There seemingly are lots of new ways to make payments today. New apps for smart phones, new peer-to-peer payment networks, new currencies, and new ledger systems offer to meet the needs of U.S. consumers and businesses in ways that legacy payment methods do not. Many of these new ways to pay have improved end-user experience by providing more convenient or intuitive ways to initiate payments through legacy systems (such as the ability to accept card payments through a device that connects to a phone). In other cases, the underlying payment system through which payments are made is new (such as the ability to pay someone instantly with virtual currency through a distributed ledger system).
It does matter how you pay; however, the part that matters—from a legal perspective—is not the means of initiation (i.e., payment via mobile app) or infrastructure (i.e., blockchain), but rather who is providing the payment service to the payor and payee and the characteristics of the payment service.
This article’s focus is how payment-system and consumer-protection laws apply (or do not apply) to some of the new ways to pay. It should be noted that there are other important legal and regulatory frameworks that apply to payments, such as financial privacy, cyber and information security, Bank Secrecy Act/anti-money laundering, and economic sanctions, all of which are beyond the scope of this article.
The Legal Framework for Payments
One’s legal rights and responsibilities as a payor or payee for noncash payments are determined by payment-system laws—statutory, regulatory, and contractual. For example, if a payor instructs payment for $100, but through error or fraud the payee is instead paid $1,000, payment-system laws will determine who among the various parties to the payment takes the loss for the extra $900 received by the payee. When consumers are a payor or payee, certain statutory and regulatory consumer-protection laws may also apply to the payment.
With respect to payment-system laws, it should come as no surprise that different laws apply to different types of payments. At the state level, the Uniform Commercial Code (UCC) Articles 3 and 4 serve as the foundational laws for checks, and UCC Article 4A establishes the laws for wholesale wire transfers. These state laws generally may be supplemented or varied by agreement of the parties involved, or by clearinghouse or funds transfer system rule. For example, banks and image clearinghouses generally adopt the Electronic Check Clearing House Organization Rules (ECCHO Rules) to modify and supplement rights and responsibilities under the UCC to address issues unique to the interbank exchange of check images. Note, however, that the ability to vary the UCC by agreement or by clearinghouse or funds transfer system rule is not unlimited. For one thing, the UCC obligation to act in good faith may not be waived.
There is no statutory framework that serves as the basis for exchange of electronic debits through the Automated Clearing House (ACH) system, although commercial credits fall under UCC 4A. Banks rely on the Operating Rules of the National Automated Clearing House Association (NACHA), as adopted into ACH operator rules, both to establish the framework for the debits and to supplement the UCC 4A framework for commercial credits.
It is important to note that the scope of the laws and rules governing traditional noncash payment mechanisms—funds transfers, ACH, and checks—includes bank customers and banks, but does not necessarily contemplate or apply to nonbanks that serve as intermediaries to payors and payees or payments that are made through nonbank networks. Thus, the funds transfer process, under article 4A and the Federal Reserve’s Regulation J, begins with an instruction by an originator to its bank to pay or to cause another bank to pay a beneficiary, and the funds transfer ends when a bank for the beneficiary accepts an instruction to pay its customer. Likewise, the check collection process under article 4 and the Federal Reserve’s Regulations J and CC begins when an item is deposited with a depository bank, and typically ends when the payor bank pays the item. Similarly, under NACHA’s rules, an ACH payment begins with an authorization provided by a customer of a bank, is initiated to an ACH operator by a sending bank, and ends when the receiving bank has received and settled for the payment.
As further discussed below, this means that payment-system laws will not completely address—or may not address at all—issues that may arise for payors and payees whose payments do not begin and end at a bank.
With respect to consumer-protection laws, the primary federal laws in the payments area are: (i) the Electronic Fund Transfer Act (EFTA) and its implementing regulation, Regulation E, for consumer payments made via debit cards, ACH, payroll cards, prepaid accounts, and other consumer electronic funds transfers (discussed further below); and (ii) the Truth in Lending Act (TILA) and its implementing regulation, Regulation Z, for consumer payments via credit cards. These federal laws and regulations establish certain baseline consumer protections, such as disclosures, periodic statements, and most relevant to this article, limitation of liability for unauthorized payments and error-resolution requirements. These consumer protections generally cannot be varied by agreement.
Historically, the payments laws and consumer-protection laws described above provide mutually exclusive legal frameworks governing consumer funds transfers. In particular, the scope of article 4A by its own terms (Section 4A-108) generally excludes from its coverage funds transfers, any part of which is governed by EFTA. In turn, EFTA and Regulation E govern consumer funds transfers—specifically, “electronic fund transfers,” which include essentially any electronic transfer of funds to or from a consumer account, but excludes funds transfers sent by a financial institution on behalf of a consumer through a wholesale payment system (that is, a funds transfer system that is not designed primarily to transfer funds on behalf of consumers), such as a wire transfer system—as a result, those transfers would be covered by article 4A. In recent years, however, most state legislatures have taken steps to amend article 4A to permit some overlap with EFTA with respect to certain remittance transfers that became covered by EFTA and Regulation E as a result of the Dodd Frank Act.
In addition, federal consumer-protection laws historically were tied to payments made to or from consumer accounts held at banks. However, Regulation E’s remittance-transfer provisions apply to remittance-transfer providers that are both banks and nonbanks. Similarly, the Consumer Financial Protection Bureau (CFPB) finalized a new rule in early October that applies Regulation E’s disclosure, periodic statement, limitation of liability, and error-resolution requirements to prepaid accounts, regardless of whether the prepaid account is held by a bank or a nonbank. Specifically, the revised regulation defines a prepaid account to include a variety of payment products, including general purpose prepaid cards and nonbank payment services, such as digital wallets and payment networks, that involve an account that is either issued on a prepaid basis or capable of holding consumer funds. The new provisions become effective April 1, 2018 (although the CFPB also recently announced its decision to revisit certain substantive issues in the rule), and will cover many, but not all, nonbank payment services. Among the payment services that will fall outside the rule are those that only facilitate payments, but do not require consumers to have accounts with the service provider.
For payment services provided by nonbanks that fall outside the CFPB’s prepaid rule and remittance transfer rule, a consumer’s rights and responsibilities as a payor or payee primarily will be determined by the contractual terms that apply to the payment service. However, the consumer may have Regulation E protections for parts of a nonbank payment if the nonbank payment involves funds transfers to or from the consumer’s bank or prepaid account.
The scenarios below illustrate how a payor’s legal rights and responsibilities may vary depending upon whose payment service the payor uses.
Hypothetical 1: Person-to-Person Payment
CoolPay is a nonbank payment service that provides CoolPay accounts to its users and enables them to send funds to each other through its service. CoolPay makes payments in two ways. If a payor-user has funds in his or her CoolPay account, CoolPay will pay the payee through a book transfer: i.e., a debit entry to the payor’s CoolPay account and a credit entry to the payee’s Cool-Pay account. If a payor-user does not have funds in his or her account, CoolPay will initiate an ACH debit to the payor-user’s bank account and then credit the payee-user’s CoolPay account once CoolPay’s bank account is credited for the ACH debit it sent to the payor-user’s bank account.
Jane and George are CoolPay users. Jane uses CoolPay to send George $100 for his birthday. Although Jane is a CoolPay user, she does not keep funds in her CoolPay account. Hence, to effectuate the payment, CoolPay instructs its bank, Bank A, to send an ACH debit for $100 to Jane’s bank, Bank B. Once Bank A receives settlement from Bank B for the ACH debit, it credits CoolPay’s bank account. CoolPay then credits George’s CoolPay account for $100. What if CoolPay makes a mistake and credits Ted’s CoolPay account rather than George’s?
Given that CoolPay provides a payment service that enables consumers to hold funds in CoolPay accounts, CoolPay will be subject to the new prepaid account requirements of Regulation E, including its disclosure and error-resolution requirements, when it goes into effect. The rule will require CoolPay to: (i) disclose to Jane that she has error-resolution rights; and (ii) investigate the error upon timely notice from Jane that her bank account has been debited, but that George has not received his birthday money. CoolPay generally will be required to investigate and determine whether an error occurred within 10 days of Jane’s notice. If CoolPay determines that an error occurred, it must correct the error within one business day of such determination.
Note that, until the CFPB’s prepaid rule is effective, Jane’s ability to seek redress from CoolPay will be determined by the terms and conditions governing Jane’s use of the CoolPay service or possibly her state’s money transmission laws. It should further be noted that, due to the fact that the debit to Jane’s bank account was in the correct amount, it is unlikely that Jane could have sought redress from her bank for CoolPay’s error because the debit was authorized, in the correct amount, and her bank made no error is transmitting the funds to CoolPay’s account with Bank A.
It is also the case that, if CoolPay acted as only a payment facilitator and did not hold consumer funds in CoolPay accounts, the CFPB’s prepaid rule will not be applicable to Jane’s payment. She would again look to the terms and conditions of CoolPay’s service and her state’s money transmission laws for redress.
Hypothetical 2: Business-to-Business Payment
Company A and Company B are CoolPay users. Company A instructs CoolPay to pay Company B $10,000 via transfer from Company A’s CoolPay account to Company B’s CoolPay account. Company A has sufficient funds credited to its CoolPay account to pay for the transfer without the need to debit Company A’s bank account. Hence, CoolPay debits Company A’s CoolPay account for $10,000. However, CoolPay erroneously credits Company C’s CoolPay account rather than Company B’s CoolPay account.
If CoolPay were a bank, this type of error would be an error in execution. Under article 4A, if Company A’s bank paid a party other than the beneficiary Company A identified in its payment instruction, Company A would be entitled to a refund under article 4A’s money-back guarantee provisions for the amount of the payment. Company A’s bank could seek to recover the amount from Company C, but it would be required to refund Company A regardless of whether it does so. Under article 4A, the bank would not be permitted to vary its obligation to refund Company A by agreement.
In the absence of article 4A, the rights of Company A and CoolPay will be governed by the terms and conditions of CoolPay’s service, other agreements among the parties, and common law. In addition, if CoolPay’s terms are not favorable to Company A, it may find itself in court arguing by analogy to article 4A that CoolPay must provide a refund. If Company A is unable to recover from CoolPay, it may also be able to recover from Company C under CoolPay’s terms or common-law theories, but Company C, its jurisdiction, and a number of other factors will be completely unknown to Company A.
Hypothetical 3: Business-to-Business Payment with Distributed Ledger
Let us add a variation to the previous two examples where CoolPay provided payment services to the payor and payee: What if instead it is simply banks providing those services? Does it matter if those banks, in turn, choose to use a fundamentally new infrastructure, such as blockchain, to settle with each other?
Suppose Company A wishes to pay Company B $10,000 for products that it purchased. Company A has an account with Bank A, and Company B has an account with Bank B. Company A opts to make that $10,000 payment by a funds transfer from its account at Bank A to Company B’s account at Bank B. The funds transfer begins with a debit to Company A’s account on Bank A’s books (funds are withdrawn from the payor’s account), and ends with a credit to Company B’s account on Bank B’s books (funds are deposited into the payee’s account).
Suppose, however, that Bank A and Bank B do not have a direct relationship with each other that enables Bank A to credit an account it holds for Bank B, or for Bank B to debit an account it holds for Bank A. Instead, they choose to use blockchain technology—CoolChain—to clear and settle payment from Bank A to Bank B in real time on their own books. A detailed description of how the banks may use blockchain technology in this way is provided in a March 2016 article by Jessie Cheng and Benjamin Geva. In essence, blockchain technology allows banks with no direct relationship to establish trust and coordinate their actions to settle with each other.
Does the fact that the banks in the funds transfer opt to use CoolChain, rather than a traditional funds transfer system like CHIPS or Fedwire, to transact with each other in this way mean that the payment is outside the scope of article 4A? Not necessarily. Article 4A focuses on the type of entities involved, not the means by which they transact with each other. The primary focus of article 4A is the “funds transfer,” the transfer of bank credit from the payor to the payee. The hypothetical above—where Company A transmits an instruction to its bank, Bank A, to pay or cause another bank to pay Company B—falls within article 4A’s definition of “funds transfer” in section 4A-104. This remains so even where Bank A and Bank B happen to choose to use CoolChain or any other blockchain technology to settle with each other. That transfer is still a series of transactions, beginning with Company A’s payment order (Company A’s instructions to Bank A to pay or cause another bank, like Bank B, to pay a fixed amount of money to Company B) made for the purpose of making payment to Company B, the beneficiary of the order. Thus, Bank A’s and Bank B’s choice to use CoolChain to settle with each other would not remove the transfer from the ambit of article 4A.
Although article 4A can be read to apply to a funds transfer involving blockchain rails as a general matter, the application of the technology varies from blockchain to blockchain, and each implementation must be analyzed to determine whether or precisely how certain of its concepts map onto an article 4A framework. Thus, might the legacy article 4A concepts of “funds transfer system” apply to a network of banks that all use CoolChain and together agree to a certain set of payment rules governing their interbank rights and obligations? As described above, one could interpret section 4A-105(a)(5)’s definition of “funds transfer system” and its official commentary to say “yes,” even though the official commentary has not been updated to specifically recognize emerging systems that fundamentally differ from legacy payment rails. The same may not be true of another blockchain rail.
The robust competition for payment services in the United States offers consumers and businesses many ways to pay. However, the legal framework that applies to payments, and that ultimately determines the rights and responsibilities of consumers and businesses when they make and receive payments, is dependent upon a combination of whether the payments begin and end at a bank and, for consumers, the characteristics of the payment service.