Why it matters
In an effort to provide guidance to payment systems looking to reduce "pocket-to-pocket" payment times, the Consumer Financial Protection Bureau (CFPB) released principles for consumer protection to ensure that the systems are "secure, transparent, accessible, and affordable to consumers," and contain "robust protections when it comes to fraud and error resolution." As companies develop real-time or near real-time payment systems, the Bureau emphasized that consumer protections should be built in from the start to avoid "retrofitting" later on. The agency set forth nine principles for new and faster systems, touching upon issues such as consumer control, data protection, affordable cost, and accountability mechanisms. While the CFPB has previously advocated for the development of faster and safer consumer payment capabilities, as "faster payments could enable faster, safer, and more accessible commerce," the new guidance could indicate the Bureau's intent to exercise its ever-expanding jurisdiction in the payment system ecosystem.
In the never-ending quest to make financial transactions fast and even faster, payment systems are striving to achieve real-time—or as close to real-time as possible—transfers. The Consumer Financial Protection Bureau (CFPB) decided to offer some guidance to entities in the hope of encouraging consumer protections to be included at the outset, rather than having to take action in the years to come.
"The CFPB wants to ensure any new payment systems are secure, transparent, accessible, and affordable to consumers," the Bureau explained in a statement. "The systems should also have robust protections when it comes to fraud and error resolution."
The participants in the payment system—operators, institutions, providers, payees, and payers—are all subject to various rules and regulations, from the Electronic Fund Transfer Act to operator-specific rules for banks that connect and use the networks.
As the industry continues to change, the CFPB "wants to ensure that consumer protections are at the forefront as new and improved payment systems are developed," the Bureau said. The agency said it intends to work with other regulators—such as the Federal Reserve Board, the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency, the National Credit Union Administration, the Federal Trade Commission, and state banking commissions—to encourage development of faster and safer consumer payment capabilities, ensuring that "new payment systems address consumer needs and interests."
Nine principles made up the CFPB's guidance. First, consumers should be able to exercise control over their payments, the Bureau said. Each payment should align with what the consumer has authorized, with system parameters allowing a consumer to limit the time period an authorization is valid, as well as the amount and the payee, and specific procedures to "easily" revoke authorization.
Information about data and privacy should be provided to consumers, including what data are being transferred, who has access, and the potential risks, the CFPB advised in its second principle. When data is collected, it should only be used in ways that benefit consumers and "[a]s appropriate," systems should allow consumers to specify what data can be transferred and if third parties can have access.
The third principle focused on fraud and error resolution protections. Systems should provide mechanisms for reversing erroneous and unauthorized transactions "quickly" once identified, the Bureau said, and ensure the application of regulatory safeguards such as Regulation E and Regulation Z. Transparency—timely disclosure of the costs, risks, funds availability, and security of payments—should also include real-time access about the status of transactions, according to the fourth principle.
In the fifth principle, the CFPB said systems should be affordable to consumers. Disclosure of fees should occur in a manner that permits consumers to comparison shop among the different available payment options, the agency added.
"Any new faster system is broadly accessible to consumers," the Bureau wrote in principle six. Access through qualified intermediaries, such as mobile wallet providers and payments providers, should be allowed, with limits where necessary "to protect functionality, security, or other key user values."
Addressing funds availability, principle seven argued that consumers are the primary beneficiaries of faster clearing and settlement available in the new payments systems, providing guaranteed access to funds and decreasing the risk of overdraft and declined transactions.
Systems should have "strong built-in protections to detect and limit errors, unauthorized transactions, and fraud," according to principle eight, providing safeguards against and responding to data breaches. Credential value limits may also be considered using tokenization or other tools, the CFPB said.
Finally, principle nine: strong accountability mechanisms that effectively curtail system misuse. Commercial participants are the responsible parties for the risks, harm, and costs they introduce to payment systems, the guidance said, and should make use of automated monitoring capabilities, incentives for participants to report misuse, and transparent enforcement procedures.
The Bureau noted that it was not specifying how the principles must be achieved, recognizing "that a variety of system components, including system architecture, operator covenants and warranties, requirements for participants and intermediaries, rules, and other mechanisms may play critical roles in providing consumer protection, utility, and value."
To read the CFPB's Consumer Protection Principles, click here.