Data protection is probably the biggest payments-related portion on Congress’ 2006 plate, says Nessa Feddis, the American Banker’s Association’s senior federal counsel.
Whatever law eventually emerges-as many as six were proposed last year-the topic was a natural for Congress, which has had to at least appear to respond to last year’s flood of data breaches. An industry-supported bill sponsored by Sen. Jeff Sessions was passed by the Senate Judiciary Committee in October (see Electronic Payments Week, Oct. 25, 2005), but it died before it could come to a vote. "The enthusiasm for data protection [legislation] was a bit complicated by the fact that there are six committees involved," says Feddis.
Whether that last, especially, ever appears in the final bill is a matter of some speculation, since the exemption mainly affects the nation’s largest banks: By definition, they have the most customer data-consider the credit card files of CitiGroup, J.P. Morgan Chase & Co., and Bank of America-and thus pose the greatest consumer-protection risks. The political realities of an election year may work against this provision.
Federal preemption, on the other hand, is already mainstream legal theory-much bemoaned though it is. The main issue here, says Feddis, is when the so-called trigger is pulled on customer notification. Consumer groups like to point out that the sooner people are notified of a breach, the better their chances of limiting personal damage from identity theft. The ABA counters that constant notifications desensitize consumers to data breaches and their dangers.
Which is the greater danger is a matter of opinion, but legislators up for re-election this fall, especially in the wake of the Abramoff mess, are unlikely to welcome an opportunity to favor big business at the expense of voters. Look for Congress to split the difference here, despite the best efforts of industry groups.
On the regulatory side, look for some payment card-related rules from the relevant agencies, says Feddis. Pre-paid cards are already raising money-laundering concerns, for instance, according to a recent U.S. Treasury Department publication, U.S. Money Laundering Threat Assessment. But one of the thorniest issue facing the prepaid card sector-escheat, or what happens to un-spent funds left on prepaid cards-is strictly a matter of state law, she says.
"It’s a very fluid situation," says Feddis. "There are a number of issues that aren’t even related, like money laundering, know-you customer, and Reg E [the Electronic Funds Transfer Act, framed by the Federal Reserve], and they’re being addressed as they come up. The big issue is over-regulation; all the regulators are aware that they don’t want to over-burden a popular product by over-regulating." One method for handling escheat in bank-related, prepaid cards: Apply the unspent funds to the annual user fees.
Also likely to emerge this year: Final rules on applying the Americans with Disabilities Act of 1990 to ATMs. Those regs were supposed to have been issued last year, but the deadline for comments was extended to this May. The next step, she says, will be a proposal from the Dept. of Justice on how to implement the new guidelines, hopefully followed by some final regs late in the year. (Contact: Nessa Feddis, American Banker’s Assn., 202-663-5000)