In its most recent issue of the Supervisory Insights newsletter, the Federal Deposit Insurance Corporation (FDIC) describes mobile payment technologies, the risks they pose to depository institutions, and the regulatory framework applicable to such technologies.  The FDIC notes the widespread use of smartphones as a payment technology and the increasing availability of point-of-sale terminals equipped to process payments using near-field communications.  Both of these factors require institutions to understand and adopt controls to mitigate risk from mobile payment technologies.

The FDIC identified the following risks associated with mobile payment technologies:

  • BSA/AML risk – risk that mobile payment technologies will violate the Bank Secrecy Act or other anti-money laundering requirements.
  • Fraud risk – risk that mobile payment technologies will fail to prevent or deter unauthorized transactions.
  • Compliance risk – risk that mobile payment technologies will be used in a manner that violates applicable consumer protection laws, disclosure requirements, and supervisory guidance.
  • Credit/liquidity risk – risk that a loss will occur from a failure by a mobile payment technology to collect on a credit obligation or failure to meet a payments-based contractual commitment.
  • Operations/IT risk – risk that mobile payment technologies will fail to protect confidential financial information.
  • Reputation risk – risk that negative consumer experience from mobile payment technologies or from an incident resulting from mobile payment technologies will reflect poorly on the institution.
  • Vendor management risk – risk that a third-party providing mobile payment technologies to an institution will fail to meet expectations or suffer bankruptcy. 

The article also describes the laws and regulations applicable to mobile payment technologies, including the Electronic Fund Transfer Act; Truth in Lending Act; truth in billing requirements; unfair, deceptive, or abusive acts or practices (UDAAP) requirements; Gramm-Leach-Bliley Act; and deposit insurance requirements.  The FDIC concludes by reminding institutions to consistently apply fundamentals of payments risk management, in particular with regard to oversight of third-party relationships.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Mike Nonaka Mike Nonaka

Michael Nonaka is co-chair of the Financial Services Group and advises banks, financial services providers, fintech companies, and commercial companies on a broad range of compliance, enforcement, transactional, and legislative matters.

He specializes in providing advice relating to federal and state licensing and…

Michael Nonaka is co-chair of the Financial Services Group and advises banks, financial services providers, fintech companies, and commercial companies on a broad range of compliance, enforcement, transactional, and legislative matters.

He specializes in providing advice relating to federal and state licensing and applications matters for banks and other financial institutions, the development of partnerships and platforms to provide innovative financial products and services, and a broad range of compliance areas such as anti-money laundering, financial privacy, cybersecurity, and consumer protection. He also works closely with banks and their directors and senior leadership teams on sensitive supervisory and strategic matters.

Mike plays an active role in the firm’s Fintech Initiative and works with a number of banks, lending companies, money transmitters, payments firms, technology companies, and service providers on innovative technologies such as bitcoin and other cryptocurrencies, blockchain, big data, cloud computing, same day payments, and online lending. He has assisted numerous banks and fintech companies with the launch of innovative deposit and loan products, technology services, and cryptocurrency-related products and services.

Mike has advised a number of clients on compliance with TILA, ECOA, TISA, HMDA, FCRA, EFTA, GLBA, FDCPA, CRA, BSA, USA PATRIOT Act, FTC Act, Reg. K, Reg. O, Reg. W, Reg. Y, state money transmitter laws, state licensed lender laws, state unclaimed property laws, state prepaid access laws, and other federal and state laws and regulations.