Zelle’s parent company had promised that they would provide data on the total number of reported cases of fraud on Zelle. But only one bank had done so by the end of last week, Warren said in a follow-up letter.
“You profit from every transaction on the system, and you tell people that it is safe, but when someone is defrauded, you claim that’s the customer’s problem,” Warren told bankers at a hearing last week.
Warren also asked for the total dollar value of reported fraud, the number and value of refunds to consumers and cases referred to law enforcement or federal and state bank regulators. Zelle’s parent, Early Warning Systems, of Scottsdale, Arizona, is owned by Bank of America, Capital One Financial, JPMorgan Chase, PNC Financial Services Group, Truist, U.S. Bancorp and Wells Fargo.
Lawmakers have not introduced any bills in the House or Senate that would change the liability for EFTA and Reg E, experts said. However, bankers are concerned that the CFPB could make some changes on its own including categorizing transfers in which a consumer was tricked into authorizing a payment as an error, or incorrect transfer. In addition, the CFPB could allege that the failure to prevent fraud is considered an “unfair” practice and apply the general prohibition against “unfair, deceptive or abusive acts or practices,” known as UDAAP, to real-time payments.
Though Zelle has been singled out by consumers and lawmakers, bankers have mounted a rigorous defense of the platform, claiming it has the fewest number of complaints to the CFPB. Over the past three years Zelle received 509 total complaints compared with 609 for Cash App, which is owned by Block, formerly Square, 681 for PayPal’s Venmo, and 11,990 for PayPal, according to the CFPB’s consumer complaint database and testimony from last week.
Changing the liability for payments that are authorized by a consumer, but that later turn out to be fraudulent, would upend the calculus for bank losses and potentially result in Draconian measures that would harm consumers, Hunter said.
“A service that today is free and has significant benefits to consumers is going to have to be something that the banks will charge for, the speed will have to be slower, and certain folks are not going to be able to use it,” he said. “You also will diminish any incentive that banks have to join FedNow.”
Banks have less than a year to prepare for the launch of FedNow, the Federal Reserve’s long-anticipated instant payment system, but it remains unclear just how many will join, especially given the backdrop of the CFPB looking to hold financial institutions liable for fraud losses. FedNow would be a competitor to The Clearing House’s RTP.
Last month, Fed Vice Chair Lael Brainard said FedNow should be operational between May and July of 2023.