Mobile payments are the all the rage in the banking, retailing, and software industries, but the Federal Deposit Insurance Corp. is cautioning banks to keep a short leash on their mobile-payments vendors. The FDIC also warned in a recent report that banks’ role in mobile payments could be reduced as providers seek to simplify complex existing payment processes.
The FDIC has no intention of confining payments to a pre-smart-phone bubble, but it does want to ensure that the many technology companies that banks deal with are aware of regulations that could affect mobile payments, Rob Drozdowski, senior technology specialist in the FDIC’s Division of Risk Management Supervision, tells Digital Transactions News.
“These are rather, to put it nicely, entrepreneurial companies that are often startups that may not be familiar with supervisory responsibilities,” says Drozdowski, a former executive with the Electronic Transactions Association, the biggest merchant-acquiring industry trade group.
Drozdowski is one of four co-authors of the article “Mobile Payments: An Evolving Landscape” that appears in the winter 2012 edition of the FDIC’s Supervisory Insights publication. The article does not dispense official regulations and reflects only the views of FDIC staff, according to Drozdowski, but it does give an idea about how a major federal bank regulator views an emerging payment method.
The article says there is nothing about mobile payments that exempts them from the requirements for risk control, consumer protections, and other issues covered by a myriad of federal banking laws and regulations. The vast majority of current mobile-payments schemes run on existing rails, such as the automated clearing house network, the Big 4 payment card networks—Visa, MasterCard, American Express, and Discover—and even the electronic funds transfer networks, Drozdowski notes.
In addition to insuring bank deposits, the FDIC directly supervises about 3,200 banks, typically small and mid-size institutions with state charters. Such banks very frequently engage outside vendors to develop and run tech-reliant programs such as mobile payments. It’s the banks’ responsibility to ensure that consumer protections and risk-control and security requirements called for under the law are built into mobile-payment offerings. “There are a whole bunch of regulations that all apply directly,” Drozdowski says.
These include provisions under the Federal Trade Commission Act to prevent deceptive and unfair business practices, the privacy and data-security requirements of the Gramm-Leach-Bliley Act, Regulation E of the Electronic Fund Transfer Act that affects deposit accounts, Regulation Z of the Truth in Lending Act that governs credit cards, the FDIC’s and National Credit Union Administration’s insurance requirements, and the truth-in-billing rules for telecommunications carriers.
Regulators’ expectations are spelled out in the examination handbook for technology service providers produced by the Federal Financial Institutions Examination Council, a consortium of bank and credit-union regulatory agencies, Drozdowski says.
In addition to addressing regulations, the FDIC article also touches on the topic of “disintermediation,” the potential for banks to be excluded from new forms of electronic payments. Bankers frequently express fears that non-bank payments companies such as PayPal Inc. or even retailers such as Wal-Mart Stores Inc. could get between them and their customers. The FDIC article suggests that when it comes to mobile payments, such fears are more than unfounded paranoia. That’s because new providers may be highly motivated to change the complicated current payment process that includes a bevy of financial institutions.
“One possible scenario may be a consolidation of the intermediary roles served
by banks in the payments process,” the article says. “Nowhere is this more evident than in the payment card acquiring business where it is not unusual to have five or more banks involved in a single card payment.” These institutions function as card issuers, merchant acquirers, sponsor banks, merchants’ account-holding banks, and settlement banks.
“In an alternative-payments model such as PayPal, the non-bank mobile-payments provider assumes at least three of these bank roles (that of issuing, acquiring, and sponsoring banks), thereby removing those banks from the payments process and reducing their business opportunities,” the report says.
The FDIC staff, however, did not comment on the relative merits of disintermediation in the article. “It’s not our place to do that,” Drozdowski says.
If disintermediation were to occur, however, banks could lose valuable data about customers that would make risk control more difficult and also limit their marketing capabilities and opportunities to serve new markets, according to Drozdowski. In that case, banks should push their vendors to provide them with as much customer data as possible. “Banks might want to seek relationships [so] their data is able to be preserved for themselves,” he says.