28 THE NAFCU JOURNAL NOVEMBER–DECEMBER 2022 “Real-time payments in which transactions are settled instantaneously and irrevocably create a much more difficult type of fraud to unwind and resolve,” said Morris. “Although we don’t know what the CFPB will change in current guidance, we are concerned that the guidance will be expanded to place more of the burden on credit unions as more responsibility is removed from consumers and greater liability is placed on financial institutions.” As the financial industry provides information to the CFPB to advocate for guidance that is fair to consumers and financial institutions and does not unintentionally set the stage for even more fraudulent activity, credit unions still face a number of challenges managing fraud risk today, said Mark Thomson, vice president of compliance for BECU. These challenges include: ■ Keeping up with the increasing number of Regulation E disputes and fraud claims that our members are submitting for our investigation and resolution with existing resources. ■ Keeping up with the fraudster’s complex use of systems, sophisticated social engineering methodologies and speed of operations, and the seemingly ever-increasing resources they have at their disposal to target our members. ■ Balancing the need for effective software and hardware tools to validate the identity of the member against the members’ desire for easy and quick sign-in to apps and systems. ■ Understanding when an investigation into disputed transactions is thorough and sufficient to conclude that the transactions are authorized. ■ Understanding what the standard of proof is for an investigation into disputed transactions and a determination that the transactions were authorized. ■ Maintaining consistency in investigations and outcomes across all members, across all products and through time. One of the most difficult challenges is managing the moral hazard problem in the Regulation E dispute process, said Thomson. “The moral hazard problem arises in economics when one party in a transaction takes on excessive risk because they know that any resulting negative consequences will be borne by the other party to the transaction,” he said. “In the context of Regulation E and electronic funds transfers, Regulation E’s limitations on member liability for fraudulent transactions can reduce the member’s incentive to take precautions against fraud, leaving credit unions to bear the losses.” Currently, Regulation E language assigns limited liability to a consumer in some cases. One example is a caller who identifies themselves as a representative of the credit union telling the member that their checking account has been hacked, and they need to go to a website provided by the caller to update access credentials. Once the fraudster has obtained log-in information via the “imitation” website, “ Regulation E’s limitations on member liability for fraudulent transactions can reduce the member’s incentive to take precautions against fraud, leaving credit unions to bear the losses. ” MARK THOMSON, VICE PRESIDENT OF COMPLIANCE, BECU
RkJQdWJsaXNoZXIy MTY1NDIzOQ==