Legal Framework for the Evolving Faster Payments Landscape

With the introduction of a variety of new, faster payment methods, including Same Day ACH, The Clearing House’s RTP® network, and Early Warning Services’ Zelle® payment service, the payments landscape is evolving rapidly. These systems and services are subject to an extensive set of legal requirements. Those aiming to understand this legal framework must look not only to laws and regulations, but also to payment system rules. Core laws include the Electronic Fund Transfer Act (EFTA) and its implementing regulation, Regulation E, and Article 4A of the Uniform Commercial Code (Article 4A). In many cases, the applicability and operation of these requirements, a financial institution’s obligations, and a customer’s rights are dependent on the nature and features of a particular payment transaction. This includes, for example, whether the transaction is a consumer or commercial transaction; whether funds are moved via a “debit pull” or a “credit push” payment; and whether the transaction is reversible or final.

Faster Payments Landscape

Same Day ACH is an upgrade to the existing Automated Clearing House (ACH) network that was enacted through revisions to the NACHA® Operating Rules. These changes added two new ACH clearing and settlement windows to the NACHA Operating Rules. Like all ACH transactions, Same Day ACH payments may be either debits or credits. Both Zelle and RTP are new offerings that allow for immediate transfers to end users, and allow for credit transfers only. However, their core features differ in important ways. Zelle is a payment service that allows financial institutions’ customers to initiate transactions using an alias (an e-mail address or phone number). Although the transactions clear nearly immediately, settlement occurs on a delayed basis primarily through the ACH system. RTP is an entirely new interbank payment system that allows account holders (both consumers and businesses) to send and receive credit push payments instantly, directly from and to their accounts at financial institutions. In contrast with Zelle, RTP payments both clear and settle immediately.

Payment System Operating Rules

Payments systems are governed by rules promulgated by the payment system operator or a designated rulemaking organization, such as the NACHA Operating Rules, Zelle Rules, and RTP Participation and Operating Rules. These rules set consistent expectations and operational requirements for the financial institutions that participate in a payment system. Such rules also serve as multilateral contracts that allow for scalability by removing the need for participants to enter into a contract with every other participant in the network. These rules supplement other laws and regulations, and in the case of 4A, may modify existing law. Another important function is to establish the allocation of loss among system participants, including with respect to unauthorized or erroneous payments. For example, under the NACHA Operating Rules, the bank that initiates an ACH debit warrants that the transaction is authorized. Thus, the financial responsibility for unauthorized ACH debits generally falls on the payee’s bank in that the payer’s bank may bring a breach of warranty claim against the payee’s bank.

Laws and Regulations

The limitation-of-liability and error resolution requirements of the EFTA and Regulation E are applicable to erroneous and unauthorized consumer payments conducted through Same Day ACH, Zelle, and RTP. Under Regulation E, consumers may notify their financial institution of errors (as defined in the regulation) within 60 days from when it sends the periodic statement that reflects the error. If notified of the error within the appropriate timeframe, a financial institution must investigate the error, report the results of its investigation to the consumer, and correct the error if it is determined that an error occurred. Accordingly, if a consumer claims that an error has been made with respect to a Same Day ACH, Zelle, or RTP Payment, the consumer’s financial institution must investigate the error, report the results of the investigation, and correct any error.

The requirements of Article 4-A of the New York Uniform Commercial Code apply with respect to erroneous or unauthorized transactions that are not subject to the EFTA, and applies to both commercial RTP transactions and commercial Same Day ACH credits. Article 4-A allocates responsibility for various errors between the parties to a funds transfer. With respect to commercial Same Day ACH credits (but not debits) and commercial RTP transactions, liability as between the payer and the payer’s financial institution will be determined based upon Article 4-A’s loss allocation framework.

General Loss Allocation Principles

The ultimate allocation of loss for an erroneous or unauthorized transaction differs based on the nature of the payment and, in particular, whether it is a debit or credit transaction, and often takes into consideration which party is best positioned to prevent the loss. For example, in a credit push system like RTP, the payer’s financial institution will have Regulation E obligations for unauthorized transactions from a consumer payer’s account. This obligation is independent of whether the consumer’s financial institution is able to recover funds from the payee’s financial institution. In other words, the financial responsibility for unauthorized RTP transactions falls to the sending financial institution. At a high level, the principle underlying this approach is that the payer’s financial institution should bear the loss because it is responsible for authenticating its customer and submitting the payment into the system, whereas the payee’s financial institution has simply received the transaction in a passive role. This is in contrast to debit-pull payment systems in which the payee’s financial institution (which originates the debit into the system) will generally have an obligation to repay another financial institution for an unauthorized transaction (through return or charge back rights) to a customer’s account at that institution. This includes, for example, the NACHA authorization warranty referenced above.

Which party is best positioned to prevent the loss is also an important principle underlying the allocation of loss between a consumer and a financial institution under the EFTA and Regulation E. Specifically, Regulation E’s error resolution and limitation-of-liability provisions are based on the premise that financial institutions are better positioned than consumers to prevent unauthorized transactions, and are expected to be responsible for errors caused by their systems. However, it is important to note that the EFTA and Regulation E are not intended to provide consumers with a remedy for all circumstances where they may have a complaint related to a payment, or where a consumer causes an erroneous transaction.

Evolving Regulatory Expectations

Not surprisingly, regulators are paying close attention to these new payment services and systems. For example, the CFPB has identified certain “long term actions” that are “potential rulemakings” to begin “beyond the immediate next 12 month period.” The list includes a “Regulation E modernization” effort to address, among other things, issues raised by new payment systems. The CFPB has noted it intends to consider and address how “providers of new and innovative products and services comply with regulatory requirements” and indicates that updates to disclosure provisions and error resolution requirements are under consideration. As the CFPB evaluates potential actions that may modify existing consumer rights and the related requirements for financial institutions, it will likely consider the features of the new, faster payment types described above and the efficacy of their payment system operating rules and existing consumer protection regulations. It will also be important that any such changes take into consideration appropriate incentives for both financial institutions and consumers to manage risk.