FDIC Warns There are no Safe Harbors for Mobile Payments

In a recent article from the FDIC’s Supervisory Insights publication mobile payments are discussed in terms of understanding and managing risk for financial institutions. The FDIC states that banks may find that effective risk management with mobile payments requires partnering with several specialized parties, but also cautions that innovations in the mobile marketplace are driven by entrepreneurial companies and startups which tend to be less familiar with the supervisory expectations that apply to financial institutions and their service providers.


In their recent publication the FDIC warns that there are no “safe harbors” for mobile payments and that the same regulatory expectations associated with other financial services delivered through traditional channels apply to the mobile channel as well. The article goes on to say that while no federal laws or regulations specifically govern mobile payments today, to the extent a mobile payment uses an existing payment method (such as ACH or credit card funded mobile transactions), the regulations and laws that apply to that payment method apply to it being used with a mobile payment. This includes important legislation such as Regulation E, Regulation Z, anti-money laundering (AML) requirements, the Truth-in-Billing Act, Consumer Financial Protection Act, Graham-Leach-Biley Act Privacy and Data Security Provisions, as well as the Federal Deposit and NCUA Share Insurance requirements. As mobile payments continue to evolve, a financial institution’s oversight of their third-party relationships will become more important.


Another important topic discussed in this FDIC publication is disintermediation, which refers to removing an intermediary in a transaction between multiple parties, and in this context refers to financial institutions being displaced by non-banks in the mobile payments marketplace. The article also cautions that financial institutions should not assume their place in the mobile marketplace is guaranteed just because they are a key part of the existing payments infrastructure. The article mentions a scenario where the multiple intermediary roles financial institutions serve in the payment process are consolidated. In addition to reduced business opportunities, other negative implications of disintermediation include loss of access to consumer and transactional data which is often used for anomaly and fraud detection.


This article from the FDIC’s Supervisory Insights publication released at the end of 2012 brings up several implications for 2013 and beyond. The FDIC notes in the article that mobile payments and smartphone ownership are growing, and although they predict a three to five year time frame before mobile payments achieve strong adoption, they are forewarning financial institutions of the possibility that they could serve a more limited role in the mobile payment process. This gradual disintermediation of banks as the primary provider of mobile payments to non-bank entities marks a major shift in the payments landscape as Google, PayPal, mobile carrier and merchant consortiums compete in the mobile space. These are important implications to keep an eye on in the coming years as this can lead to less business opportunity and revenue for financial institutions and less transactional data for fraud and anomaly detection as mobile payments and non-bank mobile payment providers continue to grow.


For more information:


FDIC Supervisory Insights Winter 2012 – Vol. 9, Issuer 2


The FDIC Urges Banks to Ride Herd on Their Mobile-Payment Partners