of regulation, currently m-payments in the USA are subjected to a mul-titude of regulators and regulations. 15
Th e Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (Dodd-Frank Act) created the Consumer Financial Protection Bureau (CFPB), which plays a vital role in the furtherance of m-payments regulations. Under the Act, the CFPB has authority to regulate consumer fi nancial products and services under federal consumer fi nancial law. 16 More specifi cally, the CFPB has enhanced authority to regulate “unfair, deceptive, or abusive acts or practices”. 17
In addition to the newly created CFPB, other fi nancial regulatory agencies have (limited) regulatory oversight on m-payments: the Federal Deposit Insurance Corporation (FDIC), the Federal Reserve System (FRS), the National Credit Union Association (NCUA), the Offi ce of
12 Di Castri, ibid., 11.
13 Sultana, ibid.
14 Di Castri, ibid., 13.
15 For a description of the current m-payments ecosystem in the USA, see: Darin Continie et al., M-Payments In Th e United States : Mapping Th e Road Ahead (Boston, MA: Federal Reserve Bank of Boston, Federal Reserve Bank of Atlanta, 2011); Mobile Payments Industry Workgroup (MPIWG), Th e US Regulatory Landscape For Mobile Payments (Federal Reserve Bank of Atlanta and Federal Reserve Bank of Boston, 2012), available at https://www.bostonfed.org/bankinfo/payment- strategies/publications/2012/us-regulatory-landscape-for-mobile-payments.pdf .
16 12 U.S.C. § 5511 (Dodd-Frank Act § 1021).
17 12 U.S. Code § 5531.
128 E. Cervone
the Comptroller of the Currency (OCC), the Federal Communications Commission (FCC), the Federal Trade Commission (FTC) and the Financial Crimes Enforcement Network (FinCEN). 18
It is generally understood that, in the USA, current laws and regula-tions on underlying payment methods and instruments (credit, debit, prepaid) are applicable to m-payments.
Applicable to the electronic transfer of funds, the Electronic Fund Transfer Act (EFTA) protects consumers against losses accrued as a result of an unauthorized transaction. It is not clear if Regulation E, which implements the EFTA, is applicable to mobile operators. Regulation E defi nes an electronic fund transfer as “any transfer of funds that is initi-ated through an electronic terminal, telephone, computer, or magnetic tape for the purpose of ordering, instructing, or authorizing a fi nan-cial institution to debit or credit a consumer’s account.” Th is defi nition includes transfers that take place via mediums such as direct deposits, direct withdrawals, debit card transactions and automated teller machine (ATM) transactions. According to this defi nition of an electronic funds transfer, Regulation E, therefore, clearly applies to m-payments when the transaction is made from a consumer’s account through an electronic funds transfer. For example, a fi nancial institution, such as a bank, must
18 Th e FDIC governs part of m-payments by supervising banks and assuring that they comply with consumer protection laws, such as the Fair Credit Reporting Act, the Fair Credit Billing Act, and the Truth-In-Lending Act. Th e FRS, although serving as the nation’s central bank, has the respon-sibility, inter alia, to supervise and govern banks, ensuring the payment system remains stable and safe. Th e NCUA regulates federal credit unions and the OCC regulates national banks and federal savings associations by ensuring that they operate in a safe and sound manner, provide fair access to fi nancial services, treat customers fairly, and comply with applicable laws and regulations. Th e FCC regulates interstate and international communications by radio, television, wire, satellite and cable. Because one of the goals of the FCC is to regulate homeland security through communica-tions, the FCC has an interest in regulating the security and privacy data of m-payments, although FCC’s role as a m-payments regulator needs to be clarifi ed because it does not have direct regula-tory authority. In contrast, the FTC has direct authority over several participants in the m-payment ecosystem, including operating system developers, application developers, handset manufacturers, advertising companies, telecommunication providers and even companies off ering bill-to-carrier options. Th e FinCEN also is an agency touching m-payments. As a division of the US Department of Treasury, the FinCEN’s purpose is to enhance the integrity of fi nancial systems by facilitating the detection and deterrence of fi nancial crime. Because fi nancial crimes involve money laundering, FinCEN issued the Prepaid Access Final Rule , requiring prepaid access providers and sellers to fi le suspicious activity reports, retrieve and hold transactional and customer information, and eff ectu-ate an anti-money laundering program.
comply with Regulation E when a consumer uses a mobile phone to make a payment via his or her debit card, which is linked to the phone.
Th e application of Regulation E is much less clear, however, as it applies to non-fi nancial institutions, including many new m-payment partici-pants. Mobile operators, traditionally non-fi nancial institutions, could be subject to Regulation E if they issue debit cards to consumers with-out holding the consumer’s account and off er electronic funds transfers without an agreement with the account-holding institution. To make this scenario possible, the Federal Reserve Board would have to determine that m-payment data is an electronic funds transfer when transferred via a mobile operator’s network, and they would have to classify a mobile phone as an access point.
Another regulation which may be applied to m-payments is Regulation Z, promulgated by the Federal Reserve Board to specifi cally govern credit card transactions. Regulation Z resolves issues of liability for unauthorized transaction or responsibility for billing errors. Additionally, Regulation Z requires creditors, including credit card issuers, to make initial disclosures of certain items (such as fi nancial charges, billing rights and interest rates) and to make subsequent disclosures of certain items (such as those dealing with annual statements and the availability of additional credit accessing devices). Although Regulation Z clearly provides guidance for traditional participants dealing in credit card transactions, its application to new m-payment participants is unclear, much like Regulation E. Th e Federal Reserve Board, for example, has not clarifi ed whether mobile operators are subject to Regulation Z when they advance credit to subscribers who purchase ring tones or games.
Th e Gramm-Leach-Bliley Act (GLBA) may also be applied to m- payments. Th e GLBA governs the privacy of customers’ information.
Title V requires fi nancial institutions to establish standards that safeguard customers’ records, preventing any unauthorized access to such informa-tion. Additionally, Title V requires fi nancial institutions to disclose to the customer, both initially and annually thereafter, the institution’s policies regarding the disclosure of customers’ non-public personal information.
Although the application of the GLBA is clear when applied to banks, its application to mobile operators is not so clear.
130 E. Cervone
Th e Bank Secrecy Act, as amended by the US PATRIOT Act, 19 requires the collection of identity information to combat money laundering. Th e PATRIOT Act requires fi nancial institutions to not only establish proce-dures to detect money laundering, but it also requires fi nancial institu-tions to submit suspicious activity reports when it suspects a transaction involves money laundering. Although anti-money laundering (hereinaf-ter “AML”) regulations clearly apply to banks, AML regulators have not applied them to m-payments participants. Consequently, AML regula-tions can be circumvented when terrorists use a m-payment platform to transfer funds obtained illegally.
Th e Federal Trade Commission Act 20 prohibits, inter alia, “unfair or deceptive acts or practices in or aff ecting commerce”. Th is Act applies to nearly all persons and entities engaged in commerce, including then m-payments when a person utilizes a mobile phone to engage in commerce.
Th e Dodd-Frank Act adds the word “abusive” by prohibiting “any unfair, deceptive, or abusive act or practice”. Th us, m-payments could possibly fall under CFPB authority when transactions or purchases fall under the above language. While there is no one clear regulator who is in charge of all m-payments, the CFPB, which has broad authority to prohibit unfair, deceptive or abusive practices or acts, is most likely to be the agency to govern m-payments.