Archive | Money Transmitters RSS feed for this section

Money Transmitter Regulatory Developments

25 May

The controversy swirling around the application of state money transmitter laws to payments companies just won’t abate. The difficulty stems from state regulators grappling with applying old statutory language to the new world of payments. And it leaves payment companies struggling to keep up with those new interpretations.

Next week the Electronic Transactions Association (ETA) will be facilitating the conversation by hosting a Money Transmitter Policy Day in Washington, D.C. A state regulator and FinCEN representative will speak. I am looking forward to participating by presenting a talk there, on June 2nd, on where things stand in “The Changing Regulatory Landscape”. If you are concerned that the myriad of state money transmitter laws may apply to your business, I hope you will join us.

Historically, the states regulated money transmission companies to protect the “unbanked” – consumers that used non-banks for financial services such as check cashing and wire transfers. The goal was to provide oversight of companies holding consumer money. Regulated companies were required to obtain a state license. The regulated activity typically was defined as selling or issuing stored value or receiving monetary value for transmission. That wording is so broad that it arguably brings within its sweep unintended links in the payments chain, such as independent sales organizations.

Barely a week goes by without another state money transmitter development. Some state legislators are taking a fresh look at their statutes, amending the laws to apply to new technologies, such as virtual currencies. Other states are interpreting existing laws in new ways, focusing the application of the licensing requirements on payment processors. And others are recognizing that the purpose of the money transmitter laws was never to regulate the card processing business. Those regulators are publishing guidance indicating that various arguments support the interpretation that the money transmitter laws do not apply to payment processors.

It will be some time before the issue of the extent to which state money transmitter laws apply to payment processors is settled. A vigilant eye on developments is critical to the payments industry. The policy day organized by the ETA, and panel discussions at other industry conferences, is exactly what is needed to keep the conversation flowing and the industry informed.

–Holli Targan, Attorney and Partner, Jaffe, Raitt, Heuer & Weiss, P.C.

Holli Targan

Attorney & Partner

htargan@jaffelaw.com

CFPB Strikes New Ground

16 Mar

A few weeks ago the Consumer Financial Protection Bureau (CFPB) struck new ground when it entered into a consent order with online payment platform Dwolla. The CFPB found that Dwolla misrepresented its data security practices and the safety of its system. The CFPB ordered Dwolla to pay a $100,000 penalty and revise its internal practices.

This represents the first time that the CFPB has used its authority to prevent unfair, deceptive or abusive acts against a company’s data security practices. It is remarkable because the action was taken by the CFPB in the absence of any data breach. In other words, the fact that Dwolla’s representations about its security practices were inaccurate was enough to warrant the CFPB action.

The CFPB found that Dwolla falsely represented to its customers that its network was safe and secure, that Dwolla transactions were safer than credit cards, that Dwolla’s data security practices exceed industry standards, and that all information on the Dwolla platform is securely encrypted and stored.

In particular, the CFPB alleged that Dwolla:

  • Failed to adopt appropriate data security policies for the collection and storage of consumer personal information,
  • Failed to conduct adequate, regular risk assessments,
  • Failed to train employees on responsibilities for handling and protecting consumer personal information, and
  • Failed to encrypt consumer personal info, and required consumer information submission in clear text.

Further, Dwolla’s software development of apps was not tested for data security.

Dwolla was ordered to establish data security plans and policies, conduct data security risk assessments twice annually, conduct mandatory employee training on data security policies, develop security patches to fix vulnerabilities, develop customer identity authentication at the registration phase and before effecting a funds transfer, develop procedures to select service providers capable of maintaining security practices, and obtain an annual data security audit.

Two lessons come through loud and clear. First, companies should be very careful about statements made concerning the safety of its system and its security practices. All representations about such issues need to be validated by management to ensure accuracy. Second, the actions mandated by the CFPB, set forth in the paragraph immediately above, point to a new standard. This indicates the types of actions the CFPB will be looking for. Consider this guidance from the CFPB on security practices that should be adopted.

We recommend that all companies heed the lessons gleaned from the CFPB Dwolla action by: 1) reviewing representations to the public to be sure those representations are entirely accurate, and 2) auditing current practices to confirm compliance with the actions ordered by the CFPB.

–Holli Targan, Attorney and Partner, Jaffe, Raitt, Heuer & Weiss, P.C.

Holli Targan

Attorney & Partner

htargan@jaffelaw.com

CFPB Proposes Regulating Nonbank International Money Transmitters

29 Jan

On January 23, 2014 the Consumer Financial Protection Bureau (CFPB) published a request for comment on a proposed regulation that would establish the CFPB’s supervisory authority over certain nonbanks that transfer money internationally.  If adopted, the rule would bring large participants in international money transfers within the CFPB’s supervisory jurisdiction.  Comments on the proposed rule are due 60 days after publication in the Federal Register.

Large participants in international money transfers are defined in the proposed rule as companies that send at least one million aggregate annual international money transfers on behalf of U.S. senders to a designated recipient in a foreign country.  A company would be able to dispute whether it qualifies as a large participant.  Any company that meets the “large participant” criteria will be subject to examination by the CFPB.  Exams may involve site visits by CFPB staff, exam reports, supervisory letters, and compliance ratings.

If this topic sounds familiar, it may be because last October CFPB regulations relating to remittance transfers went into effect.  That remittance rule imposes consumer protection requirements on international money transfers, while this regulation distinguishes larger participants in the market and subjects them to supervisory authority.  This rule would authorize the CFPB to examine for compliance with the earlier remittance transfer rule and for compliance with other consumer financial laws.  In addition, the CFPB would coordinate with State regulatory authorities in examining larger participants of the international money transfer market. 

International money transfers may be cash-to-cash transfers, or may be initiated using credit cards, debit cards, or bank account debits.  The transfers may use websites, agent locations, stand-alone kiosks, or phone lines.  Funds sent abroad may be deposited directly onto prepaid cards, credited to mobile phone accounts, or transferred to consumers’ nonbank accounts identified by email addresses or mobile phone numbers.  All such transfers would come within the ambit of the proposed rule.

The CFPB requests comment on all aspects of the proposed rule, including on any appropriate modifications or exceptions to it.  In particular the CFPB asks whether measures other than the number of transfers should be adopted to determine who qualifies as a “larger participant”, and whether a threshold other than one million transactions is more appropriate.  Submitting comments provides a great opportunity to influence the ultimate regulation.

Industry participants and regulators alike have grappled with the burgeoning money transmitter market and regulatory environment.  This proposal adds one more brick to the wall of regulation sure to surround the industry.

–Holli Targan, Attorney and Partner, Jaffe, Raitt, Heuer & Weiss, P.C.

Holli Targan

Attorney & Partner

htargan@jaffelaw.com

NMLS Simplifies Money Transmitter Licensing

1 Jul

Nearly every state requires that money transmitters operating within the state obtain a money transmitter license.  Some states, such as New York, require money transmitters to obtain a license if they transact business with residents of the state, whether or not the company has an actual physical presence in the state.  The process of applying for money transmitter licenses and renewing those licenses every year is quite onerous.  The burden is magnified for companies operating nationally, requiring over forty different money transmitter licenses annually.

Good news for money transmitters: a number of states have recently joined forces to allow companies to complete one universal application or renewal form rather than individual applications and renewals for each state.

Since April 2012, money transmitters seeking to become licensed in participating states can simply complete a universal application located on the Nationwide Mortgage Licensing System (“NMLS”) website found here.

NMLS is a secure, web-based system created by state regulators to provide efficiencies in processing state licenses and to improve supervision of state regulated industries. Formed in 2008, NMLS originally began as a centralized, national repository for information related to mortgage companies.  Currently, NMLS is the sole system of licensure for certain mortgage companies in over 58 jurisdictions.  Over the last 2 years, NMLS has branched out to service state licensing in other areas, including money transmitter licenses.

There are currently 14 states that allow money transmitters to apply for and renew their licenses via NMLS. We anticipate that this number will continue to grow.  During 2013, 5 states joined, including 4 states since June 24th.

Due to the large number of states participating with the NMLS in the mortgage licensing sector, it is likely that more and more states will determine that participating with the NMLS with money transmitter licensing is a safe and efficient way for prospective and current money transmitters to apply for and renew their licenses.  This is sure to lighten the substantial burden imposed on companies attempting to comply with multiple licensing regulatory schemes.

Holli Targan

Attorney & Partner

htargan@jaffelaw.com

Money Transmitter Tip

20 May

checkMany state money transmitter licensing laws expressly state that if you provide money transmission services to persons in that state, no matter where you are located, then you must be licensed as a money transmitter under that state’s law.  For example, Hawaii’s Money Transmitter’s Act states that a company is engaged in providing money transmission in Hawaii if the company provides money transmitter services to persons in Hawaii, even if the company engaged in money transmission has no physical presence in Hawaii.  Similarly, California’s Money Transmission Act covers anyone who transmits money with, to, or from persons located in California.  This means that if your services are open to anyone in the US, including offering the services over the internet (i.e., you do not restrict your services geographically) you could be subject to the money transmitter laws in every applicable state.

Heather Maldegen-Long

Attorney

heamal@jaffelaw.com

Square and Illinois Money Transmitter Laws

2 Apr

Who needs a money transmitter license? This question was raised again in February when the Illinois Department of Financial & Professional Regulation (the “Department”) issued a Cease and Desist Order for Square, Inc., alleging that Square doesn’t have the license required to engage in money transmission services in the State of Illinois.

Under the Illinois Transmitters of Money Act, the term “transmitting money” means “the transmission of money by any means, including transmissions to or from locations within the United States … by payment instrument, facsimile or electronic transfer, or otherwise.” Under the Illinois Transmitters of Money Act businesses are required to obtain a money transmitter license in order to “transmit money”. That’s a pretty broad definition which arguably encompasses the activities of a large number of electronic payments providers. The Department alleged that Square offers and provides money transmission services, and thus, requires a money transmitter license to do business.

The Order highlights a problem our clients regularly encounter: Who is required to obtain a money transmitter license? The answer is a complicated one and requires careful analysis of the laws of every State where money transmissions are sent and received as well as where the money transmitter is located, and applicable Federal laws. For instance, money transmitters may also be money services businesses (MSBs), which are regulated under the Bank Secrecy Act. The Financial Crimes Enforcement Network (FinCEN) maintains a website listing all of the entities registered as MSBs pursuant to the Bank Secrecy Act.

Think no one is complying? The web site, which at the time of this posting was current as of March 29, 2013, contains data on 32,880 registered MSBs, which constitutes an increase of 134 MSB registrations in 4 days. Wow.

Our banking regulatory scheme hasn’t kept up with the way personal banking is done today. We should expect to see more regulations and Orders such as the one issued to Square as payment technologies continue to expand and offer payment options that exist outside of traditional payment channels with financial institutions.

Sarah Weston

Sarah Weston

Attorney & Partner

sweston@jaffelaw.com