RTP® Network and FedNow® Service, the two central US instant payment rails, have shown how the speed of instant payments amplifies the need for robust risk management strategies for participating financial institutions (FIs).
The Federal Reserve, which backs FedNow® Service, explains this better when it says that “the availability of FedNow Service features does not replace FIs’ independent judgment in managing risks” of instant payments.
Let’s review the RTP® Network and FedNow® Service (hereafter referred to as RTP and FedNow), exploring their fundamental differences, key regulatory frameworks, and strategies for mitigating associated compliance risks.
Understanding RTP and FedNow and Their Difference RTP
RTP, or Real-Time Payments, is an electronic funds-transfer system designed by The Clearing House (a consortium of US commercial banks) for FDIC-insured banks and credit unions seeking to provide instant payment solutions for their customers. FIs can connect to this network either directly or via third-party service providers.
Launched in 2017, the RTP network offers instant payment settlement, outpacing the existing Automated Clearing House (ACH) system, which typically completes transactions within one to three business days.So far, RTP has achieved a significant milestone, from enabling over 1 million payment transactions daily to processing $1 billion in instant payments on June 28, 2024 .
As of July 2024, over 600 FIs across the US have integrated their services and products into the RTP network to offer instant payment solutions for consumers, businesses, and the government.
FedNow
In July 2023, the U.S. Federal Reserve launched its own instant payments service dubbed FedNow. Establishing FedNow is a can’t-go-wrong choice as only 1.5% share of the US’s total payments volume is represented by real-time payments.
From 35 FIs at launch, this public sector back instant payment rail has surpassed the number of FI participants on RTP. It has integrated about 800 banks and credit unions within one year.
One of FedNow’s most innovative features, however, is its Liquidity Management Transfer (LMT) capability. This allows participating institutions to conduct high-value transfers at scheduled times, even when traditional systems like Fedwire are offline.
What is the difference between RTP and FedNow?
While FedNow and RTP offer 24/7 instant A2A transfers, key differences exists. This comparison table breaks it down, covering aspects such as operators, eligibility criteria, settlement methods, and transaction limits.
| Category | FedNow | RTP |
| Operator | Federal Reserve | The Clearing House (TCH) |
| Eligibility | Organizations eligible for a master account with a Federal Reserve Bank | Federally insured U.S. depository institutions |
| Settlement Method | Through participants’ master accounts at Federal Reserve Banks | Through a joint master account at the Federal Reserve Bank of New York |
| Funding Requirement | Not specified | Prefunding required; banks must maintain sufficient balances |
| Interoperability | Not interoperable with RTP | Not interoperable with FedNow |
| Transaction Limits | Default $100,000; can be increased to $500,000 upon request | $1 million (with potential for increase) |
| Market Presence | New and growing fast | More established |
n instant payment rail operated by the Federa
Key Regulations That Affect RTP and FedNow
1. RTP Operating Rules: The RTP Operating Rules are guidelines and requirements established by The Clearing House RTP network participants. These rules: a. Define requirements for different types of participants in the RTP network. Outline provisions for processing and posting RTP messages. C. Establish compliance standards (eg RTP self-audit requirements) for Fis using the system.
2. Federal Reserve Operating Circular 8: The circular, which became effective in April 2024, applies to all parties involved in FedNow transfers. It defines key obligations, settlement requirements, security procedures, and other rules that FedNow participants must adhere to. The circular’s authority over these parties in FedNow transfers is equivalent to that of Regulation J.
3. Regulation J Subpart C: In 2022, the FRB established a new Subpart C to Regulation J. It includes sections on reliance on account number as the primary identifier for payment order processing (overriding any discrepancies in the beneficiary’s name) and sections on fund availability exceptions.
4. Electronic Funds Transfer Act: A provision of Subpart C of the Federal Reserve’s regulations provides definitive guidance on EFTA’s applicability to FedNow. It establishes that when a FedNow transfer falls under EFTA jurisdiction, it remains subject to Subpart C regulations as well. However, the provision clearly states that in cases where Subpart C and EFTA requirements conflict, EFTA takes precedence to the extent of the inconsistency.
5. Uniform Commercial Code (UCC): FedNow transfers follow UCC Article 4A, which sets clear rules for everyone involved (sender, bank, receiver) to ensure smooth transactions.
6. OFAC guidance on instant payments: Although not a regulation, this guidance emphasizes adopting a risk-based approach to sanctions compliance by developing, emphasize adopting a risk-based approach to sanctions compliance by developing, implementing, and regularly updating a sanctions compliance program that incorporates the five essential component
7. Expedited Funds Availability Act (Reg CC): Reg CC might indirectly influence how Fis handles disputes or errors related to instant payments. For example, if an instant payment is fraudulent or mistakenly sent, EFTA’s rules on error resolution and provisional crediting could be referenced in how the situation is addressed.
Regulatory Risks Associated with RTP and FedNow
1. Liquidity Risks
Instant payment networks create new liquidity management challenges for FIs that adopt them. FIs or the settlement and liquidity in the ecosystem must maintain adequate balances around the clock to settle transactions in real-time, while Federal Reserve discount window hours remain limited. So, the challenge is ensuring PSPs always have access to enough funds, even when banks and other financial systems are closed. In short, instant payments introduce new complexities in managing intraday liquidity. Banks may face sudden liquidity shortfalls due to unpredictable payment flows, potentially impacting their ability to meet obligations. Regulators will scrutinize institutions’ strategies for maintaining adequate liquidity in this dynamic environment.
2. Third-Party Risks
RTP and FedNow increase FIs’ reliance on technology vendors or service providers. Regulators expect rigorous oversight and due diligence of these critical partners. Without comprehensive vendor management programs that strategically align with an FI’s risk appetite, effectively detect potential issues, and promptly escalate concerns to top decision-makers, operational disruptions, data security breaches, compliance violations, and reputational damage are likely to happen for RTPs or FedNow services.
3. Fraud Detection Risk
The instant payment system’s rapid, irrevocable, 24/7 nature leaves little time for comprehensive fraud analysis and detection. Some institutions report only a six-second window to authorize transactions. That’s why Account Takeover (ATO) Fraud, Authorized Push Payment (APP) Fraud, Social Engineering Fraud, or Direct Debit scams are challenging to mitigate here.FIs must continuously adjust their fraud detection models based on instant payment activity to improve accuracy and reduce false positives and negatives.
4. Consumer Protection
The irrevocable nature of instant payments challenges traditional error resolution processes. If a consumer mistakenly sends funds to an incorrect recipient, retrieval becomes difficult. Regulators expect institutions to develop new approaches to dispute resolution that balance consumer protection with the finality of instant payments.
5. Operational Resilience
RTP and FedNow require unprecedented 24/7/365 availability. Even brief outages can disrupt thousands of time-sensitive payments, potentially leading to regulatory scrutiny. To meet regulatory expectations, FIs must demonstrate robust disaster recovery capabilities and near-continuous uptime.
Strategies for Managing RTP and FedNow Regulatory Risks
As FIs adopt real-time payment systems, they must skillfully maneuver through a complex regulatory environment. Whether implementing RTP, FedNow, or both, the challenge lies in crafting strategies that ensure compliance and minimize legal exposure. Here are some key strategies to consider:
Implement robust third-party risk assessment and controls.
FIs bear ultimate responsibility for risks associated with third-party vendors– service providers, end-user solution providers, and correspondents– they partner with for instant payment solutions. Risk mitigation systems must be adjusted to fit for purpose.
Here, the five stages of risk management–planning, due diligence and third-party selection, contract negotiation, ongoing monitoring, and termination–remain critical but must be adapted for the unique challenges of instant payments.
How does that work?
In the planning stage, FIs should develop a comprehensive strategy for integrating RTP or FedNow, including clear risk appetites and tolerances specific to real-time transactions. This strategy should account for potential fraud scenarios, liquidity management challenges, and operational risks unique to 24/7 processing.
During due diligence, FIs should scrutinize potential partners’ real-time processing capabilities, fraud prevention tools, disaster recovery, and business continuity plans. Special attention should be given to the provider’s ability to meet the stringent uptime requirements of instant payments and their track record in handling similar high-speed, high-stakes transactions.
Contract negotiations should include specific performance metrics for instant payments, such as transaction speed, accuracy, and fraud prevention rates. Clear delineation of responsibilities for dispute resolution and error correction in a real-time environment should be prioritized.
Instant payments may call for adjustments to risk mitigation systems. FIs should consult with their legal counsel for further guidance about their obligations under applicable law. In addition, review fraud mitigation solutions, Office of Foreign Asset Control (OFAC) and anti-money laundering (AML) solutions to determine if these capabilities can support instant payments.
For Ongoing monitoring, FIs should implement real-time dashboards and alerts to track transaction volumes, patterns, and anomalies. You should also conduct regular stress testing of the instant payment systems to ensure resilience under various scenarios, including cyber-attacks and sudden volume spikes.
Finally, termination plans must account for the complex, interconnected nature of instant payment systems. Exit strategies should ensure continuity of service for customers and minimize disruption to the broader payment ecosystem.
Side Note: There is no prescriptive formula for working with third parties. “A sound third-party risk management framework should be appropriately tailored to a bank’s level of risk, complexity and size.”
Implement Enhanced Credit-Push Fraud Detection and Management
Instant payments present the risk of Credit-Push Fraud, which is difficult to detect. Funds (pushed) are usually irretrievable. This calls for fraud management expertise to be included in the planning process. “Get your fraud management experts—whether in-house or outsourced—involved in plans early,” FRB advises.
To optimize fraud management tools for RTP or FedNow,
- Deploy advanced transaction monitoring systems with customizable rule sets
- Implement risk-based holds on fund availability for potentially fraudulent transactions.
- Regularly update and test fraud prevention measures to address emerging threats.
Furthermore, learning and adaptation should be continuous. Being knowledgeable about what is happening in the industry and regulatory expectations will keep the strategies for preventing fraud strong and up-to-date.
Evaluate and Adjust Staffing Needs
FIs should anticipate shifts in the demand for instant payments and related services. The evolving nature of this payment rail means that staffing needs and support structures will likely need to be adjusted over time to meet changing demands and operational requirements.
These efforts, according to the Faster Payments Council (FPC), should consider needs across different areas, such as front-office (customer-facing roles), back-office (operations and support roles), and specialized roles in fraud detection, reconciliation, and dispute resolution.
The AML, OFAC, and customer due diligence processes of instant payments also demand resource optimization (staffing) or technological advancements to uphold BSA standards. Likewise, adjustments in staffing may be necessary based on transaction volumes, seasonal demands, or changes in customer behavior. However, the possibility of automation should not be ruled out.
Integrate Security Awareness with Customer Education
To fortify defenses against RTP and FedNow risks, FIs must implement a sophisticated customer education strategy that combines service knowledge with security awareness.
First, educate customers about the unique aspects of instant payments – their speed, 24/7 availability, and irreversibility. Show them how these differ from traditional methods by updating their accountholder disclosures and agreements to explicitly cover instant payment services.
On the security front, banks need to go beyond basic fraud prevention tips. As FedNow suggests in its briefing paper on instant payment fraud, customers should be educated on identifying sophisticated fraud attempts and protecting their data. Aside from knowing about the institution’s communication policies (e.g., never requesting login information via phone, email, or text) or having strong authentication mechanisms across different accounts, FI’s must “enable customer self-treatment of alerts” through “integrated customer outreach systems.”
Integrate OFAC Sanctions Compliance
OFAC strongly advises developers to embed sanctions compliance features during the design and development of instant payment systems. This proactive approach is necessary because, for example, the Federal Reserve Banks possess the authority to terminate or restrict a Participant’s access to the FedNoW for non-compliance with AML laws and regulations.
Key aspects of this strategy include:
- Early Integration
- Real-time Screening Capabilities
- Adaptable Architecture
- Audit Trails
How RADD LLC Can Help Navigate The Risks
RADD LLC offers a comprehensive solution to RTP and FedNow regulatory needs. Our approach is rooted in:
- Deep Regulatory Insight: We intimately understand the nuanced ways in which instant payments could reshape FIs internal controls, risk management, operations, and financial reporting.
- Tailored Technology Integration: Our IT compliance solutions and related Fintech compliance service ensure that RTP and FedNow infrastructure adapt to your existing systems.
- Expert Human Oversight: Our team of established compliance professionals, including CAMS-certified consultants, provides ongoing guidance and real-time problem-solving for FIs’ compliance teams.
- Proactive Risk Mitigation: We anticipate regulatory shifts and help you stay ahead of compliance curves rather than reacting to them.