Marsha Jones, president, Third Party Payment Processors Association
The unexpected election of Donald Trump has left many wondering what the impact will be to the regulatory environment of the financial services industry. A Republican president and Congress will have the potential to alter that environment, but questions remain about how much and how soon.
Articles abound related to the new administration and their desire to alter the impact of – and potentially replace – Dodd-Frank, particularly related to the powers afforded the Consumer Financial Protection Bureau (CFPB). More questions arise as to the constitutionality of the Bureau’s structure and its future. Many questions and no fast answers.
The Third Party Payment Processors Association (TPPPA) advocates on behalf of its payment processor and bank members and has created industry best practices for third-party payment processing designed to address the concerns of state and federal regulators and law enforcement. The TPPPA has been repeatedly asked what we think the regulatory environment will look like and if we can expect relief from compliance expectations and burdens.
Our message is to stay the course. Here are some thoughts as to why.
The emphasis of the Obama administration on consumer protection in the financial services industry had far-reaching impact for payments. Participants in the payments industry, such as banks, payment processors and merchants, particularly those operating in industries deemed high-risk by the administration for consumer protection violations, have been greatly impacted.
Much of this resulted from the creation of the Consumer Protection Working Group in early 2012, as part of the Obama administration’s Financial Fraud Enforcement Task Force. The Consumer Protection Working Group was formed to “address several areas of concern, including payday lending and other high-pressure telemarketing or Internet scams, business opportunity schemes, for-profit schools that engage in fraud or misrepresentation, and fraudulent third-party payment processors that facilitate payments on behalf of other fraudsters without the permission of the customer,” according to the announcement of its formation.
Members of the working group include: the Federal Trade Commission (FTC), the CFPB, the Department of Justice, bank regulators, the Financial Crimes Enforcement Network (FinCEN), various states’ attorneys general, and others. Inter-agency collaboration at a state and federal level continues and won’t stop with a new administration.
Obligations related to anti-money laundering have been in place for decades and they aren’t going to be lessened in the future. In fact, identifying beneficial ownership is a new requirement that all banks and payment processors will be required to comply with as part of global anti-money laundering and combatting terrorist financing efforts. The United States was recently criticized for its lack of progress in this area by the Financial Action Task Force (FATF), the multinational inter-governmental body formed to foster international action against money laundering. FinCEN and bank regulators will continue to have high expectations of banks and payment processors in these global efforts.
Consumer protection laws and regulations have also been in place for decades. While the CFPB has been the most aggressive enforcer in this area of late, the FTC and the states’ attorneys general have been enforcing consumer protection for years and will continue to do so. If the CFPB is reined in some by the Trump administration and Republican Congress, first, it will take time, and second, the FTC and states will step in to fill the void.
“UDAAP and the other consumer protection statutes will continue to be enforced by a combination of aggressive state attorneys general, the CFPB and the FTC. Companies in the consumer protection space should expect these regulators to coordinate their efforts to fully leverage their respective strengths, but we anticipate the state attorneys general will emerge as the leaders in many areas. For this reason, companies should focus their compliance efforts on a national state law paradigm,” says Ashley L. Taylor, Jr., a partner in the Consumer Financial Services practice of law firm Troutman Sanders. Troutman Sanders LLP serves as legal and regulatory counsel to the TPPPA.
Over the past few years, both the CFPB and the FTC have taken enforcement action against payment processors related to the alleged misconduct of the merchants that they process payments for. While the CFPB as a new enforcer has been most active in this regard, the FTC has utilized this kind of action against payment processors for several years. These agencies will continue to expect that payment processors restrict their merchants from committing consumer protection violations.
Additionally, those consent orders already enforced are now considered to be guidance to other payment processors. This “guidance by consent order” will continue for the near term certainly, and likely for the long term as well.
Keith Barnett, also a partner in Troutman Sanders’ Consumer Financial Services team says, “Given that there is not a federal regulator that directly supervises payment processors, and payment processors play a significant role in the payments ecosystem, we should expect the CFPB and FTC to continue to attempt to regulate through enforcement actions irrespective of the political climate.”
Payment processors take on some of the most critical compliance functions of their banks related to the merchants that process payments through these relationships. In recent years, payment facilitators have stepped in to take on many of those responsibilities while enabling access to the system for their submerchants.
Bank regulators expect banks to demonstrate that their payment processors and payment facilitators have the ability and the will to accept these responsibilities, in order to keep their bank in compliance. Bank regulators will continue to expect all of the players within the payments system to have robust compliance practices that support their banks’ compliance obligations related to anti-money laundering and consumer protection. This will not change with a new administration.
As the payments landscape changes with new technology and innovation, the regulatory environment must adapt. With the complex coexistence of federal regulations and state laws, coupled with a changing environment, banks, processors – and now payment facilitators – engaged in third-party payment processing must continue to exercise sound compliance management. All regulators have expressed their expectations that compliance management systems need to be documented, risk-based systems that support a top-down culture of compliance.
Risk-based compliance management systems are designed to address core risks that don’t go away with a change in administration. The TPPPA advises payment processors and banks to “stay the course” and continue efforts to refine and continually adapt their compliance management systems, and payment facilitators are no exception.