It’s that time of year again. As we move past Black Friday, Cyber Monday, and a month’s long slog through various sales, deals, and steals, we move into a period of higher incidence of Regulation E error disputes. Unfortunately, along with the increase in shopping and holiday cheer, there is also an increase in fraud and stolen debit cards. If a covered electronic fund transfer error is alleged and staff are requiring consumers to submit their complaint or question in writing, provide a police report, or first try to work out any unauthorized transaction issues with the merchant, then the institution is acting in violation of the consumer protections outlined in Regulation E. With this in mind, now is a great time to revisit internal procedures, as well as follow up with personnel to ensure they are acting appropriately and within the confines of consumer regulations.
Section 1005.11 of Regulation E sets out the parameters for investigating and resolving error disputes involving ACH, ATM, and POS debit transactions. To limit a consumer’s liability, errors must be reported to the account holding institution within 60 days after the first periodic statement on which the error is first reflected, and may be reported either orally or in writing. The notification must include enough information to enable the financial institution to identify the consumer’s name and account number and should indicate why the consumer believes the error occurred. To the extent possible, the type, date, and amount of the error should also be included. However, not all types of transfers or consumer inquiries are considered “errors” under the regulation.
- An unauthorized electronic funds transfer (EFT), which is an EFT that is initiated by a person other than the consumer without authority to initiate the transfer, and for whom no benefit is received
- An incorrect EFT to or from a consumer’s account
- An omission of an EFT from a consumer’s periodic statement
- A computational or bookkeeping error by the financial institution relating to an EFT
- A consumer’s receipt of an incorrect amount of money from an electronic terminal
- An EFT that was not identified in accordance with Section 1005.9 (Receipts at Electronic Terminals; Periodic Statements) or 1005.10(a) (Preauthorized Transfers)
- The consumer’s request for documentation required by §1005.9 or §1005.10(a) or for additional information or clarification concerning an electronic fund transfer, including a request to determine whether one of the errors listed above actually exists
- A routine inquiry about a consumer’s account balance
- A request for information for tax or other recordkeeping purposes
- A request for duplicate copies of documentation
Notice of Error
Once notification is received by the institution, the regulatory obligations are triggered and the financial institution must begin its investigation. If the notice was received orally, the institution may request that the consumer provide details of the error in writing; however, it may not delay the initiation of the investigation pending receipt of the written confirmation. There are other prohibitions on what the financial institution may require from the consumer. Specifically, it may not require a consumer to:
- Contact any merchant involved to resolve disputes regarding any unauthorized transactions.
- Provide details of the error in writing, except for the purpose of providing provisional credit.
- Make or obtain a police report for fraud and other unauthorized transactions.
Although financial institutions generally only have 10 business days to complete the investigation once notice of the error has been received, there are circumstances when a longer time period is allowed. If the error in question is an EFT that occurred within 30 days after the first deposit was made into an account, the 10 business days are extended to 20 business days.
The 10-business-day requirement may also be extended to 45 days, where provisional credit is provided and the financial institution notifies the consumer of the amount and date of the credit. Notification of the credit should occur within two business days of it being extended. The provisional credit should be in the amount of the alleged error including any interest, and the consumer should be provided full use of the provisionally credited funds during the investigation. The regulation allows for up to $50 to be withheld from the provisional credit if the financial institution has a reasonable basis for belief that the error involves an unauthorized EFT and the financial institution provided the consumer the initial Regulation E disclosures.
The 10-business-day requirement may also be extended to 45 days, without provisional credit, when the institution requests, but does not receive, written confirmation of the error within 10 business days of notification from the consumer. Lastly, the 10 business days may be extended when the error is either the result of a point of sale transaction or involves a foreigninitiated EFT. In these circumstances, the investigation period may be extended to 90 days, provided the same conditions to extend the timeline to 45 days outlined above are followed.
Section 1005.11(c)(4) outlines the minimum requirement for a satisfactory investigation. Specifically, it is reasonable for a financial institution to review only its own records when the alleged error concerns a transfer to or from a third party and the financial institution has no agreement with the third party in question. When this is the case, the error resolution investigation requirement is satisfied by advising the consumer that the information or documentation requested by the consumer remains in the possession of the third party.
Results of the Investigation
If the investigation of the asserted error results in a conclusion that no error occurred, the financial institution must notify the consumer in writing within three business days of completing the investigation. The notice must include a written explanation of the findings along with a statement of the consumer’s right to request the documents relied upon in the investigation. In addition, if applicable, the date and amount of the reversal of the provisional credit should be included with a statement that checks, drafts, and other payment requests will be honored without charge to the consumer for five business days, but only for those items which would have been paid had the provisional credit not been reversed. The account should then be monitored to ensure that no fees are charged for overdrafts that occur as a result of the reversal of the provisional credit.
If the investigation of the asserted error results in the conclusion that an error did, in fact, occur, it must be corrected within one business day of the investigation being completed. The consumer must also be notified of the outcome of the investigation, either orally or in writing, within three business days of the completion of the investigation. Where a notification is provided orally, the expectation is that the timing of the delivery of the oral notice would be documented. In addition to making the provisional credit final, or providing a final credit where no provisional credit was initially extended, the financial institution must ensure that lost interest must be credited and all fees, including overdraft and minimum balance fees that were assessed as a result of the error, are refunded. Once the notification and final credit have been issued, the financial institution is not allowed to reverse this credit, even if additional information is later uncovered.
There is the possibility that the investigation will conclude that a different error occurred than what was asserted. In this circumstance, the financial institution must notify the consumer in writing within three business days of completing the investigation. The notification requirements are the same as those for the notification of no error.
In addition to keeping in mind the requirements of Section 1005.11, the financial institution must also be aware of the consumer liability requirements of Section 1005.6. The requirements of this section become applicable when a determination is made that an unauthorized EFT occurred and outlines the extent to which a consumer may be held liable. Specifically, there are tiers of monetary amounts for which the consumer may be held liable under this section. Under the first tier, which relates to the use of an access device, if the consumer notifies the financial institution within two business days after learning of the unauthorized use, consumer liability may not exceed $50. The commentary states that when calculating the two business days, the day the consumer learns of the loss or theft, or any non-business day, are not included. The clock also will not begin until the consumer learns of the unauthorized EFT, or of the loss or theft of the card. For example, if a card is stolen on Monday, and the consumer discovers this loss on Wednesday, then so long as the consumer makes notification by Friday, the notice is still considered within two business days. Under the second tier, which also relates to the use of an access device, if the consumer does not make notification within two business days, then the amount for which they may be held liable increases to $500. The last tier of liability under this section, which is applicable with or without the use of an access device, occurs if the consumer does not notify the financial institution within 60 days of the sending of the periodic statement on which the error is reflected. In this instance, the consumer may be held liable for the full amount of the unauthorized EFTs that occurred AFTER the expiration of the 60 days.
When making the determination as to which tier of liability a consumer may be in, it is important to note as well Section 1005.6(b)(4), which states that if the consumer’s delay in providing notification was due to extenuating circumstances, the time periods shall be extended to a reasonable period. The commentary provides travel or hospitalization as two examples of circumstances requiring an extension.
One final note is that if state law, or the agreement between the financial institution and the consumer, provide for less consumer liability than outlined above, then the consumer’s liability must not exceed the amounts outlined under state law or the agreement. This would include VISA, MasterCard, or similar agreements. Where agreements provide for more consumer liability, the financial institution must follow those outlined in Regulation E or state law. Whatever provides the most consumer protection is what should be applied.
Due to the specific consumer protections outlined in Section 1005.11, it is important to regularly review procedures and personnel practices to ensure compliance. With the varying timelines, notification requirements, and crediting of funds involved, there may be a multitude of opportunities for human or system error that could result in a regulatory finding. To keep operations running smoothly in a time where there may be increased instances of fraud and errors, it is a good idea to focus now on ensuring that the institution’s procedures are appropriate and staff are adequately prepared. In addition to keeping in mind the investigation requirements of Section 1005.11 laid out in this article, a financial institution should be aware of the consumer liability limitations for unauthorized EFTs found in Section 1005.6, along with any applicable state laws and agreements with consumers.
About the Author
Nick Bonnema is a pragmatic banking professional with seven years of financial institution experience, specializing his focus on regulatory compliance, BSA/AML/OFAC consulting, and the mitigation of risk. Nick works with his clients to address the overall administration of compliance directives, review and make compliance policy and procedure recommendations, and help senior management implement recommendations to meet the changing expectations of the banking industry. This experience has allowed him to develop strong advisory and research skills, which he puts to good use serving the needs of Wipfli’s clients. Nick has a Juris Doctor from the William Mitchell College of Law. Nick can be reached at email@example.com.