CFPB Zelle lawsuit
CFPB v. EWS
Date: Dec. 20, 2024
Issue: Whether Zelle’s operator, Early Warning Services LLC (EWS), along with Bank of America, JP Morgan Chase, and Wells Fargo, violated the Consumer Financial Protection Act (CFPA), the Electronic Fund Transfer Act (EFTA), and Regulation E by failing to take timely and effective steps to prevent, detect, limit, and address fraud on the Zelle network.
Case Summary: The Consumer Financial Protection Bureau (CFPB) sued Bank of America, JP Morgan Chase, Wells Fargo (the banks) and EWS (collectively, the financial institutions), accusing them of failing to take timely and effective steps to prevent, detect, limit, and address fraud on the Zelle network.
Zelle is a peer-to-peer platform used by over 2,200 banks and credit unions to transfer money almost instantly. Along with being part owners of EWS, the banks are the largest participating banks in the Zelle network. According to CFPB, when Zelle launched, banks prioritized a quick rollout to capture market share and used their existing customer base to offer peer-to-peer money transfers directly to consumers. As a result, CFPB claimed that the rush to market hurt consumers, as the financial institutions allegedly failed to implement effective anti-fraud measures or comply with consumer financial protection laws.
In the complaint, CFPB highlighted Zelle’s capabilities, explained how people can use it to commit fraud, and alleged that the financial institutions failed to implement proper fraud prevention measures. According to CFPB, Zelle has been an attractive vehicle for fraud since its launch. The CFPB alleged that Zelle makes it easy for both victims and fraudsters to access funds quickly, as the recipient typically receives money immediately. This, CFPB claimed, allowed fraudsters to quickly withdraw stolen funds. CFPB also alleged that the financial institutions marketed Zelle as “safe” and “secure,” but they allegedly rushed Zelle to market without proper fraud prevention measures in place.
CFPB further alleged the financial institutions failed to invest enough time or resources into understanding the fraud risks associated with a network as large, widespread, and fast as Zelle, conducting only minimal testing and analysis before launch. CFPB alleged the financial institutions failed to protect consumers from Zelle fraud because they did not adequately: authenticate and register Zelle users; provide readily available recipient information to consumers; block suspicious or risky transfers; suspend or restrict bad actors from Zelle; or timely report fraud related information.
CFPB also alleged that EWS did not adequately monitor participating financial institutions for compliance with Zelle network rules. CFPB explained that EWS launched a formal fraud monitoring program about four years after Zelle’s debut. However, CFPB claimed that EWS did not allocate enough resources to enforce Zelle network rules effectively. Additionally, CFPB alleged the banks failed to use consumer complaint information to prevent or detect fraud; caused significant consumer harm; and realized that consumers felt misled about Zelle’s security.
According to CFPB, the financial institutions violated the CFPA by failing to take timely, appropriate, and effective measures to prevent, detect, limit, and address fraud on the Zelle network. In addition, CFPB alleged the banks violated EFTA and Regulation E by not following the error-resolution requirements. CFPB claimed the banks failed to treat certain transfers as incorrect and unauthorized EFTs and did not reasonably investigate notices of error.
Bottom Line: In a press release, ABA President Rob Nichols stated that “Americans should be deeply skeptical of the CFPB’s lawsuit against the operator of Zelle and participating banks in the final days of this administration. If the bureau were really interested in protecting consumers rather than playing politics, it could have used its substantial budget over the last four years to work with industry and actually educate consumers on how to protect themselves from the growing threat of fraud as the Dodd-Frank Act envisioned. But instead of focusing on the real bad actors — the criminals and scammers preying on everyday Americans — this CFPB has devoted much of its time, energy, and resources to attacking banks, often by exceeding its statutory authority and without considering the harm to consumers.”
Documents: Complaint