Supporting Statement for the
Recordkeeping and Disclosure Requirements Associated with Regulation II
(Debit Card Interchange Fees and Routing)
(Reg II; OMB No. 7100- to be obtained)
Fraud Prevention (Docket No. R-1404) (RIN 7100-AD63)
Summary
The Board of Governors of the Federal Reserve System, under delegated authority from the Office of Management and Budget (OMB), is implementing the recordkeeping and disclosure requirements associated with Regulation II (Debit Card Interchange Fees and Routing) (Reg II; OMB No. 7100- to be obtained). The Paperwork Reduction Act (PRA) classifies reporting, recordkeeping, or disclosure requirements of a regulation as an “information collection.”1
On July 20, 2011, the Federal Reserve published a notice of interim final rulemaking (IFRM) in the Federal Register for public comment (76 FR 43478). The Federal Reserve adopted an IFRM and requested comment on provisions in Regulation II adopted in accordance with Section 920(a)(5) of the Electronic Fund Transfer Act (EFTA), which governs adjustments to debit interchange transaction fees for fraud-prevention costs. The information collections associated with the IFRM are located in section 235.4 of Regulation II (12 CFR part 235). The provisions allow an issuer to receive an adjustment of 1 cent to its interchange transaction fee if the issuer develops, implements, and updates policies and procedures reasonably designed to identify and prevent fraudulent electronic debit transactions; monitor the incidence of, reimbursements received for, and losses incurred from fraudulent electronic debit transactions; respond appropriately to suspicious electronic debit transactions so as to limit the fraud losses that may occur and prevent the occurrence of future fraudulent electronic debit transactions; and secure debit card and cardholder data. If an issuer meets these standards and wishes to receive the adjustment, it must notify its eligibility to receive the fraud-prevention adjustment to the payment card networks in which the issuer participates. The IFRM was effective October 1, 2011, the comment period expired on September 30, 2011. No comments were received specifically addressing the paperwork burden estimates.
On August 3, 2012, the Federal Reserve published a notice of final rulemaking (NFRM) in the Federal Register (77 FR 46258), revising the IFRM provisions. Under the final rule, an issuer will be eligible for an adjustment of no more than 1 cent per transaction--the same amount as in the interim final rule--if it develops and implements policies and procedures that are designed to reduce the occurrence and costs of fraudulent debit card transactions. The final rule makes changes simplifying the elements required to be included in an issuer's fraud-prevention policies and procedures. To receive an adjustment, an issuer will be required to review its fraud-prevention policies and procedures, and their implementation, at least annually. An issuer also will be required to update its policies and procedures as necessary in light of their effectiveness and cost-effectiveness and, as currently required, in light of changes in the types of fraud and available methods of fraud-prevention.
The NFRM retains and clarifies the requirement that an issuer that meets these standards and wishes to receive the adjustment must annually notify the payment card networks in which it participates of its eligibility to receive the adjustment. In addition, the final rule explicitly prohibits an issuer from receiving or charging a fraud-prevention adjustment if the issuer is substantially noncompliant with the Federal Reserve's fraud-prevention standards and describes steps an issuer must take once it becomes substantially noncompliant to become eligible to receive the fraud-prevention adjustment in the future. The amendments are effective on October 1, 2012.
The total annual burden for this information collection is estimated to be 113,364 hours for the 564 issuers regulated by the federal financial regulatory agencies required to comply with the recordkeeping and disclosure provisions under section 235.4 of Regulation II.2
Background and Justification
The Dodd-Frank Wall Street Reform and Consumer Protection Act (the Dodd-Frank Act)3 was enacted on July 21, 2010. Section 1075 of the Dodd-Frank Act amends the EFTA (15 U.S.C. § 1693 et seq.) by adding a new section 920 regarding interchange transaction fees and rules for payment card transactions.
Section 920 of the EFTA provides that, effective July 21, 2011, the amount of any interchange transaction fee that an issuer receives or charges with respect to an electronic debit transaction must be reasonable and proportional to the cost incurred by the issuer with respect to the transaction. This section requires the Federal Reserve to establish reasonable and proportional standards for assessing interchange transaction fees. The Federal Reserve has separately adopted a final rule implementing standards for assessing whether interchange transaction fees meet the requirements of section 920(a) and establishing rules regarding routing choice and network exclusivity required by section 920(b).
Under EFTA section 920(a)(5), the Federal Reserve may allow for an adjustment to an interchange transaction fee amount received or charged by an issuer if (1) such adjustment is reasonably necessary to make allowance for costs incurred by the issuer in preventing fraud in relation to electronic debit card transactions involving that issuer and (2) the issuer complies with fraud-prevention standards established by the Federal Reserve Board. Those standards must be designed to ensure that any adjustment is limited to the reasonably necessary fraud-prevention allowance described in clause (1) above; takes into account any fraud-related reimbursements received from consumers, merchants, or payment card networks (including amounts from chargebacks) in relation to electronic debit transactions involving the issuer; and requires issuers to take effective steps to reduce the occurrence of, and costs from, fraud in relation to electronic debit transactions, including through the development and implementation of cost-effective fraud-prevention technology.4
In issuing the standards and prescribing regulations for the adjustment, the Federal Reserve must consider (1) the nature, type, and occurrence of fraud in electronic debit transactions; (2) the extent to which the occurrence of fraud depends on whether the authentication in an electronic debit transaction is based on a signature, personal identification number (PIN), or other means; (3) the available and economical means by which fraud on electronic debit transactions may be reduced; (4) the fraud-prevention and data-security costs expended by each party involved in the electronic debit transactions (including consumers, persons who accept debit cards as a form of payment, financial institutions, retailers, and payment card networks); (5) the costs of fraudulent transactions absorbed by each party involved in such transactions (including consumers, persons who accept debit cards as a form of payment, financial institutions, retailers, and payment card networks); (6) the extent to which interchange transaction fees have in the past reduced or increased incentives for parties involved in electronic debit transactions to reduce fraud on such transactions; and (7) other such factors as the Federal Reserve Board considers appropriate.
Following the enactment of the Dodd-Frank Act, the Federal Reserve gathered information about fraud-prevention programs in the debit card industry in several ways. The Federal Reserve held numerous meetings with debit card issuers, payment card networks, merchant acquirers, merchants, industry trade associations, and consumer groups to discuss these programs. Topics discussed in those meetings included technological innovation in fraud prevention, fraud loss allocation among parties to electronic debit transactions, and fraud risk associated with different types of electronic debit transactions (e.g., signature and PIN debit transactions).
In September 2010, the Federal Reserve surveyed 131 bank holding companies and other financial institutions that, together with affiliates, have assets of $10 billion or more, and 16 payment card networks. As part of those surveys, the Federal Reserve gathered information about the nature, type, and occurrence of fraud in electronic debit transactions; the losses due to fraudulent transactions absorbed by parties involved in those transactions; and the fraud-prevention and data-security activities and costs and related research and development costs (herein, collectively, referred to as fraud-prevention activities and costs) incurred by issuers in 2009.5 From these surveys, the Federal Reserve was able to estimate industry-wide fraud losses to all parties of a debit card transaction and to perform a more detailed analysis of fraud losses by type of authentication method (e.g., PIN or signature). The survey data also provided an estimate of the loss allocation among parties to the transaction.6
Description of Information Collection
Issuers Standards - Section 235.4(b)(1) – The provisions in this section requires that in order to be eligible to receive or charge the fraud-prevention adjustment in paragraph (a), an issuer must develop and implement policies and procedures reasonably designed to take effective steps to reduce the occurrence of, and costs to all parties from, fraudulent electronic debit transactions, including through the development and implementation of cost-effective fraud-prevention technology.
Issuer’s Policies and Procedures - Section 235.4(b)(2) (recordkeeping) – The provisions in this section requires that an issuer’s policies and procedures address the following:
Methods to identify and prevent fraudulent electronic debit transactions;
Monitoring of the volume and value of its fraudulent electronic debit transactions;
Appropriate responses to suspicious electronic debit transactions in a manner designed to limit the costs to all parties from and prevent the occurrence of future fraudulent electronic debit transactions;
Methods to secure debit card and cardholder data; and
Such other factors as the issuer considers appropriate.
Review and Update Issuer Standards – Section 235.4(b)(3) (recordkeeping) - The provisions in this section requires that an issuer must review its fraud-prevention policies and procedures, and their implementation, at least annually, and update them as necessary in light of:
their effectiveness in reducing the occurrence of, and cost to all parties from, fraudulent electronic debit transactions involving the issuer;
their cost-effectiveness; and
changes in the types of fraud, methods used to commit fraud, and available methods of detecting and preventing fraudulent electronic debit transactions that the issuer identifies from:
its own experience or information,
information provided to the issuer by its payment card networks, law enforcement agencies, and fraud-monitoring groups in which the issuer participates, and
applicable supervisory guidance.
Notification and Change in Status - sections 235.4(c) & (d) (disclosure) – Section 235.4(c) requires that, to be eligible to receive or charge a fraud-prevention adjustment, an issuer must annually notify its PCNs that it complies with the standards under section 235.4(b). Section 235.4(d) requires that, within 30 days of receiving notification from the appropriate agency under section 235.9 that the issuer is substantially non-compliant with the standards set forth in section 235.4(b), the issuer must notify its PCNs that it is no longer eligible to receive or charge a fraud-prevention adjustment. The issuer must stop receiving and charging the fraud-prevention adjustment as soon as reasonably practical thereafter.
Time Schedule for Information Collection and Publication
The information collection pursuant to the disclosure requirement under section 235.4(c) & (d) must be provided to the payment card network annually as established by the law and regulation as discussed above. The information is not published.
Sensitive Questions
These collections of information contain no questions of a sensitive nature, as defined by OMB guidelines (e.g., ethnicity, sexual relationships, etc.).
Legal Status
The Board’s Legal Division has determined that section 1075 of the Dodd Frank Act (Public Law 111-203, 124 Stat. 1376 (2010)) authorizes the Federal Reserve to require these recordkeeping and disclosure requirements. The obligation of covered issuers to respond to this information collection is required to obtain or retain benefits. Since the Federal Reserve does not collect any information, no issue of confidentiality should arise.
Consultation Outside the Agency
On July 20, 2011, the Federal Reserve published an IFRM in the Federal Register for public comment (76 FR 43478). The comment period for this notice expired on September 30, 2011. No comments were received specifically addressing the paperwork burden estimates. One commenter, however, stated that it was difficult to determine whether the Federal Reserve’s estimate of 40 hours to review an issuer’s policies and procedures was adequate in light of the fact that the compliance burden could increase in the future should the standards become more specific. On August 3, 2012, the Federal Reserve published an NFRM in the Federal Register (77 FR 46258), revising the IFRM provisions.
Estimate of Respondent Burden
The total annual burden for Reg II is estimated to be 113,364 hours. The Federal Reserve estimates that the 564 issuers would take, on average, 160 hours (one month) to develop and implement policies and train staff to comply with the recordkeeping provisions under section 235.4. This one-time PRA burden is estimated to be 90,240 hours. On a continuing basis, the Federal Reserve estimates issuers would take, on average, 40 hours (one business week) annually to review its fraud prevention policies and procedures, updating them as necessary, and estimates the annual PRA burden to be 22,560 hours. The Federal Reserve estimates 564 issuers would take, on average, 30 minutes to comply with the annual notification provision under section 235.4(c); and 30 minutes to comply with the change in status notification provision under section 235.4(d); and estimates the annual reporting burden to be 564 hours. The Reg II recordkeeping and disclosure requirements represent less than 1 percent of the total Federal Reserve System paperwork burden.
Fraud Prevention |
Estimated number of respondents7 |
Estimated annual frequency |
Estimated average time per response |
Estimated annual burden hours |
Implement policies & procedures (section 235.4(b)(2)) (one-time) |
564 |
1 |
160 hours |
90,240 |
Review and update policies and procedures (section 235.4(b)(3)) |
564 |
1 |
40 hours |
22,560 |
Annual notification and change in status (sections 235.4(c) & (d)) |
564 |
1 |
1 hour |
564 |
Total |
|
|
|
113,364 |
The total cost to the public for this information collection is estimated to be $5,084,375.8
Estimate of Cost to the Federal Reserve System
The cost to the Federal Reserve System is negligible.
1 See 44 U.S.C. § 3501 et seq.
2 For purposes of the PRA, the Federal Reserve is estimating the burden for entities currently regulated by the Board, Office of the Comptroller of the Currency, Federal Deposit Insurance Corporation, and National Credit Union Administration (collectively, the ‘federal financial regulatory agencies’). Such entities may include, among others, State member banks, national banks, insured nonmember banks, savings associations, and Federally-chartered credit unions.
3 (Pub. L. No. 111-203, 124 Stat. 1376 (2010))
4 Regulation II defines electronic debit transaction (or “debit card transaction”) to mean the use of a debit card (which includes a general-use prepaid card), by a person as a form of payment in the United States to initiate a debit to an account. This term does not include transactions initiated at an automated teller machine (ATM), including cash withdrawals and balance transfers initiated at an ATM.
5 The surveys also requested information regarding the number of cards and accounts, the number and value of debit card transactions processed, interchange revenue received from networks, various costs associated with processing debit card transactions and operating a card program, and exclusivity arrangements and routing procedures.
6 The Board reported preliminary survey results in the proposed rule (See 75 FR 81740-41, Dec. 28, 2010). Since that time, the Board has further analyzed the data and addressed a number of minor problems, changing the number of usable responses. For example, some issuers provided fraud loss for certain types of fraud but did not report total fraud losses. In those instances, the sum of the reported fraud losses was used as that respondent’s total fraud loss. In other instances, issuers misreported total fraud losses in a different field. Those totals were included in subsequent analysis of the data. In addition, prepaid fraud loss and fraud-prevention cost data have been included where appropriate. Therefore, in certain instances, some data reported in the initial proposal have changed. These data are reported separately (see “2009 Interchange Revenue, Covered Issuer Cost, and Covered Issuer and Merchant Fraud Loss Related to Debit Card Transactions” published on the Federal Reserve Board’s public web-site at www.federalreserve.gov).
7 Of these respondents, it is estimated that none would be small entities as defined by the Small Business Administration (i.e., entities with less than $175 million in total assets) www.sba.gov/contractingopportunities/officials/size/table/index.html.
8 Total cost to the public was estimated using the following formula: percent of staff time, multiplied by annual burden hours, multiplied by hourly rate (30% Office & Administrative Support @ $17, 45% Financial Managers @ $52, 15% Legal Counsel @ $55, and 10% Chief Executives @ $81). Hourly rate for each occupational group are the median hourly wages (rounded up) from the Bureau of Labor and Statistics (BLS), Occupational Employment and Wages 2011, www.bls.gov/news.release/ocwage.nr0.htm Occupations are defined using the BLS Occupational Classification System, www.bls.gov/soc/
File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
Author | Cindy Ayouch |
File Modified | 0000-00-00 |
File Created | 2021-01-31 |