1 / 52

Legal and Regulatory Track Payments: Getting and Maintaining a Bank Relationship Moderator :

Legal and Regulatory Track Payments: Getting and Maintaining a Bank Relationship Moderator : Jennifer Galloway , Jennifer Galloway, PA Panelists : Kirk Chewning , Strategic Link Consulting Mark Murphy , Sandberg Phoenix & von Gontard PC Rick Eckman , Pepper Hamilton

aquila-townsend
Télécharger la présentation

Legal and Regulatory Track Payments: Getting and Maintaining a Bank Relationship Moderator :

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Legal and Regulatory Track Payments: Getting and Maintaining a Bank Relationship Moderator: Jennifer Galloway, Jennifer Galloway, PA Panelists: Kirk Chewning, Strategic Link Consulting Mark Murphy, Sandberg Phoenix & von Gontard PC Rick Eckman, Pepper Hamilton Blake Sims, Hudson Cook

  2. Outline • OLA Payments best practices • ACH processing in the current environment • Payments compliance and alternatives

  3. OLA Payment Best Practices & Reporting Presented By: Kirk Chewning

  4. OLA Best Practices • Lenders, processors and their agents shall develop and maintain timely postings of returns information • Lenders shall provide consumers an alternative to ACH debiting. These alternatives shall be provided both when the customer is current and in collection stages.  Such alternatives may include paper check, debit card, money order, or other means.  3. All customers must have the right to rescind the loan and the ACH authorization within one (1) business day of the loan approval so long as the customer returns the funds within 24 hours of the rescission 4. Lenders will follow all NACHA presentment rules – one original presentment plus only two re-presentments on each original payment.

  5. OLA Best Practices (Continued) Lenders will not process multiple ACH debit attempts to an individual loan on the same effective date (No ACH Split Payments) unless expressly authorized by (expressly requested by) the customer Lenders shall charge only one NSF fee per original loan payment 7. All authorizations for recurring debits shall be secured in accordance with NACHA rules, the Electronic Funds Transfer Act and Regulation E. This shall include securing authorization for recurring debits in writing and signed or similarly authenticated by the consumer: 1. Authorization can be electronic 2. Authorization must be retained and a copy provided to borrower 3. Must include the five essential elements defined by NACHA rules 8. Lenders shall transfer PII data using TPS and TPP security protocols to ensure no inappropriate passing of data. 

  6. OLA Best Practices (Continued) 9. All parties will comply with the new NACHA Rule 2.3.4 which requires the ODFI to ensure that originators and third-party senders do not share account/routing numbers for the purpose of initiating debit entries that are not covered by the original authorization 10.Lenders shall not ACH debit a consumer unless they have a valid authorization with the proper ABA and account information.  Lenders shall not use new bank account information that the merchant sourced from the marketplace on the consumer, or in other words, Lenders shall only debit consumers for the account listed on the valid authorization. • Lenders shall not use RCCs and RCPOs in their normal course of business unless formally requested and proper consumer authorization has been secured. 12. Lenders shall provide their payment processors and the sponsoring ODFI signed payment authorizations for all R10’s and R29’s returns within 24 hours of the request for such documentation.

  7. OLA Best Practices (Continued) • Lenders shall provide Proof of Authorizations to be delivered to TPP within 24 business hours of the request • Lenders shall maintain all Proof of Authorization for all unauthorized transactions in a segregated manner and shall be be delivered to TPP within 4 business hours, upon request

  8. RETURNS TESTS

  9. General GuidanceAny merchant’s (lender’s) third party processor has the ultimate responsibility and authority to establish, monitor and adjudicate the rate of returns of all types and codes. The processor is the gateway to the ODFI bank partner and obligated to comply not only with federal regulatory standards but those established by NACHA. Notwithstanding this ultimate authority, both merchants (lenders) and processors are well advised to closely jointly monitor return rates of all types on a constant and continual basis. In the event a merchant’s processor or bank does not frequently, proactively provide return code analysis by ABA, merchants (lenders) should ask their processor to do so on a monthly basis, and to review those data with recommendations to control return rates under levels acceptable to NACHA. TestingLenders/Merchants shall at a minimum test their portfolios monthly to generate the results of the previous month using the following tests on the next few pages. In the event that any merchant is out of the best practice realm they should work closely with their processor(s) and internal staff to correct lack of compliance swiftly. Regulators, Processors and other payment experts recommend daily and weekly review of these thresholds. They feel that not only will it make the relationship better with processors and ODFI but also make the product better for consumers and in some cases reduce default and fraud. OLA Best Practices Return Testing

  10. OLA Best Practices Return Testing Return Test Rules Test 1: Best Practice #15 - The total count of all returns (all codes) shall not be greater than 30% of total debits processed as computed by the effective dates of the corresponding debits. Test 2: Best Practice #16 – The total count of all NSF Returns (R01 & R09) shall not be greater than 25% of total debits processed as computed by the effective dates of the corresponding debits. Test 3: Best Practices #17 – Lenders shall have an administration return code less than or equal to 4.0% of total debits processed as computed by the effective dates of the corresponding debits. Admin <= 4% (R02, R03, R04) Test 4: Best Practice #18 - All R05, R07, R10, R29, and R51’s (negative chargeback returns) shall not to be greater than 0.5% of total debits processed as computed by the effective dates of the corresponding debits. (It is understood that NACHA’s current requirement is 1.0% or less than) Test 5: Best Practices #19 – Lenders shall have a corrections (C Codes) of less than or equal to 0.40% of total debits processed as computed by the effective dates of the corresponding debits. Corrections <= 0.40% (any C code).

  11. Test 6: Best Practice #20 - The total of all R01 and R09 (insufficient fund returns) shall be greater than 75% of the total returns for the merchant as computed by the effective dates of the corresponding debits.Test 7: Best Practice #21 - Lenders shall review individual ABA numbers which have an extremely high return percentage of the total transactions processed during any given thirty day period. For any ABA numbers that represent greater than 1.5X the merchants average return % (ABA returns vs. ABA debits) and if the merchant submitted more than 15 returns per month with the said ABA then Lenders will take the following measures: a) Closely evaluate the applicant pre-approval, risk management and underwriting means and methods being used in comparison the industry best practices and the state of the art methods available from third party providers of consumer data, and promptly institute such improved measures. b) Discuss with the processor recommendations for controlling returns. c) In the event return rates do not fall into line with industry practices and NACHA guidelines, the lender is advised to cease funding loans from any such ABA Test 8: Best Practice #22 - Lenders shall review and promptly modify their approval and risk management practices for any individual ABA numbers for which more than 15 returns have been processed during the prior calendar month in order to ensure no single ABA number represents negative chargeback returns greater than 1.5% of total debits for said ABA as computed by the effective dates of the corresponding debits. OLA Best Practices Return Testing

  12. Merchant Reporting Example - Return Testing

  13. Merchant Reporting Example - Return Testing

  14. Merchant Reporting Example - Return Testing

  15. Merchant Reporting Example - Return Testing

  16. Merchant Reporting Example - Return Testing

  17. Merchant Reporting Example - Return Testing

  18. Questions?Thank you

  19. OLA Best Practices: Payments A Closer Look Presented by: Mark Murphy

  20. Timely Postings •Payments must be posted upon receipt. •Policies must prevent delay and/or incorrect application of payments.

  21. Payment Options •Lenders must provide an alternative to ACH debiting. •The alternative must be provided when customer is current or in collection. •Alternatives may include: paper check, debit card, money order or other means.

  22. Electronic Payment Authorization •One Time Debits: Notice of amount and date required. Notice in loan agreement is sufficient. •Recurring Debits: Written authorization required, containing amount or range of amounts, and dates. Paper or electronic form acceptable. Retain copy and give copy to consumer. •Unauthorized Debits: Lenders and processors must ensure any unauthorized debit is quickly identified and reversed.

  23. Reporting Our best fraud prevention tool: Reporting of current and prior loan activity that is Timely, Accurate and Complete. •Report within 30 days after furnishing the negative information to the CRA. •Furnisher has a duty to correct the information and thereafter furnish only complete and accurate information. •Furnisher must reinvestigate, and must complete the investigation within 30 days. •Furnisher must notify any CRA to which it furnished inaccurate information and provide any information necessary to correct

  24. Repayment Options •The Consumer must be made aware of repayment options at the time they enter into the Loan. •When a Lender learns that a Consumer is unable to repay at original terms, Members should offer repayment plans that provide flexibility based on Consumer’s circumstances.

  25. Returns •Returns occur when a Consumer believes a debit is unauthorized and asks for the debit to be reversed. •High rate of returns indicates failures in processes for obtaining proper authorizations, or may indicate incidents of fraud. •Depository institutions may take action to close a Lender’s account due to high rate of returns, harming the Lender’s relationship with the depository institution and ability to process payments.

  26. Identifying and Dealing with Returns •Block any ABA number/bank with an extremely high return percentage, which in general is 30% or more of total debits. Only exception: Consumer proves that ABA or DDA at the ABA is a valid account, allow debits for only that situation. •Stop processing any debits or credits for accounts when ACH Negative Return Codes appear. ACH Negative Return Code processing: R2, R3, R4, R5, R7, R8, R10, R16, R20, R29. • •For all R10 and R29 (Chargeback where customer flags as unauthorized): • Show ACH processor authentication and authorization documents, and • Ensure no additional transactions are completed on the account.

  27. Third-Party Payment Processors & Compliance Richard P. Eckman Partner, Pepper Hamilton LLP

  28. Third-Party Payment Processors • TPPPs: What are they? • A deposit customer that uses its banking relationship to process payments for merchant clients • Merchant Clients • Legitimate? • High Risk • Illegal

  29. Warning Signs/Red Flags • Consumer complaints (i.e., unauthorized, misrepresented, merchant strong-armed consumer into providing account information • High rates of unauthorized returns/charge backs • TPPPs have been targeting problem institutions with the promise of income and capital • TPPP likely to use more than one financial institution to process payments, and activity may periodically move among institutions

  30. Enhanced Due Diligence • Policies and procedures • Know your TPPPs’ customers • Develop a processor approval program that extends beyond credit risk management • Perform background checks on TPPPs and merchant clients • Authenticate the TPPPs business operations and assess the risk level

  31. Enhanced Due Diligence (cont.) • Review promotional materials, including websites, to determine target clientele • Identify processors’ major customers • Review corporate documentation • Visit business operations center • Review information of merchant clients; the principle business activity; geographic location; and sales techniques

  32. Ongoing Monitoring Systems • Monitoring high rates of return • Setting return rate thresholds • Setting transaction volume limits • Auditing third-party processors’ programs • Monitoring reserve adequacy • Monitoring consumer complaints about merchant clients on internet blogs and industry databases • Developing contract language addressing access to records, conditions requiring account closing, and reserve adequacy

  33. Potential Supervisory Responses • May require the bank to terminate the relationship with the high-risk TPP • Informal enforcement actions • Formal enforcement actions • Civil money penalties • Section 5 of the FTC Act

  34. Unfair or Deceptive Practices? • A bank may be viewed as facilitating a TPPP’s or a merchant’s fraudulent or unlawful activity • Section 5(a) of the FTC Act prohibits “unfair or deceptive acts or practices affecting commerce” and applies to all persons engaged in commerce, including banks • Authority under Section 8 of the FDI Act to take appropriate action when unfair or deceptive acts or practices are uncovered

  35. Examining Guidance • Verify the bank’s due diligence and underwriting • Review the bank’s controls, policies and procedures for high-risk accounts • If you find suspicious activity: • Gather information to support your findings • Escalate findings to your superiors • Communicate to the bank the seriousness of potentially facilitating consumer fraud • Encourage the bank to file a SAR and to contact law enforcement

  36. Red Flags • High return rates • Merchants selling questionable products and services • 100% refund policy • Prior civil, criminal and regulatory actions against processor or its principals • Consumer and other bank complaints • Inquiries from law enforcement

  37. A Simple Proposition • Mass-market scammers need access to payment systems (RCCs, ACH, CC) to take consumers’ money. Without bank access there are no unauthorized withdrawals. • Banks are stationary (no “whack-a-mole”), regulated and are concerned about reputational risk. • Banks already are required to have systems in place to prevent criminals from accessing the banking system. • Cutting off the scammers’ access to the payment systems is relatively efficient and fast, and protects consumers prospectively as we investigate.

  38. Important Steps Forward • Guidance to banks from FDIC, OCC and FinCEN • United States v. First Bank of Delaware • Financial Fraud Enforcement Task Force/Consumer Protection Branch efforts to choke off fraudsters’ access to payment systems (DOJ, FTC, FDIC-OIG, USPIS, FBI and others) • May 21, 2013: FTIC Notice of Proposed Rulemaking would ban the use of RCCs in connection with telemarketing

  39. Operation Choke Point, So Far • More than 50 subpoenas issued to banks and TPPPs • Several active and criminal investigations • Banks are self-disclosing problematic TPPP relationships • Banks are terminating TPPP relationships and scrutinizing scammer relationships • Internet payday lending – collateral benefits • Investigative support from USPIS, FBI, SIGTARP, USSS

  40. Regulatory Loophole • Treasury Department regulation amended in 2011 arguably excludes TPPPs from the definition of “money transmitter” and thus is not a Money Services Business (MSB) • A payment processor that originates tens of millions of dollars of debit transactions against consumer bank accounts on behalf of Internet and telemarketing merchants may not be an MSB and may not be required to register with FinCEN or comply with the BSA

  41. Payment Alternatives H. Blake Sims Hudson Cook, LLP

  42. Payment Alternatives • Cards (debit, credit, prepaid) • Check • Remotely-created check (RCC) • Electronic Payment Order (EPO) • Revocable Wage Assignment • Others: Direct Carrier Billing, Mobile Wallets

  43. Payment Alternatives - Cards • Credit/debit/prepaid cards • Card company rules and PCI compliance • Truncation (no more than the last 5 digits of a card number) • Debit card payments are covered by Reg. E (cannot condition the extension of credit) • Must run as a credit transaction for recurring payment because cannot hold PIN

  44. Payment Alternatives – Debit Cards • Single-initiated TEL entries  • Either record explicit oral authorization or provide, in advance of debit, written notice that confirms the oral authorization. • Recurring TEL entries • Must record explicit oral authorization and provide a written copy of the authorization.

  45. Payment Alternatives – Debit Cards Both Single/Recurring entries • The authorization must be readily identifiable as an authorization and must have clear and readily understandable terms. • Certain required minimum information must be included as part of the authorization (recommend scripts).  • Written notice confirming oral authorization must include, at a minimum, the pieces of information required to be included during the telephone call. Should disclose the method by which written notice will be provided if this option is used . • You must clearly state during the telephone conversation that the consumer is authorizing a debit entry to his account. The customer must explicitly express consent. Silence is not express consent.

  46. Payment Alternatives – Debit Cards • EFTA penalties • Actual Damages • Statutory damages • Individual action up to $1,000; • Class action up to $1,000 for each plaintiff, and $500,000 or 1% of net worth, whichever is less • Attorney fees • Court costs • Class actions • Possibly punitive damages under state law

  47. Payment Alternatives - Checks • Articles 3 & 4 of the UCC and Reg. CC • Electronic Check Clearing House Organization (ECCHO) – www.eccho.org • Personal Checks (manual deposit, Check 21, BOC) • Remotely-Created Checks (RCC) • Telemarketing Sales Rule • Requires authorization and printing of check • Cannot BOC • Reg. CC shifted bank warranties to depositor’s bank

  48. Payment Alternatives - Checks • Electronic Payment Order (EPO) • aka remotely-created electronic payment, e-check, or remotely-created payment order • Requires authorization but no check printed • Legal framework uncertain – do we apply check laws or EFTA? • Reg. CC – not addressed • Federal Reserve Operating Circular 3 – requires paper check; not eligible for check imaging, and Fed has no liability • ECCHO Rules – not an “item” under rules • May be deemed an EFT – CFPB interprets Reg. E • Federal Reserve has created a working group to study

  49. Payment Alternatives – Wage Assignment • FTC Credit Practices Rule - 16 CFR part 444.  • Allowed if revocable “at will” • Wage assignment should be clearly and conspicuously disclosed • Wage assignment should NOT insinuate it is a garnishment • Likely to draw close scrutiny from regulators • OLA “Best Practices” • State laws vary

  50. Payment Alternatives – Others • Direct Carrier Billing – consumers make a purchase and have the charge appear on a monthly wireless phone bill or deducted from their prepaid balance. • Ex. BillToMobile, etc. • FTC rules on “cramming” • Mobile Wallets – singular payment application that allows consumers to save and manage a variety of payment methods in one place. • Consumer payment credentials stored in a cloud-based vault • Ex. GoogleWallet, etc.

More Related