On July 9, just weeks after initiating its first enforcement actions against payment processors, the Consumer Financial Protection Bureau issued an outline of nine “guiding principles” for faster payment networks which will provide greater consumer protections. The CFPB indicated that new technology supporting payment systems must be secure, transparent, accessible, affordable to consumers, and have robust consumer protections. The CFPB guidelines reflect the intent of the CFPB to extend its supervisory authority more aggressively in the payments industry, particularly with respect to non-bank entities.
The CFPB rationalizes that companies developing new financial technologies should be constructing systems with consumer protections in mind. Existing payment systems expose consumers to the risk of security loss. The CFPB noted that various regulators, the financial services industry, and consumer groups are weighing in on improved payment systems and that the CFPB will continue to work with the entities developing the systems and other stakeholders to ensure that new payment systems address consumer needs and protect their interests.
The consumer protection principles outlined by the CFPB for new, faster payment systems touch on multiple facets of payment processing, including:
- Consumer control over payments – The CFPB states that new payment systems must be clear about when, how, and under what terms consumers have authorized a payment, identifying procedures for consumers to easily revoke authorization.
- Data and privacy – Consumers must be informed of how their data is being transferred through payment systems, how that data can be used, and potential risks. The systems must allow consumers to specify the data to be transferred and protect against misuse of data.
- Fraud and error resolution protections – System mechanisms must be available for consumers to reverse erroneous and unauthorized transactions quickly once identified and provide consumers with regulatory protections, such as Regulation E and Regulation Z and other safeguards.
- Transparency – Consumers must have access to real-time information about the status of transactions and timely disclosure of costs, risks, funds availability, and security of payments.
- Cost – Fees charged to consumers must be disclosed in a manner allowing consumers to compare costs of different payment options. Fee structures should not obscure the full cost of making or receiving a payment.
- Access – New payment systems must be broadly accessible to consumers and must be widely accepted by businesses and other consumers.
- Funds availability – Faster payment systems will bring consumers faster guaranteed access to funds, thereby reducing the risk of overdraft and declined transactions.
- Security and payment credential value – Security systems must be built-in to detect and limit errors, unauthorized transactions, and fraud. System architecture must safeguard against and respond to data breaches and limit that data transferred or stored in connection with payments.
- Strong accountability mechanisms that effectively curtail system misuse – System operators, participants, and end users must align together to prevent misuse and make commercial participants accountable for risks, harm, and costs they introduce to payment systems.
While the CFPB’s guidelines are sensible and provide important points for stakeholders involved in the development and implementation of payment processing systems, the most telling point for issuance of the guidelines is what the future holds for payment processing industry: increased scrutiny and regulatory oversight by an agency with broad supervisory jurisdiction, including over nonbank participants in markets related to consumer credit and payment instruments.