[Federal Register: June 29, 2000 (Volume 65, Number 126)]
[Proposed Rules]
[Page 40061-40067]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr29jn00-11]
========================================================================
Proposed Rules
Federal Register
________________________________________________________________________
This section of the FEDERAL REGISTER contains notices to the public of
the proposed issuance of rules and regulations. The purpose of these
notices is to give interested persons an opportunity to participate in
the rule making prior to the adoption of the final rules.
========================================================================
[[Page 40061]]
FEDERAL RESERVE SYSTEM
12 CFR Part 205
[Regulation E; Docket No. R-1074]
Electronic Fund Transfers
AGENCY: Board of Governors of the Federal Reserve System.
ACTION: Proposed rule; official staff interpretation.
-----------------------------------------------------------------------
SUMMARY: The Board is publishing for comment a proposal to revise the
Official Staff Commentary to Regulation E (Electronic Fund Transfers).
The commentary interprets the requirements of Regulation E to
facilitate compliance by financial institutions that offer electronic
fund transfer services to consumers. The proposed revisions provide
guidance on electronic authorization of recurring debits from a
consumer's account, Regulation E coverage of electronic check
conversion transactions, telephone-initiated fund transfers, and other
issues.
DATES: Comments must be received on or before August 31, 2000.
ADDRESSES: Comments, which should refer to Docket No. R-1074, may be
mailed to Jennifer J. Johnson, Secretary, Board of Governors of the
Federal Reserve System, 20th Street and Constitution Avenue, NW.,
Washington, DC 20551 or mailed electronically to
regs.comments@federalreserve.gov. Comments addressed to Ms. Johnson may
also be delivered to the Board's mail room between 8:45 a.m. and 5:15
p.m. weekdays, and to the security control room at all other times. The
mail room and the security control room, both in the Board's Eccles
Building, are accessible from the courtyard entrance on 20th Street
between Constitution Avenue and C Street, NW. Comments may be inspected
in room MP-500 in the Board's Martin Building between 9:00 a.m. and
5:00 p.m., pursuant to the Board's Rules Regarding the Availability of
Information, 12 CFR part 261.
FOR FURTHER INFORMATION CONTACT: Kyung Cho-Miller, Natalie E. Taylor,
or John C. Wood, Counsels, Division of Consumer and Community Affairs,
Board of Governors of the Federal Reserve System, Washington, DC 20551,
at (202) 452-2412 or (202) 452-3667. For the hearing impaired only,
contact Janice Simms, Telecommunications Device for the Deaf (TDD), at
(202) 872-4984.
SUPPLEMENTARY INFORMATION:
I. Background
The Electronic Fund Transfer Act (EFTA) (15 U.S.C. 1693 et seq.),
enacted in 1978, provides a basic framework establishing the rights,
liabilities, and responsibilities of participants in electronic fund
transfer (EFT) systems. The EFTA is implemented by the Board's
Regulation E (12 CFR part 205). Types of transfers covered by the act
and regulation include transfers initiated through an automated teller
machine (ATM), point-of-sale (POS) terminal, automated clearinghouse
(ACH), telephone bill-payment plan, or remote banking program. The act
and regulation require disclosure of terms and conditions of an EFT
service; documentation of electronic transfers by means of terminal
receipts and periodic account statements; limitations on consumer
liability for unauthorized transfers; procedures for error resolution;
and certain rights related to preauthorized electronic transfers. The
act and regulation also prescribe restrictions on the unsolicited
issuance of ATM cards and other access devices.
The Official Staff Commentary (12 CFR part 205 (Supp. I)) is
designed to facilitate compliance and provide protection from civil
liability, under Sec. 915(d)(1) of the act, for financial institutions.
The commentary is updated periodically, as necessary, to address
significant questions that arise.
II. Proposed Revisions
Supplement I--Official Staff Interpretations
Section 205.2--Definitions
2(a) Access Device
Several issues under Regulation E are raised by check conversion
programs that allow a merchant to use a consumer's check as a source
document to provide the routing, serial, and account numbers used to
initiate an EFT. The Board has been asked whether the type of
transaction described herein is covered by Regulation E and whether the
check is an access device under Regulation E. Such a transaction is
generally covered by Regulation E, but proposed comment 2(a)-2 would be
added to clarify that a check used as a source document to initiate an
EFT is not an access device. Proposed comment 3(b)-1(v) also addresses
check conversion programs.
2(h) Electronic Terminal
Comment 2(h)-2 states that a POS terminal that captures data
electronically is an electronic terminal if a debit card is used to
initiate an EFT. Some have interpreted the provision narrowly to apply
only when a debit card is used to initiate an EFT. Comment 2(h)-2 would
be revised to reflect that a POS terminal that captures data
electronically to initiate electronic transfers is an electronic
terminal even if no access device is used to initiate an EFT such as
when a check is used as a source document. Thus, the receipt
requirements of Sec. 205.9 would apply.
2(k) Preauthorized Electronic Fund Transfer
Section 205.2(k) defines a ``preauthorized electronic fund
transfer'' as ``an EFT authorized in advance to recur at substantially
regular intervals.'' Beyond that authorization, no further action by
the consumer is required to initiate the transfer. Proposed comment
2(k)-1 would be added to clarify the definition.
2(m) Unauthorized Electronic Fund Transfer
Payments such as payroll or government benefits often are made by
direct deposit to a consumer's account through the ACH. Rules of the
National Automated Clearing House Association (NACHA) permit reversal
of payments made in error in limited circumstances. Proposed comment
2(m)-5 would be added to clarify that reversals of certain direct
deposits that were made in error are not unauthorized electronic
transfers.
Section 205.3--Coverage
3(b) Electronic Fund Transfer
NACHA has established rules for a program in which a merchant may
obtain information from a consumer's check to initiate a one-time ACH
debit from the consumer's account for
[[Page 40062]]
purchases or payments made in person by the consumer. The merchant uses
electronic equipment to scan the MICR (Magnetic Ink Character
Recognition) encoding on the check for the routing, account, and serial
numbers of the check, and enters the amount to be debited from the
consumer's account. Other entities have or are planning similar
programs. Proposed comment 3(b)-1(v) would be added to clarify that
where a check is provided at POS as a source document to initiate an
EFT, the resulting transfer is covered by the regulation (see also
proposed comment 2(a)-2).
NACHA has also considered rules for a variation on the electronic
check conversion program described above in which the consumer provides
a check, and the merchant or the merchant's financial institution would
retain the check after it had been scanned. NACHA has solicited comment
on this ``merchant or financial institution-as-keeper'' type of
program, but has not yet approved its use. Some merchants, however, may
be conducting electronic check programs of this type.
Regulation E applies where the consumer provides a blank or
partially completed check as a source document that is scanned and
retained by the merchant or the merchant's financial institution. To
clarify the rights and responsibilities of the parties to a transaction
where the check used as a source document is completed and signed by
the consumer and is scanned and retained by the merchant, the
transaction is an EFT and thus subject to Regulation E if the consumer
authorizes it as such. (See cf. comment 3b-1(i).) Specific comment is
solicited on this position and the extent to which merchants are
currently carrying out transactions of the sort described.
NACHA has established rules for a pilot referred to as the ``lock-
box'' program in which a merchant converts completed and signed checks
received by mail to ACH debits. Consumers are informed of how the check
payment will be processed. These transactions would not be covered by
Regulation E since transfers originated by check are excluded from
coverage. See Sec. 205.3(c)(1).
Proposed comment 3(b)-1(vi) would be added to provide guidance on
the regulation's coverage of bill-payment services where a consumer
initiates payments via computer and the financial institution carries
out the payment by check or draft. The definition of ``electronic fund
transfer'' in Sec. 205.3(b) covers these payments unless the terms of
the bill-payment service explicitly state that payment by the bill
payer will be made solely via check, draft or similar paper instrument.
3(c) Exclusions from Coverage
3(c)(1)--Checks
Proposed comment 3(c)(1)-1 would be added to provide guidance on
NACHA's re-presented check entry (RCK) program, in which merchant
payees (or their financial institutions or agents) re-present returned
checks electronically. Written authorization from the consumer for the
RCK debit is not obtained, although, the merchant payee usually has
provided notice to the consumer that any returned item may be collected
electronically if returned for insufficient or uncollected funds. The
comment would clarify that an RCK transaction is not covered by
Regulation E because the transfer is originated by check.
In some cases, a payee may impose a fee on the consumer, such as a
collection or NSF fee, because the consumer's check was returned. The
NACHA rules provide that the RCK debit must be in the amount of the
original check. Therefore, the amount of the RCK debit may not be
increased to include a fee, and the payee would have to initiate a
separate debit to collect the fee electronically. Because an
electronically debited fee would not be a part of the RCK debit, and
appears to meet the definition of an EFT under Regulation E, it would
be covered by the regulation and must be authorized by the consumer.
Proposed comment 3(c)(1)-2 would be added to provide a cross
reference to proposed comment 3(b)-1(v), which provides guidance on the
regulation's coverage of an EFT at POS where a consumer provides a
check as a source document.
3(c)(6)--Telephone-Initiated Transfers
A transfer initiated by telephone is covered by Regulation E if it
occurs pursuant to a telephone bill-payment or other written plan.
Comment 3(c)(6)-1 would be revised to provide additional guidance on
what constitutes a written plan. Proposed comment 3(c)(6)-2(v) would be
added to clarify coverage of transfers initiated by audio or voice
response telephone systems.
Section 205.6--Liability of Consumer for Unauthorized Transfers
6(b) Limitations on Amount of Liability
6(b)(1)--Timely Notice Given
Section 205.6 provides rules for a consumer's liability for an
unauthorized transfer. The limitation on the consumer's liability
depends, in part, on whether the unauthorized transfer takes place
within or after two business days of the consumer's learning of the
loss or theft of the access device. Proposed comment 6(b)(1)-3 would be
added to clarify the timing on the two-business-day period.
Section 205.7--Initial Disclosures
7(a) Timing of Disclosures
The regulation generally requires that disclosures be provided at
the time the consumer contracts for an EFT service or before the first
transfer is made to or from the consumer's account. Comment 7(a)-2
currently provides an exception to the disclosure timing rules when the
first EFT is a direct deposit. If the account-holding institution does
not have prior notice of a direct deposit arrangement between the
consumer and a third party, the institution must provide the Regulation
E disclosures as soon as reasonably possible after the first direct
deposit.
Comment 7(a)-2 would be revised to clarify that the special timing
rules apply both to single and to recurring debits or credits. The
account-holding institution may not always receive prior notice of a
one-time or recurring credit to or debit from the consumer's account.
For example, the consumer may authorize a third party to debit the
account (without notifying the institution), and the third party's
financial institution may fail to send prior notice to the consumer's
institution.
7(b) Content of Disclosures
7(b)(10) Error Resolution
An error resolution notice must be provided as a part of a
financial institution's initial disclosures under Sec. 205.7 and
annually under Sec. 205.8. Comment 7(b)(10)-2 provides that a financial
institution must have disclosed the longer error resolution time
periods for resolving errors under Sec. 205.11(c)(3) in order to use
the longer times. In September 1998, Sec. 205.11(c)(3) was amended to
extend the error resolution time periods for new accounts (63 FR 5211,
September 29, 1998). Comment 7(b)(10)-2 would be revised to reflect the
amendment to Sec. 205.11(c)(3).
Section 205.8--Change-in-terms Notice; Error Resolution Notice
8(b) Error Resolution Notice
If an institution seeks to use the longer error resolution time
periods in Sec. 205.11(c)(3), it must disclose them in the annual error
resolution notice. Comment 8(b)-2 would be added to cross reference
comment 7(b)(10)-2, which provides this guidance.
[[Page 40063]]
Section 205.9--Receipts at Electronic Terminals; Periodic Statements
9(a) Receipts at Electronic Terminals
9(a)(5) Terminal Location
Section 205.9(a)(5) requires that an ATM or POS terminal receipt
contain the location of the terminal where the transfer is initiated,
or an identification such as a code or terminal number. This section
has been interpreted by some institutions to require a full description
of the location (such as the street address) rather than simply a code.
Comment 9(a)(5)-1 would be revised to clarify that a code may be
disclosed. Comments 9(a)(5)(iv)-1 and -2 would be redesignated as
comments 9(a)(5)-3 and -4.
9(b) Periodic Statements
Comment 9(b)-4 provides that an institution may permit, but not
require, consumers to ``call for'' periodic statements. For clarity,
the comment would be revised by changing the reference ``call for'' to
``pick up;'' no substantive change is intended.
9(c) Exceptions to the Periodic Statement Requirements for Certain
Accounts
9(c)(1)--Preauthorized Transfers to Accounts
Section 205.9(c) lists the circumstances in which a periodic
statement for EFT transactions is not required. Proposed comment
9(c)(1)-1 would be added to provide further guidance on the exceptions
to the periodic statement requirements.
Proposed comment 9(c)(1)-2 would be added to clarify that the
exceptions in Sec. 205.9(c) apply to reversals of deposits made in
error. (See also proposed comment 2(m)-5.)
Section 205.10--Preauthorized Transfers
10(b) Written Authorization for Preauthorized Transfers from Consumer's
Account
Section 205.10(b) provides that recurring electronic debits from a
consumer's account ``may be authorized only by a writing signed or
similarly authenticated by the consumer.'' The phrase ``similarly
authenticated'' was added to Regulation E in 1996 (61 FR 19678, May 2,
1996), and was intended to permit electronic authorizations. The
supplemental information indicated that the authentication method
should provide the same assurance as a signature in a paper-based
system, and cited security codes and digital signatures as examples of
authentication devices that could meet the requirements of
Sec. 205.10(b); and comment 10(b)-5 was added to the staff commentary
to provide guidance on electronic authorizations.
The issue of electronic authentication methods has been further
discussed in two Regulation E rulemakings in the past two years--first,
in a March 1998 rulemaking in which the Board issued an interim rule
permitting financial institutions to deliver electronically disclosures
that are required to be given in writing (63 FR 14528); and second, in
a September 1999 rulemaking in which the Board proposed more
comprehensive rules for providing electronic disclosures under
Regulation E (64 FR 49699) and certain other Board regulations. In
these rulemakings, the Board again gave examples of authentication
devices and expressed interest in learning about other electronic
authentication methods.
Industry commenters suggested various alternatives for verifying a
consumer's identity such as alphanumeric codes (combination of letters
and numbers) or combination of unique identifiers (such as account
numbers combined with a number representing algorithms of the account
numbers). Some commenters requested additional examples of appropriate
electronic authentication devices; many stated their concern that
limiting the examples to security codes and digital signatures could be
viewed as the Board's endorsement of particular methods, which could
hinder the development of alternative authentication mechanisms. Other
commenters disfavored examples of particular authentication mechanisms;
they recommended that the Board defer to general principles set forth
in various state and federal laws and legislative proposals. Consumer
advocates, on the other hand, suggested that the Board should limit
authentication methods to those that prevent documents from being
altered without detection after the authentication is affixed, such as
digital signatures.
The Congress has passed electronic commerce legislation that
addresses, among other things, the use and acceptance of electronic
signatures (broadly defined in the legislation) and records for
electronic commerce in general. If the legislation becomes law, the
``similarly authenticated'' standard in Regulation E may become
unnecessary. In the meantime, to ensure that institutions have
flexibility in establishing authentication methods for purposes of
Sec. 205.10(b), comment 10(b)-5 would be revised. Any authentication
mechanism that provides similar assurance to a paper-based signature
(such as a mechanism that identifies the consumer and evidences the
consumer's assent to the authorization) will satisfy the ``similarly
authenticated'' standard. The word ``text'' is also substituted by
``term,'' no substantive change is intended.
The comment currently states that the person obtaining an
electronic authorization from a consumer must make a paper copy of the
authorization available to the consumer, either automatically or upon
request. For consistency with Board rulemakings permitting the
electronic delivery of disclosures, comment 10(b)-5 would also be
revised to permit the person obtaining the authorization to provide a
copy of the authorization to the consumer either in paper form or
electronically.
The supplementary information to the Official Staff Commentary,
discussing comment 10(b)-5 at the time of its adoption in 1996, stated
that for home-banking systems, a security code used to ``similarly
authenticate'' preauthorized transfers pursuant to Sec. 205.10(b) must
originate with the paying (account-holding) institution. The Board's
position reflected concerns about the potential for increased liability
for account-holding institutions associated with unauthorized use when
a party other than the institution issued the code. Under NACHA
operating rules, however (as well as operating rules of debit card
networks), an account-holding institution is permitted to charge back
to the payee's financial institution any transaction that was not
properly authorized; thus, the payee's institution (or the payee) would
bear the liability for unauthorized transfers. Accordingly, it seems
unnecessary to require that a security code originate with the paying
institution, provided the code meets the general standards for similar
authentication discussed above.
Proposed comment 10(b)-7 would be added to address a situation
where a consumer authorizes recurring charges against a credit card but
in fact provides information for the consumer's debit card, for
example, in an on-line transaction or in a telephone conversation with
a merchant. Unlike Regulation E, Regulation Z and the Truth in Lending
Act (12 CFR part 226) do not require a written, signed or ``similarly
authenticated'' authorization for recurring charges to a consumer's
credit card account. The proposed comment would clarify that when the
consumer's account in fact involves a debit card, the payee is required
to obtain an authorization in accordance with Sec. 205.10(b), but may
rely on the bona fide error provision in section
[[Page 40064]]
915(c) of the EFTA, provided procedures are in place to prevent such
errors from occurring.
10(e) Compulsory Use
Section 205.10(e) prohibits a person from requiring a consumer to
establish an account with a particular institution to receive
electronic transfers, as a condition of employment. Comment 10(e)(2)-1
would be revised to clarify that an employer (including a financial
institution) may specify an institution to receive direct deposits
provided the employer also gives employees the option to receive their
salary by check or cash.
Section 205.11--Procedures for Resolving Errors
11(a) Exception to the Periodic Statement Requirements for Certain
Accounts
Comment 11(a)-2 would be revised to provide additional examples of
when the error resolution rules are inapplicable because the consumer
has not asserted an error.
Section 205.12--Relation to Other Laws
12(a) Relation to Truth in Lending
Comment 12(a)-1 would be revised to distinguish between two types
of unauthorized transfers: those where a consumer's access device is
used to withdraw funds from a checking account with an overdraft
protection feature, and those where the consumer's access device is
also a credit card separately used to obtain cash advances. Examples
would illustrate how these rules apply in various situations.
Aggregation of Consumer Financial Information
The Board has been asked about the possible application of
Regulation E to a service sometimes referred to as ``aggregation'' or
``screen-scraping.'' Aggregation is a service made available to
consumers through an Internet web site, in which consumers are able to
view their financial information from multiple sources, such as credit
card, securities, and deposit accounts at a number of institutions. To
enable the service provider (the ``aggregator'') to obtain the
information and make it available to the consumer at the aggregator's
web site, the consumer may provide the aggregator with account numbers
and passwords to access the consumer's accounts. In addition to
allowing consumers to view accounts in one location, aggregators may
offer consumers EFT services such as bill-payment.
To assist the Board in providing any needed guidance on Regulation
E's potential coverage, comment is solicited on how these services that
aggregate consumer financial information operate or plan to operate.
Are aggregators providing or planning to provide bill-payment or other
EFT services (in addition to information services)? To what extent do
agreements exist between aggregators and account-holding institutions,
governing matters such as procedures for access to information and for
electronic transfers?
In addition, comment is solicited on the implications of a
determination that aggregators are or are not financial institutions
for purposes of Regulation E generally or under Sec. 205.14. Typically,
only one access device is contemplated to initiate an EFT to or from a
consumer's account. Nevertheless, if a consumer enters a security code
issued by the aggregator to access information on the aggregator's web
site and the consumer initiates an EFT using a security code provided
by the account-holding institution, the security code issued by the
aggregator arguably meets the definition of an ``access device.'' Two
access codes (the one provided by the aggregator and the other by the
account-holding institution) are needed to initiate electronic
transfers from the consumer's account from the aggregator's web site.
Thus, the aggregator would be a financial institution for purposes of
Regulation E.
If the aggregator is not a financial institution and an
unauthorized EFT occurs through an aggregator's service, comment 2(m)-2
could be read to suggest that a consumer who has given the aggregator
access to the consumer's account assumes liability for the transfers.
The guidance in the comment, however, was not originally provided to
address this situation.
III. Form of Comment Letters
Comment letters should refer to Docket No. R-1074, and when
possible, should use a standard typeface with a type size of 10 or 12
characters per inch. This will enable the Board to convert the text
into machine-readable form through electronic scanning, and will
facilitate automated retrieval of comments for review. Also, if
accompanied by an original document in paper form, comments may be
submitted on 3\1/2\ inch computer diskettes in any IBM-compatible DOS-
or Windows-based format. Alternatively, comments may be mailed
electronically to regs.comments@federalreserve.gov.
List of Subjects in 12 CFR Part 205
Consumer protection, Electronic fund transfers, Federal Reserve
System, Reporting and recordkeeping requirements.
Text of Proposed Revisions
For the reasons set forth in the preamble, the Board proposes to
amend the Official Staff Commentary, 12 CFR part 205, as set forth
below. Certain conventions have been used to highlight the proposed
changes to the commentary. New language is shown inside bold-faced
arrows, while language that would be deleted is set off with bold-faced
brackets.
PART 205--ELECTRONIC FUND TRANSFERS (REGULATION E)
1. The authority citation for part 205 would be revised to read as
follows:
Authority: 15 U.S.C. 1693b.
2. In Supplement I to Part 205, the following amendments would be
made:
a. Under Section 205.2--Definitions, under 2(a) Access Device, a
new paragraph 2. would be added;
b. Under Section 205.2--Definitions, under 2(h) Electronic
Terminal, paragraph 2. would be revised;
c. Under Section 205.2--Definitions, a new heading 2(k)
Preauthorized Electronic Fund Transfer, and a new paragraph 1. would be
added;
d. Under Section 205.2--Definitions, under 2(m) Unauthorized
Electronic Fund Transfer, a new paragraph 5. would be added;
e. Under Section 205.3--Coverage, under 3(b) Electronic Fund
Transfer, new paragraphs 1.v. and 1.vi. would be added;
f. Under Section 205.3--Coverage, under 3(c) Exclusions from
Coverage, a new heading ``Paragraph 3(c)(1)--Checks'' would be added;
g. Under Section 205.3--Coverage, under 3(c) Exclusions from
Coverage, under newly added heading Paragraph 3(c)(1)--Checks,
paragraphs 1. and 2. would be added;
h. Under Section 205.3--Coverage, under 3(c) Exclusions from
Coverage, under Paragraph 3(c)(6)--Telephone--Initiated Transfers,
paragraph 1. would be revised and paragraph 2.v. would be added;
i. Under Section 205.6--Liability of Consumer for Unauthorized
Transfers, under Paragraph 6(b)(1)--Timely Notice Given, new paragraph
3. would be added;
j. Under Section 205.7--Initial Disclosures, under 7(a) Timing of
Disclosures, paragraph 2. would be revised;
[[Page 40065]]
k. Under Section 205.7--Initial Disclosures, under Paragraph
7(b)(10) Error Resolution, paragraph 2. would be revised;
l. Under Section 205.8--Change-in-Terms Notice; Error Resolution
Notice, under 8(b) Error Resolution Notice, a new paragraph 2. would be
added;
m. Under Section 205.9--Receipts at Electronic Terminals; Periodic
Statements, under Paragraph 9(a)(5)--Terminal Location, paragraph 1.
would be revised;
n. Under Section 205.9--Receipts at Electronic Terminals; Periodic
Statements, under Paragraph 9(a)(5)(iv), paragraphs 1. and 2. are
redesignated as paragraphs 3. and 4. under paragraph 9(a)(5) and
republished;
o. Under Section 205.9--Receipts at Electronic Terminals; Periodic
Statements, Paragraph 9(a)(5)(iv) would be removed;
p. Under Section 205.9--Receipts at Electronic Terminals; Periodic
Statements, under 9(b) Periodic Statements, paragraph 4. would be
revised;
q. Under Section 205.9--Receipts at Electronic Terminals; Periodic
Statements, under 9(c) Exceptions to the Periodic Statement
Requirements for Certain Accounts, a new heading, Paragraph 9(c)(1)--
Preauthorized Transfers to Accounts would be added and new paragraphs
1. and 2. would be added to the newly designated heading;
r. Under Section 205.10--Preauthorized Transfers, under 10(b)
Written Authorization for Preauthorized Transfers from Consumer's
Account, paragraph 5. would be revised, and new paragraph 7 would be
added;
s. Under Section 205.10--Preauthorized Transfers, under Paragraph
10(e)(2)--Employment or Government Benefit, paragraph 1. would be
revised;
t. Under Section 205.11--Procedures for Resolving Errors, under
11(a) Definition of Error, paragraph 2. would be revised; and
u. Under Section 205.12--Relation to Other Laws, under 12(a)
Relation to Truth in Lending, paragraph 1. would be revised.
SUPPLEMENT I TO PART 205--OFFICIAL STAFF INTERPRETATIONS
Section 205.2--Definitions
2(a) Access Device
* * * * *
<rt-triang>2. Check used as a source document. The term ``access
device'' does not include a check or draft used as a source document
to initiate an EFT. For example, a merchant may use equipment to
scan the MICR (Magnetic Ink Character Recognition) encoding on a
check (for the serial, account, and routing numbers) to initiate a
one-time ACH debit from a consumer's account. The check is not an
access device under Regulation E (12 CFR part 205), although the
transaction is covered by the regulation (see comment 3(b)-
1(v)).<lf-triang>
* * * * *
2(h) Electronic Terminal
* * * * *
2. POS terminals. A POS terminal that captures data
electronically, for debiting or crediting to a consumer's asset
account, is an electronic terminal for purposes of Regulation E [if
a debit card] <rt-triang>even if no access device<lf-triang> is used
to initiate the transaction. <rt-triang>(See Sec. 205.9 for receipt
requirements.)<lf-triang>
* * * * *
<rt-triang>(2(k) Preauthorized Electronic Fund Transfer
1. Advance authorization. A ``preauthorized electronic fund
transfer'' under Regulation E is one authorized by the consumer in
advance of a transfer which will take place on a recurring basis, at
substantially regular intervals, and require no further action by
the consumer to initiate the transfer. In a bill-payment system, for
example, if the consumer authorizes a financial institution to make
monthly payments to a payee, and the payments take place without
further action by the consumer, the payments are preauthorized EFTs.
In contrast, if the consumer must take action each month to initiate
a payment (such as by entering instructions on a touch-tone
telephone or home computer), the payments are not preauthorized
EFTs.<lf-triang>
* * * * *
2(m) Unauthorized Electronic Fund Transfer
* * * * *
<rt-triang>5. Reversal of direct deposits. A reversal of a
direct deposit made in error is not an unauthorized EFT when it
involves:
i. A credit made to the wrong consumer's account;
ii. A duplicate credit made to a consumer's account; or
iii. A credit in the wrong amount made to a consumer's account
(for example, when the amount credited differs from the amount in
the transmittal instructions). If, however, there is a dispute
whether the account holder is entitled to a certain amount (for
example, a salary or a government benefit payment) the reversal may
be an unauthorized EFT, depending on the facts and
circumstances.<lf-triang>
* * * * *
Section 205.3--Coverage
* * * * *
3(b) Electronic Fund Transfer
1. Fund transfers covered. * * *
<rt-triang>v. A transfer from the consumer's account at POS
where the merchant uses a consumer's check or draft as a source
document to obtain the serial, account, and routing numbers.
vi. A payment made by a bill payer under a bill-payment service
available to a consumer via computer or other electronic means,
unless the terms of the bill-payment service explicitly state that
payment will be solely by check, draft, or similar paper
instrument.<lf-triang>
* * * * *
3(c) Exclusions from Coverage
<rt-triang>Paragraph 3(c)(1)--Checks
1. Re-presented checks. Electronic re-presentment of a returned
check is not covered by Regulation E because the transfer originated
by check. Regulation E does apply, however, to any fee debited
electronically from the consumer's account for re-presenting the
check electronically.
2. Check used as a source document. See comment 3(b)-1(v)
regarding coverage of certain EFTs at POS where a consumer provides
a check as a source document.<lf-triang>
* * * * *
Paragraph 3(c)(6)--Telephone-Initiated Transfers
1. Written plan or agreement. A transfer that the consumer
initiates by telephone is covered <rt-triang>by Regulation
E<lf-triang>[only] if the transfer is made under a written plan or
agreement between the consumer and the financial institution making
the transfer. <rt-triang>A written statement available to the public
or to account holders that describes a service allowing a consumer
to initiate transfers by telephone constitutes a plan--for example,
a brochure, or material included with periodic statements. However,
t<lf-triang> [T]he following do not, by themselves, constitute a
written plan or agreement:
i. A hold-harmless agreement on a signature card that protects
the institution if the consumer requests a transfer.
ii. A legend on a signature card, periodic statement, or
passbook that limits the number of telephone-initiated transfers the
consumer can make from a savings account because of reserve
requirements under Regulation D (12 CFR part 204).
iii. An agreement permitting the consumer to approve by
telephone the rollover of funds at the maturity of an instrument.
2. Examples of covered transfers. * * *
<rt-triang>v. The consumer initiates the transfer using a
financial institution's audio response or voice response telephone
system.<lf-triang>
* * * * *
Section 205.6--Liability of Consumer for Unauthorized Transfers
* * * * *
6(b) Limitations on Amount of Liability
* * * * *
Paragraph 6(b)(1)--Timely Notice Given
* * * * *
<rt-triang>3. Two-business-day rule. The two-business-day period
runs from midnight of the first business day after the consumer
learns of the loss or theft and ends at midnight two business days
later. The financial institution's business hours or the hour the
consumer learns of the loss or theft does not govern the two-
business-day period. For example, a consumer learns of the loss or
theft at 6 p.m. on Friday. Assuming that the following Saturday is a
business day and Sunday is not, the two-business-day period expires
at midnight on Monday.<lf-triang>
[[Page 40066]]
Section 205.7--Initial Disclosures
7(a) Timing of Disclosures
* * * * *
2. [Lack of prenotification of direct deposit. In some
instances, before direct deposit of government payments such as
Social Security takes place, the consumer and the financial
institution both will complete Form 1199A (or a comparable form
providing notice to the institution) and the institution can make
disclosures at that time. If an institution has not received advance
notice that direct deposits are to be made to a consumer's account,
the institution must provide the required disclosures as soon as
reasonably possible after the first direct deposit is made, unless
the institution has previously given disclosures.]<rt-triang>Lack of
advance notice of a transfer. Where a consumer authorizes a third
party to debit or credit the consumer's account, an account-holding
institution that has not received advance notice of a transfer or
transfers must provide the required disclosures as soon as
reasonably possible after the first debit or credit is made, unless
the institution has previously given the disclosures.<lf-triang>
* * * * *
Paragraph 7(b)(10)--Error Resolution
* * * * *
2. Exception from provisional crediting. To take advantage of
the longer time periods for resolving errors under Sec. 205.11(c)(3)
(for <rt-triang>
new accounts,<lf-triang> transfers initiated outside the United
States, or resulting from POS debit-card transactions), a financial
institution must have disclosed these longer time periods.
Similarly, an institution that relies on the exception from
provisional crediting in Sec. 205.11(c)(2) for accounts subject to
Regulation T (12 CFR part 220) must disclose accordingly.
Section 205.8--Change-in-Terms Notice; Error Resolution Notice
8(b) Error Resolution Notice
* * * * *
<rt-triang>2. Exception from provisional crediting. See comment
7(b)(10)-2.<lf-triang>
Section 205.9--Receipts at Electronic Terminals; Periodic Statements
9(a) Receipts at Electronic Terminals
* * * * *
Paragraph 9(a)(5)--Terminal Location
1. [Location code]<rt-triang>Options for identifying terminal.
The institution may provide either:
(i) The city, state or foreign country, and the information in
Secs. 205.9(a)(5)(i), (ii), or (iii), or
(ii) A number or a code identifying the terminal. If the
institution chooses the second option, the<lf-triang> [A] code or
terminal number identifying the terminal where the transfer is
initiated may be given as part of a transaction code.
* * * * *
<rt-triang>3. Omission of a state. A state may be omitted from
the location information on the receipt if:
i. All the terminals owned or operated by the financial
institution providing the statement (or by the system in which it
participates) are located in that state, or
ii. All transfers occur at terminals located within 50 miles of
the financial institution's main office.
4. Omission of a city and state. A city and state may be omitted
if all the terminals owned or operated by the financial institution
providing the statement (or by the system in which it participates)
are located in the same city.<lf-triang>
* * * * *
9(b) Periodic Statements
* * * * *
4. <rt-triang>Statement<lf-triang>[Customer] pickup. A financial
institution may permit, but may not require, consumers to
<rt-triang>pick up<lf-triang>[call for] their periodic statements
<rt-triang>at the financial institution<lf-triang>.
* * * * *
9(c) Exceptions to the Periodic Statement Requirements for Certain
Accounts
* * * * *
<rt-triang>Paragraph 9(c)(1)--Preauthorized Transfers to
Accounts<lf-triang>
<rt-triang>1. Accounts that may be accessed only by
preauthorized transfers to the account. The exception for ``accounts
that may be accessed only by preauthorized transfers to the
account'' includes accounts that can be accessed by means other than
EFTs, such as checks. If, however, an account may be accessed by any
EFT other than preauthorized credits to the account, such as
preauthorized debits or ATM transactions, the account does not
qualify for the exception.
2. Reversal of direct deposits. For direct-deposit-only
accounts, a financial institution must send a periodic statement at
least quarterly. A reversal of a direct deposit to correct an error
does not trigger the monthly statement requirement when the error
represented a credit to the wrong consumer's account, a duplicate
credit to a consumer's account, or a credit in the wrong amount to a
consumer's account. (See comment 2(m)-5 for guidance on the reversal
of direct deposits and the rules for unauthorized EFTs.)<lf-triang>
* * * * *
Section 205.10--Preauthorized Transfers
* * * * *
10(b) Written Authorization for Preauthorized Transfers from
Consumer's Account
* * * * *
5. Similarly authenticated. An example of a consumer's
authorization that is not in the form of a signed writing but is
instead ``similarly authenticated'' is a consumer's authorization
via a home banking system[.]
<rt-triang>or other electronic communication system. An
authentication device or procedure satisfies the ``similarly
authenticated'' requirement if it provides similar assurance to a
written signature (such as a device or procedure that verifies the
consumer's identity and evidences the consumer's assent to the
authorization). Examples include, but are not limited to, digital
signatures and security codes.<lf-triang> [To satisfy the
requirements of this section, there must be some means to identify
the consumer (such as a security code) and to make available a paper
copy of the authorization (automatically or upon request).] The
[text] <rt-triang>terms<lf-triang> of the electronic authorization
would have to be displayed on a computer screen or other visual
display which enables the consumer to read the communication.
<rt-triang>The person that obtains the authorization must provide a
copy of the terms of the authorization to the consumer.<lf-triang>
Only the consumer may authorize the transfer and not, for example, a
third-party merchant on behalf of the consumer.
* * * * *
<rt-triang>7. Bona fide error. Consumers sometimes authorize, by
telephone or on-line, third-party payees to submit recurring charges
against a credit card account. If the consumer indicates use of a
credit card when in fact a debit card is being used, the payee is
not in violation of the requirement to obtain a written
authorization if the failure to obtain written authorization was not
intentional and resulted from a bona fide error, and the payee
maintains procedures reasonably adapted to avoid any such error. If
the payee is unable to determine whether a credit or debit card
number is involved, at the time of the authorization, but later
finds that the card used was a debit card, the payee must obtain a
written and signed or (where appropriate) a similarly authenticated
authorization as soon as reasonably possible, or cease debiting the
consumer's account.<lf-triang>
* * * * *
10(e) Compulsory Use
* * * * *
Paragraph 10(e)(2)-Employment or Government Benefit
1. Payroll. [A financial institution (as an employer)]
<rt-triang>An employer (including a financial
institution)<lf-triang> may not require its employees to receive
their salary by direct deposit [to that same institution or] to any
[other] particular institution. An employer may require direct
deposit of salary by electronic means if employees are allowed to
choose the institution that will receive the direct deposit.
Alternatively, an employer may give employees the choice of having
their salary deposited at a particular institution
<rt-triang>(designated by the employer)<lf-triang> (, or receiving
their salary by another means, such as by check or cash.
Section 205.11--Procedures for Resolving Errors
11(a) Definition of Error
* * * * *
2. Verifying <rt-triang>a payment or an<lf-triang> account
deposit. If the consumer [merely] calls to ascertain
<rt-triang>whether a payment (for example, in a home-banking or
bill-payment program) was made electronically or <lf-triang>whether
a deposit made via ATM, preauthorized transfer, or any other type of
EFT was credited to the account, without asserting an error, the
error resolution procedures do not apply.
* * * * *
Section 205.12--Relation to Other Laws
12(a) Relation to Truth in Lending
1. Determining applicable regulation. <rt-triang>i.
<lf-triang>For transactions involving access devices
[[Page 40067]]
that also constitute credit cards, whether Regulation E or
Regulation Z (12 CFR part 226) applies, depends on the nature of the
transaction. For example, if the transaction [is purely] <rt-triang>
solely involves <lf-triang> an extension of credit, and does not
include a debit to a
checking account (or other consumer asset account), the liability
limitations and error resolution requirements of Regulation Z [(12
CFR part 226)] apply. If the transaction only
debits a checking account (with no credit extended), the provisions
of Regulation E apply. [Finally, if] <rt-triang> If <lf-triang> the
transaction
debits a checking account but also draws on an overdraft line of
credit <rt-triang> attached to the account <lf-triang>, [the
Regulation E provisions
apply, as well as] Secs. 226.13(d) and (g) of Regulation
Z[.] <rt-triang> apply, as well as the Regulation E provisions,
because there was an extension of credit associated with the
overdraft feature on the checking account.
In such a transaction, the liability provisions under Regulation E
apply. Finally, if a consumer's access device is also a credit card
and the device is used to make unauthorized withdrawals from a
checking account, but also is used to obtain unauthorized cash
advances directly from a separate line of credit unattached to the
checking account, the liability limitations under both Regulation E
and Regulation Z apply. In such a transaction, the consumer is
potentially liable under Regulation Z for the unauthorized use of
the credit card and, in addition, up to $50, $500, or an unlimited
amount (not to exceed the amount of the unauthorized transfer) under
Regulation E for the unauthorized use of the debit card<lf-triang>
[In such a transaction, the consumer might be liable for up to $50
under Regulation Z (12 CFR 226) and, in addition, for $50, $500, or
an unlimited amount under Regulation E].
<rt-triang> ii. The following examples illustrate these
principles:
A. A consumer has a card that can be used either as a credit
card or a debit card. When used as a debit card, the card draws on
the consumer's checking account. When used as a credit card, the
card draws only on a separate line of credit. If the card is stolen
and used as a credit card to make purchases or to get cash advances
from ATMs, the liability limits and error resolution provisions of
Regulation Z apply; Regulation E does not apply.
B. In the same situation, if the card is stolen and is instead
used as a debit card to make purchases or to get cash withdrawals
from ATMs, the liability limits and error resolution provisions of
Regulation E apply; Regulation Z does not apply.
C. In the same situation, the card is stolen and used both as a
debit card and as a credit card; for example, the thief makes some
purchases using the card as a debit card, and other purchases using
the card as a credit card. Here, the liability limits and error
resolution provisions of Regulation E apply to the unauthorized
transactions in which the card was used as a debit card, and the
corresponding provisions of Regulation Z apply to the unauthorized
transactions in which the card was used as a credit card.
D. Assume a somewhat different type of card, one that draws on
the consumer's checking account and can also draw on an overdraft
line of credit attached to the checking account. There is no
separate line of credit, other than the overdraft line, associated
with the card. In this situation, if the card is stolen and used,
the liability limits and the error resolution provisions of
Regulation E apply. In addition, if the use of the card has resulted
in accessing the overdraft line of credit, the error resolution
provisions of Sec. 226.13(d) and (g) of Regulation Z also apply;
however, the other error resolution provisions of Regulation Z do
not apply. <lf-triang>
* * * * *
By order of the Board of Governors of the Federal Reserve
System, acting through the Director of the Division of Consumer and
Community Affairs under delegated authority, June 22, 2000.
Jennifer J. Johnson,
Secretary of the Board.
[FR Doc. 00-16303 Filed 6-28-00; 8:45 am]
BILLING CODE 6210-01-P
