Upload
aquila-townsend
View
43
Download
6
Embed Size (px)
DESCRIPTION
Legal and Regulatory Track Payments: Getting and Maintaining a Bank Relationship Moderator : Jennifer Galloway , Jennifer Galloway, PA Panelists : Kirk Chewning , Strategic Link Consulting Mark Murphy , Sandberg Phoenix & von Gontard PC Rick Eckman , Pepper Hamilton - PowerPoint PPT Presentation
Citation preview
Legal and Regulatory Track
Payments: Getting and Maintaining a Bank Relationship Moderator: Jennifer Galloway, Jennifer Galloway, PA Panelists: Kirk Chewning, Strategic Link Consulting Mark Murphy, Sandberg Phoenix & von Gontard PCRick Eckman, Pepper HamiltonBlake Sims, Hudson Cook
Outline• OLA Payments best practices • ACH processing in the current
environment • Payments compliance and alternatives
OLA Payment Best Practices & Reporting
Presented By: Kirk Chewning
1.Lenders, processors and their agents shall develop and maintain timely postings of returns information
2.Lenders shall provide consumers an alternative to ACH debiting. These alternatives shall be provided both when the customer is current and in collection stages. Such alternatives may include paper check, debit card, money order, or other means.
3. All customers must have the right to rescind the loan and the ACH authorization within one (1) business day of the loan approval so long as the customer returns the funds within 24 hours of the rescission
4. Lenders will follow all NACHA presentment rules – one original presentment plus only two re-presentments on each original payment.
OLA Best Practices
5. Lenders will not process multiple ACH debit attempts to an individual loan on the same effective date (No ACH Split Payments) unless expressly authorized by (expressly requested by) the customer
6. Lenders shall charge only one NSF fee per original loan payment
7. All authorizations for recurring debits shall be secured in accordance with NACHA rules, the Electronic Funds Transfer Act and Regulation E. This shall include securing authorization for recurring debits in writing and signed or similarly authenticated by the consumer:
1. Authorization can be electronic2. Authorization must be retained and a copy provided to borrower3. Must include the five essential elements defined by NACHA rules
8. Lenders shall transfer PII data using TPS and TPP security protocols to ensure no inappropriate passing of data.
OLA Best Practices (Continued)
9. All parties will comply with the new NACHA Rule 2.3.4 which requires the ODFI to ensure that originators and third-party senders do not share account/routing numbers for the purpose of initiating debit entries that are not covered by the original authorization
10.Lenders shall not ACH debit a consumer unless they have a valid authorization with the proper ABA and account information. Lenders shall not use new bank account information that the merchant sourced from the marketplace on the consumer, or in other words, Lenders shall only debit consumers for the account listed on the valid authorization.
11.Lenders shall not use RCCs and RCPOs in their normal course of business unless formally requested and proper consumer authorization has been secured.
12. Lenders shall provide their payment processors and the sponsoring ODFI signed payment authorizations for all R10’s and R29’s returns within 24 hours of the request for such documentation.
OLA Best Practices (Continued)
13.Lenders shall provide Proof of Authorizations to be delivered to TPP within 24 business hours of the request
14. Lenders shall maintain all Proof of Authorization for all unauthorized transactions in a segregated manner and shall be be delivered to TPP within 4 business hours, upon request
OLA Best Practices (Continued)
RETURNS TESTS
General Guidance
Any merchant’s (lender’s) third party processor has the ultimate responsibility and authority to establish, monitor and adjudicate the rate of returns of all types and codes. The processor is the gateway to the ODFI bank partner and obligated to comply not only with federal regulatory standards but those established by NACHA. Notwithstanding this ultimate authority, both merchants (lenders) and processors are well advised to closely jointly monitor return rates of all types on a constant and continual basis. In the event a merchant’s processor or bank does not frequently, proactively provide return code analysis by ABA, merchants (lenders) should ask their processor to do so on a monthly basis, and to review those data with recommendations to control return rates under levels acceptable to NACHA.
Testing
Lenders/Merchants shall at a minimum test their portfolios monthly to generate the results of the previous month using the following tests on the next few pages. In the event that any merchant is out of the best practice realm they should work closely with their processor(s) and internal staff to correct lack of compliance swiftly. Regulators, Processors and other payment experts recommend daily and weekly review of these thresholds. They feel that not only will it make the relationship better with processors and ODFI but also make the product better for consumers and in some cases reduce default and fraud.
OLA Best Practices Return Testing
Test 1: Best Practice #15 - The total count of all returns (all codes) shall not be greater than 30% of total debits processed as computed by the effective dates of the corresponding debits.
Test 2: Best Practice #16 – The total count of all NSF Returns (R01 & R09) shall not be greater than 25% of total debits processed as computed by the effective dates of the corresponding debits.
Test 3: Best Practices #17 – Lenders shall have an administration return code less than or equal to 4.0% of total debits processed as computed by the effective dates of the corresponding debits. Admin <= 4% (R02, R03, R04)
Test 4: Best Practice #18 - All R05, R07, R10, R29, and R51’s (negative chargeback returns) shall not to be greater than 0.5% of total debits processed as computed by the effective dates of the corresponding debits. (It is understood that NACHA’s current requirement is 1.0% or less than)
Test 5: Best Practices #19 – Lenders shall have a corrections (C Codes) of less than or equal to 0.40% of total debits processed as computed by the effective dates of the corresponding debits. Corrections <= 0.40% (any C code).
Return Test Rules
OLA Best Practices Return Testing
Test 6: Best Practice #20 - The total of all R01 and R09 (insufficient fund returns) shall be greater than 75% of the total returns for the merchant as computed by the effective dates of the corresponding debits.
Test 7: Best Practice #21 - Lenders shall review individual ABA numbers which have an extremely high return percentage of the total transactions processed during any given thirty day period. For any ABA numbers that represent greater than 1.5X the merchants average return % (ABA returns vs. ABA debits) and if the merchant submitted more than 15 returns per month with the said ABA then Lenders will take the following measures:
a) Closely evaluate the applicant pre-approval, risk management and underwriting means and methods being used in comparison the industry best practices and the state of the art methods available from third party providers of consumer data, and promptly institute such improved measures.
b) Discuss with the processor recommendations for controlling returns.c) In the event return rates do not fall into line with industry practices and NACHA
guidelines, the lender is advised to cease funding loans from any such ABA
Test 8: Best Practice #22 - Lenders shall review and promptly modify their approval and risk management practices for any individual ABA numbers for which more than 15 returns have been processed during the prior calendar month in order to ensure no single ABA number represents negative chargeback returns greater than 1.5% of total debits for said ABA as computed by the effective dates of the corresponding debits.
OLA Best Practices Return Testing
ACH Portfolio Test ReportSeptember 1, 2013 - September 30, 2013 Test 1: Best Practice #15 The total count of all returns (all codes) shall not be greater than 30% of total debits processed as computed by the effective dates of the corresponding debits. Test Results:
MERCHANT DEBITS RETURNSRETURNS_VS_DEB
ITS
ABC Company 75,056
9,728 13.0%
XYZ Company 76,808
10,644 13.9%
TOTAL
151,863
20,372 13.4% Test 2: Best Practice #16 The total count of all NSF Returns (R01 & R09) shall not be greater than 25% of total debits processed as computed by the effective dates of the corresponding debits. Test Results:
MERCHANT DEBITS RETURNSRETURNS_VS_DEB
ITS
ABC Company 75,056
8,085 10.8%
XYZ Company 76,808
8,683 11.3%
TOTAL
151,863
16,767 11.0%
Merchant Reporting Example - Return Testing
ACH Portfolio Test ReportSeptember 1, 2013 - September 30, 2013 Test 3: Best Practice #17 Lenders shall have an administration return code less than or equal to 4.0% of total debits processed as computed by the effective dates of the corresponding debits. Admin <= 4% (R02, R03, R04) Test Results:
MERCHANT DEBITS ADMIN R02 R03 R04ADMIN_VS_DE
BITSABC Company
75,056
777
703
64
10 1.04%
XYZ Company
76,808
997
887
96
14 1.30%
TOTAL
151,863 1,775
1,590
160
25 1.17%
Merchant Reporting Example - Return Testing
Test 4: Best Practice #18 All R05, R07, R10, R29, and R51’s (negative chargeback returns) shall not to be greater than 0.5% of total debits processed as computed by the effective dates of the corresponding debits. (It is understood that NACHA’s current requirement is 1.0% or less than) Test Results: MERCHANT DEBITS NCB R05 R07 R10 R29 R51 NCB_VS_DEBITSABC Company
75,056
85 0 39 45.5 0 0 0.113%
XYZ Company 76,808
75 0 31.2 44.2 0 0 0.098%
TOTAL
151,863
160 0 70.2 89.7 0 0 0.105% Test 5: Best Practice #19 Lenders shall have a corrections (C Codes) of less than or equal to 0.40% of total debits processed as computed by the effective dates of the corresponding debits. Corrections <= 0.40% (any C code). Results No Correction codes found
Merchant Reporting Example - Return Testing
Test 6: Best Practice #20 The total of all R01 and R09 (insufficient fund returns) shall be greater than 75% of the total returns for the merchant as computed by the effective dates of the corresponding debits. Test Results
MERCHANT RETURNS NSFNSF_VS_RETU
RNS ABC Company
9,728
8,085 83.1%
XYZ Company
10,644
8,683 81.6%
TOTAL 20,372
16,767 82.3%
Merchant Reporting Example - Return Testing
Test 7: Best Practice #21 Lenders shall review individual ABA numbers which have an extremely high return percentage of the total transactions processed during any given thirty day period. For any ABA numbers that represent greater than 1.5X the merchants average return % (ABA returns vs. ABA debits) and if the merchant submitted more than 15 returns per month with the said ABA then Lenders will take the following measures: * Closely evaluate the applicant pre-approval, risk management and underwriting means and methods being used in comparison the industry best practices and the state of the art methods available from third party providers of consumer data, and promptly institute such improved measures. * Discuss with the processor recommendations for controlling returns. * In the event return rates do not fall into line with industry practices and NACHA guidelines, the lender is advised to cease funding loans from any such ABATest Results:MERCHANT ABA DEBITS RETURNS RETURNS_VS_DEBITS MERCH_AVE_X_150
ABC Company 75,056 9,728 13.0% 19.4%XYZ Company 76,808 10,644 13.9% 20.8%TOTAL 151,863 20,372 13.4% 20.1% ABA with 15 or more Returns for Test 7 MERCHANT ABA DEBITS RETURNS RETURNS_VS_DEBITS MERCH_AVE_X_150ABC Company 314074269 796 205 25.8% 22.4%ABC Company 226078036 613 178 29.0% 22.4%ABC Company 256074974 412 93 22.6% 22.4%
Merchant Reporting Example - Return Testing
Test 8: Best Practice #22 Lenders shall review and promptly modify their approval and risk management practices for any individual ABA numbers for which more than 15 returns have been processed during the prior calendarmonth in order to ensure no single ABA number represents negative chargeback returns greater than 1.5% of total debits for said ABA as computed by the effective dates of the corresponding debits. MERCHANT ABA DEBITS RETURNS NCB NCB_VS_DEBITSABC Company 123556667 498 107 11 2.2%XYZ Company 344445556 256 46 4 1.6%Total 754 153 15 1.99%
ABA with 15 or more Returns for Test 8 - Lenders shall review and promptly modify their approval and risk management practices for any individual ABA numbers for which more than 15 returns have been processed during the prior calendar month in order order to ensure no single ABA number represents negative chargeback returns greater than 1.5% of total debits for said ABA as computed by the effective dates of the corresponding debits. MERCHANT ABA Debits Return NCB NCB_VS_DEBITSABC Company 253177049 304 62 7 2.3%ABC Company 063104668 149 26 3 2.0%ABC Company 021001088 107 20 2 1.9%
Merchant Reporting Example - Return Testing
Questions?
Thank you
OLA Best Practices:
Payments A Closer Look
Presented by: Mark Murphy
Timely Postings
•Policies must prevent delay and/or incorrect application of payments.
•Payments must be posted upon receipt.
Payment Options
•The alternative must be provided when customer is current or in collection.
•Lenders must provide an alternative to ACH debiting.
•Alternatives may include: paper check, debit card, money order or other means.
Electronic Payment Authorization
•One Time Debits: Notice of amount and date required. Notice in loan agreement is sufficient.
•Recurring Debits: Written authorization required, containing amount or range of amounts, and dates. Paper or electronic form acceptable. Retain copy and give copy to consumer.
•Unauthorized Debits: Lenders and processors must ensure any unauthorized debit is quickly identified and reversed.
ReportingOur best fraud prevention tool: Reporting of current and prior loan activity that is Timely, Accurate and Complete.
•Report within 30 days after furnishing the negative information to the CRA.
•Furnisher has a duty to correct the information and thereafter furnish only complete and accurate information.
•Furnisher must reinvestigate, and must complete the investigation within 30 days.
•Furnisher must notify any CRA to which it furnished inaccurate information and provide any information necessary to correct
Repayment Options•The Consumer must be made aware of repayment options at the time they enter into the Loan.
•When a Lender learns that a Consumer is unable to repay at original terms, Members should offer repayment plans that provide flexibility based on Consumer’s circumstances.
Returns
•High rate of returns indicates failures in processes for obtaining proper authorizations, or may indicate incidents of fraud.
•Depository institutions may take action to close a Lender’s account due to high rate of returns, harming the Lender’s relationship with the depository institution and ability to process payments.
•Returns occur when a Consumer believes a debit is unauthorized and asks for the debit to be reversed.
Identifying and Dealing with Returns
•Stop processing any debits or credits for accounts when ACH Negative Return Codes appear. ACH Negative Return Code processing: R2, R3, R4, R5, R7, R8, R10, R16, R20, R29.
•For all R10 and R29 (Chargeback where customer flags as unauthorized):• Show ACH processor authentication and authorization documents, and• Ensure no additional transactions are completed on the account.
•Block any ABA number/bank with an extremely high return percentage, which in general is 30% or more of total debits. Only exception: Consumer proves that ABA or DDA at the ABA is a valid account, allow debits for only that situation.
Third-Party Payment Processors
& ComplianceRichard P. Eckman
Partner, Pepper Hamilton LLP
Third-Party Payment Processors
• TPPPs: What are they?• A deposit customer that uses its banking
relationship to process payments for merchant clients
• Merchant Clients• Legitimate?• High Risk• Illegal
Warning Signs/Red Flags• Consumer complaints (i.e., unauthorized,
misrepresented, merchant strong-armed consumer into providing account information
• High rates of unauthorized returns/charge backs• TPPPs have been targeting problem institutions
with the promise of income and capital• TPPP likely to use more than one financial
institution to process payments, and activity may periodically move among institutions
Enhanced Due Diligence
• Policies and procedures• Know your TPPPs’ customers• Develop a processor approval program that
extends beyond credit risk management• Perform background checks on TPPPs and
merchant clients• Authenticate the TPPPs business operations and
assess the risk level
Enhanced Due Diligence (cont.)
• Review promotional materials, including websites, to determine target clientele
• Identify processors’ major customers• Review corporate documentation• Visit business operations center• Review information of merchant clients; the
principle business activity; geographic location; and sales techniques
Ongoing Monitoring Systems• Monitoring high rates of return• Setting return rate thresholds• Setting transaction volume limits• Auditing third-party processors’ programs• Monitoring reserve adequacy• Monitoring consumer complaints about merchant
clients on internet blogs and industry databases• Developing contract language addressing access to
records, conditions requiring account closing, and reserve adequacy
Potential Supervisory Responses• May require the bank to terminate the relationship with
the high-risk TPP• Informal enforcement actions• Formal enforcement actions• Civil money penalties• Section 5 of the FTC Act
Unfair or Deceptive Practices?• A bank may be viewed as facilitating a TPPP’s or a
merchant’s fraudulent or unlawful activity• Section 5(a) of the FTC Act prohibits “unfair or
deceptive acts or practices affecting commerce” and applies to all persons engaged in commerce, including banks
• Authority under Section 8 of the FDI Act to take appropriate action when unfair or deceptive acts or practices are uncovered
Examining Guidance• Verify the bank’s due diligence and underwriting• Review the bank’s controls, policies and procedures
for high-risk accounts• If you find suspicious activity:
• Gather information to support your findings• Escalate findings to your superiors• Communicate to the bank the seriousness of potentially
facilitating consumer fraud• Encourage the bank to file a SAR and to contact law
enforcement
Red Flags• High return rates• Merchants selling questionable products and services• 100% refund policy• Prior civil, criminal and regulatory actions against
processor or its principals• Consumer and other bank complaints• Inquiries from law enforcement
A Simple Proposition• Mass-market scammers need access to payment systems
(RCCs, ACH, CC) to take consumers’ money. Without bank access there are no unauthorized withdrawals.
• Banks are stationary (no “whack-a-mole”), regulated and are concerned about reputational risk.
• Banks already are required to have systems in place to prevent criminals from accessing the banking system.
• Cutting off the scammers’ access to the payment systems is relatively efficient and fast, and protects consumers prospectively as we investigate.
Important Steps Forward• Guidance to banks from FDIC, OCC and FinCEN• United States v. First Bank of Delaware• Financial Fraud Enforcement Task Force/Consumer
Protection Branch efforts to choke off fraudsters’ access to payment systems (DOJ, FTC, FDIC-OIG, USPIS, FBI and others)
• May 21, 2013: FTIC Notice of Proposed Rulemaking would ban the use of RCCs in connection with telemarketing
Operation Choke Point, So Far• More than 50 subpoenas issued to banks and TPPPs• Several active and criminal investigations• Banks are self-disclosing problematic TPPP
relationships• Banks are terminating TPPP relationships and
scrutinizing scammer relationships• Internet payday lending – collateral benefits• Investigative support from USPIS, FBI, SIGTARP,
USSS
Regulatory Loophole• Treasury Department regulation amended in 2011
arguably excludes TPPPs from the definition of “money transmitter” and thus is not a Money Services Business (MSB)
• A payment processor that originates tens of millions of dollars of debit transactions against consumer bank accounts on behalf of Internet and telemarketing merchants may not be an MSB and may not be required to register with FinCEN or comply with the BSA
Payment AlternativesH. Blake Sims
Hudson Cook, LLP
Payment Alternatives
• Cards (debit, credit, prepaid)
• Check
• Remotely-created check (RCC)
• Electronic Payment Order (EPO)
• Revocable Wage Assignment
• Others: Direct Carrier Billing, Mobile Wallets
Payment Alternatives - Cards
• Credit/debit/prepaid cards
• Card company rules and PCI compliance
• Truncation (no more than the last 5 digits of a card number)
• Debit card payments are covered by Reg. E (cannot condition the extension of credit)
• Must run as a credit transaction for recurring payment because cannot hold PIN
Payment Alternatives – Debit Cards
• Single-initiated TEL entries
• Either record explicit oral authorization or provide, in advance of debit, written notice that confirms the oral authorization.
• Recurring TEL entries
• Must record explicit oral authorization and provide a written copy of the authorization.
Payment Alternatives – Debit Cards
Both Single/Recurring entries
• The authorization must be readily identifiable as an authorization and must have clear and readily understandable terms.
• Certain required minimum information must be included as part of the authorization (recommend scripts).
• Written notice confirming oral authorization must include, at a minimum, the pieces of information required to be included during the telephone call. Should disclose the method by which written notice will be provided if this option is used .
• You must clearly state during the telephone conversation that the consumer is authorizing a debit entry to his account. The customer must explicitly express consent. Silence is not express consent.
Payment Alternatives – Debit Cards
• EFTA penalties
• Actual Damages
• Statutory damages
• Individual action up to $1,000;
• Class action up to $1,000 for each plaintiff, and $500,000 or 1% of net worth, whichever is less
• Attorney fees
• Court costs
• Class actions
• Possibly punitive damages under state law
Payment Alternatives - Checks
• Articles 3 & 4 of the UCC and Reg. CC
• Electronic Check Clearing House Organization (ECCHO) – www.eccho.org
• Personal Checks (manual deposit, Check 21, BOC)
• Remotely-Created Checks (RCC)
• Telemarketing Sales Rule
• Requires authorization and printing of check
• Cannot BOC
• Reg. CC shifted bank warranties to depositor’s bank
Payment Alternatives - Checks
• Electronic Payment Order (EPO)
• aka remotely-created electronic payment, e-check, or remotely-created payment order
• Requires authorization but no check printed
• Legal framework uncertain – do we apply check laws or EFTA?
• Reg. CC – not addressed
• Federal Reserve Operating Circular 3 – requires paper check; not eligible for check imaging, and Fed has no liability
• ECCHO Rules – not an “item” under rules
• May be deemed an EFT – CFPB interprets Reg. E
• Federal Reserve has created a working group to study
Payment Alternatives – Wage Assignment
• FTC Credit Practices Rule - 16 CFR part 444.
• Allowed if revocable “at will”
• Wage assignment should be clearly and conspicuously disclosed
• Wage assignment should NOT insinuate it is a garnishment
• Likely to draw close scrutiny from regulators
• OLA “Best Practices”
• State laws vary
Payment Alternatives – Others
• Direct Carrier Billing – consumers make a purchase and have the charge appear on a monthly wireless phone bill or deducted from their prepaid balance.
• Ex. BillToMobile, etc.
• FTC rules on “cramming”
• Mobile Wallets – singular payment application that allows consumers to save and manage a variety of payment methods in one place.
• Consumer payment credentials stored in a cloud-based vault
• Ex. GoogleWallet, etc.
Contact Information
H. Blake Sims
Hudson Cook, LLP
6005 Century Oaks Drive, Suite 500
Chattanooga, TN 37416
423.490.7563 (direct)
Legal Disclaimer
• These presentation is provided with the understanding that the presenters are not rendering legal advice or services.
• Laws are constantly changing, and each federal law, state law, and regulation should be checked by legal counsel for the most current version.
• We make no claims, promises, or guarantees about the accuracy, completeness, or adequacy of the information contained in this presentation.
• Do not act upon this information without seeking the advice of an attorney.
• This outline is intended to be informational. It does not provide legal advice.
• Neither your attendance nor the presenters answering a specific audience member question creates an attorney-client relationship