Home / Press/ Newsletter

BPInsights: October 8, 2022

Tara Payne

Stories Driving the Week

Online Fraud Is Real, But Zelle is a Safe Harbor, Not the Problem

Payments fraud received significant attention at the recent congressional hearings featuring the seven largest retail banks. The focus was on Zelle because the witnesses were bank CEOs but, for any real discussion of online fraud, the focus belongs elsewhere.

Contrary to some recent accusations:

  • Zelle is the safest peer-to-peer network.
    • The share of disputed transactions made using PayPal is 3x higher than Zelle. For Cash App, it’s 6x higher.
    • Since 2017, two-thirds of complaints submitted to the CFPB about peer-to-peer payment services have been about Venmo, Cash App and Coinbase Global.
  • Banks do not profit from Zelle. The service is generally free to consumers.
  • Banks fully reimburse customers for unauthorized transfers. When a customer reports a fraudulent or unauthorized electronic transfer, meaning someone else initiated the transaction, banks reimburse the customer for the full value of the payment, as required by law.
  • In some instances, banks also reimburse authorized transfers when a customer is tricked into initiating the transaction. Banks do so even when there is no way to know the customer had been tricked.
  • Banks work hard to protect customers from fraud. Zelle employs advanced measures to protect and educate consumers: system monitoring, information sharing between banks, real-time notification systems to alert suspected victims and proactive preventative measures to preempt potential bad actors. Banks run educational campaigns and have security layers in place to encourage customers to remain alert when conducting electronic transactions.
  • Fintechs do nothing of the sort. While banks alert each other to fraud on the Zelle network, fintechs keep that information to themselves. These efforts pose an obstacle for banks to recover the money, close the bad account or determine where the money went once it left the bank.
  • Customers are overwhelmingly satisfied with the support received from their banks. Almost 9 out of 10 adults who have been victims of fraud were satisfied with their bank’s response (89%), according to a recent Morning Consult survey.
  • The story was the same with the Paycheck Protection Program and other COVID-19 relief efforts.
    • Fintech loans were 3.2x to 6.5x more likely to be involved with potentially fraudulent PPP loans compared to those offered by traditional banks.
    • The top 10 lenders with the most suspicious loans were all fintechs.
    • BPI analysis found that about three of every four cases of alleged PPP fraud had some fintech involvement.

To learn more, including about what more can be done, click here.

BPI and a group of financial trades also released a joint statement this week in response to Sen. Warren’s report on Zelle.

Idling on Data Aggregator Rules Jeopardizes Sensitive Data of 200 Million+ Consumer Accounts

The Bank Policy Institute expressed support this week for a petition to the Consumer Financial Protection Bureau calling on the Bureau to exercise its authority to supervise and examine data aggregators.

What BPI is saying: “The CFPB must address this massive vulnerability in the financial regulatory system that could jeopardize sensitive data from hundreds of millions of consumer accounts. Data aggregators offer tremendous benefits by allowing consumers to connect to the apps of their choosing, but they can also be a one-stop-shop for cyber criminals unless they are held to the same data security standards and expectations as banks to protect consumers and their highly sensitive data.” – BPI’s Paige Pidano Paridon

What’s the background: The original petition – filed by bank and credit union organizations – calls on the CFPB to issue rules defining “larger participants” in the market for data aggregation services. The Dodd-Frank Act gave the CFPB this authority, which allows the Bureau to first go through a rulemaking process to designate and thereafter directly supervise nonbank covered persons that are “larger participant[s] of a market for … consumer financial products or services.” In doing so, the CFPB could ensure that aggregators comply with the same data privacy and security rules and expectations that apply to banks. The CFPB has previously used this statutory authority to regulate and supervise larger participants in the debt collection, student loan servicing, international money transfer and automobile financing markets.

To learn more, click here.

Machine Learning Can Expand Credit Access for Low-Income Customers. Regulators Should Ensure Banks Can Harness its Power

Machine learning models, especially combined with alternative data such as rent and utility payment histories, can expand credit access for low- and moderate-income consumers and small businesses. Both banks and fintechs are exploring the use of machine learning in credit decisions. But fintechs are subject to less regulation and supervision than banks, which makes them more capable of pursuing innovative solutions in this space. Banks want to take advantage of machine learning technology to provide more credit and would benefit from equal regulatory footing, a new BPI blog post noted.

Bottom line: Customers benefit when they are protected regardless of whether a bank or nonbank provides the service they are using. The regulatory framework around machine learning and alternative data in credit underwriting must apply equally to banks and nonbanks.

Treasury Finalizes Beneficial Ownership Rule 

The latest tremors in the Treasury market are putting the Fed’s efforts to shrink its balance sheet at risk. Market depth – which measures how hard it is to buy and sell Treasuries in large amounts without the trades moving the market – hit its worst point this week since the turmoil of spring 2020, according to Bloomberg. The timing is tense: The Fed is trying to shrink its massive portfolio of Treasuries as well as battling inflation. If the central bank has to intervene by buying Treasuries, it would jeopardize the quantitative tightening process. The Treasury Department and financial regulators are considering various solutions to ease volatility in the world’s safe-haven market, but one key change would make a particularly meaningful difference: reforming the supplementary leverage ratio, as the Fed has said it will consider doing.

The Crypto Ledger

In the latest celebrity crypto endorsement news, Kim Kardashian will pay a $1.26 million fine to settle SEC charges over her promotion of a crypto token. Here’s what’s new in crypto this week.

  • Stability risk: FSOC warned that crypto could threaten financial stability if it grows without proper regulatory oversight. “Crypto-asset activities could pose risks to the stability of the U.S. financial system if their interconnections with the traditional financial system or their overall scale were to grow without adherence to or being paired with appropriate regulation, including enforcement of the existing regulatory structure,” the panel wrote in a factsheet outlining its new report on digital assets. The report also noted the run risks associated with stablecoins. FSOC recommended Congress pass legislation providing for rulemaking authority for federal regulators over the spot market for cryptoassets that are not securities; that policymakers address regulatory arbitrage including through coordination and legislation; and that policymakers study potential vertical integration by cryptoasset firms, among other recommendations.
  • Custodia in their own words: The Federal Reserve cited crypto firm Custodia’s own marketing materials, which describe it as a “first-of-its-kind digital asset bank” and mention plans to launch a stablecoin, to refute Custodia’s claim that it poses no new risks to the payments system. Custodia has sued the Fed Board and the Kansas City Fed over delays in the decision whether to grant the firm a Fed master account. Custodia’s request “raises technical, complex, and novel issues that present risks to” the Kansas City Fed and pose potential implications for the payments system’s stability, the Fed stated in a recent court filing.
  • FSB crypto warning: The Financial Stability Board, a global group of financial regulators and central bankers, previewed a forthcoming proposal to the G-20 on crypto in recent comments cited by POLITICO. “A lot of the activities in crypto assets and crypto assets markets resemble activities in the traditional financial system and therefore we take the approach: Same activity, same risk, same regulation,” said Steven Maijoor, the plan’s chief architect.

In Case You Missed It

Joint Trades to Congress: Don’t Include Proposals That Enrich Big Box Retailers, Increase Fraud Risk in NDAA

A group of financial trades including BPI expressed opposition in a Congressional letter this week to the consideration of certain credit card provisions in the must-pass National Defense Authorization Act. “These non-germane amendments will rob military families of their credit card rewards, reduce the availability of safe credit, and undermine the nation’s data security,” the trades wrote. “They have been filed with the goal of enriching the largest multinational retailers and obscure payments processors and have no business being added to annual legislation designed to bolster our national defense.” The coalition of trades included banks, credit unions and military financial services groups. One of the provisions would benefit multinational retailers at the expense of consumers and community banks, including those serving military members. It would also make it more difficult for merchants and financial institutions to prevent fraud. Another provision would waste taxpayer money and violate privacy. A coalition of conservative organizations also sent a Congressional letter this week opposing the amendments. The credit card amendment is a “backdoor price control” that would threaten the credit card rewards that customers value, the groups wrote.

What’s New in CBDC

The Fed would need “clear support from the executive branch and Congress” to issue a CBDC, Dallas Fed President Lorie Logan said this week. The remarks align with comments made by Fed Chair Jerome Powell. Logan also said further research is necessary on the risks and benefits of a CBDC. Here’s what else is new in central bank digital currency.

  • A group of House Republicans on the Financial Services Committee led by Reps. Patrick McHenry (R-NC) and French Hill (R-AR) asked the Department of Justice to provide the memo that it had provided to the White House, but not publicly released, containing its assessment of whether legislative changes would be necessary to issue a CBDC, a report prompted by President Biden’s executive order on digital assets. “We appreciate the efforts to examine the impact a U.S. Central Bank Digital Currency (CBDC) will have on the Federal Reserve and its monetary policy tools; potential risks to our existing payments system; private sector competition and innovation; and the impact on American’s privacy, civil liberties, and security,” the lawmakers wrote. “However, the appropriate place for the discussion on whether authorizing legislation is necessary, is in the legislative branch.”
  • SWIFT milestone: The SWIFT international financial messaging system released findings this week that demonstrate CBDCs and tokenized assets can “move seamlessly on existing financial infrastructure.” The network said it paves the way for the global use of CBDCs. The findings “solve the significant challenge of interoperability in cross-border transactions by bridging between different distributed ledger technology (DLT) networks and existing payment systems, allowing digital currencies and assets to flow smoothly alongside, and interact with, their traditional counterparts.”

NY Fed Staff Report: Digital Asset Financial Stability Risks Limited Amid Self-Contained Ecosystem

A recent New York Fed staff report concluded that the digital asset ecosystem currently poses limited risks to financial stability because the system is largely self-contained. “Currently, financial stability risks are not extensive because the digital asset ecosystem does not provide significant financial services and its interconnections with the traditional financial system are limited,” the report said. Potential spillovers from runs on stablecoins backed by money market instruments represent the “most salient” financial stability risk, the report said. The report cited many of the recommendations of the PWG’s stablecoin report, including that stablecoin issuers should all be insured commercial banks, custodial wallet providers should be subject to appropriate federal oversight, and stablecoin issuers’ affiliations with commercial enterprises should be limited.

U.S. Unveils New Sanctions Against Russia

The Treasury Department recently announced fresh sanctions on Russian officials, companies and industry leaders, including central bank chief Elvira Nabiullina and Deputy Prime Minister Aleksandr Valentinovich Novak. European diplomats also reached agreement on a new round of Russia sanctions, setting the stage for a price cap on Russian oil sales. Separately, the U.S. Treasury Department announced sanctions on senior Iranian officials over violence against peaceful protesters.

BPI Calls for Regulatory Harmony on CFTC Climate Risk Measures

The Commodity Futures Trading Commission should ensure it is working in harmony with other U.S. federal financial regulators on any climate risk measures, BPI wrote in a recent comment letter. The letter is a response to the CFTC’s request for information on climate-related financial risk. The need to ensure coordination and avoid duplicative measures is paramount as multiple U.S. financial regulators consider regulatory actions on climate risk, BPI’s Lauren Anderson wrote in the letter.

OFAC Guidance on Instant Payment Systems:  Domestic Payment Systems Face Lower Risk of Sanctions Exposure

On Sept. 30, OFAC released compliance guidance for instant payment systems: *Sanctions Compliance Guidance for Instant Payment Systems (treasury.gov).  According to the guidance, “each financial institution’s sanctions compliance controls, including decisions on whether and how to screen transactions conducted using instant payment systems, should be based on that institution’s assessment of its own risk”.   At the same time, it notes that “solely domestic instant payment transactions generally pose a lower sanctions risk than those involving accounts maintained at non-U.S. banks, which may not be subject to similar regulatory requirements and examinations”.  The new guidance encourages developers of instant payment systems to build in certain compliance features such as allowing for exception processing and enabling communication among participating financial institutions involved in processing payments. 

BPI Members Provide Relief In Hurricane Ian’s Wake

Several BPI member banks took steps to provide relief for customers, communities and employees affected by Hurricane Ian. The list below is a sample of the overall efforts.

  • Regions provided $225,000 in grant funding from its Regions Foundation to support disaster relief organizations and offered fee waivers, payment deferrals, disaster relief purchase and renovation loans and other options to affected customers.
  • Wells Fargo Foundation donated $1 million to organizations providing relief in Florida, in addition to support for employees and customers.
  • Truist Foundation announced donations totaling $1 million to support hurricane relief and recovery efforts in Florida, in addition to a $250,000 donation to support relief for affected South Carolina communities.

JPMorgan Has Eliminated Screen Scraping

JPMorgan Chase is now routing all third-party app and service inquiries for customer data access through its application programming interface, rather than using “screen scraping.” The milestone is five years in the making, according to an American Banker article. APIs are a more secure conduit for financial data sharing than screen scraping, which banks are generally phasing out.

Next Post: BPInsights: March 18, 2023 View Next Post

Disclaimer:

The views expressed do not necessarily reflect those of the Bank Policy Institute’s member banks, and are not intended to be, and should not be construed as, legal advice of any kind.

You Might Also Be Interested In...
Newsletters BPInsights: March 18, 2023
Newsletters BPInsights: March 11, 2023
Newsletters BPInsights: March 4, 2023
Newsletters BPInsights: February 25, 2023
Newsletters BPInsights: February 18, 2023
Newsletters BPInsights: February 11, 2023
Newsletters BPInsights: February 4, 2023
Newsletters BPInsights: January 28, 2023
More Posts by This Author
Newsletters BPInsights: March 18, 2023
Newsletters BPInsights: March 11, 2023
Bank Fee Criticisms Ignore CARD ACT Protections
Newsletters BPInsights: March 4, 2023
Data Privacy BPI Welcomes Thoughtful Approach to Modernizing Financial Privacy Legislation
Newsletters BPInsights: February 25, 2023
Newsletters BPInsights: February 18, 2023
AML, Bank Secrecy Act and Sanctions Business-Ownership Registry Access Rules Should Ensure Banks Can Focus on Threats