1 / 20

Your Cell Phone As Your Wallet – Regulation Of Mobile Financial Transactions

Your Cell Phone As Your Wallet – Regulation Of Mobile Financial Transactions. By Brad Slutsky General Counsel, Firethorn Holdings, LLC 25th Annual Technology Law Institute October 22, 2010. Overview. Technology overview Applicable laws, regulations, and rules

ananda
Download Presentation

Your Cell Phone As Your Wallet – Regulation Of Mobile Financial Transactions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Your Cell Phone As Your Wallet –Regulation Of Mobile Financial Transactions By Brad Slutsky General Counsel, Firethorn Holdings, LLC 25th Annual Technology Law Institute October 22, 2010

  2. Overview • Technology overview • Applicable laws, regulations, and rules • Laws, regulations, rules on the horizon

  3. Card Act – Gift Cards • Must disclose all service fees prior to purchase (may not be changed after purchase) • Required disclosures on card: fees; expiration date (or lack thereof); toll-free number (and website if available) for fee/replacement information • No service fees unless card has been inactive for at least 12 months • Limit of one fee per month • Funds must be good for at least 5 years

  4. Bank Secrecy Act • The Bank Secrecy Act, 31 U.S.C. §5311-§5330, was enacted to • deter money laundering and the use of secret foreign bank accounts, • create an investigative paper trail for large currency transactions by establishing regulatory reporting standards and requirements, and • improve detection and investigation of criminal, tax and regulatory violations. • BSA regulates financial Institutions and Money Service Businesses, requiring them to put into place an AML compliance program, and imposes fines and penalties for noncompliance • Key aspects of regulatory compliance, include: • Minimum Standards and Policies, which clearly set out philosophy on crime prevention and business requirements. • Strong "Know Your Customer" checks to identify and exclude known criminals and be sure you know the real identities of customers. • Robust training program for all staff. • Processes (typically automated) to monitor the activities on customer accounts to identify suspicious activity and to check incoming and outgoing payments for unauthorized transactions and to enable reports to be made to relevant authorities. • Retention of customer files and records of transactions for required statutory periods.

  5. Money Services Business • What is an MSB? • A non-bank entity that facilitates transactions between consumers and their financial institutions may be a MSB • The Financial Crimes Enforcement Network of the U.S. Treasury (“FinCEN”), which regulates MSBs at the federal level, has issued a number of rulings that have narrowed the definition of funds transmission to exclude, for example • merchant payment processors, and • a company acting as a mechanism to provide merchants a “portal” to a financial institution. • In these rulings, FinCEN has provided guidance that makes the acceptance of customer funds to be an essential test for finding an entity to be a funds transmitter.

  6. State Money Transmitter Laws • Entities engaged in the sale or issuance of payment instruments, receiving money for transmission or transmitting money to any location may be regulated by states under money transmission laws • Some 47 states and the District of Columbia have money transmitter laws that require companies engaged in funds transmission to register and post bonds • State laws are designed to protect the public by ensuring that businesses that accept cash in the state are licensed and bonded to protect consumers against loss, e.g. Western Union • State laws governing gift cards and stored value cards typically apply only to the issuers of those cards and financial institutions associated with the issuers; • Laws may also apply to marketers of stored value cards which are selling such cards • There is no standard definition of funds transmission under state law. • Most of the laws apply only to entities that themselves sell or issue payment instruments, or accept or receive funds from customers in the state and transmit them elsewhere.

  7. Get To Know Me … • Know Your Customer, or KYC, arises out of 9/11 and refers to the regulatory compliance mandate imposed on financial service providers to implement a customer identification program and perform due diligence checks before doing business with a person or entity. • US KYC regulations are mandated under the BSA and the Patriot Act, OFAC regulations, FSA Money Laundering Directives, and other regulations • Purpose is to prevent identity theft fraud, money laundering and terrorist financing • In order to meet KYC compliance requirements, financial institutions must: • Verify that customers are not or have not been involved in illegal activities such as fraud, money laundering or organized crime • Verify a prospective client’s identity • Maintain proof of the steps taken to identify their identity • Establish whether a prospective customer is listed on any sanctions lists in connection with suspected terrorist activities, money laundering, fraud or other crimes.

  8. OFAC • U.S. Department of the Treasury Office of Foreign Assets Control (“OFAC”) prohibits All U.S. persons from processing any transactions with sanctioned countries or that involve prohibited persons on the Specially Designated Nationals List (“SDN List”). • e.g, Cuba, Cote d'Ivoire, Iran, North Korea, Sudan, Liberia, Zimbabwe, Syria and Burma • OFAC administers a number of U.S. economic sanctions and embargoes that target these countries • Prohibitions are varied, broad, and include prohibitions on • dealing in the property of listed countries • on the export of services, and • the facilitation of transactions • Strict liablity for any OFAC violations; enforcement activity is robust. • “Property,” as defined in OFAC regulations, includes most products that financial institutions offer to their clients. • Financial institutions generally screen account beneficiaries upon account opening, while updating account information, when performing periodic screening, and upon disbursing funds. • Most financial institutions use compliance software, which OFAC views as a good faith compliance effort • No OFAC public guidance on mobile wallet “conduits” • Reduce OFAC risk through seeking indemnifications from customers or undertaking own OFAC screening

  9. PCI • The payment card industry (PCI) compliance and validation rules apply to financial institutions, Internet vendors and retail merchants. • The rules spell out what security measures must be taken to protect payment account data and any transaction occurring with the use of a paycard. They also require certain auditing procedures. • Build and Maintain a Secure Network • Requirement 1: Install and maintain a firewall configuration to protect cardholder dataRequirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters • Protect Cardholder Data • Requirement 3: Protect stored cardholder dataRequirement 4: Encrypt transmission of cardholder data across open, public networks • Maintain a Vulnerability Management Program • Requirement 5: Use and regularly update anti-virus softwareRequirement 6: Develop and maintain secure systems and applications • Implement Strong Access Control Measures • Requirement 7: Restrict access to cardholder data by business need-to-knowRequirement 8: Assign a unique ID to each person with computer accessRequirement 9: Restrict physical access to cardholder data • Regularly Monitor and Test Networks • Requirement 10: Track and monitor all access to network resources and cardholder dataRequirement 11: Regularly test security systems and processes • Maintain an Information Security Policy • Requirement 12: Maintain a policy that addresses information security

  10. Remittances • Remittances to foreign countries (Wall Street Reform and Consumer Protection Act) • Clear and conspicuous disclosures required: • In advance of the transaction: amount the recipient will receive, amount of the transfer and fees, and the exchange rate used • At the time the sender pays: • Receipt showing those transaction amounts; the promised delivery date; name of recipient; and address or phone number of the recipient (if provided by the sender). • Statement containing information on error resolution rights, and contact information for the remittance transfer provider, its state regulator and the FRB • Disclosures to be made in English and in each of the foreign languages principally used by the provider, or any of its agents, to advertise/market/solicit, in writing or orally, at that office • Prominent posting and updating of model remittance transfer(s) with transaction amounts at storefront locations • Comparable notice on remittance transfer provider’s home page

  11. Remittances • Error resolution requirements: • Sender has 180 days from the delivery date to report an error. • Remittance transfer provider has 90 days to resolve the error. • This section does not affect applicability of certain other laws, including the Bank Secrecy Act and implementing regulations –these remittance transfers are still subject to the Funds Transfer Rule and Travel Rule recordkeeping requirements. • Expansion of the ACH system – FRB to work with the Federal Reserve Banks and Treasury to expand the use of the ACH system and other payment mechanisms for remittance transfers to foreign countries, with a focus on countries that receive significant remittance transfers.

  12. Durbin Amendment(to the Dodd–Frank Wall Street Reform and Consumer Protection Act) • Fed to establish standards for “reasonable and proportionate” interchange for debit and open loop prepaid cards (not credit) • Standards to be based on actual costs of transaction authorization, processing and settlement • Exclusions • Cards issued by banks with less than $10 billion in assets • Government benefit cards and reloadable general use prepaid cards • Without overdraft fees, and • That allow 1 free ATM transaction a month • Prohibits an issuer or payment card network from restricting the number of payment networks through which an electronic payment transaction can be processed to less than two • Prohibits any issuer or payment network from inhibiting the ability of any merchant to direct the routing of electronic debit transactions over any available payment card network • Minimum Restrictions (credit cards only) - Allows merchants to set “minimums” of no more than $10 for card purchases • Maximum Restrictions (credit cards only) - Prohibits Federal agencies and institutions of higher learning from capping maximum transactions

  13. Card Act – Loyalty / Award / Promotional Cards • Disclose on front of card that it is issued for loyalty / award / promotional purposes • Disclose on front or back toll free number (and website if available) where consumer can obtain information about the card • Disclose fees on card or in materials with card

  14. State Cash Back Laws • States with Cash-Back Laws: California, Colorado, Maine, Massachusetts, Montana, Rhode Island, Vermont and Washington • Bills: CA SB 885; IL HB 0339; LA B 342 • “A purchaser or holder of a gift certificate which, by its terms, prohibits the purchaser or holder from adding value thereto and which has been redeemed for at least 90 per cent of its face value shall make an election to receive the balance in cash or continue using the gift certificate. A purchaser or holder of a gift certificate which, by its terms, authorizes the purchaser or holder to add value thereto and which has been redeemed in part, such that the value remaining is $5.00 or less, shall make an election to receive the balance in cash or continue using the gift certificate.” (MGL Ch. 200A § 5D) • Distinction between “Cash” and “Checks” • Cash typically expands beyond currency. See IRS Form 8300, California Statutes

  15. Privacy (US) • Consumer privacy laws govern how businesses maycollect, use, and disclose PII of existing and prospective customers • The FTC Act provides the FTC with authority to regulate consumer privacy • Other Federal laws imposing privacy standards • Gramm-Leach Blilely Act – Financial Institution • HIPAA -- Healthcare • FTC general standards • Consumers have a right to notice concerning how an entity collects and uses PII • Privacy Policy accessible via link • Should include process for submitting questions • Consumers have a right to choices regarding an entity’s use of their PII beyond use necessary to complete a transaction • Opt-ins and opportunity not to proceed • Consumers have a right to access their own PII and contest the accuracy and completeness of their PII • Businesses should implement reasonable measures (technical and managerial) to protect the security of PII • Enforcement mechanisms should be in place for regulatory compliance failures • Sears FTC Consent Order • Cal Bus & Prof Code 22575-22579

  16. Privacy (EU) • European Data Privacy Directive • Notice—data subjects should be given notice when their data is being collected • Purpose—data should only be used for the purpose stated and not for any other purposes • Consent—data should not be disclosed without the data subject’s consent • Security—collected data should be kept secure from any potential abuses • Disclosure—data subjects should be informed as to who is collecting their data • Access—data subjects should be allowed to access their data and make corrections to any inaccurate data • Accountability—data subjects should have a method available to them to hold data collectors accountable for following the above principles

  17. Bureau of Consumer Financial Protection • Empowered to prohibit a covered person or service provider from committing or engaging in an unfair, deceptive or abusive act or practice • A “covered entity” is: • Any person who engages in offering or providing a consumer financial product or service. • Specifically includes selling, providing or issuing “stored value” • Retailers who sell cards only covered if they have substantial control over the terms • Entities that provide a material service to a covered person in connection with the offering or provision of the product or service (processors, program managers) • An “unfair” activity is likely to cause substantial injury to consumers, which is not reasonably avoidable by consumers, and the substantial injury is not outweighed by countervailing benefits. • An “abusive” activity either (a) materially interferes with a consumer’s ability to understand a term or condition of a stored value product or service or (b) takes unreasonable advantage of a consumer’s lack of understanding, inability to protect his/her interests, or reasonable reliance on a covered person.

  18. Coming Soon • Extension of Reg E to Other Prepaid cards • Dodd-Frank Durbin Amendment Regulations • Dodd-Frank Bureau of Consumer Financial Protection Regulations • Final FinCEN Anti-money laundering regulations • Other possible federal regulation: cross-border restrictions, personal data protection, government benefits cards, “Menendez Bill” • Increasing state laws

More Related