Duncan Douglass was quoted in a Transaction World Magazine article discussing those facets of new regulatory legislation that are making the credit card industry nervous. "Right now, I am most concerned about some of the cardholder protection bills circulation in Congress," said Douglass. "The bill with most traction in the House and Senate right now looks to be the Credit Cardholders' Bill of Rights, championed by Representative Maloney, who saw the bill to passage in the House late last year, and Senator Schumer. It is not the substance of the CCBR that is the most troubling, but rather the timing on which the legislation would become effective if enacted. The substance of the CCBR is, for the most part, already due to take effect in mid-2010 thanks to December 2008 rulemaking by federal banking regulators, but as currently drafted the CCBR would become effective 90 days after enactment. This compressed time schedule from enactment to effectiveness would afford card issuers very little time to revise their lending practices and processing systems to comply with the new requirements. The resulting reaction from the issuers to such a short compliance fuse may prove detrimental to cardholders, contrary to the intent of the legislation, if issuers adjust pricing and practices assuming worst-possible-case scenarios because they have inadequate time to make informed decisions based on modeling of the likely effects of required changes."
Douglass then delved deeper into the issues at hand: "I do believe there is a role for federal oversight or involvement in promoting the protection of cardholder information, but I believe most of that oversight should be guided by regulation, rather than legislation. I emphasize a regulatory rather than a legislative role because I believe that legislation is too blunt an instrument and too slow moving to responsive to the ever-changing threats to data security. That being said, I still believe that industry self-regulation, operating within broader regulatory and even broader still legislative mandates, is the most appropriate first line of oversight, because the industry is best positioned to react quickly to new security threats."
"As we move into 2010 and 2011," according to Douglass, " I would not be surprised to see the FTC and FDIC continue to focus on bank-issued and non-bank issued prepaid card programs, both in terms of consumer protection, largely the domain of the FTC with respect to non-bank issued cards, and with respect to safety and soundness concerns, largely the domain of the FDIC with respect to bank issued cards, particularly where the issuing bank is seen as exercising too little control and oversight over the actual operation of the program."