Take-Aways from the ACI’s 11th National Forum on Prepaid Card Compliance
Late last month, Baird Holm attorneys attended the American Conference Institute’s 11th National Forum on Prepaid Card Compliance (the “Conference”). Below is a summary of key discussions and points of interest overheard at the Conference.
CFPB’s Proposed Rule Continues to Dominate Conversation
Not surprisingly, the Conference’s hottest topic of conversation was the proposed rule for prepaid accounts promulgated by the Consumer Financial Protection Bureau (“CFPB”) this past November. Panelists and attendees alike expressed concerns regarding several provisions of the proposed rule. In particular, Conference goers were concerned with the proposed application of provisions of Regulation Z and the CARD Act relating to credit cards, to “force-pay” transactions. “Force-pay” transactions when a consumer has sufficient or available funds in their prepaid account to cover the amount of a transaction at the time the transaction is authorized, but insufficient or unavailable funds in their prepaid account to cover the amount of the same transaction at the time it is paid. Existing network rules make these transactions impossible to prevent. This fact, along with the ambiguous definition of “finance charges” in the proposed rule, would mean that all prepaid cards contain “credit features” and therefore Regulation Z and CARD Act protections would apply. Another concern expressed by Conference goers was the proposed coverage of the rule. Specifically, aside from traditional prepaid account products, the proposed rule would cover person-to-person payment platforms and, potentially, virtual currency products as well. Conference goers felt this was a striking departure from the CFPB’s previous rulemakings, where no indication was given that such products, particularly person-to-person payment platforms, would be covered by a final rule. Finally, a great deal of concern was expressed over the costs of complying with, and the consumer confusion created by, the requirement for issuers of prepaid accounts to post all prepaid program agreements and submit those agreements to the CFPB for further public posting.
For its part, the CFPB, in its own panel, stated that it welcomed comments on all provisions of the rule. The CFPB stressed, however, that comments expressing concerns over burdens imposed on businesses by the proposal should be backed up with substantive data and analysis.
Regulators Stress the Importance of a Culture of Compliance
A recurring theme with regulators attending the Conference was the importance of financial service business to develop and maintain a culture of compliance. Regulators went so far to state that, in conducting examinations, a culture of compliance was the chief element for which examiners were searching. As an example of what constitutes a good culture of compliance, regulators pointed to the process a company employs in developing new products. According to the regulators, an indicator of a strong culture of compliance is involving BSA/AML Officers and personnel at the product development stage. By contrast, regulators cited companies that seek input from their BSA/AML Officer and related personnel after a product has already been developed as an example of a weak culture of compliance.
Other Notable Items from the Conference
The panelists and Conference goers also offered up interesting tidbits of information on prepaid card compliance in general, including the following:
- The chief danger of incurring an Unfair, Deceptive, or Abusive Acts and Practice (“UDAAP”) violation now stems from the potential unfairness or abusiveness of a company’s operations, as opposed to its disclosures and marketing.
- Imposing too many barriers in front of a consumer before investigating a claim of unauthorized use or fraud could constitute a UDAAP violation.
- An important tool in fraud prevention is tracking and monitoring cell phones. Law enforcement officers attending the conference noted that, while a fraudsters address often changes, their cell phone does not.
- Regulators expect companies to undergo extensive risk assessments and to be able to point to their highest risk customers and transactions as well as the steps the companies take to mitigate or eliminate this risk.