CBA Statement on CFPB Lawsuit Seeking to Go Beyond What is Required by Law

WASHINGTON, D.C. – Consumer Bankers Association (CBA) President and CEO Lindsey Johnson issued the following statement in response to the Consumer Financial Protection Bureau’s (CFPB) recent lawsuit against Early Warning Services (EWS), which operates Zelle, and three of its owner banks:

“It is a common-sense principle that being safe means following the law. Banks have rigorously followed the law in characterizing and offering services through Zelle, yet the CFPB today has moved the goalposts, suggesting that ‘being safe’ means something other than what Congress has defined in law.

“In a time when fraud and scam activity is surging across industries and government alike, the CFPB has chosen to single out a platform owned by banks, a platform that experiences far fewer instances of fraud compared to others.

“The CFPB would better serve its mission of protecting consumers by actually working with industry to counter the root causes of these threats.”

What’s Happening

The CFPB filed a lawsuit in the United States District Court for the District of Arizona against EWS and three of its owner banks. In the complaint, the CFPB alleges the parties have “acted unfairly by failing to take timely, appropriate, and effective measures to prevent, detect, limit, and address fraud on the Zelle network.” As part of this allegation, the CFPB places particular importance on how the defendants having characterized Zelle as “safe” and “secure.”  

The complaint also alleges violations of the Electronic Fund Transfer Act (EFTA) and its implementing regulation, Regulation E, claiming that the parties “failed to follow the error-resolution requirements of EFTA and Regulation E by not treating certain transfers as incorrect and unauthorized [electronic fund transfers] and failing to reasonably investigate Notices of Error.”

Why It Matters

The CFPB has enforcement authority to prevent unfair, deceptive, or abusive acts and practices (UDAAP). Here, the CFPB is using that UDAAP enforcement authority to raise the bar for banks in their characterization of peer-to-peer payments beyond what is legally required and what was intended by Congress, another clear case of regulation by enforcement. What constitutes an “unauthorized electronic fund transfer” and what banks are required to do to resolve these is clearly set out in EFTA and Regulation E. 

An “unauthorized electronic fund transfer” is defined as “an electronic fund transfer from a consumer's account initiated by a person other than the consumer without actual authority to initiate the transfer and from which the consumer receives no benefit” under 12 C.F.R. § 1005.2(m). This type of activity is often colloquially referred to as “fraud.” For these instances of “fraud,” investigation and liability obligations are clearly laid out based on the facts and circumstances. Activity long-referred to as “scams” – usually when a consumer is tricked into affirmatively sending funds to a scammer – do not fall under this definition of “unauthorized electronic fund transfer.” In the complaint, the CFPB studiously avoids using the term “scams,” given its significance in the banking industry, and instead the CFPB inappropriately rebrands the term “scams” as “induced fraud.”

The CFPB alleges that the parties acted “unfairly” in their activity related to Zelle and fraud. “Unfairness” is itself well defined; something is “unfair” if (i) it causes or is likely to cause substantial injury to consumers; (ii) the injury is not reasonably avoidable by consumers; and (iii) the injury is not outweighed by countervailing benefits to consumers or competition. The CFPB in its complaint is suggesting that banks, by following the law and existing regulations – which have clearly articulated what is, and is not, fraud, along with the subsequent legal obligations of the parties – have acted “unfairly.” Once again, the CFPB is creating a narrative to broadly characterize a P2P platform as “unsafe,” a platform on which 99.95 percent of payments are sent without a report of fraud and scams, and impose new legal obligations without going through the process of a notice and comment rulemaking.

Similarly, the CFPB in this lawsuit appears to be introducing new concepts regarding the legal obligations of parties that go beyond what Congress clearly outlined. The complaint centers on a wide range of activity that popularly may be referred to as “fraud” and “scams.” As noted, the obligations around treatment of “fraud” – meaning “unauthorized electronic fund transfers” – are clearly outlined in law and do not cover “scams.” By generally considering these types of activity, and the associated legal obligations for banks once identified, together, the CFPB is blurring the explicit lines that have been drawn by Congress. 

Industry Efforts to Combat Fraud

While the CFPB continues its trend of regulation by enforcement through pursuing unsupported, legal interpretations that target large, highly regulated financial institutions rather than the actual perpetrators of fraud and scams, the banking industry as a whole has taken significant steps to fighting fraud and scams. As CBA President and CEO Lindsey Johnson summarized in an op-ed in American Banker earlier this year:

“Banks invest billions of dollars and thousands of hours to combat fraudsters and scammers each year. Bankers educate and warn customers about new threats. They are consistently experimenting with new technologies to monitor for harm, authenticate their customers and reduce risk. But bankers can't do it alone.” 

Indeed, banks have been at the forefront in pursuing new developments to counter fraud and scams and protect consumers. As summarized in a letter ahead of a July 2024 Congressional hearing on instant payments and fraud:

“Banks have a long history of improving and innovating to protect their customers, including the adoption of chip-enabled credit cards, the use of multi-factor authentication to protect user accounts, and the use of advanced AI tools to prevent and warn customers about potentially fraudulent transactions. Banks work tirelessly to identify and report suspicious accounts to law enforcement; to help educate and warn their customers about common scams, and to root out accounts that have been used by criminals.”

CBA is also a participant in coalitions designed to develop a national strategy on fraud and scams. For example, CBA and its members are actively involved in The National Task Force on Fraud and Scam Prevention launched by the Aspen Financial Security Program, which is a cross-sector effort aimed at developing a national strategy to safeguard against fraud and scams.

CBA Has Called for a Whole-of-Government Approach to Combat Fraud and Scams

CBA has repeatedly urged the federal government to lead a national response to fraud and scams, organizing the ongoing efforts of the banking industry and other industries to tackle this multi-dimensional problem.

In July 2024, CBA convened a roundtable with participants representing the federal government, private sector entities, non-profit consumer organizations, and industry trade associations from the banking and telecommunications sectors to discuss an academic paper that CBA helped publish, “Stopping Scams Against Consumers: Roadmap for a National Strategy.”

Building off that paper, CBA has advocated for a whole-of-government approach to fighting fraud and scams, and has specifically called on:

• The CFPB and the Federal Trade Commission to collaborate on consumer education and engage industry on consumer education;
• The Federal Communications Commission to expedite and prioritize work to stop the illegal “spoofing” of outbound calls and texts, engaging industry as needed;
• The U.S. Department of theTreasury and the Federal Bureau of Investigation to help identify and prosecute criminals and prevent the fraud before it happens, even for low-dollar transactions; and
• Congressional action to keep pressure on agencies to prosecute fraudsters, no matter how small the amount stolen.

CBA Advocacy

• To read CBA’s letter submitted for the most recent CFPB Semi-Annual hearing, which urged the CFPB to conduct a consumer education campaign to make consumers aware of the growing problem and fraud and scams and how to avoid them, click HERE.
• To read CBA President and CEO Lindsey Johnson’s comments about fraud and scams during a November 2024 “Banking with Interest” podcast episode, click HERE.
• To read CBA’s November 2024 blog on how consumers can avoid fraud and scams this holiday season, click HERE.
• To read Johnson’s September 2024 op-ed calling for a national response to the fraud and scams crisis, click HERE.
• To read more about CBA’s July 2024 cross-industry, public-private roundtable to inform a whole-of-government approach to combat fraud and scams, click HERE.
• Ahead of a July 2024 Senate subcommittee hearing regarding fraud and scams on the Zelle platform, CBA joined a letter with other associations explaining everything banks are doing to combat fraud and scams and identifying additional steps needed to prevent them. To read the letter, click HERE.
• To read our Facts Matter blog post about how the CFPB has attempted to use a blog post to rewrite a 46-year-old payments statute, click HERE.
• Ahead of a Senate hearing in January 2024, CBA submitted a letter to Congressional leaders reinforcing the leading role the banking industry has taken to identify and counter fraud and scam threats to consumers. To learn more, click HERE.