2023 is abuzz with anticipation. From the much-lauded launch of FedNow to the continued ripple effects of digital transformation, payments as we know them are changing. Coupled with economic and competitive pressures, payments organizations from small credit unions to behemoth banks to FinTechs are all bearing the weight of these shifts. This year promises to bring events that will leave lasting impacts in the areas of innovation, regulation, compliance, risk, and fraud.
With these developments in mind, I sat down with the following five NEACH team members to have a discussion of what our members should keep top of mind this year:
- Sean Carter, AAP, NCP, President & CEO
- Mark Dixon, AAP, APRP, NCP, Vice President, Education
- Elyssa Morgan, AAP, Vice President, Membership
- Sandy Ortins, AAP, APRP, NCP, Senior Vice President, Operations
- Rayleen M. Pirnie, BCJ, AAP, CERP, Director, Risk & Fraud
What follows is an excerpt of our conversation.
Casali: I see innovation as the primary area of focus for FIs this year. I think members should be looking at innovation in banking in general to see how they can accomplish the modernization of their platforms to support services like FedNow and others that will emerge in the future. What do you think innovation priorities should be this year?
Ortins: It’s no surprise customers want everything immediately: The response from the industry is innovation and there is no shortage of FinTechs more than willing to oblige. I don’t see innovation slowing down, I think at this point FIs need to determine what road they want to take and put in all the checks and balances they need to protect themselves and the consumers.
Dixon: I agree. For our members, a big innovation piece will be FedNow and trying to figure out when they want to deploy and how it will benefit customers or members, but there are a lot of other opportunities from an industry standpoint. For example, the banking-as-a-service model, which essentially asks, “How can we look at strategic partnerships that could benefit customers and members and put ourselves in a position to evolve as industry?” From an evaluation and strategy standpoint, ask how you can maximize opportunities.
Morgan: It’s almost like flipping it and looking at opportunity from the place of challenge. FIs face challenges on every front, so how can they compete and be the first choice? By partnering with FinTechs. Because these strategic partnerships will help you innovate and stay competitive.
Pirnie: Given that I am a fraud investigator who is rather risk-adverse, when I read about how various industries and associations are attempting to innovate in the payments space, my brain immediately starts identifying the risks and fraud potential. Institutions and businesses have to adapt to current technology and their customers’ demands, but I fear some are too often adopting “the bright, shiny, new thing” for the sake of doing so without really understanding the potential ramifications. Before adopting a new payment option, be sure you do your homework and understand the contract you are signing for the service. Likely, the new “bright, shiny” service will include a clause where the FI is completely liable for losses/claims, not the platform or provider.
Carter: That’s very good advice. And along with it, FIs should make sure they consider innovation for internal operations. CFOs may be looking harder at bottom-line impacts as the state of the economy remains in flux and that may give rise to innovation in an effort to become more efficient in areas of compliance and risk management.
Casali: Good point. What about compliance? What do FIs need to watch for in 2023?
Pirnie: There are so many compliance changes and challenges facing institutions today. Every year the list of “must know” gets longer, especially considering entities passing Rules/Laws on businesses that can have a direct impact on an FI (even if it doesn’t fall under the intended governance scope). Don’t forget to keep tabs on compliance changes, like a war in a foreign land creating (almost daily) new sanctions you have to monitor for, payment network rules changes, and unique Regulator expectations, even if those expectations aren’t law or clearly defined in the beginning, like the CFPB and FDIC “Junk Fees” Initiatives.
Ortins: Agreed. And we can’t lose sight of the tried-and-true compliance challenges, like Regulation E. In the years I have been at NEACH, the number one point of confusion members have is with Regulation E. With instant payments and Regulation J for FedNow clearly stating that these transactions are subject to Reg E, employees of the FI have to understand how to be compliant with consumer protection laws.
Carter: And with the increased usage of P2P payment providers, Reg E will continue to be a key area of compliance focus.
Dixon: Which comes back to Rayleen’s point about the CFPB. Regulators are honing in on crypto and FedNow requirements and looking to put more formality in place. We need to keep an eye on what the CFPB is doing and figure out what consumer protection will look like in this evolving ecosystem and what that looks like on the Uniform Commercial Code side.
Morgan: All of these are notable examples, but let’s also not forget about the standard scrutiny around the Bank Secrecy Act (BSA) . Continue to know your customer and understand their activity and monitor for suspicious activity because that’s how a lot of the schemes get through.
Casali: To that end, fraud has gotten more complicated, and bad guys are getting more sophisticated. It will continue to be a battle for members to avoid fraud. How do you think fraud may continue to evolve?
Dixon: Definitely. Fraudsters will look for weaknesses, and if instant payments are offered widely without the right controls, they will work to get in there and take advantage of it. Later in 2023, I expect we’ll see fraud trends surrounding instant payments come to fruition. In addition, Request for Payment functionality will be used more widely than before, and that will be high-risk too, giving people the functionality to say, “Pay me.” That will be more exclusive to RTP at this point, but FIs need to consider it in their customer education.
Ortins: 100 percent. I think that FIs need to take a more aggressive approach to educate consumers on fraud scenarios to assist, and they need to fully understand how all their systems work and look for any red flags that they see and escalate them. The best way to stop the bleeding, per se, is to get ahead of it.
Carter: And if the economy does what some people project and unemployment grows, it could lead to an even bigger rise in work-from-home and money mule scams. FIs are really going to have to double-down on their fraud protection.
Morgan: The main message here is FIs need to drill fraud prevention into their customers/members and originators to make sure they know about fraud. Because at the end of the day, the organization that provides the channel for fraud is so often on the hook.
Pirnie: Plus, fraud tactics change faster than many FIs can keep up with. FIs must connect with industry groups to keep tabs on fraud trends, updated red flags, investigation strategies, correlating laws/Regs/Compliance obligations, etc. to stay ahead of it.
Casali: Right, because shifts in fraud trends drastically impact an FI’s risk profile. But risk management extends far beyond fraud evaluations alone. FIs will face a bigger focus on risk and risk management, reassessing their systems based on how new payment channels like FedNow will impact them. Does it present any new risks, including strategic risk? What if they don’t offer instant payments? Is that a risk for them? What if they do offer instant payments, is that a risk for them? What risk developments will be ones to watch this year?
Ortins: With innovation and faster payments being all the rage, FIs need to understand any time they allow for more flexibility, more payment applications, there is risk involved. There is no reward without risk, but the key is mitigation. There is no greater risk than lack of knowledge of your product offerings. There should be no rush to implement anything. All systems should be vetted and fully understood before opening it up to the great customer base.
Morgan: And to build on that, FIs have to consider third-party risk. Reliance on a third party means that as the FI, you need to make sure they have it together and are meeting the expectations of service level agreements. FIs also have to plan for business continuity with disruption in or around those lines. It comes down to having solid relationships and doing due diligence with third parties.
Dixon: Faster payments fraud also is going to be enabled by those third parties. FIs need to look at their fraud solutions and internal risk mitigation and make sure they are adequate for evolving technology, including real-time fraud monitoring. Think about interoperability of systems and how you are pushing technology partners. You need to look at a partner analysis and understand what they are doing on that front to identify any holes in your risk strategy.
Pirnie: There is risk in everything we do, and every employee has to be a risk manager. It might be frontline staff encountering fraudsters opening a fraudulent account or cashing a counterfeit check, or Operations weighing how to handle suspect activity, compliance investigating a potential money mule, or management considering enhanced risk management tools. We all have a role in risk identification and management.
Carter: And let’s not forget the potential economic pressures on businesses as a key risk factor. Companies utilizing payment services like ACH, wire, and RDC should be looked at with an eye toward how a potential recession may impact their ability to fund transactions. Not all businesses will be impacted, but there will be turmoil in certain industries and that needs to be part of how these users of payments are assessed.
Casali: And with increased activity from CFPB, we can expect a hyper-vigilance around economic impacts on consumers but also some potential challenges. I think Congress is going to question the role of regulators in banking and that will cause a hiccup in regulation. The other area is what is Congress going to do with crypto? It’s shaping up to be a regulation-centric year.
Pirnie: In the regulatory space, I would strongly suggest every institution keep a very close eye on the CFPB and regulator initiatives related to changing the Electronic Funds Transfer Act (EFTA) which will open the proverbial door to increase FI liability under Regulation E when a consumer claims that although they “authorized” a transfer or payment, they were “fraudulently induced” into doing so. We saw a couple of House Bills in 2022 with a distinct focus on protecting consumers from payment scams, and numerous conversations in the Senate Banking Committee with the same focus that all amount to changing the definition of “unauthorized” to include “fraudulently induced” transactions where the consumer did technically authorize, but similar to “buyer’s remorse,” realizes maybe they should not have because it was a scam. This would create a situation where the FI must investigate and resolve a dispute of an item that has a valid authorization because the consumer was fraudulently induced into initiating the transfer, common among romance scams, work-from-home, and other money mule activities.
Ortins: In my opinion, regulation is the topic on which members need to pay the most attention. All the CFPB and Hill activity shows that regulations may be changing; impacts on financial institutions may be large. Nacha has even updated their Risk Framework to include RDFIs for credit push payments to have more liability on what accounts these payments are posting to. There seems to be a shift that is putting liability on the RDFI to ensure these credits are correct. All this combined with FedNow launching, I envision more scrutiny on credit payments, and regulations will be created or updated to ensure that credit payments are authorized and not fraudulent.
Morgan: And the impacts to Regulation E interpretations will be significant. It’s going to be critical that staff truly understand the requirements and error resolution process to protect the FI.
Dixon: Regulation E will be the one to watch this year, and as Joe referenced, whatever regulators and legislators decide on the crypto front will be important for the business of banking.
Carter: That’s for sure. Due to the fallout with FTX, we probably can assume there will be more formal regulatory response—even beyond the guidance that was issued earlier this month—for organizations dealing with cryptocurrencies. This regulatory response may be welcome news for some that are waiting to see how this market will be regulated prior to getting into the space themselves.
THE YEAR AHEAD
2023 will be a lot for payments but it also brings significant opportunity. I feel it’s generally a regrouping year--a year where, based on new information, you reassess the direction and strategy you want to pursue, creating new opportunities in the dynamic environment.
For example, you may want to evaluate the overall innovation of all of your systems. It’s not just going to be innovating around one area of the FI, but how each of these areas—risk and fraud mitigation, compliance, regulation, technology, etc.—come together to support a new way of operating. If you want to introduce instant payments, you may be looking at artificial intelligence as a component of your launch strategy. It’s about ensuring systems support you into the future.
NEACH will be here to support you in doing just that. Through our Innovating Payments community, new education, upcoming Wrestling Payments podcast, and a number of other initiatives, we will be providing the information you need to navigate and excel this year, and we’re looking forward to being part of your unique journeys.
AUTHOR: Joe Casali, AAP, NCP
Executive Vice President
As the EVP of Payments Innovation for NEACH, Joe focuses on exploring innovative solutions and technologies that will help position members for success, both now and in the future. Connect with Joe to read more of his blogs, articles, and posts.