Last week, the Consumer Financial Protection Bureau (CFPB) released “Consumer Protection Principles,” 9 guidelines it thinks are necessary to protect consumers in a world where payments are only getting faster. Along with the issues of “why these principles,” “why is the CFPB interested in faster payments,” and “why now”, another question is raised: Are these “new rules” really all that “new”? MPD CEO Karen Webster spoke with Jan Estep, CEO of NACHA, to sort it all out.
KW: Why do you think the CFPB is getting involved in this matter, and did it come to you as a surprise that it is?
JE: Frankly, it was not too much of a surprise, other than the fact that the CFPB published the guidelines in such a formal manner last week.
The reason I wasn’t surprised overall is that when you’re applying any change to an existing or a new payments system, it’s actually a great idea to have principle-based goals and objectives. I’m sure that the CFPB published these principles because it envisioned that faster payments could be a new payment type that consumers use, and the organization is obviously focused on consumer protection in the financial environment.
As it applies to consumer protection, NACHA has worked for decades supporting any and all efforts to help ensure that the needs and interests of all system stakeholders — including consumers — are considered and addressed. We already align our rules with many of the principles that the CFPB articulated.
ACH payments themselves are governed by the NACHA operating rules that actually offer significant consumer protections even beyond those required by federal regulations. I think that as new payment systems and new payment capabilities come about, designing rules that are complementary to regulations and existing payment rules that are aligned with principles will be very important.
KW: What do you think the CFPB intended to accomplish, given that we’re kind of just getting started? The work is underway, obviously, within the same-day ACH parameters that you are spearheading on behalf of your members, and there really isn’t anything else going on. Why now?
JE: I think it makes sense at the very beginning of an initiative to have principles that can guide future discussions. The CFPB is involved with the Federal Reserve System’s Faster Payments Task Force, as am I — and, again, I bring that perspective to our discussion today.
The principles are really what I would term “high-level goals” for payments capability that then actually need to be translated into both the technology to deliver them and rules that can help to define very precise roles, responsibilities, and expectations. It’s this confluence of the technology — the delivery of those capabilities — and the rules — the warranties and guarantees around the payment — that will help to carry these principles.
It is a bit of a dance, to begin with, to say what will be the capabilities, what will be the technologies, what are the overhanging regulations, and then how can rules can be applied to make sure that principles such as the ones the CFPB has outlined come into fruition.
KW: It sounds like, based on what you said earlier, that the ACH network and operating rules provide that already — and in many cases go above and beyond what is required. So what’s new here?
JE: Part of it is the unknown of what may evolve from the Faster Payments Task Force.
With an unknown, I think many organizations — including the CFPB — are trying to figure that out.
With the ACH Network, in contrast, we’ve been a rulemaking organization for over 40 years, now. As a result, I look at it through the lens of how rules can really help provide surety and certainty to users of a payments system. What’s interesting — and I think it’s important to realize — is that, when compared to other geographies, the United States, and especially the ACH payments system, already has very strong protection via both rules and regulations. The regulations provide general consumer protections and then, for example, the NACHA operating rules extend those even further, and they align with the capabilities or the technology of the network itself.
Again, I think the principles are good for giving direction, but a strong, comprehensive rule set for any new payment capability is also a critical requirement.
KW: There are nine principles that the CFPB has published. In looking at them, are there those that you think are particularly important, and any that you perhaps think are extraneous?
JE: I mentioned previously that the NACHA rules go beyond what is required by regulations, and there is some overlap between those rules and the guidelines that the CFPB has put forth. I think that three of those guidelines — Fraud and Error Resolution Protection, Transparency, and Funds Availability — are ones that the CFPB will definitely need to move forward with any new payment capability.
While the Federal Reserve’s Regulation E (a basic framework that establishes the rights, liabilities, and responsibilities of participants in electronic fund transfer systems) states that errors need to be investigated, the NACHA rules explicitly state that a financial institution must promptly reaccredit a consumer. Reg E also speaks generally to authorization requirements, whereas the NACHA rules state that an authorization must be clear and readily identifiable, that a consumer must be notified if there’s a change in an amount or scheduled debit date. All of these rules help with Transparency and Funds Availability; they call that out as specific principles.
Again, the NACHA operating rules are very specific compared to other payment types, because we know that things such as payroll, for example, are important to a consumer. We have rules in place that state exactly when the funds will be made available for an ACH credit. Even now, as we’ve gone through our same-day ACH rulemaking, Funds Availability was already part of that — outlining the notification of consumers when funds are available from faster-moving payments. Those are, I think, important principles moving forward.
Other principles that the CFPB published — for instance, Access — might actually be confusing or perhaps less important. It’s interesting, again comparing to other geographies, that in the U.S., our ACH system is very open. We have access to the ACH directly through one financial institution, multiple ones, or a third party. But this access requires balance with consumer protections — and it’s something that we’ve worked through over the years. ACH has very open access, very different from other countries where right now regulators are asking for more open access, and our rules in this regard could actually help to guide a new payment system where access in an objective for different processors or banks.
A second point — and I think maybe this is where the CFPB is coming from, relative to Access — is that consumers want to have access to new technology. When the Federal Reserve issued its consultation paper on payment improvement in the fall of 2013, though, actually very few parties stated anything about access — probably because we have a very open system already. Some consumer groups, in fact, actually indicated that open access should not be given, in order to protect consumers from other parties in a payments system.
This is another case where rules can come in to help define who has access and what requirements align with granting it, to make sure that a balance exists between Access and consumer protection.
KW: One of things of the CFPB guidelines that struck me is the blurred line between the bureau’s interpretation of the actual rails that move the money and the products built on top of the rails that leverage funds transfer capability. Do you think the CFPB is making that distinction?
JE: You ask a very interesting question; I think the CFPB is not making that distinction — and perhaps they should.
If a distinction is not made, it will be very important to align the technology — the capabilities — with the regulations, and then have very adaptable rules to make sure that what’s done in a core rail versus products or services on top are identifiable.
Let me provide an example. The ACH Network is a foundation, as most people know, that provides both settlement between banks as well as a variety of payment types that use the NACHA operating rules to define the way in which those payments are authorized — be it via the Internet, telephone, paper signature, and so on. That is a flavor of the products or services on top of the ACH Network. As a foundation, the ACH allows for layers of functionality to be built on top of it.
I think it’s in these layers above the network where value is created. This is a layer, for instance, where transparency relative to payment-status messaging could be built, which I mentioned when discussing the Transparency principle.
When thinking about this layered approach to delivering functionality, the principles have to be viewed in a very general way — again applying to both the technology or delivery mechanism and to rules that can interpret roles and responsibilities that align with those capabilities.
KW: To me, it feels as though the CFPB is calling out a distinction between old rails and improving old rails and building a brand new network, kind of suggesting that new is better, since old is, well…old. Do think that’s a distinction worth making in these guidelines?
JE: You’re probably correct in that reading. I do think that, rather that just saying “old” or “new” is “good” or “bad,” there probably is a distinction in capability between what exists today and what might be built in the future.
Again, I think change may be the reason these principles were issued. And rules can help you bridge from today to tomorrow.
The recent rules initiative that I spoke of — same-day ACH — is an existing and immediate action that the payments industry is taking to speed up payments across the United States. It creates new options for all types of users and functionality that can be leveraged in the future for real-time payments and other products; but as such, with this new capability, we also have an additional rule speaking to one of the principles: Funds Availability.
It requires everybody working together to say, in a current day, with same-day ACH, funds will be made available that day. It requires everyone agreeing to support such functionality at the receiving account.
This is why I think the ubiquity of a capability’s changes — be they to an old system or a new system — really require mandated rules for the receiving account that supports this surety and certainty for the end user when they’re making a payment.
Yes, “new” and “old” might be different, but rules can transcend those changes and continue to address areas that are important for consumers and businesses alike as they move into the future.