A group of five Democratic Senators have sent a letter to the Federal Reserve, OCC, FDIC, and NCUA asking them to take several steps to protect consumers from scams when using Zelle to transfer money.
The Senators ask the four agencies “to closely review and examine the customer reimbursement and anti-money laundering (AML) practices of depository institutions that participate in the Zelle network.” They also ask the Federal Reserve and OCC “to examine Early Warning Services, Inc. (EWS), which operates the Zelle network, on an ongoing basis and for the four agencies “to coordinate their supervisory approach with the Consumer Financial Protection Bureau.” The Senators note that the agencies have authority to supervise the banks that own and operate Zelle and the participating depository institutions for compliance “with key consumer protection and AML laws, including the Electronic Fund Transfer Act (EFTA) and the Bank Secrecy Act (BSA).”
The Senators take aim at depository institutions for taking the position that “they are under no obligation under the EFTA to make their customers whole when fraudsters use the network to steal their hard-earned money” and for “relying on ambiguity over whether a payment is classified as ‘authorized,’ ‘unauthorized,’ or an ‘error’ to avoid reimbursing customers who have been victims of fraud.” They contend that by taking this position, depository institutions can cause their customers to lose confidence in their institutions, which “could weaken a depository institution’s financial condition” and create “risk of unfair, deceptive, or abusive practices if bank or credit union communications lead customers to expectations of safety that are not met.” They also raise the specter of AML violations by institutions that “are on the receiving end of Zelle payments” when the institutions “do not adequately know their customers, screen out stolen or synthetic identities, or monitor accounts for unlawful use.” The Senators want the agencies to do more “to examine depository intuitions’ risk management when they receive fraudulent Zelle payments in order to protect our Nation’s payment systems from abuse by criminals.”
Regulators and lawmakers have increased scrutiny of person-to-person (P2P) payments where customers get duped into sending payments to fraudsters. In December 2021, the CFPB updated its Electronic Fund Transfers FAQs by adding new questions focused on P2P payment providers and P2P transfers. The FDIC, in its March 2022 edition of Consumer Compliance Supervisory Highlights, addressed fraudulent P2P payments and recommended that banks mitigate risk by: (1) reviewing account agreements and disclosures (including those with P2P payment providers) to ensure they do not attempt to limit consumers’ rights under Regulation E, and (2) implementing effective fraud detection and prevention measures, such as monitoring geographic data, spending patterns, merchant data, and IP addresses, to help detect potential fraudulent activity.
In October 2022, the American Bankers Association sent a letter to CFPB Director Chopra, urging the CFPB not to shift liability to banks for P2P payments using an online-money transfer platform in which the consumer who authorized the payment subsequently claims it was made to a scammer. The ABA sent its letter as a follow up to a meeting it attended with CFPB staff to discuss financial scams involving P2P payments. The letter referenced reports that the CFPB was considering issuing new guidance that would require banks to make refunds to victims of scammers who defraud consumers into sending money to a third party using an online money-transfer platform.
Under the EFTA and Regulation E, consumers who provide a bank with timely notice of an error that the bank determines to be an “unauthorized electronic fund transfer” (EFT) are entitled to EFTA/Regulation E liability protection. The EFTA and Regulation E provide that an “unauthorized EFT” is an EFT from a consumer’s account initiated by a person other than the consumer without actual authority to initiate the transfer and from which the consumer receives no benefit. The existing Regulation E Official Staff Commentary specifically states that an unauthorized EFT includes a transfer initiated by a person who obtained the access device from the consumer through fraud or robbery, stopping well short of covering transactions initiated by the consumer as the result of fraud. Contrary to the Senators’ suggestion, there is no ambiguity in the statutory text. If the CFPB or banking agencies were to interpret the EFTA as suggested by the Senators, it would conflict with the statutory text by requiring banks to treat fraudulently induced transactions as unauthorized EFTs even when they are initiated by the consumer with the result that banks would be required to repay the amount of such transactions to consumers.