With regulators watching, 'It's not a question of if FTC regulations are coming, but when,' says one ATM CEO.
September 3, 2013
By Robin Arnfield
Contributing Writer
In May, the Brazilian government announced that Banco Central do Brasil will be responsible for regulating the nation's payments industry, including m-payments providers. By setting m-payments regulations in place while that market remains embryonic, the South American nation's stance contrasts with U.S. authorities' wait-and-see approach.
The Brazilian government outlined its proposed payments industry regulations in a bill published on May 20. It will create a new legal entity known as a "payments institution," which will be regulated by the Central Bank and allowed to offer m-payment and m-banking services to low-income consumers. Digital wallet providers, card issuers, banks, and mobile operators will be eligible to apply for payments institution licences.
The main goal of the bill is to promote financial inclusion. It also calls for common standards and interoperability between Brazil's various m-payments initiatives. But interoperability will not be mandatory, according to Camilo Tellez-Merchan, who leads the technology and business model innovation team for Brazil's Consultative Group to Assist the Poor.
"Interoperability is signaled as a goal further down the road, and any new (m-payment) service (that) receives a license will be required to have a clear roadmap of how it will eventually interoperate with the wider Brazilian financial ecosystem," Tellez-Marchan wrote in a CGAP blog post.
Tellez-Marchan's conversations with the BCB indicate that the bill seeks "to create the 'lightest' possible mechanism in terms of regulatory burden for commercial players, hoping it will translate into cheaper payment instruments that will reach low-income customers," he wrote.
The BCB had 180 days from the publication of the bill to develop the framework for its payments regulations, which will need approval by Brazil's Congress and the country's Conselho Monetário Nacional, or National Monetary Council.
"The Brazilian government's proposals are going through a lengthy review process," said Les Riedl, senior managing partner at the U.S.-based consultancy Bank Solutions Group.
European model
In choosing to allow non-bank m-payments entities, Brazil is following the European model, said Tristan Hugo-Webb, associate director of Mercator Advisory Group's International Service. The European Union allows non-banks such as prepaid card issuers and mobile operators to issue e-money to consumers under lighter regulations and lower capital requirements than financial institutions.
"The Brazilian authorities prefer to extend regulation to emerging technologies as they develop, in a similar manner to EU regulators, rather than create broad regulation after the technologies are fully in place like U.S. regulators," Hugo-Webb said. "By expanding the definition of a 'payment institution' to include firms that haven't traditionally provided financial services, the Brazilian government is creating a wide-reaching framework for all members of the payments industry to work and be regulated under. In the U.S., the authorities are still trying to determine what and who will fall under the payments provider definition, as the industry grows and more firms begin to offer payment and other financial services that traditionally haven't done so."
Riedl said it is easier for Brazil to centralize payments regulations than it is for the U.S., where the payments industry regulatory framework is more complex. "The U.S. payments industry is regulated through a combination of federal and state regulations, case law and protocols from self-regulating industry groups such as NACHA (the Electronic Payments Association) and the debit networks," he said.
Robert Courtneidge, global payments partner at the U.K.-based law firm Locke Lord, said U.S. regulators can move more quickly than their EU counterparts. "Once the Federal Reserve or the Federal Deposit Insurance Corp. has formulated a regulation, they can implement it very fast," he said. "By contrast, it takes the European Union a long time to implement regulation, as it has to gain the consent of the 29 member states."
The United States
Several U.S. regulators plan to get involved in regulating m-payments, including the Federal Reserve, the Federal Deposit Insurance Corp., the Office of the Comptroller of the Currency and the Consumer Federal Protection Bureau, said Steve Kenneally, vice president of the American Bankers Association's Center for Regulatory Compliance.
"Right now, U.S. regulators are taking a wait-and-see approach to the development of m-payments regulations," he said. "There is a lot of talk about m-payments, but not many m-payment transactions actually taking place in the U.S."
But as that usage grows, it will draw more attention from regulators, said Jordan McKee, a Yankee Group mobile analyst. The Federal Reserve, for example, is keeping a watchful eye on the evolution of m-payments, he said.
Currently, no U.S. regulations specifically govern m-payments. But to the extent that an m-payment transaction uses an existing payment method, such as ACH or EFT, the laws and regulations that apply to those methods also apply to the m-payment, the FDIC said in its Winter 2012 Supervisory Insights report.
"For example, a mobile payment funded by the user's credit card is covered by the laws and regulations governing traditional credit card payments," the FDIC said.
In June 2012, Marla Blow, the CFPB's assistant director, card and payment markets, told the House Financial Services Subcommittee on Financial Institutions and Consumer Credit that the CFPB "has a key role to play in the regulatory, supervisory and oversight regimes governing mobile payments."
Blow said the CFPB is committed to working closely with the FTC, the Federal Communications Commission, the FDIC, the Federal Reserve, the OCC, the Treasury Department's Financial Crimes Enforcement Network and state banking regulators on m-payments regulations.
In March, the FTC published "Paper, Plastic ... or Mobile?," a report on a workshop it held in April 2012 to discuss the effects of m-payments on consumers.
"The FTC's interest in mobile payments stems from its mandate to protect consumers in the commercial marketplace, as well as its broad jurisdiction over many of the companies that participate in the mobile payments ecosystem," the report said.
Specific topics highlighted in the report include concerns about m-payments users' privacy and security, as well as the need for effective m-payments transaction-dispute resolution.
In a Payments Journal blog posting, Daryl Cornell, president and CEO of Triton Systems, said the FTC report "should be a wake-up call to anyone in the industry who thinks that Federal regulation of the growing mobile payments industry is not imminent. ...This report would seem to indicate that it is not a question of if FTC regulations are coming, but when and which?"
Unified regulations
Kenneally said the ABA hopes U.S. regulators will work together to create a unified set of m-payments regulations, rather than piecemeal regulations. "We also want the regulators to require non-bank participants in m-payments, such as m-wallet providers, handset vendors and mobile carriers, to provide the same high level of security and privacy as banks are required to ensure," he said.
Under the Federal Reserve's Regulation E, he said, banks must compensate customers for fraud losses caused by security breaches at third parties such as merchants. "Banks don't want to be liable for fraud on their customers' accounts committed due to a lack of security by m-wallet providers or handset vendors," he said.
A May report by the Federal Reserve Banks of Boston and Atlanta, "U.S. Mobile Payments Landscape — Two Years Later," expressed concern that non-bank m-payments players may lack familiarity with existing U.S. payment and banking regulations such as the Bank Secrecy Act, KYC and AML laws, state money transmission license rules and risk-compliance requirements.
The report warns that m-payment app developers could potentially introduce risk into the payments industry. "Many mobile app developers are small and independent, and not as familiar with the regulations and risk management practices that characterize the financial services industry," it said. "Without some guidance and direction, mobile payment app developers could potentially create serious consumer payment vulnerabilities."
Learn more about regulatory issues.
Cover image: brad turville
Triton FI based products • NO Windows 10™ Upgrade • Secured locked down system that is virus/malware resistant • Flexible configurations - Drive-up and Walk-up • Triton's high security standards • NFC, anti-skim card reader, IP camera and level 1 vaults are all options • Triton Connect monitoring • Lower cost