A Quiet Expansion of Bank Authority Is Reshaping the Teller Line

For most of the past decade, the teller or call-center agent who suspected an older customer was being scammed could do surprisingly little about it. Warn the customer, flag the account, maybe get a supervisor involved, and then, more often than not, watch the wire leave anyway. A growing patchwork of state laws is changing that, and fast.

Roughly half of states now have so-called bank hold laws, which permit, and in some cases require, financial institutions to delay suspicious transactions when they reasonably believe a vulnerable adult is being exploited. Colorado’s ASSET Act, formally the Adults’ Security and Safeguards from Exploitation in Transactions Act, cleared its Senate second reading on April 17, 2026, and is on track to become the latest addition. Similar bills are moving in other statehouses this spring, often modeled on the North American Securities Administrators Association’s framework that already applies to broker-dealers in 32 states.

For retail banking leaders, this is not a niche compliance update. It is a meaningful shift in what the front line is expected to do, how branches and contact centers are staffed, and how customer conversations about money need to be handled when something looks wrong.

What a Hold Law Actually Lets a Bank Do

Hold laws vary in the details, but the structure is consistent. A qualified bank employee who reasonably suspects an eligible adult, typically someone 65 or older or otherwise vulnerable, is being financially exploited gains explicit authority to delay a disbursement or transaction for a defined period. That window commonly runs from five to 15 business days, with extensions available through court order or regulatory notice.

Colorado’s bill, drafted by Representatives Sean Camacho and Jamie Jackson and Senators Marc Catlin and Jessie Danielson, follows that pattern. It requires the qualified individual at a bank or credit union to notify local law enforcement or the county adult protective services agency, and it permits notification of a previously designated third party associated with the customer. Critically, the bill also grants civil immunity to the institution and the employee when they act in good faith, which has historically been the single biggest barrier to frontline intervention.

That immunity piece is what turns the law from theoretical to usable. In states without clear safe-harbor language, banks and credit unions have often chosen to process a transaction rather than risk a customer complaint or a lawsuit. The ASSET Act, and its analogues in other states, closes that gap by aligning with the 2018 federal Senior Safe Act and the 2024 interagency statement from the CFPB, OCC, Federal Reserve, FDIC, NCUA, FinCEN, and state regulators, which together encourage, but do not require, reporting and intervention.

The ABA Data Shows Use Is Real, But Uneven

The American Bankers Association Foundation’s 2025 survey of 158 banks, representing roughly 71% of U.S. deposit accounts, offers the clearest picture to date of how these laws play out in practice. More than half of bank respondents in hold-law states, 54.5%, reported actually using the laws to prevent elder financial exploitation. Nearly a quarter said they delay suspicious transactions a few times a month, and smaller shares reported holding transactions monthly, weekly, or daily.

The more telling finding may be on the other side of the line. Nearly 90% of banks in states without hold laws said having one would be beneficial, and 52.4% of those already operating under a hold law said longer hold windows and more flexibility would help them investigate cases properly. That combination points to a clear industry preference for broader authority, not less.

Frequency of use, though, is only part of the story. Banks that handle this well tend to share a few operational traits, including dedicated escalation paths from the branch to a specialized fraud unit, documented decision criteria that reduce subjective judgment, and tight coordination with adult protective services and local law enforcement. Banks that do not share those traits often see staff hesitate, second-guess, or default to processing the transaction, which is exactly the outcome the legislation is designed to prevent.

What Changes on the Branch Floor and in the Contact Center

Hold authority only matters if the person closest to the transaction recognizes the warning signs and feels confident enough to act. That has operational consequences that many retail banking chiefs are still working through.

Training is the obvious starting point, but the quality of that training varies widely. The AARP BankSafe program, developed with input from more than 2,000 financial industry professionals, is the most widely adopted curriculum and uses scenario-based learning to teach frontline staff to recognize red flags like urgency, secrecy, unusual wire destinations, and scripted responses from customers who have clearly been coached by scammers. Credit union trade groups, including America’s Credit Unions and the Cooperative Credit Union Association, have layered their own training on top. Banks without that kind of structured program tend to rely on generic fraud awareness modules, which are not the same thing.

Documentation is the second weak point. Staff who place a hold need to record what they observed, whom they contacted, and why they believed exploitation was in progress, because that record becomes the bank’s defense if the hold is challenged. The banks that run this well have standardized fields in their case-management systems and an escalation protocol that a branch manager or contact-center supervisor can execute within minutes, not hours.

Customer communication is the third, and probably the most delicate. Telling a long-standing customer that the bank is declining to process their requested transfer is uncomfortable, particularly when the customer is convinced they are helping a grandchild, paying a tax bill, or rescuing a romantic partner. Scripts that explain the hold without accusing the customer, along with coordinated outreach to the designated trusted contact, tend to produce better outcomes than on-the-fly conversations. Banks that invest in those scripts find that their reversal rate on held transactions climbs, which is the metric that actually matters.

Where the Liability Questions Still Sit

Even with good-faith immunity written into the statute, hold laws introduce new exposure the risk function should be thinking about. A hold placed on the wrong transaction, without adequate documentation, can still draw a complaint, and some state laws are more protective than others. Banks operating across state lines end up managing a matrix of different hold periods, reporting requirements, and eligibility definitions, which is a compliance burden the legal team needs to scope carefully.

There is also a quieter risk tied to the transactions banks do not hold. As these laws become more common, plaintiffs’ attorneys and state regulators are likely to ask harder questions when a clear red-flag case went through unchallenged. The institutions that come out of that scrutiny well will be the ones that can show a consistent process, documented training, and defensible judgment on both the holds they placed and the ones they did not.

Why This Is a Strategic Issue, Not a Back-Office One

Elder financial exploitation losses in the United States run into the billions each year, and credit union data suggests frontline intervention prevents meaningful shares of those losses from landing on the bank’s books or the customer’s balance sheet. For retail banks and credit unions competing on trust, which most still say is their primary differentiator, the ability to actually stop a scam mid-transaction is one of the few genuinely unique services the institution can offer.

That makes the hold-law wave more than a risk story. It is a customer-experience story, a marketing story, and in some markets already a competitive one. Credit unions in particular have leaned into this framing, with several publicly pointing to successful interventions as evidence of the cooperative model’s value. Banks that choose to view hold authority only through the compliance lens are likely to leave that ground to others.

The practical agenda is straightforward. Map current hold authority across every state the institution operates in, align training and escalation protocols with the most protective version rather than the minimum, invest in the documentation and case-management infrastructure that turns judgment into defensible process, and build customer-facing language that treats the hold as a service rather than an inconvenience. None of that is glamorous, but in a year where scam losses keep climbing and statehouses keep passing new authority down to the branch, it is the work that separates banks whose frontline stops scams from banks whose frontline watches them happen.