Request for Information on Potential Actions to Address Payments Fraud

Download the Full Comment Letter [PDF]

Ann E. Misback, Secretary
Federal Reserve Board of Governors
20th Street and Constitution Avenue NW
Washington, DC 20551
Docket No. OP-1866

Chief Counsel's Office
Attention: Comment Processing
Office of the Comptroller of Currency
400 7th Street SW, Suite 3E-218
Washington, D.C.
Docket ID OCC-2025-0009

Jennifer M. Jones, Deputy Executive Secretary
Federal Deposit Insurance Corporation
550 17th Street NW
Washington, DC 20429
RIN 3064-ZA49

Re: Request for Information on Potential Actions to Address Payments Fraud

Dear Sir or Madam,

The Conference of State Bank Supervisors ("CSBS") 1 and the National Association of State Credit Union Supervisors ("NASCUS") 2 (collectively, "state regulators") provide the following response to the request for information ("RFI") issued by the Office of the Comptroller of the Currency ("OCC"), the Board of Governors of the Federal Reserve System ("FRB"), and the Federal Deposit Insurance Corporation ("FDIC") (collectively, the "agencies") regarding potential actions to address payments and check fraud. 3

Payments fraud schemes often cross regulatory and international jurisdictions, and they involve diverse stakeholders, including law enforcement, financial institutions, state and federal regulators, and the consumers and businesses targeted and exploited by bad actors. While state regulators are actively working with financial institutions and consumers to prevent financial fraud, 4 holistic state and federal interagency efforts, public-private partnerships, and supervisory guidance are all required to fight this persistent and rising problem.

Specifically, state regulators recommend that the agencies:

• Leverage existing Federal Financial Institutions Examination Council ("FFIEC") work and establish public-private partnerships to enhance fraud prevention efforts and leverage shared expertise;
• Provide clear guidance to institutions on meeting the burden of necessity for Regulation CC extended hold times, as well as more timely guidance on thwarting payments fraud schemes; and
• Address current impediments to effective information and data sharing.

I. The agencies should leverage existing FFIEC work and establish public-private partnerships to enhance fraud prevention efforts and leverage shared expertise.

The FFIEC Taskforce on Supervision recently convened a temporary working group comprised of state and federal regulators and Financial Crimes Enforcement Network ("FinCEN") to address elder financial exploitation. In December 2024, an interagency statement based on this working group's efforts provided financial institutions with concrete ways to effectively prevent, detect, and respond to elder financial abuse. 5 There are significant overlaps and similarities between elder financial abuse and payments fraud schemes. State regulators recommend that the FFIEC, in partnership with FinCEN, leverage this 2024 interagency statement to provide financial institutions with similar strategies for preventing, detecting, and responding to payments fraud schemes.

The agencies should also consider establishing a working group with bank and credit union representatives, state and federal regulators, law enforcement, FinCEN, and other relevant stakeholders dedicated to addressing payments fraud. Public-private partnerships can be particularly helpful for addressing long-term and intractable issues, and the federal government is uniquely positioned to convene broad groups of diverse stakeholders on issues of significant national and economic importance. A public-private consortium would strengthen fraud prevention efforts by facilitating quicker identification of new fraud schemes, coordinated responses from government and industry, and education for consumers and businesses. Importantly, the agencies could also use feedback from this group to develop more timely and clearer guidance for financial institutions to address emerging fraud threats.

II. The agencies should provide clear guidance to institutions on meeting the burden of necessity for Regulation CC extended hold times, as well as more timely guidance on thwarting payments fraud schemes.

Among various payments fraud schemes, check fraud has emerged as one of the more rampant and significant issues for financial institutions and consumers. 6 Regulation CC requires financial institutions to make funds deposited by check available within two business days under most circumstances. Financial institutions are able to delay the availability of funds for a "reasonable period of time," which is generally defined as one additional business day for "on-us checks" and five additional business days for local checks. 7 A longer extension may be reasonable, but the bank has the burden of establishing the necessity 8 and takes on liability as a result. The agencies should develop clear guidance for how financial institutions can meet the burden of necessity for extended check-hold times.

Indeed, many state laws authorize longer hold periods for good cause, which allow institutions to delay availability of funds under defined circumstances to confirm check authenticity. These laws often include timelines, mandatory training and reporting requirements, and safe harbor provisions that give institutions flexibility and legal clarity when responding to suspected fraud. 9 According to a recent American Bankers Association ("ABA") survey, nearly 43% of banks that have invoked state hold laws reported these measures were effective in curbing elder financial exploitation, characterizing them as "a powerful tool" in the broader effort to combat payments fraud. 10

As noted earlier, state regulators recommend a public-private partnership that results in more timely and targeted supervisory guidance on evolving payments fraud schemes. For example, based on evolutions in fraud schemes, supervisory guidance could update best practices for recognizing high risk classes of checks, updating account opening and monitoring processes, and reviewing checks with special funds availability privileges. The agencies could also provide clear direction on when to contact regulators, how to properly involve law enforcement, and where to direct communication if an incident involves multiple jurisdictions.

III. FinCEN should address current impediments to effective information and data sharing.

The current system for sharing information under Section 314(b) of the USA PATRIOT Act is a significant obstacle to effective fraud prevention. 11 While the program is designed to allow financial institutions to share information, the process is often cumbersome, as each institution must approve the request before sharing. This leads to delays, which can be critical as payment fraud schemes evolve rapidly. To improve this, FinCEN should streamline the process for sharing 314(b) information.

State regulators appreciate the opportunity to provide feedback on this critical issue and look forward to continued engagement to protect consumers and financial institutions from payments fraud.

Sincerely,

Brandon Milhorn
President and CEO
CSBS

Brian Knight
President and CEO
NASCUS

Cc: The Honorable Kyle Hauptman, Chairman, National Credit Union Administration

The Honorable Andrea Gacki, Director, Financial Crimes Enforcement Network

Endnotes

• 1CSBS is the nationwide organization of state banking and financial regulators from all 50 states, the District of Columbia, and the U.S. territories.
• 2NASCUS is the professional association of the nation's 46 state credit union regulatory agencies that charter and supervise over 1,800 state-chartered credit unions. NASCUS membership includes state regulatory agencies, state- and federally-chartered credit unions, and other important industry stakeholders. State-chartered credit unions hold over half of the $3 trillion assets in the credit union system and are proud to represent nearly half of the 142 million members. The remaining states lack state-chartered credit unions.
• 3OCC, FRB & FDIC, Request for Information, Request for Information on Potential Actions to Address Payments Fraud, 90 Fed. Reg. 26293 (June 20, 2025).
• 4See, e.g., California Department of Financial Protection & Innovation, "Fraud Protection"; Georgia Department of Banking and Finance, "Check Fraud/Counterfeit Checks"; New York State Department of Financial Services, "Scams, Fraud, and Cyber Crime"; and Washington State Department of Financial Institutions, "Protecting Yourself from Financial Fraud."
• 5FRB, CFPB, FDIC, FinCEN, NCUA, OCC & State Financial Regulators, Interagency Statement on Elder Financial Exploitation (Dec. 4, 2024).
• 6Recent actions to transition away from paper checks to electronic payments will help to alleviate the risks of check fraud. See Exec. Order No. 14247, Modernizing Payments to and from America's Bank Account, 90 Fed. Reg. 14001 (Mar. 28, 2025).
• 712 C.F.R. Part 229.
• 812 C.F.R. § 229.13(h)(4).
• 9See list of states with hold laws (as of Oct. 2024).
• 10ABA, State 'Hold' Laws and Elder Financial Exploitation Prevention - A Survey Report (2025).
• 11USA PATRIOT Act, 18 U.S.C. § 2709 (2001).