This bill instructs the Board of Governors of the Federal Reserve to issue regulations that stop card issuers and payment card networks from forcing a single or otherwise exclusive routing path for credit card transactions. The regulations would also bar contractual, technical, or financial measures that prevent merchants or acquirers from directing transactions over alternate networks, while carving out certain three‑party card models and allowing a national‑security exception.
If implemented, the measure alters who controls transaction routing and could change fee bargaining, technology design, and fraud‑mitigation approaches across the payments ecosystem. Merchants would gain routing choice; large issuers and incumbent networks would face new operational and commercial constraints; the Fed gets a new, recurring role in identifying security risks to national payments infrastructure.
At a Glance
What It Does
The bill requires the Federal Reserve Board to promulgate regulations setting a bright‑line prohibition on exclusive network arrangements and on restrictions that prevent merchants or acquirers from routing credit transactions over any eligible network. It also directs the Board to publish a public list of networks that pose national‑security risks and to maintain a periodic process to reassess market leaders.
Who It Affects
Primary targets are large card issuers and payment card networks, acquirers/processors, merchant payment service providers, and any payment network that seeks to be enabled on merchant terminals or digital checkouts. Three‑party card systems are explicitly exempted from the new prohibitions.
Why It Matters
The bill shifts control over routing away from issuers and networks toward merchants and acquirers, potentially undercutting incumbents' business models and changing interchange dynamics. It also forces interoperability changes for tokenization/authentication, creates a recurring national‑security review of networks, and gives the Fed a central regulatory role in network competition.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
The core instruction is simple: the Federal Reserve must write rules that prevent covered card issuers and payment card networks from using contracts, technology, or economic pressure to restrict the number of payment networks that can process a given credit‑card transaction. The statute defines the universe of covered issuers and the kinds of electronic credit transactions the rule targets — including card‑not‑present activity such as online and mobile payments.
The ban covers explicit exclusivity clauses and also technical lock‑ins that would make one network's authentication or tokenization unusable by another network.
The bill builds in a few contours and exceptions. It does not apply to credit cards issued under a three‑party system where the issuer and the payment network are the same entity or under common ownership.
The Board must also create and publish a list of payment networks that pose national‑security risks or are sponsored by foreign states; networks on that list can be treated differently. Additionally, the Board will periodically reassess which two networks hold the largest market shares; that determination interacts with but does not automatically reintroduce exclusivity.Implementation is structured around deadlines and review cycles.
The Board must issue the substantive regulations and then, for each set of regulations it finalizes, they take effect 180 days after that finalization date. The statute requires the Board to update its national‑security list at least every two years and to review whether the top two networks have changed at least once every three years.
Those built‑in reviews create both recurring administrative work for the Fed and windows during which market structure can be revisited.Practically, covered issuers, networks, processors, and terminal vendors will need to support multi‑network routing and interoperable security layers. That will often mean reworking tokenization and authentication workflows, updating acquirer/processor contracts, and altering merchant onboarding and terminal logic.
The bill also shifts who can set technical specifications: it forbids a network from requiring a security technology that cannot be used by competing networks processing the same transaction.
The Five Things You Need to Know
The Board must issue regulations that prevent a covered issuer or payment network from limiting the number of networks that can process a credit transaction, whether by contract, technical spec, or economic penalty.
A 'covered card issuer' is a card issuer that, together with affiliates, has more than $100 billion in assets — that threshold decides which issuers the main prohibitions will bind.
Regulations must be in place within one year of enactment and each set of final regulations takes effect 180 days after the Board issues the final text.
The bill bars requiring merchants to use authentication, tokenization, or other security technology that cannot be used by all payment networks that may process the transaction, and it prohibits imposing penalties for routing transactions over different eligible networks.
The Board must publish a public list of payment card networks it believes pose national‑security risks or are owned/sponsored by a foreign state and must update that list at least every two years; the Board also must reassess whether the two largest networks have changed at least every three years.
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
Prohibition on exclusive networks and restriction mechanisms
This provision directs the Board to prohibit covered issuers and networks from restricting the number of payment networks that can process a credit transaction. The ban is broad: it covers contractual clauses, penalties, requirements, and technological specifications that function as lock‑outs. For practitioners, that means exclusivity language in issuing, processing, and member agreements will need review and likely rewrites, and networks will have to remove or reform features that effectively prevent alternate routing.
Ban on routing limits, tokenization lock‑ins, and penalties
Beyond exclusivity, the Board must forbid direct or indirect measures that prevent merchants from directing routing to any eligible network, and it forbids forcing a merchant to use an authentication or tokenization technology that other networks cannot use. The statute also bars financial or non‑financial penalties tied to routing choices or minimum routing allocations. Operationally, acquirers and payment service providers will need to ensure their stacks can transmit transactions over multiple network rails without being blocked by proprietary security flows.
Three‑party model exemption and key statutory definitions
The rules do not apply to credit cards issued in a three‑party payment model (issuer equals network or common owner), preserving the current structure for card types like some charge/three‑party programs. The statute also defines covered issuers (asset threshold), 'electronic credit transaction' (including card‑not‑present sales), and 'licensed member' (issuers and acquirers authorized to issue or process). These definitions determine the reach of the ban and the operational scope for compliance work.
Board's public national‑security designation and periodic market checks
The Board, consulting the Treasury Secretary, must create a publicly available list of payment networks that pose national‑security risks or are owned/sponsored by foreign states and update it at least every two years. Separately, the Board must determine every three years whether the two networks that then hold the largest market shares have changed; that determination affects one narrow path the statute uses to limit the ban. The pair of provisions creates an ongoing surveillance and administrative duty that will shape which networks are treated as eligible or excluded for routing purposes.
Limits on Bureau enforcement and effective‑date timing
The bill amends the statute to state that the Consumer Financial Protection Bureau shall not have authority to enforce these particular requirements, and it gives the Board discretion to prescribe regulations, each set of which becomes effective 180 days after the Board issues final rules. That combination means the Fed writes the rules, but the typical Bureau enforcement toolkit does not apply; the statute does not create a parallel enforcement regime inside the Fed, leaving open which mechanisms will be used to ensure compliance.
This bill is one of many.
Codify tracks hundreds of bills on Finance across all five countries.
Explore Finance in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- Merchants and acquirers — gain the contractual and technical freedom to route transactions over any enabled network, which can be used to seek lower processing costs, obtain better merchant interchange terms, or choose routes with preferred settlement features.
- Competing and newer payment networks — receive clearer access to merchant routing and a regulatory barrier against contractual exclusion, improving prospects for market entry and competition against large incumbent switching networks.
- Processors, payment facilitators, and fintech wallets that support multiple rails — can market expanded routing options to merchants and end‑clients, potentially unlocking new business models and value propositions tied to routing choice.
- Consumers indirectly — may benefit from downward pressure on merchant surcharging and interchange‑driven prices if merchants capture savings from alternative routing; cardholders could also see broader acceptance for some networks in digital channels.
Who Bears the Cost
- Covered card issuers (issuers with > $100 billion in assets) — will face legal, operational, and commercial costs to remove exclusivity provisions and to support multi‑network processing and interoperable security technologies.
- Large incumbent payment networks — lose the ability to rely on exclusivity and network rules to lock merchant routing, likely reducing their leverage in interchange and network fee negotiations.
- Acquirers, processors, and terminal vendors — must invest in software and hardware changes to support multi‑network routing, interoperable tokenization/authentication, and updated settlement flows.
- The Federal Reserve Board — must allocate staff and resources to craft technically complex rules, maintain a public national‑security list, and run recurring market determinations; that administrative burden may require new operational capacity.
- Smaller merchants and service providers with limited IT budgets — may face upfront costs to update point‑of‑sale and e‑commerce integrations to take advantage of routing options or to comply with new network interoperability requirements.
Key Issues
The Core Tension
The central tension is between opening routing and technical interoperability to foster competition (and potentially lower merchant costs) versus preserving layered security models, clear liability rules, and operational simplicity that incumbents say protect fraud and settlement integrity; at the same time, the bill empowers the Fed to make technical judgments but removes the CFPB's enforcement role, leaving a question of who will effectively police compliance.
The bill forces a trade‑off between competition and operational coherence. Requiring interoperability in tokenization and authentication can introduce compatibility challenges and raise security governance questions: networks developed their protocols to manage fraud and settlement risk, and making those systems interoperable may create attack surfaces or complicate liability.
The statute leaves technical design choices to the Board, but it provides no detailed performance or security standards, creating uncertainty for implementers about acceptable architectures.
Enforcement and remedy design is also unresolved. The text explicitly removes CFPB authority to enforce these rules, but it does not create a clear alternative enforcement mechanism inside the Federal Reserve or identify private remedies.
That gap raises questions about how violations will be detected and punished, and whether affected parties will pursue private litigation or rely on bank supervision and interbank dispute processes. The national‑security designation and the three‑party exemption further complicate outcomes: the security list can exclude networks from access for non‑competition reasons, while the exemption preserves an incumbent escape valve for vertically integrated models.
Try it yourself.
Ask a question in plain English, or pick a topic below. Results in seconds.