Most of us see payments innovation as the force that moves markets. That’s true when it comes to user experience and the tech that moves money. But it is government regulation and business contract rules that guide and control what financial services players can, and can’t, do with their shiny new tools. Or crusty old ones.
Regulation in the US is a complex, multi-layered reality for incumbents and fintechs alike. In this Payments on Fire® episode, Jennifer Aguilar, Sr. Associate at law firm Alston & Bird provides a crisp review of payment system rules, federal and state regulations, Regs E and Z, and more.
She addresses the headline grabbing concern faced by Zelle and other push payment providers regarding Reg E compliance. This new world of push payments comes with very different guardrails than the “zero liability” promise of the card system.So, join Jennifer, Glenbrook’s Yvette Bohanan and George Peabody for a fun primer on this complex and evolving topic. We will come back to it again in future episodes.
This is an acronym-rich topic. Here is how a few of this episode’s acronyms get spelled out:
BSA – Bank Secrecy Act
FinCEN – Financial Crimes Enforcement Network
AML – Anti-Money Laundering
KYC – Know Your Customer
BNPL – Buy Now, Pay Later
Yvette Bohanan:
Welcome to Payments on Fire, a podcast from Glenbrook Partners about the payments industry, how it works, and trends in its evolution. I’m Yvette Bohanan, a partner at Glenbrook and co-host of Payments on Fire. Joining me today is someone who needs no introduction, the Payments on Fire progenitor, George Peabody. And George, that’s my word of the day, progenitor.
George Peabody:
Wow. Wow. So I looked it up, Yvette, and there are three definitions I see. One is a direct ancestor and another one is an originator of a line of descent or precursor, both of which sort of infer death, and I’m here actually. So I’m really excited to be here.
Yvette Bohanan:
You’re very much alive and kicking, George.
George Peabody:
Now, the third one is an originator and founder, and that label I will accept.
Yvette Bohanan:
There you go.
George Peabody:
So since when did we start Payments on Fire? Something like eight years ago.
Yvette Bohanan:
And by we, you mean you. I mean, this was your brain child.
George Peabody:
Well, that’s true. It’s Glenbrook’s Payments on Fire. And I’m really glad to be here with you today, and I’m really glad to be here with our guest. So let’s get to that.
Yvette Bohanan:
We’re not going into as heavy as stuff as the first two definitions of progenitor here.
George Peabody:
Good.
Yvette Bohanan:
We’re going into heavy stuff of payments today, regulations, we’re going to be talking about laws. And we are absolutely delighted to have with us someone who is an expert in this space. So we’re not attorneys, we have to say that up front. That’s why we bring in guests. And today our guest with us is Jennifer Aguilar. She’s the senior associate at Alston & Bird. Jennifer counsels financial services clients on regulatory and transactional matters with a focus on payment laws and network rules.
She covers areas such as the NACHA Operating Rules and Guidelines, a book or online site that some attorneys who will remain nameless have told me they are afraid to even open up. So she’s a very brave person in that regard. The card network rules, we just did a card network rules update for some of our clients. We have 78 pages of network rules some days to go through with them. So that’s pretty significant. And things like the Electronic Funds Transfer Act, which we often refer to as Reg E in general here. And much, much more.
And before joining Alston & Bird, Jennifer was an associate at a law firm in a leading consumer financial services group where she advised clients on requirements relating to consumer protection and disclosures, a very hot topic right now in the industry, deposit products, payment cards, credit cards, checks, installment lending. Think, buy now, pay later. She also served as council at the National Association of Federally-Insured Credit Unions, where she provided comprehensive compliance assistance on the federal consumer financial services regulations to our nation’s credit unions. I’m going to stop right there. I’m sure there’s even more. But Jennifer, I’m going to say welcome, welcome, welcome to Payments on Fire. I hope this is the first of many conversations we get to have with you.
Jennifer Aguilar:
Thanks, Yvette. I’m so excited to be joining you and George today to be talking about payments laws, they’re very near and dear to my heart, and I hope people are not immediately turning us off because we’re talking here about laws. I’ll make this very easy.
Yvette Bohanan:
Exactly.
George Peabody:
This is a terrific opportunity for us. I mean, Yvette and I, we’re not attorneys, we don’t even play them on a podcast. And the longer I’m in the payments industry, the more I realize that indeed it’s about rules and regulations that govern how payments actually work. So I’m thrilled to have you here. If we could start with, we’ve got listeners from around the world and they are all in various places in their payments journey, and surprisingly talking about regulations and rules is kind of a recent development on this podcast, as I was saying. So we’re really thrilled that you can help us break it down by starting with that basic question. What’s the difference between a regulation and a rule?
Jennifer Aguilar:
Sure. So there’s different ways that payments can get regulated, both at the federal level here in the US, federal and state laws in other countries, and those are the legal frameworks that’ll be in place. And then there’s also a number of just private network rules that can get put into place that institutions and those participating in payments have to comply with as well. So the basic difference is whether you are agreeing to something, to do something, because it’s required by law or whether it’s required by contract. The gist of it is you’re still required to do it, but the reasoning that you’re required to do it is the key difference.
So here in the US we kind of have what I think of as three levels of regulation and rules here where we start with, at the federal level, we have those statutes and regulations that govern payments in the US. Earlier we mentioned the Electronic Funds Transfer Act and it’s implementing Regulation E. Those are going to be what we think of as our regulations, things that you have to comply with and follow because they’re mandated by law.
There’s also requirements under state laws. So for example, when we get into checks and wires, that’s governed in the US here by the Uniform Commercial Code, and that’s administered at the state level. So depending on what state you’re operating in or where your consumer is located, there could be different requirements to comply with, also as imposed by each of the states here. And that’s again going to be something that you’re required to comply with by law. There’s also those contracts that you can agree with. We mentioned the NACHA Operating Rules, that’s an example of a rule. It’s something that you, by virtue of participating in the ACH, have agreed to abide by those rules.
And they sort of operate kind of like a contract. If you break the contract, it’s not like you’re going to have criminal liability for breaking a law and go to prison or have to pay a criminal fine or something like that. It’s going to be enforced under contract law. So if you break it, essentially anybody who is also party to that contract can kind of bring a suit under the law to enforce the terms of that contract. And the contracts also generally provide for provisions that other participants can bring a claim against you through the network operator. So for example, NACHA has a rules enforcement process that they can follow if someone claims that someone else has violated the rules or kind of similar requirements under the card networks.
So that’s all enforced between the parties that are part of that contract outside the scope of law. Now, we may get pulled into law because it’s a contract. Then you can sue to enforce the terms and things like that, and there’ll be other legal frameworks that can comply or apply in that case. But for the most part, those rules are going to be just a contract between you and the other parties as opposed to legal requirements under the law.
Yvette Bohanan:
Thank you. That was extremely clear and well stated. One follow up because we get this question all the time in our workshops. Okay, it’s kind of a loaded question, and you kind of touched on it a bit between distinguishing federal and state. But what really confuses people is, who’s really responsible in the United States? Particularly who’s responsible at the federal level for creating these laws? And when you start to think about things like FinCEN comes out with a directive, and then Congress is looking to pass a law. Right now we’re talking about, we’re watching Durbin, Marshall, coming through. And then you have states and the attorneys generals’ shutting somebody down because they don’t have money services business licenses.
And so we’re always getting these questions, who’s in charge? Because when you look to a country like say India, it’s pretty clear, it’s the Reserve Bank of India and they get all these rights and they just basically say, “This is the law and everyone has to line up,” pretty much. So how should we think about that process of creation of laws, and who should our listeners be having their radar tuned into, if you will, to follow what’s going on in the industry?
Jennifer Aguilar:
Well, we really like to complicate things over here, not only with federal laws, but state laws. There’s also a whole host of different people who can enforce different things at each of those different levels. So it can get really complicated. Typically, the way I like to think about it is, what are you doing and who are the people that you’re serving? Those are the two big questions that are going to drive who is regulating and who you should be looking at.
So if you’re looking at the types of services that you provide, are you a bank that’s providing services to consumers and commercial clients? Are you a FinTech who’s providing remittance transfer services to consumer customers? Are you providing wire services or ACH services? So getting an understanding of what services that you’re providing to each of your customers, and then whether those customers are commercial customers or consumer customers are also going to influence who’s in charge.
So when we think about the federal level here in the US, we have Congress who passes the statutes. In our example, before the Electronic Funds Transfer Act is the statute that gets passed by Congress, and that sort of sets the law, and then it gets delegated to an agency of the government who then can interpret the law and issue regulations. So for the EFTA, that’s the CFPB, and they issue Regulation E, and it’s sort of an interpretive rule of the statute that’s sort of broad and doesn’t provide any specific information to institutions who have to comply with it. So here’s additional information for how you comply with the actual statute, and we’re going to give you examples, we might give you some additional guidance, and all of that goes into the regulation. And that’s all how it works, across the board, at the federal level. That statute is sort of the initial governing piece, and then it gets implemented through those regulations.
At the state level, it’s kind of similar. The state will have their own state congress that will pass the general law, and then there could be an agency or someone like an attorney’s general who has the authority to then interpret and enforce that law on the ground and face to face with those consumers, or the companies, offering those products and services to consumers or other customers. So depending on what you’re doing and who you’re surveying and whether you’re being regulated at the federal level or at the state level, a lot of times in financial services it’s going to end up being both. You’re regulated both under federal law for the financial services and products that you’re offering, and then you’re also going to be regulated at the state level, and then on top of all of that we have UDAP, which is our Unfair or Deceptive Acts or Practices, which is enforced federal and at the state level. So that’s another avenue where different parties can have authority to enforce some of the rules and regulations within the United States.
And that’s sort of all just the, “I’m offering a product,” piece of it. When you start looking at, “I’m actually processing payments,” those can be a whole other framework that applies. And here the Federal Reserve has a lot of framework for the processing side of payments. So if you’re running a check through their clearing system or running a wire through Fedwire, and they have rules that are going to apply as well as the regulations and laws and that they’ve imposed for those types of activities as well. So at least here in the US, like I said, kind of those big questions of, “What types of products are you doing and who are you serving, consumers or commercial customers?” At least, on the commercial side, it’s a little bit easier and there’s not as many regulations and things that you have to comply with or identify. But on the consumer side, that’s certainly more heavily regulated in the US.
Yvette Bohanan:
Yeah, and that’s not true all over the world, but it’s definitely true here. So we always say payments are domestic in nature, and they’re domestic, one of the big reasons is because the rules, the laws, surrounding them and the regulations basically reflect what’s really important to that government and how they want to manage the payment systems that support their economy. So here in the US we have a tremendous focus on consumer protection. Businesses, like you said, it’s a little more like, if you have a disagreement or an issue, you can end up in court. So anyway, let’s start with the Fed maybe? George?
George Peabody:
So I got a quick question.
Yvette Bohanan:
Oh, okay.
George Peabody:
These regulations, do they principally apply to financial institutions?
Jennifer Aguilar:
So that’s the other really fun part about dealing with regulations in the US is that they can have wildly different applications again based on what you’re doing. So if we look at Regulation E, because it actually defines financial institution, it defines it in a way that captures what consumers traditionally think of as a financial institution, their banker, their credit union. But it also wraps into that definition, other people who are providing certain products and services to consumers. Like companies who are maybe not a traditional financial institution who are providing EFT services to consumers or who are issuing access devices to consumers to access those EFT services. So it can be a little bit more broad if we look at things like Regulation Z and the rules for credit cards, that applies to people who are issuing credit cards. So it doesn’t necessarily have to be a financial institution in that case.
And then if we look at who’s actually responsible for overseeing that, there’s another layer of, “Well, who actually has authority to oversee these people?” So the CFPB kind of focuses on consumer regulations. We also have the FTC here who kind of focuses on those who are offering it sort of outside the scope of what we think of traditional depository institutions. So there can also be different players based on that angle. So the rules can… Looking at those definitions is kind of a real world, big piece, of the rules, and any time I teach anything about regulations, especially a specific one, I always go back to, “How are things defined,” because that’s going to tell you what the scope of the rule is. So it can vary wildly across the different regulations.
George Peabody:
So I’m going to say that I think we probably would have a different system if we had a clean sheet of paper approach, but I’m not even asking you to comment.
Yvette Bohanan:
George. This is just a podcast about how we roll-
George Peabody:
I know, I know.
Yvette Bohanan:
… in the US, not how we want to change everything. That’s a different podcast.
George Peabody:
Oh, I keep going there.
Yvette Bohanan:
But it is interesting because the other point that we often kind of ponder is, and you touched on it a little bit, Jennifer, is we have the Federal Reserve and they’re a network operator essentially. They’re running an ACH network, they’re running the wires network or one of them soon, FedNow, one of our fast payment networks. They make the rules for those networks. They’re also responsible for these regulations. And when you think about it, I guess focusing on that and what they’re responsible for, if they have a top five hit list, the five regs the Fed really wakes up every morning and cares about when it comes to payments, what would be on their greatest hits list that people should educate themselves on?
Jennifer Aguilar:
I mean, today it’s certainly FedNow. That’s the big topic of the day for the Federal Reserve is they’re looking forward to the launch hopefully next year and getting that up and running to the public and getting actual transactions running through the network. They’re testing it right now and they’ve issued a number of things in the last few months to get prepared for that from the legal perspective. So they amended Regulation J, which also covers Fedwire. So they’ve added an additional section to that law to cover FedNow, and that addresses things like liability between the parties and what the Federal Reserve is required to do as its role in the middle of processing those FedNow transfers. And the Federal Reserve also issues that they call operating circulars, which are guidance or the implementing regulations for their statutes.
So they adjusted that a couple of weeks ago for the Federal Reserve’s new service for FedNow, and they issued some operating procedures for that. So all of that sort of happened within the last couple of weeks. The amendments to Reg J came out a while ago, but they officially became effective on the 1st of October, so just about a week ago. So they’re definitely getting prepared for that. And I think that’s definitely front of mind for what they’re doing today, and from a legal perspective, making sure that those who are running transactions through the network understand their obligations and liabilities for doing so and what some of the operating and procedural requirements are going to be for those transactions. So that’s certainly a big, big deal for them at the moment.
The other couple of topics that have come up recently, especially with regard to the pandemic ACH and benefit payments and treasury checks, those are kind of the other buckets there. Through the pandemic here in the US, we had a lot of federal benefit payments that went out to consumers. Those went out through ACH, which has its own set of regulations for how the Federal Reserve operates in that space, and they also have what we call the green book for how those benefit payments get processed, and the requirements that apply for those benefit payments through ACH.
And then there’s a separate set of rules that apply when the treasury issues checks. So some of the payments that went out to consumers were issued via check, some of them were issued via prepaid card or ACH transfers. There’s a number of different ways those went out. So the requirements for ACH, and then the requirements that’s different for their treasury checks. And it became front of mind for a lot of us from the legal perspective in payments, and making sure that those were processed correctly. And if there were any issues with how those were processed or if consumers didn’t receive them or if they needed to be returned, and kind of navigating some of those under those different requirements under the Federal Reserve’s requirements.
And then the two other regulations that they have are going to be for check collection and then Fedwire. So that’s going to be more on the processing side for when they’re acting as a processor instead of the person who is initiating a payment through the system. So those requirements that apply when you’re processing a check through the system and then requirements that apply when you process a wire through the Fedwire system. So those are certainly, of course, top of mind for them as those are being used every day by a lot of different institutions for all of their checks and wires that go through those systems as well.
Yvette Bohanan:
And that’s just the top five.
Jennifer Aguilar:
And that’s just payments.
Yvette Bohanan:
Yeah, yeah.
Jennifer Aguilar:
They do a lot of other things as well.
Yvette Bohanan:
And there’s a lot that’s sort of is overarching to all of it too like the Bank Secrecy Act, the US Patriot Act, where you have to sort of know who’s in the system, who your counterparty is, know who your customer is or your business, and that’s something that they kind of oversee as well at that level.
Jennifer Aguilar:
Right. And there’s a lot of general applicability laws that they have and that they oversee that aren’t necessarily specific to payments. Like you said, the BSA is really important here in the US of making sure that institutions and other players in the industry aren’t facilitating payments for terrorist activities or money laundering activities. That’s a really important one that we have here in the US. And then making sure that those regulations are up to date and keeping track of all of that. They also oversee just some of the general banking activities for institutions as well.
Yvette Bohanan:
Okay, so that’s the Fed. We have to talk about the CFPB. I mean, they’re kind of front and center for… Even if you’re not in the industry, you’re just a person in the US, you care about what the CFPB is doing to some degree, because they’re kind of watching our back. And what would their top five list be in contrast? You said that you have to look at the nature of the product and you have to look at who the customer is and when the customer’s the consumer, I’m guessing the CFPB gets quite interested in what’s going on.
Jennifer Aguilar:
Right. So the CFPB is really designed specifically for consumer protection. They have a number of different mandates, but that’s sort of their overarching priority is consumer financial products and services that are going throughout the United States. There’s some areas where they do get involved in things like small businesses who are engaging in financial products and services or obtaining those. But for the most part, the CFPB is predominantly focused on consumer protection. So they don’t really get involved in specific payment transactions or things like that in the same way that the Federal Reserve does.
So most of what the CFPB does is focused on making sure that consumers have the correct information that they need to make informed decisions about the products and services that they’re receiving, the cost of those financial products and services, sometimes to put in some substantive protections where the CFPB believes, or certain practices, that are just unfair or certain practices that institutions shouldn’t engage in because they’re harmful to consumers. So there may be some substantive things in their laws that they’re going to address as well.
So from that perspective, the way that the CFPB works, from the payments perspective, the two big regulations that we think of from the CFPB are going to be Regulation E, which governs all EFT services throughout the United States. So it’s going to be things like ACH transactions, debit card transactions, all of those that run under Regulation E when they’re consumer payments. Whether it’s the consumer initiating them or someone else initiating them to the consumer’s account, or if I authorize someone to debit my account, those are the types of things that are going to be covered under Regulation E.
They also have Regulation Z, which governs credit cards. So whenever consumers are engaging in credit card transactions, the relationship between the consumer and their issuer is going to be governed by Regulation Z. And that’s again focused on making sure that consumers are provided good information about the cost of their credit card products, things like interest rates and the fees that are going to apply, and then imposing some protections under both Regulation E and Regulation Z in the event that the consumer is the victim of unauthorized use of their card or other debits of their accounts or other errors or issues that might come up, are the main protections for those two rules.
And the other big one for the CFPB that we hear a lot about these days is UDAP, Unfair or Deceptive Acts or Practices. And this gives the CFPB a lot of leeway and a lot of room and to look at different practices and products, even though they may or may not be covered under other regulations, or even if something’s not specifically prohibited under a different regulation like Regulation E or Regulation Z, it could still be considered an unfair practice and be prohibited under the UDAP provisions that the CFPB enforces.
Most of that is done through enforcement action, which is another big area that the CFPB has and it’s one of their main focuses as well. The institutions that are within their purview, they can go in and examine the institutions if they find compliance violations. They can initiate enforcement actions, which could result in things like refunds back to consumers or required changes to their processes and procedures for how the banks are operating to ensure compliance with the rules.
And then I think the last big one is just their general authority to investigate and supervise the industry generally. They relied on that pretty heavily in the last year or so. We’ve seen a number of just investigative orders go out to different industry players like our payment processors or our buy now, pay later providers to sort get some more information about what is going on in the industry. So they can rely on that pretty heavily to get more information, to do some investigation, and that could potentially influence the way that their rules are interpreted or potentially influence new rule makings or a plea to Congress to change different statutes or things like that depending on what they’re seeing in the industry as well.
Yvette Bohanan:
There’s a lot happening right now. So I’m going to… George, I don’t know, what should we double click on? Should we double click on Zelle?
George Peabody:
Absolutely. This issue is near and dear to my heart. My senator Elizabeth Warren this week was taking the Zelle situation to task with respect to the degree to which scams are taking place and the disconnect between the rules that govern these push payment systems and the rules with respect to, “Boy, when I get fooled, what are the obligations of the financial institution to remedy my…” Well, I won’t say foolishness, but the risk is transferred onto the sender in these systems, and we have generations of citizens who have been raised with the expectation of charge back privileges that come from the card system.
Yvette Bohanan:
Zero liability as a consumer.
George Peabody:
Zero liability. Yeah, exactly. And consumers, one part of the problem is consumers have been raised with that zero liability promise and they don’t truly understand that there are actually different systems of different rules being used here, and scammers of course are taking advantage of, well, human nature as it’s always been. So Jennifer, I’d love to hear your thoughts on this. We’ve looked at what’s happening in the UK, which does a lot of reporting on these kind of fraud losses, and even with their very active education, it’s still a really growing problem where these push payment scams actually are larger than card fraud now. Oh my goodness.
Yvette Bohanan:
Yeah.
Jennifer Aguilar:
Right, and that has a lot to do with just how payments have evolved over time and especially over the last handful of years here in the United States. When we look at the legal framework that’s currently in place, we’re going back to the mid seventies for when that was established, and the way that payments were conducted at that time is just wildly different than how payments are conducted today. And the rules don’t always… It’s not just in payments, but sort of across the board, laws don’t always keep up with the times. It takes a long time to get enough momentum to change or implement a new law, and then for that to actually get passed, and then for implementing regulations to get put into place and then for practices to follow through. We’re talking several years in many cases, and technology, as we know, moves much, much faster than that.
So it can be really challenging for laws to keep up with all of the current trends and all of the current technology. And that’s why there’s just been a lot of conversation about Regulation E and its limitations, especially when it comes to the way that fraud is happening now. That when the law was originally contemplated, they’re talking about EFT cards, that consumers are handed a physical card, and that’s the only way to access the account. And a lot of the protections that it’s providing to consumers, particularly with fraud, is around that.When we look at the rules that talk about when you issue an access device to a consumer, there’s specific protections to make sure that if that card gets lost in the mail, someone can’t use it to then steal the consumer’s money. That’s really what they were worried about when a lot of this went into place in the seventies. And so it’s hard to take something that just wasn’t contemplated at all at the time a rule was written and apply it to a situation. So when we look at the credit push scenario and we look at the definitions, there’s going to just be that gap, and that’s just how the law is written because credit push payments were not a thing in the seventies. That’s not how consumers were using their accounts at that time.
George Peabody:
So Jennifer, to be clear then, with respect to Reg E, if I get scammed and I push money to a scammer and then I call my financial institution and say, “Hey, I got scammed,” Reg E regulations don’t require the financial institution to make me whole. Is that correct?
Jennifer Aguilar:
So a lot of that depends on how the scam happens. That’s a lot of what we’re looking at from a legal perspective. And it can get really, really nuanced if it’s the scenario which is one that was very, very common during the pandemic was that someone was calling consumers saying, “I’m someone from your bank, you need to give me your account information and we need that to confirm transactions,” or, “so that you can get your payments from the government,” or, “economic support,” and those types of things, and then consumers would hand over that information.
If the consumer is handing over their account information and the fraudsters then using that account information to initiate transactions or otherwise get the money from the consumer’s account, that’s going to be considered an unauthorized transaction under the law. If we have a fraudster who calls the consumer and says, “Hey, your grandson is here in jail, you need to send me $500 to get them out of jail,” and the consumer initiates that payment and sends the funds, that’s not unauthorized under Regulation E. So it can be really, really nuanced and exactly what the facts are can change whether the law applies and when the law applies.
George Peabody:
So if I could tease that just a little bit further, if I voluntarily give or involuntarily give the fraudster my payment credentials, they initiate the transaction, that’s covered by Reg E?
Jennifer Aguilar:
Right.
George Peabody:
And if I just send the money to get my kid out of jail, or my grandson out of jail, and I’ve been fooled and send it to the wrong person, then the financial institution again is under no obligation to make me whole?
Jennifer Aguilar:
Not under Regulation E. So this is another area where the difference between the regulations and the rules can kind of come into play. And I think that’s a lot of what the conversation is as well that’s out in the industry right now, is that there’s very limited things that we can do to change Regulation E. A lot of the way that things are written in the regulation come from the statute, and in order to change the statute, we need Congress to act. So it’s not like the CFPB can just change it on its own, or even if the CFPB were to change it on its own, we’d probably expect some challenges to that because they might have come up with some interpretations that may or may not be consistent with the way the statute is currently written. And so there’s some limitations from the legal perspective of things that might need to happen before we can more broadly apply the framework that we see here today.
From the rules perspective, card network rules, ACH network rules, the P2P platform rules, those are all just a contract. So a lot of pressure is being put on those companies to change their contracts to assign liability to different parties within the system because the consumers typically are just like a third party beneficiary of the contract and not necessarily a party to the contract themselves. Most of what the conversation is, is between the banks, who should be liable in that case. Regulation E says it’s the consumer’s bank who needs to refund the consumer in the event of unauthorized use, but a lot of times the consumer’s bank doesn’t really have control over what might be happening.
So if, for example, another bank let the fraudster create an account, let the fraudster get into the banking system through this other bank, and they’re the ones that had that relationship, should have known this person was a fraudster, and that’s where the rules can come into play and say, “Well, it’s not the consumer’s bank who should be ultimately responsible for the loss here. It’s the person who let the fraudster onto the system.” And the way that that sort of gets allocated is by contract, not necessarily by Regulation E. Regulation E only focuses on the relationship between the consumer and its bank and doesn’t look beyond that to whether the bank can potentially recover its losses from some other player in the network. That’s where the rules will come into play.
George Peabody:
This is fascinating and thank you very much. This is really a super naughty problem and the clarity you’re bringing is terrific. And I can just imagine how busy someone at the Fed is, or someones at the Fed are, looking at those very rules as they contemplate the launch of FedNow, because the idea isn’t to really spread this push payment method so broadly. Moving right along to something just not… That one just blows my mind at how thorny it is. I mean, the economics of these push payment systems are utterly different than the card system. So how do bankers think about making people whole?
Yvette Bohanan:
Compensating them. And when you talk about the receiving, the bank, the potential liability around the bank, that set up the fraudster’s account, and you look at the data around application fraud at financial institutions right now and synthetic identity, it’s daunting.
George Peabody:
Yeah.
Yvette Bohanan:
It’s daunting. All right. That was very, very helpful. I think we have time for one more question, George. I’m going to pick on one of our hot topic areas that everyone wants to talk about when they’re calling us right now, is it’s buy now, pay later.
George Peabody:
Jennifer, will you come back for another?
Yvette Bohanan:
Yeah, yeah. We have a whole list, Jennifer, but I’m going to focus on buy now, pay later because it’s getting scrutiny across the globe. You look at what’s going on even in Australia where it’s hugely popular, it’s almost like where it was started in a lot of respects, although technically a lot of what we see now is from Bill Me Later, a couple of decades ago. But when we talk about this space and we read the headlines, we see a lot of scrutiny. We see the CFPB looking at things. We see FinTechs under a microscope almost.
We see a lot of FinTechs in this space, not all but some, kind of trying to walk a fine line, or stay in a gray zone, in terms of who they are and what role they’re playing in this. Are they a lender? Are they not a lender? If they keep things under X number of installments, they’re not actually doing this, versus if they go over that amount they are. And letting consumers pay these off with credit cards is kind of a controversial point as well. A lot happening here. So what should FinTechs and banks and businesses be thinking about right now when it comes to buy now, pay later when they’re making decisions around how to structure products, how to structure their rules if they’re a closed loop system? What are the regulators focused on and why?
Jennifer Aguilar:
Right. So I think that’s it, the installment piece of it, that’s the hot ticket in buy now, pay later. And this is one of those areas where if we go back to the definitions, we go back to the scope of a law, that’s the really important piece for what may or may not apply in buy now, pay later. And so on the federal level, we’re looking at Regulation Z. So I mentioned earlier, it covers credit cards, it also covers a whole host of other types of lending products. So it could cover things like a mortgage or a home equity line of credit on your home. It can cover things like an auto loan or just any other consumer installment loan. And the way that those terms are defined in the rule are based on whether or not a finance charge like interest is imposed on the loan or whether the loan is over at least more than four installments.
So if a product is designed where there’s no finance charges, no interest or other charges that are imposed as a cost of obtaining the credit, and if it’s only for payments or maybe it’s only two payments, we don’t have what’s defined as credit under Regulation Z. At the state level, not all of the states have followed that same definition for what’s considered consumer credit or credit generally. So there’s some states who just define it as any advance of money to a consumer or to a business. There’s some who say, “We want more than two installments,” some will define it based on finance charges or things like that. So every state also has its own definition of what’s considered credit. So this is why it gets really complicated here to understand, “What am I subject to under federal law, and then what are the implications for designing my product in a certain way based on that, at the state level?”
So buy now, pay later is really challenging when you’re designing the product to understand not just the federal requirements but the state consumer credit requirements as well. And at the state level, if you’re issuing credit to certain consumers in certain amounts or with certain finance charges, you have to be licensed under state laws and follow certain requirements under state laws as well to be issuing some of these types of products. So some providers are regulated by the states by virtue of the state consumer credit requirements.
Some are regulated at the federal level by virtue of some partnerships where they are actually making loans to their consumers. So there’s a lot of different ways that the product can be designed and a lot of different ways that you can think through, “How are we letting consumers repay these? If it’s not a loan, we get a little bit more flexibility for some of the things that we can do in saying that the consumer can repay us,” and we have prohibitions in Regulation E on requiring auto pay to repay a loan. So there’s a lot of downstream implications too for saying, “This is not a loan.”
On the card network side, there’s some requirements for paying off debt with debt, and if we’re saying, “This isn’t debt,” then we’re not repaying it with a credit card and that’s not prohibited under the rules. So there can be a lot of downstream implications for how we’re thinking through these products, and I think that’s exactly what the CFPB is focused on. They’re focused on what are the gaps in the current laws and what are those risks to consumers based on those gaps.
Yvette Bohanan:
And consumers don’t know this, right?
Jennifer Aguilar:
Yeah.
Yvette Bohanan:
That’s the big point from the CFPB. It’s like, if you’re living in Massachusetts versus Florida, you don’t know what your state laws are around this and what should be allowed or not. But I also have this sort of thought about the merchants offering these solutions. This is kind of considered this sort of trifecta win when people wax philosophical about buy now, pay later. They’re talking about the merchants love it because it increases their ticket size, it improves conversion at checkout, people who may not have thought they could afford that new bedroom set are suddenly inspired to buy it on buy now, pay later terms. That’s been around for a while in different forms, like 90 days same as cash, zero interest financing for 12 months, all that kind of stuff. The merchants think this is great stuff, generally speaking in retail. But in all sorts of areas like home improvement… We’re seeing this in healthcare, we’re seeing this in a lot of places.
On the other side, we have the banks. The banks are saying, “Well, this is just another line for lending and we’re all about lending. This is a great thing.” Whether it’s legally decided that it’s lending, they’re kind of loaning out their balance sheets sometimes. So that’s good. The consumers, it’s a win for them because they get stuff, they get help, they can pay off a medical bill, they can do this, they can do that. So it’s goodness for them.
When you have an environment where people really want this, everyone wants to participate across the system, but there’s all of these ins and outs and things going on, what should companies that are offering buy now, pay later to their customers be thinking about? The merchants, they’re kind of in this frenzy where if one of these is good, 10 is better. And you go to a checkout page and it’s like, “Do you want to use a firm or charge P,” or this or that or zip. Are the merchants getting into any rough waters here by having all those different types of providers and not really understanding these nuances, as you said?
Jennifer Aguilar:
Yeah, and from the CFPB’S perspective, and from the regulatory perspective, it’s not so much the merchants that they’re going to be focused on. The merchants are essentially just providing a product or service to the consumer. It’s not the merchant who is advancing funds or otherwise making a loan or providing credit availability or however we want to phrase it. It’s not the merchant who’s doing that. The merchant is partnering with someone else and it’s that someone else who’s really the big focus of the CFPB and the other regulators. That the merchant practices are going to be similar to what they are even if the consumer had just used their credit card, “I purchased a product, I may or may not have rights to return the product based on the merchant or based on how I paid for that.” And then when we add that additional layer by using the buy now, pay later, that’s that extra step that’s what’s causing the concern.
So it’s not so much the merchant relationship, because at the end of the day, the merchant’s not the one offering the product. The consumer doesn’t necessarily have that relationship with the merchant. We can go to our buy now, pay later app and I can access hundreds of merchants through that app. I’m not going directly to each individual merchant’s website in some cases. And so from the regulatory perspective and the legal perspective, we’re really focused on the entity who’s providing the buy now, pay later service itself, and what those challenges are.
And when we look at it from that perspective, what rights are we providing to consumers from the protection perspective? Are we giving them rights to return transactions? Are we giving them rights to dispute transactions? Are we imposing late fees on our consumers that then add up to more than the full cost of the product, because we now have a late fee for four payments instead of just one? Those are the types of things that we’re looking at, and from the merchant perspective, those are typically things that the merchant’s not going to control. And those are things that the buy now, pay later provider is going to control. So that’s really where the regulatory focus is going to be.
George Peabody:
Wow. Well, Jennifer, I’m afraid we’re going to have to leave it there. And man, if we got so many other topics to touch on, each one of the ones we had today could spend a whole session on, a whole episode on. So really, really do appreciate your insights. Love to have you come back. It’s been a great conversation.
Jennifer Aguilar:
My pleasure. I’m happy to share and provide insights into these topics.
Yvette Bohanan:
The world of payments just gets more complicated the longer you’re in it, I think.
Jennifer Aguilar:
Yes.
Yvette Bohanan:
It’s definitely because of all the innovation, like you said.
George Peabody:
The relationship between regulation rules and innovation is really fascinating and complex, as you’ve made abundantly clear.
Yvette Bohanan:
Yeah, I used to say it’s an algebra or calculus equation. I think it’s more like a chemistry experiment sometimes. I need to switch academic topics for the analogy.
Jennifer Aguilar:
Yes.
George Peabody:
That’s why I think some things explode. Is that right?
Jennifer Aguilar:
Yeah, exactly.
Yvette Bohanan:
Exactly. And some things just sort of fizzle out. Well, if anyone out there listening has a question that they’d like to pose regarding rules or regulations that you would want us to dive into on a future podcast or any other topic that you want to hear about, drop us a note. We have an email alias, paymentsonfire@glenbrook.com, and we monitor that for ideas and suggestions all the time. So George, it’s that special time. Jennifer, thank you so much. And George, we need to do this again. We need more info on rules and regs, people.
George Peabody:
Yes, absolutely. Expect that to be a theme going forward up ahead for Payments on Fire. So Jennifer, again, thank you so much. Yvette, great to be with you. Stay safe, do good work.
