BioCatch blog channel

Browse topics

US Bank Regulators Move to Support Reduction of Consumer and Business Scams

Written by:

Ken Palla (Guest Blog)

US Bank Regulators Move to Support Reduction of Consumer and Business Scams featured image

On June 17, 2025, the primary US banking regulators released a Request for Information on Potential Action to Address Payment Fraud. This may be the most significant action in the past five years by US banking regulators to address consumer scams.

This action comes within days of two other significant actions by the US Congress. In early June 2025, four senators (Republicans and Democrats) came together to propose a bill to study payment scams and suggest ways for lawmakers and regulators to combat scams, including formulating industry best practices. And on June 17, the US Senate Committee on the Judiciary held a bi-partisan hearing on consumer scams with specific focus on the impact to senior citizens.

According to the regulator’s document, “This Request for Information (RFI) offers the opportunity for interested stakeholders to identify ways that the OCC (Office of the Comptroller of the Currency), the Federal Reserve System (FRS), and the FDIC (Federal Deposit Insurance Corporation) could take actions collectively or independently in their varying respective roles to help consumers, businesses, and financial institutions mitigate check, automated clearing house (ACH), wire, and instant payments fraud.’ As these are bank regulators, the RFI does not address the other two critical areas that drive scam initiation—telcos and digital platforms. Maybe we will soon see a similar RFI from the Federal Communication Commission and the Federal Trade Commission to address telecom providers and digital platforms.

This RFI approach follows the way Australian and UK regulators requested ideas on how to address consumer scams before the regulators issued new regulations or initiated legislation to help mitigate consumer scams.
Comments must be received from interested parties within 90 days of the RFI being published in the Federal Register.

How we ended up here
The regulators acknowledge, “Payments fraud inflicts significant harm on consumers, businesses, and financial institutions. Payments fraud also has the potential to erode public trust in—and undermine the safety, accessibility, and efficiency of—the nation’s payments system, upon which the U.S. financial system depends.” They acknowledge they have responsibilities to supervise financial institutions, with the FDIC specifically responsible to maintain stability and public confidence in the nation’s financial system. The FRS is also a payment systems operator for wires, ACH and Instant Payments (FedNow).

The RFI states, “Payments fraud generally refers to the use of illegal means, including intentional deception, misrepresentation, or manipulation, to make or receive payments for personal gain. The term ‘payments fraud’ also includes scams, a subset of fraud.” These are also known as “authorized (scam) transactions.” The RFI provides scam statistics from the FTC and FinCEN showing the large increase in scams since 2014.

The RFI also comments on the 2024 Interagency Statement on Elder Financial Exploitation. I wrote a blog on this in 2024. The Interagency Statement is reiterating financial institutions’ obligations to “employ risk management and other practices that can be effective in identifying, preventing and responding to elder financial exploitation.” I think the regulators may be concerned, or want to emphasize, that financial institutions have a clear responsibility to add proper controls to protect the elderly from scams.

What is in the Request for Information?
The Request for Information (RFI) has fives section including a total of 22 questions the regulators are seeking guidance on. These sections are:

  1. External collaboration
  2. Consumer, business and industry education
  3. Regulation and supervision
  4. Payment fraud data collection and information sharing
  5. Reserve Bank operator tools and service

Let’s list some of the most important questions from the RFI.

External Collaboration

  • What actions could increase collaboration among stakeholders to address payments fraud?
  • Which organizations outside of the payments or banking industry might provide additional insights related to payments fraud and be effective collaborators in detecting, preventing, and mitigating payments fraud?
  • Could increased collaboration among Federal and State agencies help detect, prevent, and mitigate payments fraud? If so, how?

Consumer, Business and Industry Education

  • What types of payments fraud education are most effective, and why? Which approaches could make existing payments fraud education more effective?
  • Would additional education informing consumers and businesses about safe payment practices be helpful to reduce payments fraud and promote access to safe, secure payment options?

Regulation and Supervision Questions
Author’s note: This is a very critical section as today there is no regulation around consumer scam strategy, scam controls and money mule management.

  • What potential changes to regulations could address payments fraud and mitigate the harms from payments fraud to consumers, businesses, and supervised institutions?
  • Is existing supervisory guidance related to payments fraud sufficient and clear? If not, what new or revised supervisory guidance should the Board, FDIC, and OCC consider issuing on this topic within the respective authorities?
  • There were several questions around “holds on depositors’ funds.” (What is the experience of consumers and businesses around ‘holds’? How frequently are consumers and businesses affected by holds, delays, or account freezes, and how responsive are supervised institutions to inquiries from consumers and businesses regarding these issues?)
  • There were several questions around checks. Regulators have received complaints from supervised institutions regarding challenges in resolving disputes about liability for allegedly fraudulent checks. (What is the experience of supervised institutions when trying to resolve these types of interbank disputes regarding allegedly fraudulent checks? What potential amendments to Regulation CC would support timely access to funds from check deposits while providing depository institutions with sufficient time to identify suspected payments fraud? Have technological advancements in check processing reduced the time it takes for depository institutions to learn of nonpayment or fraud such that funds availability requirements for local checks and nonproprietary ATMs should be shortened?)
  • Regulation CC provides six exceptions that allow depository institutions to extend deposit hold periods for certain types of deposits, including deposits for which the depository institution has reasonable cause to doubt the collectability of a check. Is this exception effective in allowing depository institutions to mitigate check fraud while also allowing timely access to funds?

Payment Fraud Data Collection and Information Sharing
Author’s note: This is a most interesting section as there is currently no aggregate bank fraud data collection (only what limited reports consumers send to the Federal Trade Commission (FTC) and the FBI Internet Crime Complaint Center-IC3) and only very limited information sharing to help prevent fraud and scams.

  • How could payments fraud data collection and information sharing be improved?
  • What barriers limit the collection and sharing of payments fraud data between industry stakeholders, and how could these barriers be alleviated?
  • Is there a need for centralized databases or repositories for the sharing of payments fraud data across entities?

Reserve Bank Operator Tools and Services

  • How can the Reserve Banks enhance their existing risk management tools and services, operations, rules, or procedures to better meet the needs of participating financial institutions in addressing payments fraud?
  • Are there risk management tools or services that the Reserve Banks should consider offering or expanding, such as a) developing a payments fraud contact directory for financial institutions, b) offering tools that can provide notification of atypical payment activity, or c) introducing confirmation of payee services to help mitigate fraudulent payment origination?

Author’s note: one missing specific question should have been: Should the Reserve Bank create network analytics tools to help identify and mitigate fraud and scam losses?

Final thoughts: How could the regulators react?
This is a great list of questions in the RFI. Specific questions are missing on only two points—bank money mule management and Reserve Bank payment operator network analytic tools.

Now the ball is in the court of financial institutions, consultants, vendors, consumer advocates and other interested parties to respond in the next 90 days with effective ideas and solutions, many of which may already exist in other countries. The responses to this RFI will result in sound direction for the regulators to help with the consumer and business scam problem.

So, how could the regulators react? Here are some potential outcomes we could see:

  1. There could be new guidance/regulation around consumer and commercial fraud/scams for checks, automated clearing house (ACH), wire, and instant payments transactions. This could include requiring financial institutions to have a written scam strategy, scam controls and money mule management, including specific money mule controls. The regulators can also look at what the UK, Australia, and Singapore have already done for some great ideas.
  2. The regulators could more clearly define how financial institutions, with proper data privacy and safe harbor, can share fraud and scam data, amongst themselves and with law enforcement, in an effective way to help prevent these losses. This will need to go beyond the current limitations of FinCEN 314(b).
  3. The regulators could allow financial institutions to hold suspicious transactions, with proper safe harbor. This is currently law in several states.
  4. The regulators could require financial institutions to add a trusted person to elderly accounts, allowing FI staff another person to contact when there is a suspicious transaction. Several states already allow this, as does FINRA.
  5. The Federal Reserve could add network analytics where it is the payment operator. Network analytics are a proven way to identify potential fraud and scams, before a transaction is fully executed.

For the first time in a few years, I am more optimistic about the US finally getting serious about mitigating scams. But remember, whatever the financial institutions regulators do, we still need a national manager for consumer scams from the Administration, effective scam controls by telcos and digital platforms, and funding for local and federal law enforcement (along with continued cooperation with international law enforcement including Europol and Interpol) to defeat the transnational organized crime groups behind consumer and business scams.

 

 

Recent Posts

Beyond awareness: Building a national anti-scam center to protect older Americans Social engineering scams
June 23, 2025 Beyond awareness: Building a national anti-scam center to protect older Americans
Read article
Thailand's Hidden War: From FBI Front Lines to Your Bank Account Money Mules
June 23, 2025 Thailand's Hidden War: From FBI Front Lines to Your Bank Account
Read article
‘Stay safe’ isn’t a sign-off. It’s our mission Banking / Financial services
June 18, 2025 ‘Stay safe’ isn’t a sign-off. It’s our mission
Read article