| Booklet:
Retail
Payment Systems Section: Retail Payment Systems Risk Management Subsection: Legal (Compliance) Risk |
|||||||||||||||||||||||||||
Legal risk is the risk arising from failure to comply with statutory or regulatory obligations. Legal risk also arises if the rights and obligations of parties involved in a payment are subject to considerable uncertainty, for example if a payment participant declares bankruptcy. Legal disputes that delay or prevent the resolution of payment settlement can cause credit, liquidity, or reputation risks at individual institutions. Though unlikely, these disputes can also potentially cause systemic risk to the payments system. Such legal problems are more likely to result from the failure of a financial institution than the default of an individual payer. Individual default is more prevalent and has often been addressed in existing law.
Legal risk can result from a financial institution’s failure to comply with the bylaws and contractual agreements established with the bankcard associations, clearinghouses, and other counter-parties with which it participates in processing, clearing, and settling retail payment transactions.
Legal risk also arises from noncompliance with existing consumer protection statutes, regulations, and case law governing retail payment transactions (e.g., Gramm–Leach–Bliley Act (GLBA), Truth in Lending Act, Regulation CC, and Regulation E). Customer retail payment transaction records and corresponding account information are subject to the GLBA 501(b) provisions, and financial institutions must establish effective safeguards for protecting this customer information.
Legal measures should ensure compliance with specific laws and regulations pertinent to retail payment systems. They should also ensure compliance with general consumer protection rules that allocate responsibility and establish the minimum procedural measures that must be fulfilled before shifting the responsibility to another party. Contractual terms may further define responsibilities within the legal framework, and contracts between financial institutions, customers, and third-party service providers may further integrate risk-sharing responsibilities applicable to payments made through a specific clearing or settlement arrangement.
The bylaws and agreements between clearinghouse participants and bankcard associations include specific responsibilities and liabilities. Financial institutions should assess the risks of agreeing to such bylaws and agreements. Financial institutions and third-party service providers that do not comply with the appropriate bylaws and agreements of bankcard associations and clearinghouses can be fined or lose their memberships.
Patriot
Act
The USA Patriot Act contains measures to prevent, detect, and prosecute
terrorism and international money laundering. Such acts may be perpetrated
using retail payment systems. These acts may occur in many ways, including
those in which a financial institution does not properly authenticate
its accountholders for retail payment transactions. Title III of the USA
Patriot Act amends the Bank Secrecy Act and provides the Treasury Department
and federal agencies with enhanced authority to combat international money
laundering and block terrorist access to the U.S. financial system. Sections
311, 312, 313, 314, and 319 generally require U. S. financial institutions
to establish appropriate and, if necessary, enhanced due diligence procedures
to detect and report instances of money laundering and terrorist activity.
In addition, section 326 requires financial institutions to document authentication
of various payment accounts and maintain that documentation.