With any nascent payments offering, as consumers embrace new, digital means of transacting and volumes surge, regulations and guidelines take shape. Those rules lay out the responsibilities of various stakeholders — the senders, receivers, financial institutions (FIs), FinTechs and intermediaries.
They also govern what happens when things go wrong, when funds wind up, for example, in the wrong account.
Peer-to-peer (P2P) payments have taken off like a proverbial rocket, where transaction volumes are leaping by triple-digit percentage points amid the great digital shift.
And although it might be well-known that P2P transactions can be done directly between banks through account-to-account (A2A) transfers, there’s another type of transaction in the mix.
The Intermediated Transfer
An intermediated transfer exists as a type of P2P transfer where funds are sent from a sender to a receiver through a transfer provider. That provider executes the sender’s instructions across two distinct transactions: a funding transaction (funded by a debit to a consumer’s account at their bank to deliver funds to an operating account controlled by the transfer provider) and a payment transaction to deliver funds to the receiver.
In an interview with Karen Webster, The Clearing House’s (TCH) Rob Hunter, deputy general counsel, and Stephen Krebs, vice president and associate general counsel, said there has been some uncertainty about liability and responsibility for intermediated transfers — even in the wake of the Consumer Financial Protection Bureau’s (CFPB) FAQs on the Electronic Fund Transfer Act, revised late last year.
At issue is the application of Regulation E, the federal regulation that seeks to protect parties from fraudulent transactions or erroneous fund transfers. Under Reg E, both the transfer provider and the sender’s bank are “financial institutions.” Simply put, there’s little in the CFPB guidelines that covers the intricacies of intermediated transfers and responsibilities of the two financial institutions.
As Hunter explained: “There are some areas of exploration … that would benefit from detailed technical analysis.”
That level of detail is being proffered in a new white paper by TCH, a new resource for bank professionals, titled “Error Resolution for P2P Payment Services: Beyond the CFPB FAQs.”
In terms of mechanics, the transfer providers offering intermediated payments operate through two models — prepaid accounts, staged wallets or a combination thereof, and where debits for the funding transactions are done via automated clearing house (ACH) or debit cards.
Whether consumers are protected for payments they authorize but are tricked into making is a current topic of focus in the industry.
“Banks have liability for errors and authorization on things that they control … consumers generally have liability for who they send payments to because that is something that consumers control,” Hunter said.
This principle applies to P2P payments initiated through banks (in the A2A model) and those initiated through an intermediated transfer model offered by a transfer provider.
With respect to intermediated transfers, the picture gets a bit cloudy and complicated where unauthorized payments or other regulation errors happen or are alleged by consumers to have happened. A consumer may report the error to either their bank or the transfer provider.
Krebs offered an example in which an unauthorized debit is pushed to an account, and where the instruction itself was unauthorized.
“As a general matter, both institutions would have responsibility for that [if the consumer reports the unauthorized electronic funds transfer (EFT) to the institution],” he said.
Elsewhere, if the P2P provider sends funds to the wrong account, that’s an error by the provider, and not with the funding transaction that debited the customer’s account. And, as has been widely noted, if consumers are tricked and authorize payments to someone else, that’s not currently defined as an error under Reg E at all.
TCH’s white paper addresses several other scenarios involving intermediated transfers, such as where a P2P payment is funded in part by a prepaid balance held with the transfer provider and in part by a funding transaction that debits the consumer’s bank account.
It also explains the operation of Reg E provisions that apply where the transfer provider is an EFT service provider that does not hold the consumer’s account and certain conditions are met. Where these provisions of Reg E apply, the account-holding bank is not required to investigate or resolve the error, and the transfer provider that offers the EFT service to the consumer has sole error resolution responsibility.
As Krebs said, “Everyone can understand when there is one financial institution that the consumer is interacting with — but when you have a model with two financial institutions, there are new issues to work through and think about.”