[Federal Register Volume 90, Number 117 (Friday, June 20, 2025)]
[Notices]
[Pages 26293-26298]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2025-11280]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF THE TREASURY
Office of the Comptroller of the Currency
[Docket ID OCC-2025-0009]
FEDERAL RESERVE SYSTEM
[Docket No. OP-1866]
FEDERAL DEPOSIT INSURANCE CORPORATION
RIN 3064-ZA49
Request for Information on Potential Actions To Address Payments
Fraud
AGENCY: Office of the Comptroller of the Currency, Treasury; Board of
Governors of the Federal Reserve System; and Federal Deposit Insurance
Corporation.
ACTION: Request for information and comment.
-----------------------------------------------------------------------
SUMMARY: The Office of the Comptroller of the Currency (OCC), Treasury;
the Board of Governors of the Federal Reserve System (Board); and the
Federal Deposit Insurance Corporation (FDIC) seek public input on
questions related to payments fraud. This request for information (RFI)
offers the opportunity for interested stakeholders to identify ways
that the OCC, the Federal Reserve System (FRS), and the FDIC could take
actions collectively or independently in their varying respective roles
to help consumers, businesses, and financial institutions mitigate
check, automated clearing house (ACH), wire, and instant payments
fraud.
DATES: Comments must be received by September 18, 2025.
ADDRESSES: Comments should be directed to:
OCC: Commenters are encouraged to submit comments through the
Federal eRulemaking Portal, if possible. Please use the title ``Request
for Information on Potential Actions to Address Payments Fraud'' to
facilitate the organization and distribution of the comments. You may
submit comments by any of the following methods:
Federal eRulemaking Portal--Regulations.gov: Go to https://www.regulations.gov. Enter ``Docket ID OCC-2025-0009'' in the Search
Box and click ``Search.'' Public comments can be submitted via the
``Comment'' box below the displayed document information or by clicking
on the document title and then clicking the ``Comment'' box on the top-
left side of the screen. For help with submitting effective comments,
please click on ``Commenter's Checklist.'' For assistance with the
Regulations.gov site, please call 1-866-498-2945 (toll free) Monday-
Friday, 8:00 a.m. to 7:00 p.m. ET, or email
[email protected].
Mail: Chief Counsel's Office, Attention: Comment
Processing, Office of the Comptroller of the Currency, 400 7th Street
SW Suite 3E-218, Washington, DC 20219.
Hand Delivery/Courier: 400 7th Street SW, Suite 3E-218,
Washington, DC 20219.
Instructions: You must include ``OCC'' as the agency name and
``Docket ID OCC-2025-0009'' in your comment. In general, the OCC will
enter all comments received into the docket and publish the comments on
the Regulations.gov website without change, including any business or
personal information provided such as name and address information,
email addresses, or phone numbers. Comments received, including
attachments and other supporting materials, are part of the public
record and subject to public disclosure. Do not include any information
in your comment or supporting materials that you consider confidential
or inappropriate for public disclosure.
You may review comments and other related materials that pertain to
this action by the following method:
Viewing Comments Electronically--Regulations.gov: Go to
https://regulations.gov/. Enter ``Docket ID OCC-2025-0009'' in the
Search Box and click ``Search.'' Click on the ``Dockets'' tab and then
the document's title. After clicking the document's title, click the
``Browse All Comments'' tab. Comments can be viewed and filtered by
clicking on the ``Sort By'' drop-down on the right side of the screen
or the ``Refine Comments Results'' options on the left side of the
screen. Supporting materials can be viewed by clicking on the ``Browse
Documents'' tab. Click on the ``Sort By'' drop-down on the right side
of the screen or the ``Refine Results'' options on the left side of the
screen checking the ``Supporting & Related Materials'' checkbox. For
assistance with the Regulations.gov site, please call 1-866-498-2945
(toll free) Monday-Friday, 8:00 a.m. to 7:00 p.m. eastern time (ET), or
email [email protected].
The docket may be viewed after the close of the comment period in
the same manner as during the comment period.
Board: You may submit comments, identified by Docket No. OP-1866,
by any of the following methods:
Agency Website: https://www.federalreserve.gov/apps/proposals/. Follow the instructions for submitting comments, including
attachments. Preferred Method.
Federal eRulemaking Portal: http://www.regulations.gov.
Follow the instructions for submitting comments.
Email: [email protected]. You must include docket
number and RIN in the subject line of the message.
FAX: (202) 452-3819 or (202) 452-3102.
Mail, Courier and Hand Delivery: Ann Misback, Secretary,
Board of Governors of the Federal Reserve System, 20th Street and
Constitution Avenue NW, Washington, DC 20551.
Instructions: All public comments are available from the Board's
website at https://www.federalreserve.gov/apps/proposals/ as submitted,
unless modified for technical reasons. Accordingly, comments will not
be edited to remove any identifying or contact information. Public
comments may also be viewed electronically or in paper form in Room M-
4365A, 2001 C Street NW, Washington, DC 20551, between 9:00 a.m. and
5:00 p.m. on federal weekdays. For security reasons, the Board requires
that visitors make an appointment to inspect comments. You may do so by
calling (202) 452-3684. Upon arrival, visitors will be required to
[[Page 26294]]
present valid government-issued photo identification and to submit to
security screening in order to inspect and photocopy comments. For
users of TTY-TRS, please call 711 from any telephone, anywhere in the
United States.
FDIC: Interested parties are invited to submit written comments,
identified by RIN 3064-ZA49, by any of the following methods:
Agency Website: https://www.fdic.gov/resources/regulations/federal-register-publications/. Follow the instructions for
submitting comments on the agency website.
Email: [email protected]. Include RIN 3064-ZA49 in the
subject line of the message.
Mail: Jennifer M. Jones, Deputy Executive Secretary,
Attention: Comments--RIN 3064-ZA49, Federal Deposit Insurance
Corporation, 550 17th Street NW, Washington, DC 20429.
Hand Delivery: Comments may be hand delivered to the guard
station at the rear of the 550 17th Street NW building (located on F
Street NW) on business days between 7 a.m. and 5 p.m.
Public Inspection: Comments received, including any
personal information provided, may be posted without change to https://www.fdic.gov/resources/regulations/federal-register-publications/.
Commenters should submit only information that the commenter wishes to
make available publicly. The FDIC may review, redact, or refrain from
posting all or any portion of any comment that it may deem to be
inappropriate for publication, such as irrelevant or obscene material.
The FDIC may post only a single representative example of identical or
substantially identical comments, and in such cases will generally
identify the number of identical or substantially identical comments
represented by the posted example. All comments that have been
redacted, as well as those that have not been posted, that contain
comments on the merits of this document will be retained in the public
comment file and will be considered as required under all applicable
laws. All comments may be accessible under the Freedom of Information
Act.
FOR FURTHER INFORMATION CONTACT:
OCC: Tracy Chin, Director, Payments Systems Policy, Office of the
Chief National Bank Examiner, (202) 649-6550; Eric Ellis, Director,
BSA/AML Policy, Office of the Chief National Bank Examiner, (202) 649-
5470; Candace Matzenauer, Director, Consumer Compliance Policy, Office
of the Chief National Bank Examiner, (202) 649-5470; Andrew Davis,
Counsel, Chief Counsel's Office, 202-649-5490, Office of the
Comptroller of the Currency, 400 7th Street SW, Washington, DC 20219.
If you are deaf, hard of hearing or have a speech disability, please
dial 7-1-1 to access telecommunications relay services.
Board: Larkin Turman, Senior Financial Institution Policy Analyst,
and Ian Spear, Deputy Associate Director, Division of Reserve Bank
Operations and Payment Systems; Caterina Petrucco-Littleton, Deputy
Associate Director, Division of Consumer and Community Affairs; Suzanne
Williams, Deputy Associate Director, and Jinai Holmes, Manager,
Division of Supervision and Regulation; Cody Gaffney, Counsel, and
Andrew Ruben, Counsel, Legal Division, at (202) 452-3000. For users of
text telephone systems (TTY) or any TTY-based Telecommunications Relay
Services, please call 711 from any telephone, anywhere in the United
States.
FDIC: Michael Benardo, Associate Director, Division of Risk
Management Supervision, (703) 835-0149, [email protected]; Fu-Jan
Huang, Senior Examination Specialist, Division of Risk Management
Supervision, (917) 320-2867, [email protected]; Luke Brown, Associate
Director, Division of Depositor and Consumer Protection, (202) 898-
3842; Dawnelle Guyette, Senior Policy Analyst, Division of Depositor
and Consumer Protection, (816) 234-8130, [email protected]; Ardie
Hollifield, Senior Policy Analyst, Division of Depositor and Consumer
Protection, (202) 898-6638, [email protected]; Deborah Tobolowsky,
Counsel, Legal Division, (571) 858-8136, [email protected].
SUPPLEMENTARY INFORMATION:
I. Introduction
Payments fraud inflicts significant harm on consumers, businesses,
and financial institutions. Payments fraud also has the potential to
erode public trust in--and undermine the safety, accessibility, and
efficiency of--the nation's payments system, upon which the U.S.
financial system depends. As part of their objectives to promote the
safety of the U.S. financial system, the FRS, FDIC, and OCC have
overlapping but also discrete roles and authorities related to the
issue of payments fraud. For example, the Board, FDIC, and OCC all
engage in supervision of financial institutions. In addition to
supervising financial institutions, the FDIC has the distinct mission
to maintain stability and public confidence in the nation's financial
system as the insurer of bank deposits. The FRS, which includes the
Board and the Federal Reserve Banks (Reserve Banks), also focuses on
payment system safety as a payment system operator and catalyst for
payment system improvements. Therefore, the FRS, FDIC, and OCC are each
interested in exploring ways to help mitigate risk of payments fraud.
Given that the FRS, FDIC, and OCC have specific differing roles and
authorities, this mitigation could take the form of collective action
where roles align, such as joint supervisory guidance, or independent
action where roles differ, such as changes to the payment systems
operated by the Reserve Banks.
II. Background
While there is no consensus on the definition of ``payments
fraud,'' for purposes of this RFI, ``payments fraud'' generally refers
to the use of illegal means, including intentional deception,
misrepresentation, or manipulation, to make or receive payments for
personal gain.\1\ The term ``payments fraud'' also includes scams, a
subset of fraud.\2\
---------------------------------------------------------------------------
\1\ See U.S. Government Accountability Office, Improper Payments
and Fraud: How They Are Related but Different (Dec. 7, 2023),
https://www.gao.gov/assets/d24106608.pdf and U.S. Department of
Justice, Bureau of Justice Statistics, Financial Fraud, https://bjs.ojp.gov/taxonomy/term/financial-fraud.
\2\ See Federal Reserve, FedPayments Improvement, Defined Scams
to Fight Scams, https://fedpaymentsimprovement.org/news/blog/defined-scams-to-fight-scams.
---------------------------------------------------------------------------
Many sources indicate that payments fraud is growing. For example,
according to data from the Federal Trade Commission (FTC), losses
reported for noncard payments fraud increased 271 percent between 2020
and 2024.\3\ Data from the U.S. Department of the Treasury's Financial
Crimes Enforcement Network (FinCEN) show that the number of Suspicious
Activity Reports (SARs) filed related to check, ACH, and wire fraud
have increased 489 percent between 2014 and 2024.\4\
---------------------------------------------------------------------------
\3\ See FTC Consumer Sentinel Network Fraud Reports, All Fraud
Reports by Payment Method, https://public.tableau.com/app/profile/federal.trade.commission/viz/FraudReports/FraudFacts (``Payment &
Contact Methods'' tab). Specifically, these figures indicate that
fraud reports for payments apps or services, bank transfers or
payments, wire transfers, and checks have increased from 145,358 in
2020, resulting in a loss of $806 million, to more than 188,000 in
2024, resulting in a loss of $2.99 billion.
\4\ Compare FinCEN, SAR Filings by Industry--Depository
Institution, https://www.fincen.gov/reports/sar-stats/sar-filings-industry (Exhibit 5: Number of Filings by Type of Suspicious
Activity from Depository Institution Industry, 2024 data) with
FinCEN, Suspicious Activity Report Statistics (SAR Stats), https://www.fincen.gov/reports/sar-stats (Industry Type: Depository
Institution, Year & Month: 2024 (all months), Suspicious Activity
Category/Type: Fraud > ACH, Check, Wire).
---------------------------------------------------------------------------
The rise in check fraud is particularly notable. Numerous sources
report increasing levels of check fraud in
[[Page 26295]]
recent years, despite overall decreases in check usage.\5\ Checks can
be stolen, altered, or forged. For instance, the physical nature of
paper checks makes them susceptible to theft while in transit or when
left in unsecured locations. Products and services to detect altered or
forged checks during the clearing process have varying degrees of
effectiveness given that checks do not inherently include explicit
security features. Checks also contain sensitive information--including
the payor's name, account number, routing number, address, and
signature--that can be used by criminals to conduct other forms of
payments fraud.
---------------------------------------------------------------------------
\5\ For example, the U.S. Department of the Treasury reports
that check fraud in the United States has risen 385 percent since
the COVID-19 pandemic. See Department of the Treasury, Treasury
Announces Enhanced Fraud Detection Process Using AI Recovers $375M
in Fiscal Year 2023 (Feb. 28, 2024), https://home.treasury.gov/news/press-releases/jy2134. FinCEN reports that check fraud accounted for
approximately 30 percent of fraud-related SARs filed in 2023. See
SAR Stats, https://www.fincen.gov/reports/sar-stats.
---------------------------------------------------------------------------
A payments fraud scheme may involve multiple institutions and
payment methods, each of which may fall within the remit of different
Federal and State agencies. As a result, and given the scope and
complexity of payments fraud schemes, no agency or private-sector
entity can address payments fraud on its own. The Board, FDIC, and OCC
nonetheless may be able to take certain discrete steps, collectively or
independently, to mitigate payments fraud through their various roles
discussed further below, such as regulator and supervisor. In addition,
Reserve Banks may be able to further support the industry in addressing
fraud as payments system operator and payments improvement catalyst.
Therefore, the FRS, FDIC, and OCC are considering whether
additional actions may be warranted, collectively or independently in
their different roles. Given the complexity and scope of payments
fraud, input and engagement from a variety of stakeholders will be
helpful to identify and evaluate the range of potential actions to
consider.
III. Request for Information
As explained below, comment is requested on five potential areas
for improvement and collaboration that could help mitigate payments
fraud:
External collaboration (questions 1-4)
Consumer, business, and industry education (questions 5-8)
Regulation and supervision (questions 9-15)
Payments fraud data collection and information sharing
(questions 16-20)
Reserve Banks' operator tools and services (questions 21-
22)
Commenters are also invited to provide perspectives related to
payments fraud more generally (questions 23-26).
Where comments apply to only a subset of the FRS, FDIC, and OCC,
please identify the relevant entity or entities.
External Collaboration
The FRS, FDIC, and OCC collaborate with stakeholders in various
ways to support the safety and efficiency of the U.S. financial system.
For example, the Board, FDIC, and OCC, together with other Federal and
State agencies, issued guidance on elder financial exploitation.\6\
More recently, the Reserve Banks collaborated with various industry
stakeholders to launch the FraudClassifier\SM\ model in 2020 and
ScamClassifier\SM\ model in 2024 to help address the industry-wide
challenge of inconsistent classifications for payments fraud.\7\
Additionally, the FRS in its role as payment system improvement
catalyst worked with the payments and banking industry and other
stakeholders to develop strategies for improving the U.S. payments
system, which resulted in the introduction of instant payments in the
United States.\8\ There may be opportunities to facilitate further
collaboration among industry stakeholders to better address payments
fraud. Commenters are invited to respond to the following questions:
---------------------------------------------------------------------------
\6\ See Interagency Statement on Elder Financial Exploitation
(Dec. 4, 2024), https://www.federalreserve.gov/newsevents/pressreleases/bcreg20241204a.htm; https://www.fdic.gov/system/files/2024-12/interagency-statement-on-elder-financial-exploitation.pdf;
and https://www.occ.gov/news-issuances/bulletins/2024/bulletin-2024-34.html.
\7\ See https://fedpaymentsimprovement.org/strategic-initiatives/payments-security/fraudclassifier-model/ and https://fedpaymentsimprovement.org/strategic-initiatives/payments-security/scams/scamclassifier-model/.
\8\ See Federal Reserve System, Strategies for Improving the
U.S. Payment System (Jan. 26, 2015), https://fedpaymentsimprovement.org/wp-content/uploads/strategies-improving-us-payment-system.pdf.
---------------------------------------------------------------------------
1. What actions could increase collaboration among stakeholders to
address payments fraud?
2. What types of collaboration, including standard setting, could
be most effective in addressing payments fraud? What are some of the
biggest obstacles to these types of collaboration?
3. Which organizations outside of the payments or banking industry
might provide additional insights related to payments fraud and be
effective collaborators in detecting, preventing, and mitigating
payments fraud?
4. Could increased collaboration among Federal and State agencies
help detect, prevent, and mitigate payments fraud? If so, how?
Consumer, Business, and Industry Education
Consumers, businesses, financial institutions, and other industry
stakeholders currently have access to education on a range of financial
topics, including payments fraud.\9\ However, there may be a need for
further education specific to payments fraud. Effective payments fraud
education could, for example, help industry stakeholders identify
suspected payments fraud and better inform affected parties about what
steps to take following an incident of payments fraud. The
effectiveness of any payments fraud education, however, may be
undermined by the ever-evolving nature of payments fraud, the highly
specific and sensitive nature of these crimes, and the range of
potentially inconsistent guidance from multiple sources.
---------------------------------------------------------------------------
\9\ For example, the OCC recently launched ``Safe Money,'' a
series of informational facts sheets to help consumers recognize and
avoid common financial frauds and scams at https://www.occ.gov/publications-and-resources/publications/safe-money/index-safe-money.html. The Federal Reserve offers consumer advice and
educational resources on its website at https://www.federalreserve.gov/consumerscommunities/fraud-scams.htm and
through each Reserve Bank's website. The Federal Reserve also
provides consumer alerts, an avenue for consumer complaints, and
other relevant resources on payments fraud at https://www.federalreserveconsumerhelp.gov. The FDIC provides periodic
newsletters to consumers, providing practical guidance on how to
become a smarter, safer user of financial services, including
helpful hints, quick tips, and common-sense strategies to protect
and stretch your hard-earned dollars. This includes topics such as
scammers, fake banks, or fraud against the elderly. See https://www.fdic.gov/consumer-resource-center/fdic-consumer-news for more
information.
---------------------------------------------------------------------------
To assist in developing potential new payments fraud education,
commenters are invited to respond to the following questions:
5. In general, what types of payments fraud education are most
effective, and why? Would different audiences (for example, industry
and consumers) benefit from different types of payments fraud
education?
6. Would additional education informing consumers and businesses
about safe payment practices be helpful to reduce payments fraud and
promote access to safe, secure payment options?
7. Which approaches could make existing payments fraud education
more effective? For example, would targeting outreach to particular
audiences or
[[Page 26296]]
conducting additional education in collaboration with other key
stakeholders be effective?
8. Are current online resources effective in providing education on
payments fraud? If not, how could they be improved? \10\
---------------------------------------------------------------------------
\10\ Examples of online resources include https://www.federalreserveconsumerhelp.gov; https://fedpaymentsimprovement.org; https://www.federalreserve.gov/consumerscommunities/fraud-scams.htm; https://explore.fednow.org/explore-the-city?id=11&building=fraud-control-tower; https://www.fdic.gov/consumer-resource-center/consumer-assistance-topics;
https://www.fdic.gov/consumer-resource-center/fdic-consumer-news;
https://www.occ.gov/publications-and-resources/publications/safe-money/index-safe-money.html; and https://www.occ.gov/topics/consumers-and-communities/consumer-protection/fraud-resources/index-fraud-resources.html.
---------------------------------------------------------------------------
Regulation and Supervision
While no agency has plenary regulatory or supervisory authority
over the U.S. payments system, the Board, FDIC, and OCC have certain
limited, and in some cases unique, statutory authorities that may apply
to payments fraud.\11\ For example, the Board, FDIC, and OCC supervise
their respective financial institutions for compliance with their
obligations under the Bank Secrecy Act/Anti-Money Laundering regime to
identify, prevent, and report illicit financial activity including
fraud. Additionally, the Gramm-Leach-Bliley Act requires the protection
of nonpublic personal information as implemented by the Interagency
Guidelines Establishing Information Security Standards.\12\ The Board,
FDIC, and OCC also supervise their respective financial institutions
for compliance with consumer protection laws and regulations, such as
the Expedited Funds Availability Act (implemented in Regulation CC),
the Electronic Fund Transfer Act (implemented in Regulation E), the
Truth in Lending Act (implemented in Regulation Z), and prohibitions on
unfair, deceptive, or abusive acts or practices.\13\ Although the
Board, FDIC, and OCC believe that they are exercising their authorities
appropriately, there may be opportunities to take additional regulatory
or supervisory actions to address payments fraud within their
authorities and, where appropriate, in coordination with other
agencies.
---------------------------------------------------------------------------
\11\ While no single Federal agency has regulatory authority to
address all aspects of payments fraud, there are a variety of
Federal and State laws and regulations applicable to payments fraud
detection, mitigation, and resolution, often specific to the type of
transaction and parties involved.
\12\ The Interagency Guidelines Establishing Information
Security Standards (Guidelines) set forth standards pursuant to
section 39 of the Federal Deposit Insurance Act, 12 U.S.C. 1831p-1,
and sections 501 and 505(b), 15 U.S.C. 6801 and 6805(b), of the
Gramm-Leach-Bliley Act. These Guidelines address standards for
developing and implementing administrative, technical, and physical
safeguards to protect the security, confidentiality, and integrity
of customer information. These Guidelines also address standards
with respect to the proper disposal of consumer information pursuant
to sections 621 and 628 of the Fair Credit Reporting Act (15 U.S.C.
1681s and 1681w).
\13\ The Expedited Funds Availability Act (EFA Act), among other
things, prescribes the maximum permissible hold periods for checks
and other deposits. The Board implements certain provisions of the
EFA Act with the Consumer Financial Protection Bureau (CFPB).
---------------------------------------------------------------------------
In considering potential additional regulatory or supervisory
actions to mitigate payments fraud, the Board, FDIC, and OCC seek
comment on the following questions. Additionally, there may be
opportunities specific to check fraud that the Board could consider
with respect to Regulation CC given its rule-writing authority, which
is discussed separately below.
9. What potential changes to regulations (apart from the Board's
Regulation CC, discussed separately below) could address payments fraud
and mitigate the harms from payments fraud to consumers, businesses,
and supervised institutions?
10. The Board, FDIC, and OCC have issued supervisory guidance on
numerous topics that relate to payments fraud detection, prevention,
and mitigation.\14\ Is existing supervisory guidance related to
payments fraud sufficient and clear? If not, what new or revised
supervisory guidance should the Board, FDIC, and OCC consider issuing
on this topic within the respective authorities?
---------------------------------------------------------------------------
\14\ The Board, FDIC, and OCC have issued supervisory guidance
on operational risk management, compliance risk management, third-
party risk management, and model risk management. For example, the
Federal Financial Institutions Examination Council, of which the
Board, FDIC, and OCC are members, issued guidance that provides
financial institutions with examples of effective authentication and
access risk management principles, and practices for customers,
employees, and third parties accessing digital banking services and
information systems. See Federal Financial Institutions Examination
Council, Authentication and Access to Financial Institution Services
and Systems (Aug. 11, 2021), https://www.ffiec.gov/guidance/Authentication-and-Access-to-Financial-Institution-Services-and-Systems.pdf. The Board, FDIC, and OCC, together with other Federal
and State agencies, issued guidance on elder financial exploitation.
See Interagency Statement on Elder Financial Exploitation (Dec. 4,
2024), https://www.federalreserve.gov/newsevents/pressreleases/bcreg20241204a.htm; https://www.fdic.gov/system/files/2024-12/interagency-statement-on-elder-financial-exploitation.pdf; and
https://www.occ.gov/topics/consumers-and-communities/consumer-protection/fraud-resources/index-fraud-resources.html. As required
by the Gramm-Leach-Bliley Act, the Federal banking agencies have
issued interagency guidelines establishing information security
standards. See, e.g., 12 CFR part 208, app. D-2, and part 225, app.
F. Finally, OCC Bulletin 2019-37 outlines sound fraud risk
management principles at https://www.occ.treas.gov/news-issuances/bulletins/2019/bulletin-2019-37.html.
---------------------------------------------------------------------------
11. How might new or revised supervisory guidance assist small
community banks in detecting, preventing, and mitigating payments
fraud?
12. What is the experience of consumers and businesses when
supervised institutions place holds on depositors' funds because of
suspected payments fraud? (Regulation CC's ``reasonable cause to doubt
collectability'' exception is discussed separately below.)
(a) For instance, how frequently are consumers and businesses
affected by holds, delays, or account freezes, and how responsive are
supervised institutions to inquiries from consumers and businesses
regarding these issues?
(b) Do current disclosure requirements effectively address consumer
and business concerns when supervised institutions hold customer funds
due to suspected payments fraud? For example, should changes be
considered with respect to permissible customer communications under
SAR confidentiality rules?
13. The Board, FDIC, and OCC have received complaints from
supervised institutions regarding challenges in resolving disputes
about liability for allegedly fraudulent checks.\15\ What is the
experience of supervised institutions when trying to resolve these
types of interbank disputes regarding allegedly fraudulent checks? Do
these types of interbank disputes arise more frequently in connection
with certain types of checks or parties? What actions could the Board,
FDIC, and OCC consider, including potential amendments by the Board to
Regulation CC, that could improve supervised institutions' ability to
resolve interbank disputes over liability for allegedly fraudulent
checks?
---------------------------------------------------------------------------
\15\ The Board, OCC, and FDIC have each established mailboxes to
receive interbank complaints about this issue concerning their
supervised financial institutions.
---------------------------------------------------------------------------
Although the Board is not proposing any changes to Regulation CC at
this time, the Board seeks comment on the following questions:
14. Regulation CC seeks to balance prompt funds availability with
the risk of checks being returned unpaid for reasons that include
fraud. What potential amendments to Regulation CC would support timely
access to funds from check deposits while providing depository
institutions with sufficient time to identify suspected payments fraud?
[[Page 26297]]
(a) Have technological advancements in check processing reduced the
time it takes for depository institutions to learn of nonpayment or
fraud such that funds availability requirements for local checks and
nonproprietary ATMs should be shortened? \16\
---------------------------------------------------------------------------
\16\ The funds availability requirements for cash deposits, wire
transfers, and government and certain other types of checks are
established by the EFA Act. See 12 U.S.C. 4002(a). The EFA Act
requires the Board and CFPB to reduce the time periods for certain
other check and ATM deposits to as short a time as possible and
equal to the period of time achievable for a receiving depository
institution to reasonably expect to learn of the nonpayment of most
items for each category. 12 U.S.C. 4002(d)(1). In October 2024, an
interested person submitted a rulemaking petition to the Board and
CFPB requesting that both agencies engage in a rulemaking process to
shorten maximum permissible hold times for checks and funds
deposited by customers. The Board views this rulemaking petition as
an additional consideration related to the issuance of this RFI. In
response to the growth in electronic processing, the Reserve Banks
reduced the number of their paper check-processing offices from 45
in 2003 to a single office in 2010. The consolidation resulted in
all checks being considered ``local checks'' under Regulation CC.
---------------------------------------------------------------------------
(b) What effects would shortening funds availability requirements
have on payments fraud, consumers who rely on timely access to funds,
and depository institutions?
(c) Are there any changes the Board should consider to the
expeditious return requirement to better balance providing expeditious
notice to the receiving depository institution with ensuring adequate
time for the paying depository institution to investigate potentially
fraudulent checks? \17\
---------------------------------------------------------------------------
\17\ Regulation CC requires a depository institution that
determines not to pay a check to return the check expeditiously so
that receiving depository institutions are more likely to learn of a
return before making funds available. See 12 CFR 229.31(b).
---------------------------------------------------------------------------
15. Regulation CC provides six exceptions that allow depository
institutions to extend deposit hold periods for certain types of
deposits, including deposits for which the depository institution has
reasonable cause to doubt the collectability of a check.\18\ Is this
exception effective in allowing depository institutions to mitigate
check fraud while also allowing timely access to funds? Would
depository institutions benefit from further clarification on when it
may be appropriate to invoke this exception? What are the experiences
of businesses and consumers when depository institutions invoke this
exception in order to delay the availability of depositors' funds?
---------------------------------------------------------------------------
\18\ See 12 CFR 229.13(e).
---------------------------------------------------------------------------
Payments Fraud Data Collection and Information Sharing
Payments fraud data, such as value and volume of fraudulent
payments and industry negative lists, is currently collected in an
incomplete, non-standardized, ad hoc, and fragmented way.\19\ For
example, not all entities in the payments and banking industry collect
payments fraud data, especially authorized payments that are a part of
a scam or fraud. Further, existing data sources may focus on particular
payment methods, types of payments fraud, or segments of the industry,
and may use different definitions of payments fraud. Further promoting,
standardizing, and centralizing payments fraud data collection and
information sharing could provide a more comprehensive understanding of
the prevalence and impact of payments fraud. These improvements also
could aid in identifying payments fraud schemes that are being repeated
across payment methods and institutions, allowing for the development
of more-informed, holistic strategies to address payments fraud.
---------------------------------------------------------------------------
\19\ For example, the FTC maintains a website where consumers
can report payments fraud. See https://reportfraud.ftc.gov. The
FBI's Internet Crime Complaint Center is the main federal law
enforcement hub for reporting cyber-enabled crime, which includes
payments fraud. See https://www.ic3.gov/AnnualReport/Reports/2024_IC3Report.pdf. In addition, depository institutions are
required to file SARs with FinCEN following suspected incidents of
payments fraud. FRS has previously collected payments fraud data in
connection with its Federal Reserve Payments Study, which it
published in 2014 and 2018. See Board of Governors of the Federal
Reserve System, The 2013 Federal Reserve Payments Study: Recent and
Long-Term Payment Trends in the United States: 2000-2012 (July
2014), https://www.frbservices.org/binaries/content/assets/crsocms/news/research/2013-fed-res-paymt-study-detailed-rpt.pdf. See Board
of Governors of the Federal Reserve System, Changes in U.S. Payments
Fraud from 2012 to 2016: Evidence from the Federal Reserve Payments
Study (Oct. 2018), https://www.federalreserve.gov/publications/files/changes-in-us-payments-fraud-from-2012-to-2016-20181016.pdf.
---------------------------------------------------------------------------
However, there may be barriers to improving payments fraud data
collection and information sharing. Payments fraud may be underreported
because of the reluctance of victims to report fraud due to
embarrassment or shame, confusion regarding the proper reporting
channel, and a perception that reporting does not lead to remediation.
Further, potential risks associated with sharing payments fraud-related
information may prevent sharing across stakeholders.
To assist in potentially promoting improved payments fraud data
collection and information sharing, commenters are invited to respond
to the following questions:
16. Broadly, how could payments fraud data collection and
information sharing be improved?
17. What barriers limit the collection and sharing of payments
fraud data between industry stakeholders, and how could these barriers
be alleviated? For example, have specific barriers limited development
of solutions or participation in bilaterial or multilateral payments
fraud data collection and information sharing? What changes would
address these barriers?
18. What role should the FRS, FDIC, or OCC take in supporting
further standardization of payments fraud data? For instance, can the
FRS better leverage or improve the FraudClassifier\SM\ and
ScamClassifier\SM\ models?
19. What types of payments fraud data, if available, would have the
largest impact on addressing payments fraud? If these data are not
currently being collected or shared, what entities are best positioned
to collect and share such data?
20. Is there a need for centralized databases or repositories for
the sharing of payments fraud data across entities? What legal,
privacy, or practical risks and challenges could such a centralized
database or repository pose? Which entities are best positioned to
develop and participate in a centralized database or repository?
Reserve Banks' Operator Tools and Services
The Reserve Banks offer check processing, ACH transfers, instant
payments, and wire services, among other services. In this operational
role, the Reserve Banks have taken important steps to prevent and
mitigate payments fraud. For example, the Reserve Banks provide risk
management tools and services that participating financial institutions
may use as part of their payments fraud detection, prevention, and
mitigation programs.\20\ The FRS believes that there may be further
opportunities for the Reserve Banks, as a payments system operator, to
provide additional tools and services designed to reduce payments
fraud.
---------------------------------------------------------------------------
\20\ See https://www.frbservices.org for more information on
Reserve Bank financial services, including risk management and fraud
tools and services. Examples of these tools and services include
FedDetect[supreg] Anomaly Notification for FedACH[supreg] Services,
FedACH[supreg] Exception Resolution Service, FedDetect[supreg]
Duplicate Notification for Check Services, FedACH[supreg] Risk
Origination Monitoring Service, FedACH[supreg] RDFI File Alert
Service, FedPayments[supreg] Reporter for Check Services Corporate
Payor Report, FedNow[supreg] Service network- and participant-level
transaction limits, and FedNow[supreg] Service participant defined
negative lists.
---------------------------------------------------------------------------
In considering potential additional actions the Reserve Banks can
take in
[[Page 26298]]
their operator role to mitigate payments fraud, commenters are invited
to respond to the following questions:
21. How can the Reserve Banks enhance their existing risk
management tools and services, operations, rules, or procedures to
better meet the needs of participating financial institutions in
addressing payments fraud? For example, should the Reserve Banks
consider requiring fraud reporting for payment rails (as they already
do for the FedNow[supreg] Service) or adopting any particular payments
fraud standards?
22. Are there risk management tools or services that the Reserve
Banks should consider offering or expanding, such as (a) developing a
payments fraud contact directory for financial institutions, (b)
offering tools that can provide notification of atypical payment
activity, or (c) introducing confirmation of payee services to help
mitigate fraudulent payment origination? \21\
---------------------------------------------------------------------------
\21\ Some payments systems have implemented services known as
confirmation of payee, which are designed to reduce payments fraud
by enabling senders to review key payment information, such as the
name associated with the intended account.
---------------------------------------------------------------------------
General Questions
In addition to the more specific questions above, commenters are
invited to respond to the following general questions related to
payments fraud:
23. What types of payments fraud have most impacted your
organization and its stakeholders? What tactics have criminals employed
when perpetrating these types of payments fraud?
24. What measures, including technological solutions or services,
have been most effective in identifying, preventing, and mitigating
payments fraud at your institution? Are there actions that consumers
can take that help institutions? For example, do financial institutions
find it helpful when consumers alert the institution in advance when
making large purchases, transferring large amounts of money, and
traveling abroad?
25. To the extent not already addressed here, are there other
actions that would support stakeholders in identifying, preventing, and
mitigating payments fraud?
26. Are there specific actions that commenters believe could
encourage the use of payment methods with strong security features?
Rodney E. Hood,
Acting Comptroller of the Currency, Office of the Comptroller of the
Currency.
By order of the Board of Governors of the Federal Reserve
System.
Benjamin W. McDonough,
Deputy Secretary of the Board.
Federal Deposit Insurance Corporation.
Dated at Washington, DC, on June 13, 2025.
Jennifer M. Jones,
Deputy Executive Secretary.
[FR Doc. 2025-11280 Filed 6-18-25; 8:45 am]
BILLING CODE 6210-01-P; 4810-33-P; 6714-01-P