MAG Insights

Announcements from the MAG & Featured Articles

What's Up in Washington: Where Policy Intersects Payments (MAG Quarterly- Volume Six, Issue One)

Kathy Hanna Pic

By Kathy Hanna, Sr. Director, Enterprise Payments & Store Support Enterprise Payments Dept., The Kroger Co. 

March 8, 2018

At the MAG annual conference last fall the distinguished panel (Kim Ford-SVP Government Affairs, First Data; Doug Kantor-Partner, Steptoe Johnson Government Affairs/Public Policy; Barrie VanBrackle-Partner, Orrick; and Hannah Walker-Sr Director Technology and Nutrition Policy, FMI) spoke about the many various changes through public policy and regulation that are impacting payments in the U.S. and abroad.  As payment technology continues to advance, some regulators are looking at who the new entrants are, what role they may play, and how these stakeholders and their role will affect consumers.   In some countries regulators are either taking steps or looking at ways to protect consumers’ privacy of data.  So why is it important for merchants to follow public policy in the payments space?  The answer is simple; these actions impact the merchant in this global economy.

Let’s look at some of the larger public and policy items facing merchants.  

At the Consumer Financial Protection Bureau, there has been a change in leadership. The new leadership will likely take the CFPB in a new direction, including making changes to the obligations of financial institutions and other financial companies.
The United States Congress is looking at data security proposals with a federal breach notification provision that would pre-empt current state breach notification laws.  This new law could also set new standards, outside of PCI, for data safety guards.  The debate continues as to who in the event of a breach should provide notification to the customer and who should pay for the harm.  Forty-eight states currently have legislation that exempt non-retailer stakeholders from notification. The Financial Services Roundtable has worked with retailers on a federal proposal, but the exemption of non-retailer participants has remained.  There is even the possibility the federal bill might not pre-empt the state bills that would then require the merchant to comply with both state and federal bills, adding complexity and cost.

Internationally, merchants have to deal with the European General Data Protection Regulation (GDPR) that is effective May 25, 2018.  This applies to any company that accepts payments from individuals in the European Union and United Kingdom.  This regulation has several components including requiring companies to designate a data protection officer in certain cases of EU citizen data storage, consent for new data uses, and a breach notification policy that complies with the regulation, to name a few. 
To our north, Canada enacted the Personal Information Protection and Electronic Documents Act.   This is another regulation with many facets that a merchant must understand if they accept payments from Canadians.

The MAG is committed to keeping the membership informed of what is happening in this area but it important for each merchant to take the information and determine how it affects their business.  There is little doubt that the payments industry will continue to become more technically advanced and complicated, creating an environment where regulators may exert their view in regulations.  At the mid-year conference, we will continue the discussion on how public policy intersects with payments.  Are you ready for public policy intersecting payments for your company?