[Federal Register: March 16, 2001 (Volume 66, Number 52)]
[Rules and Regulations]
[Page 15187-15195]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr16mr01-1]
========================================================================
Rules and Regulations
Federal Register
________________________________________________________________________
This section of the FEDERAL REGISTER contains regulatory documents
having general applicability and legal effect, most of which are keyed
to and codified in the Code of Federal Regulations, which is published
under 50 titles pursuant to 44 U.S.C. 1510.
The Code of Federal Regulations is sold by the Superintendent of Documents.
Prices of new books are listed in the first FEDERAL REGISTER issue of each
week.
========================================================================
[[Page 15187]]
FEDERAL RESERVE SYSTEM
12 CFR Part 205
[Regulation E; Docket No. R-1074]
Electronic Fund Transfers
AGENCY: Board of Governors of the Federal Reserve System.
ACTION: Final rule; official staff interpretation.
-----------------------------------------------------------------------
SUMMARY: The Board is adopting a final rule revising the Official Staff
Commentary to Regulation E, which implements the Electronic Fund
Transfer Act. The commentary interprets the requirements of Regulation
E, to facilitate compliance by financial institutions that offer
electronic fund transfer services to consumers. The final rule provides
guidance on Regulation E coverage of electronic check conversion
transactions and computer-initiated bill payments; authorization of
recurring debits from a consumer's account; telephone-initiated
transfers; and other issues.
DATES: The rule is effective March 15, 2001; however, to allow time for
any necessary operational changes, the mandatory compliance date is
January 1, 2002.
FOR FURTHER INFORMATION CONTACT: Natalie E. Taylor or John C. Wood,
Counsel, or David A. Stein, Attorney, Division of Consumer and
Community Affairs, Board of Governors of the Federal Reserve System,
Washington, DC 20551, at (202) 452-2412 or (202) 452-3667.
SUPPLEMENTARY INFORMATION:
I. Background
The Electronic Fund Transfer Act (EFTA or the act) (15 U.S.C. 1693
et seq.), enacted in 1978, provides a basic framework establishing the
rights, liabilities, and responsibilities of participants in electronic
fund transfer (EFT) systems. The EFTA is implemented by the Board's
Regulation E (12 CFR part 205). Types of transfers covered by the act
and regulation include transfers initiated through an automated teller
machine (ATM), point-of-sale (POS) terminal, automated clearinghouse
(ACH), telephone bill-payment plan, or remote banking program. The act
and regulation require disclosure of terms and conditions of an EFT
service; documentation of EFTs by means of terminal receipts and
periodic account statements; limitations on consumer liability for
unauthorized transfers; procedures for error resolution; and certain
rights related to preauthorized EFTs. The act and regulation also
prescribe restrictions on the unsolicited issuance of ATM cards and
other access devices.
The act's coverage is not limited to traditional financial
institutions holding consumers' asset accounts. For EFT services made
available by entities other than an account-holding financial
institution, the act directs the Board to assure, by regulation, that
the disclosures, responsibilities, and remedies of the act are made
applicable.
The Official Staff Commentary (12 CFR part 205 (Supp. I)) is
designed to facilitate compliance and provide protection from civil
liability, under Sec. 915(d)(1) of the act, for financial institutions
that act in conformity with it. The commentary is updated periodically,
as necessary, to address significant questions that arise.
II. Summary of the Proposed and Final Revisions
On June 29, 2000, the Board published proposed revisions to the
Official Staff Commentary to Regulation E (65 FR 40061). The most
significant issues addressed by the proposal were coverage of
transactions that involve electronic check conversion, computer-
initiated bill payments, and authorizations of recurring debits. The
Board received more than 120 comment letters on the proposal. The
majority of comments were from financial institutions, ACH
associations, retailers, and their representatives. Overall, most
commenters supported the Board's proposed revisions as necessary and
helpful guidance.
The Board is adopting the revisions to the official staff
commentary substantially as proposed. Some modifications have been made
to address comments about the need for consistency in the coverage of
electronic check conversion transactions and the standard for
electronic authorization of recurring transfers. Other comments have
been modified to address commenters' requests for additional
clarification.
Electronic Check Conversion
The proposal sought to clarify Regulation E coverage of
transactions where a merchant at POS uses a consumer's blank, partially
completed, or fully completed and signed check to obtain information
for initiating a one-time ACH debit from the consumer's account. The
National Automated Clearing House Association (NACHA) and other
entities have, or are planning, programs that permit such transactions.
In one type of program, known as ``consumer-as-keeper,'' after an EFT
is initiated the merchant returns the check to the consumer. The
proposal made clear that such transfers are covered by Regulation E. In
another type of program, known as ``financial institution-as-keeper''
(which NACHA has not approved), the merchant or its financial
institution retains the check. The supplementary information to the
proposal indicated that Regulation E would cover the transfer where the
check is blank or only partially completed. If, however, the check is
fully completed and signed and retained by the merchant, the transfer
would be excluded from coverage under Regulation E unless the consumer
authorized an EFT. The Board solicited comment on this interpretation
and the extent to which merchants are carrying out transactions under
the ``financial institution-as-keeper'' model.
The supplementary information also addressed transfers resulting
from NACHA's lockbox program where a payee converts consumers' checks
received by mail to ACH debits. Under that program, consumers are
informed that the payments will be processed as EFTs. The proposal
stated that these transactions would not be covered by Regulation E
since transfers originated by check are excluded from coverage.
Under the final rule, where a consumer authorizes a one-time EFT
from the consumer's account using information from a check to initiate
the transfer, the transaction is covered by Regulation E. Application
of the rule is
[[Page 15188]]
consistent and the result is the same whether the check is blank,
partially completed, or fully completed and signed; whether the check
is presented at POS or mailed to a merchant or lockbox and later
converted to an EFT; or whether the check is retained by the consumer,
the merchant, or the merchant's financial institution. (See comment
3(b)-1(v) and supplementary information under the Section-by-Section
Analysis. The term ``check'' is used for ease of reference; it is
intended to include a draft.)
The proposal also provided guidance on the coverage of ``re-
presented check entry'' or ``RCK'' transactions, where a check used to
pay for goods or services is subsequently returned for insufficient
funds and the payee re-presents the check electronically through an ACH
system. Under the proposal, an EFT resulting from the electronic re-
presentment of the check would be the continuation of a transaction
originated by check, and excluded from Regulation E coverage. A fee
assessed by the payee for re-presentment, such as a collection fee,
however, would be covered by the regulation if authorized by the
consumer to be debited electronically from the consumer's account.
Under the final rule, the comment is adopted substantially as proposed,
with modifications that clarify the authorization requirements. (See
comment 3(c)(1)-1.)
Computer-Initiated Transfers
The Board proposed revisions concerning the coverage of computer-
initiated transfers pursuant to a bill-payment service. Under the
proposal, such transfers would be covered unless the terms of the
service agreement explicitly state that payments will be carried out
solely by check, draft, or similar paper instrument.
The final rule provides that computer-initiated payments are
covered by the regulation unless the agreement with the consumer
expressly states that all payments will be made by check, draft, or
similar paper instrument, or specifically identifies payments that will
be made by check, draft, or similar paper instrument. (See comment
3(b)-1(vi).)
Authorization of Recurring Debits
Section 205.10(b) requires that recurring electronic debits from a
consumer's account be authorized ``only by a writing signed or
similarly authenticated by the consumer.'' The Board proposed to revise
comment 10(b)-5 to ensure that financial institutions had guidance on
the flexibility of establishing authentication methods. When the
proposal was issued, the Congress had passed, but the President had not
yet signed into law, electronic commerce legislation that addressed,
among other things, the use and acceptance of electronic signatures and
records for electronic commerce in general. The Board noted in the
supplementary information to the proposal that if the legislation
became law, the ``similarly authenticated'' standard could become
unnecessary. On June 30, 2000, the Electronic Signatures in Global and
National Commerce Act (the E-Sign Act), 15 U.S.C. 7001, et seq., became
law. The E-Sign Act provides that electronic documents and signatures
have the same validity as paper documents and handwritten signatures.
Most of the act's provisions took effect October 1, 2000.
Under the final rule, revisions have been made to ensure
consistency with the E-Sign Act and to provide flexibility. For
example, the rule clarifies that the copy of the authorization returned
to the consumer may be in paper or electronic form, and that a code
used as a means to ``similarly authenticate'' an authorization need not
originate with the paying institution. (See comment 10(b)-5).
Other Issues
The Board generally solicited comment on how aggregation services
made available to consumers through an Internet web site currently
operate or might operate in the future, and posed several questions
about the services. Aggregation services permit consumers to view
financial information consolidated from multiple sources, such as their
credit card, securities, and deposit accounts at a number of
institutions. Because the Board did not publish a proposed
interpretation related to aggregation services, the final commentary
does not address these issues. The Board will consider addressing these
issues in a future proposal.
The proposal also provided technical clarifications on various
issues. They include exceptions from the periodic statement
requirements, definition of an electronic terminal, timing of
disclosures, and compulsory use. Revisions have been made in the final
rule to address commenters' requests for additional clarification.
III. Section-by-Section Analysis of the Final Rule
Supplement I--Official Staff Interpretations
Section 205.2--Definitions
2(a) Access Device
Regulation E defines an ``access device'' as a card, code, or other
means of access to a consumer's account, or any combination thereof,
that may be used by the consumer to initiate EFTs. The proposed rule
provided that in check conversion programs that allow a merchant to use
a consumer's check to obtain the routing, account, and serial numbers
to initiate a one-time EFT, the check is not an access device. Thus, it
is not subject to limitations on issuance, for example. Comment 2(a)-2
is added as proposed with some modifications for clarity. (See also
discussion under ``Electronic check conversion'' in Section II.)
2(h) Electronic Terminal
Comment 2(h)-2 currently states that a POS terminal that captures
data electronically is an electronic terminal if a debit card is used
to initiate an EFT. Some have interpreted the provision narrowly to
apply only when a debit card is used to initiate an EFT. Comment 2(h)-2
is revised, as proposed, to provide that a POS terminal that captures
data electronically to initiate an EFT is an electronic terminal even
if no access device is used, such as when a check is used to capture
information to initiate a one-time EFT. Most commenters supported this
revision.
The receipt requirements of Sec. 205.9 apply whether a debit card
or information from a check is used to initiate a transfer. A check
used to capture information to initiate an EFT at POS itself may serve
as the receipt in some cases if it meets the requirements of
Sec. 205.9.
A merchant does not meet the definition of ``financial
institution'' under the act or regulation since the merchant does not
hold the consumer's account or issue an access device and agree with
the consumer to provide EFT services. But because the merchant is using
an electronic terminal to capture information from the consumer's check
to initiate an EFT, the merchant is providing an EFT service. A
merchant participating in electronic check conversion transactions will
likely use an electronic terminal for credit card and debit card
transactions. Given that the merchant must comply with the receipt
requirements of Sec. 205.9 of the regulation for debit card
transactions, the Board believes the merchant will
[[Page 15189]]
similarly provide receipts for electronic check transactions.
Consequently, the Board has not proposed to amend the regulation at
this time to require merchants to provide receipts.
Section 904(d) of the EFTA provides that ``[i]f electronic fund
transfer services are made available to consumers by a person other
than a financial institution holding a consumer's account, the Board
shall by regulation assure that the disclosures, protections,
responsibilities, and remedies created by [the EFTA] are made
applicable to such persons and services.'' If the Board becomes aware
that consumers are not receiving receipts in connection with check
conversion transactions (or that merchants are not transmitting
information needed for consumers' periodic statements), the Board will
consider exercising its authority under Sec. 904 to require compliance
by merchants.
2(k) Preauthorized Electronic Fund Transfer
Section 205.2(k) defines a ``preauthorized electronic fund
transfer'' as an EFT authorized in advance to recur at substantially
regular intervals. Beyond that authorization, no further action by the
consumer is required to initiate the transfer. Comment 2(k)-1 is added
as proposed. Commenters supported the clarification.
2(m) Unauthorized Electronic Fund Transfer
Certain payments often are made to a consumer's account through the
ACH, such as direct deposits of payroll or government benefits. NACHA
rules permit reversal of payments made in error in limited
circumstances. Comment 2(m)-5 is added, with some modifications from
the proposal, to clarify that reversals of certain direct deposits that
were made in error are not ``unauthorized'' EFTs. The last sentence in
paragraph (iii) of the proposed comment, referring to a dispute about
whether the account holder is entitled to a certain amount, has been
deleted as unnecessary.
Section 205.3--Coverage
3(b) Electronic Fund Transfer
The EFTA excludes from coverage any transaction ``originated by
check, draft, or similar paper instrument.'' 15 U.S.C. 1693a. The
proposed rule addressed the coverage of electronic check conversion
transactions based on several pilots introduced by NACHA and others. In
such transactions, the merchant obtains information from a consumer's
check at POS to initiate a one-time ACH debit from the consumer's
account. The merchant electronically scans and captures the MICR
(Magnetic Ink Character Recognition) encoding on the check for the
routing, account, and serial numbers, and enters the amount to be
debited from the consumer's account.
Under the Board's proposal, an EFT resulting from the ``consumer-
as-keeper'' program would be covered by the regulation. Likewise, an
EFT resulting from the ``financial institution-as-keeper'' program
would be covered by Regulation E where the consumer provides a blank or
partially completed check as a source document. Where the check is
completed and signed by the consumer and retained by the merchant, the
transaction arguably could be viewed as originating by check.
Therefore, the supplementary information to the proposal stated that
the transaction would be an EFT (and thus covered by Regulation E) only
if the consumer authorized it as such. Finally, under the proposal,
transfers resulting from the ``lockbox'' program would have been
excluded from coverage as having originated by check. (See discussion
under ``Electronic check conversion'' in Section II.)
The majority of commenters believed that Regulation E should cover
check conversion transactions under the ``consumer-as-keeper'' program,
but disagreed with coverage of these transactions under the ``financial
institution-as-keeper'' program. Some commenters believed that
consumers would be confused because they would be providing a check to
the merchant and at the same time authorizing the transaction as an
EFT. Some commenters suggested that the rules should not be based on
the characteristics of the various programs; instead, the Board should
establish a bright-line test that provides certainty and consistency.
Regarding the authorization requirement, some commenters believed
the Board was imposing a written authorization requirement for
transactions under the financial institution-as-keeper model. The
supplementary information to the proposed rule stated that where a
consumer provides a completed and signed check, a transfer under this
model would be an EFT if the consumer ``authorizes it as such.'' Other
commenters expressed concern about the inconsistent treatment of
transfers under the ``financial institution-as-keeper'' program (which
would generally be covered by Regulation E under the proposal) and
those resulting from ``lockbox'' transactions (which would not be
covered).
The Board is adopting an interpretation based on a consumer's
authorization of a transaction as an EFT to clarify the rights,
liabilities, and responsibilities of participants in check conversion
programs. Under this approach, Regulation E coverage does not depend on
the characteristics of a particular program.
The final rule provides that where a consumer authorizes the use of
a check for initiating an EFT, the transaction is not deemed to be
originated by check. The transaction is covered by Regulation E.
Comment 3(b)-1(v), as adopted, makes clear that the rule applies
whether the check is blank, partially completed, or fully completed and
signed; whether it is presented at POS or mailed to a merchant or
lockbox and later converted to an EFT; or whether it is retained by the
consumer or the merchant (or the merchant's financial institution).
The proposed rule was not intended to require a separate written
authorization for electronic check conversion transactions. (Under the
EFTA and Sec. 205.10(b) of Regulation E, written authorization is
required only for recurring transfers.) Section 205.3 of Regulation E
provides that the regulation applies to ``any electronic fund transfer
that authorizes a financial institution to debit or credit a consumer's
account.'' A merchant or other payee offering the check conversion
services discussed above is providing an EFT service, and therefore
should obtain the consumer's authorization to initiate an EFT. In the
context of check conversion, authorization takes place if the consumer
engages in the transaction after receiving notice that the transaction
will be treated as an EFT. New comment 3(b)-3 is added to provide this
guidance. (NACHA Operating Rules currently provide greater consumer
protections in that they require written authorizations even for one-
time conversion transactions.)
Section 904(d)(1) of the EFTA provides that ``[i]f electronic fund
transfer services are made available to consumers by a person other
than a financial institution holding a consumer's account, the Board
shall by regulation assure that the disclosures, protections,
responsibilities, and remedies created by [the EFTA] are made
applicable to such persons and services.'' While the Board did not
propose to amend the regulation at this time to require compliance by
merchants or other payees with the Regulation E authorization
requirement,
[[Page 15190]]
the Board fully expects them to obtain a consumer's authorization to
initiate an EFT from the consumer's account. If, however, the Board
becomes aware that authorizations are not being obtained in connection
with check conversion transactions, the Board will consider exercising
its authority under Sec. 904 to require compliance by the merchants or
other payees. (Also see discussion under ``2(h) Electronic Terminal''
regarding compliance with terminal-receipt requirements.)
Comment 3(b)-1(vi) is added, with some modifications from the
proposal, to provide guidance on the regulation's coverage of bill-
payment services where a consumer initiates payments via computer (or
other electronic means). Generally, the definition of ``electronic fund
transfer'' in Sec. 205.3(b) covers these payments. The comment as
proposed would result in total exemption or total coverage of a bill-
payment service. Commenters supported the proposal with some requests
for modification. They suggested an approach that would only exclude
payments to particular payees made solely by check. The comment has
been revised to provide that computer-initiated payments are covered by
the regulation unless the service agreement explicitly states that all
payments, or all payments to identified payees, will be made solely by
check, draft or similar paper instrument drawn on the consumer's
account.
3(c) Exclusions From Coverage
3(c)(1)--Checks
Comment 3(c)(1)-1 provides guidance on NACHA's re-presented check
entry (RCK) program, in which merchant payees (or their financial
institutions or agents) re-present returned checks electronically.
Written authorization from the consumer for the RCK debit is not
obtained, although the merchant payee usually has provided notice at
POS that any returned item may be collected electronically if returned
for insufficient funds. The comment clarifies that an RCK transaction
is not covered by Regulation E because the transaction was originated
by check.
In some cases, a payee may impose a fee on the consumer because the
consumer's check was returned. NACHA rules provide that the RCK debit
must be in the amount of the original check; therefore, the amount may
not be increased to include a fee. The payee would have to initiate a
separate debit to collect the fee electronically. Because an
electronically debited fee meets the definition of an EFT under
Regulation E, it is covered by the regulation and must be authorized
(in this case, by notice to the consumer).
Most commenters agreed with the proposed rule excluding coverage of
the RCK. A number of commenters disagreed with the proposal to cover
any additional fee debited electronically from the consumer's account.
Since the fee is based on the original transaction, these commenters
believe the fee is likewise covered by the Uniform Commercial Code
(UCC), which permits incidental damage fees.
The Board views, as separate transactions, the RCK and any fee
assessed and debited from the consumer's account as a result of
insufficient funds, whether or not the fee is permitted by the UCC to
cover incidental damages. Authorization is required to electronically
debit the fee from the consumer's account, but because the transfer is
nonrecurring, notice to the consumer is sufficient for purposes of
compliance with the regulation. (NACHA Operating Rules currently
provide greater consumer protections in that they require written
authorizations.)
Comment 3(c)(1)-2 is added as proposed to cross reference comment
3(b)-1(v), which provides guidance on the regulation's coverage of an
EFT where a consumer's check is used to capture information for
initiating the transfer.
3(c)(6)--Telephone-Initiated Transfers
A transfer initiated by telephone is covered by Regulation E if it
occurs pursuant to a telephone bill-payment or other written plan that
contemplates that the consumer will initiate transfers from time to
time. Comment 3(c)(6)-1 is revised, as proposed, to provide additional
guidance on what constitutes a written plan. Comment 3(c)(6)-2(v) is
added, as proposed, to clarify coverage of transfers initiated by
audio- or voice-response telephone systems.
Section 205.6--Liability of Consumer for Unauthorized Transfers
6(b) Limitations on Amount of Liability
6(b)(1)--Timely Notice Given
Section 205.6 provides rules concerning a consumer's liability for
an unauthorized transfer. The limitation on the consumer's liability
depends, in part, on whether the unauthorized transfer takes place
within or after two business days of the consumer's learning of the
loss or theft of the access device. Comment 6(b)(1)-3 is added to
clarify how to count the two-business-day period. The comment has been
modified from the proposal to provide further clarity.
Most commenters generally supported the addition of the comment. A
number of commenters expressed concern that use of the term
``midnight'' made the proposed comment unclear, and suggested
alternative language. To avoid confusion, the reference to ``midnight''
has been deleted and the comment reworded.
Section 205.7--Initial Disclosures
7(a) Timing of Disclosures
Regulation E generally requires that disclosures be provided at the
time the consumer contracts for an EFT service or before the first
transfer is made to or from the consumer's account. Comment 7(a)-2 is
revised, as proposed, to provide an exception to the disclosure timing
rules when the consumer has authorized a third party to debit or credit
the consumer's account, on either a one-time or recurring basis, and
the institution has not received prior notice of the transfer. In these
circumstances, the institution must provide the Regulation E
disclosures as soon as reasonably possible after the first transfer.
Before this revision, comment 7(a)-2 provided this disclosure timing
exception only for direct deposits. Most commenters who addressed this
issue supported the proposed revision and the regulatory relief
provided.
7(b) Content of Disclosures
7(b)(10) Error Resolution
Under Sec. 205.7, a financial institution must provide an error
resolution notice with the initial disclosures, and under Sec. 205.8,
must also do so annually or with each periodic statement. Under comment
7(b)(10)-2, a financial institution must have disclosed in its initial
disclosures the longer error resolution time periods (applicable to
foreign-initiated and POS debit card transactions) for resolving errors
under Sec. 205.11(c)(3) in order to use the longer periods. In 1998,
Sec. 205.11(c)(3) was amended to extend the error resolution time
periods for new accounts (63 FR 52115, September 29, 1998). Comment
7(b)(10)-2 is revised as proposed to reflect the amendment to
Sec. 205.11(c)(3).
Section 205.11(c)(3) treats an account as a new account for a
period of 30 days after the first deposit to the account is made. In
the September 1998 amendment, the Board explained that, to provide
consistency and ease regulatory compliance, the rule tracked the
definition of ``new account'' in Regulation CC (Availability of Funds
and Collection of Checks, 12 CFR 229.13(a)(2)), including the staff
commentary to Regulation CC. Thus, for example, an account is not
considered
[[Page 15191]]
a new account if a customer has had another account relationship with
the financial institution for at least 30 calendar days. To clarify
this point, a cross-reference to the Regulation CC definition of ``new
account'' has been added to comment 7(b)(10)-2.
An update to the error resolution model forms in Appendix A,
paragraph A-3 (to reflect the extended time periods applicable to
foreign-initiated transactions, POS debit card transactions, and new
accounts) is pending. In September 1999, the Board proposed amendments
to the model forms along with other proposed Regulation E amendments on
the electronic delivery of disclosures (64 FR 49699, September 14,
1999). The Board is expected to consider final action on the amendments
in the near future.
Section 205.8--Change-in-Terms Notice; Error Resolution Notice
8(b) Error Resolution Notice
The Board proposed to add new comment 8(b)-2 to cross-reference
comment 7(b)(10)-2, which states that, with regard to the initial error
resolution notice, an institution seeking to use the longer error
resolution time periods in Sec. 205.11(c)(3) must have disclosed them.
A few commenters agreed with the requirement to disclose the longer
time periods for new accounts in the initial error resolution notice,
but questioned whether disclosure in the annual notice would serve a
useful purpose. These commenters noted that in practice, it is unlikely
that an account would still qualify as new when the annual notice is
provided.
An annual error resolution notice need not contain a reference to
the longer time periods for new accounts, and the final comment has
been revised accordingly. (The notice must refer, however, to the
longer time periods for foreign-initiated and POS debit card
transactions if the institution wishes to take advantage of these
extended periods.) In addition, the final comment is revised to reflect
that disclosure of the longer time periods for new accounts is not
required in the error resolution notice that may be provided with each
periodic statement as an alternative to the annual error resolution
notice.
Section 205.9--Receipts at Electronic Terminals; Periodic Statements
9(a) Receipts at Electronic Terminals
9(a)(5)--Terminal Location
Section 205.9(a)(5) requires that an ATM or POS terminal receipt
contain the location of the terminal where the transfer is initiated,
or an identification such as a code or terminal number. Comment
9(a)(5)-1 is revised, as proposed, to clarify that either a code or
location may be disclosed. Comments 9(a)(5)(iv)-1 and -2 are
redesignated as comments 9(a)(5)-3 and -4.
9(b) Periodic Statements
Comment 9(b)-4 currently provides that an institution may permit,
but not require, consumers to ``call for'' periodic statements. The
Board proposed to change the reference ``call for'' to ``pick up.'' The
comment is adopted as proposed.
9(c) Exceptions to the Periodic Statement Requirements for Certain
Accounts
9(c)(1)--Preauthorized Transfers to Accounts
Section 205.9(c) lists the circumstances in which a periodic
statement for EFT transactions is not required (or is not required to
be provided monthly). Comment 9(c)(1)-1 is added as proposed to provide
further guidance on the exceptions to the periodic statement
requirements.
Comment 9(c)(1)-2 is added as proposed to clarify that the
exceptions in Sec. 205.9(c) apply despite the occurrence of reversals
of deposits made in error. (See also comment 2(m)-5.)
Section 205.10--Preauthorized Transfers
10(b) Written Authorization for Preauthorized Transfers From Consumer's
Account
Section 205.10(b) provides that recurring electronic debits from a
consumer's account ``may be authorized only by a writing signed or
similarly authenticated by the consumer.'' The phrase ``similarly
authenticated'' was added in 1996 (61 FR 19678, May 2, 1996), and was
intended to permit electronic authorizations; comment 10(b)-5 was added
to the staff commentary to provide guidance. Since that time, the
issues of electronic authorization and authentication methods have been
further addressed in Regulation E rulemakings published in March 1998
(63 FR 14528, March 25, 1998) and September 1999 (64 FR 49699,
September 14, 1999), and commenters have made suggestions and sought
further guidance. In addition, the Electronic Signatures in Global and
National Commerce Act, 15 U.S.C 7001 et seq., (the E-Sign Act)
addresses, among other things, the use and acceptance of electronic
signatures for electronic commerce in general.
The Board proposed to revise comment 10(b)-5 to clarify that
institutions have flexibility in establishing electronic authentication
methods. Under the proposal, any authentication mechanism that provides
assurance similar to a paper-based signature (such as a mechanism that
verified the consumer's identity and evidenced the consumer's assent to
the authorization) would satisfy the ``similarly authenticated''
standard. Also, for consistency with Board rulemakings permitting the
electronic delivery of disclosures, the comment would be revised to
permit the person obtaining the authorization to provide a copy of the
authorization to the consumer either in paper form or electronically
(the existing comment requires that a paper copy be provided).
Most commenters addressing this issue supported the proposed
revision. Several commenters were concerned, however, that the comment
could be interpreted to impose requirements on electronic
authorizations that exceed those set forth in the E-Sign Act.
Accordingly, they urged that the Board delete the comment or modify it
for consistency with the E-Sign Act. Comment 10(b)-5 was not intended
to impose stricter requirements than the E-Sign Act; rather the comment
was intended to provide guidance so that a payee obtaining a consumer's
authorization for recurring debits can be assured of compliance with
Sec. 205.10(b).
The final comment has been modified to ensure consistency with the
requirements of the E-Sign Act. First, the introductory sentence has
been deleted as no longer necessary. It has been replaced with guidance
on the ``similarly authenticated'' standard. Second, references to the
definition of an electronic record and an electronic signature in the
E-Sign Act have been added. Third, the authorization standard has been
clarified to state that the process should evidence the consumer's
identity and assent to the authorization. Fourth, the language
discussing the requirement to provide a copy of the authorization to
the consumer has been revised to clarify that the copy may be either
paper or electronic. Finally, the supplemental information to the
proposed revision to comment 10(b)-5 stated that a security code used
as the authentication method need not originate with the paying
institution, if the code meets the general standards for ``similar
authentication.'' This interpretation has been incorporated into the
text of the comment.
New comment 10(b)-7 is adopted as proposed. The comment addresses a
situation where a consumer, by telephone or on-line, authorizes
[[Page 15192]]
recurring charges against an account, but where it may not be clear to
the payee whether a credit card or debit card is involved. Unlike
Regulation E, Regulation Z does not require a written, signed or
``similarly authenticated'' authorization for recurring charges to a
consumer's credit card account. The comment clarifies that when
recurring charges in fact involve a debit card, the payee is required
to obtain an authorization in accordance with Sec. 205.10(b). The payee
may rely on the bona fide error provision in section 915(c) of the
EFTA, provided procedures are in place to prevent such errors from
occurring.
Some commenters believed that the standards set forth in the
comment would be burdensome. They suggested that the comment not be
adopted, or that the final comment omit the conditions that the failure
to obtain written authorization be unintentional and that reasonable
procedures be maintained to avoid such an error. The requirement to
obtain written authorization for recurring electronic debits is
statutory, as are the conditions concerning unintentional failure and
reasonable procedures. Therefore, the comment is adopted as proposed.
Where the authorization occurs on-line, payees have the option to
ensure compliance by obtaining electronic authorizations in all cases,
following the procedures set forth in comment 10(b)-5 or in the E-Sign
Act.
Some commenters requested guidance on what procedures should be
used to avoid errors regarding the type of card used by a consumer to
authorize recurring charges. To ensure flexibility in this area,
however, as other commenters urged, the comment as finally adopted does
not specify any particular procedures.
10(e) Compulsory Use
10(e)(2)--Employment or Government Benefit
Section 205.10(e)(2) provides that a financial institution may not
require a consumer to establish an account for receipt of EFTs with a
particular institution as a condition of employment. Comment 10(e)(2)-1
is revised as proposed to clarify that an employer (including a
financial institution) may provide for having employees' salary
deposited at a particular institution designated by the employer, if
employees are given the option to receive their salary by check or
cash. Commenters generally supported the revision.
Section 205.11--Procedures for Resolving Errors
11(a)--Definition of Error
Section 205.11 sets forth procedures for resolving errors. In
defining ``error'' and the types of transfers or inquiries covered, the
regulation also sets forth types of inquiries that are not covered.
Sec. 205.11(a)(2). Existing comment 11(a)-2 provides that if a consumer
merely calls to verify whether a deposit (made via ATM, preauthorized
transfer, or other electronic means) was credited, without asserting an
error, the error resolution procedures are not triggered.
Under the proposal, comment 11(a)-2 was broadened to provide that
consumer inquiries to verify account payments, as well as account
deposits, without the assertion of any error, would not trigger the
error resolution procedures. Commenters generally supported the
proposed revision. In response to comments, the proposed phrase ``if
the consumer calls'' has been replaced by ``if the consumer contacts,''
to reflect that these routine consumer inquiries are not limited to
telephone inquiries; and the comment adopted clarifies that an inquiry
about a ``payment'' includes an inquiry about other EFTs debited to the
account.
Section 205.12--Relation to Other Laws
12(a) Relation to Truth in Lending
Comment 12(a)-1 is revised as proposed to distinguish between two
types of unauthorized transfers: those where a consumer's access device
is used to withdraw funds from a checking account with an overdraft
protection feature, and those where the consumer's access device is
also a credit card separately used to obtain cash advances. Examples
illustrate how these rules apply in various situations. The majority of
commenters addressing this subject supported the proposed revision.
List of Subjects in 12 CFR Part 205
Consumer protection, Electronic fund transfers, Federal Reserve
System, Reporting and recordkeeping requirements.
For the reasons set forth in the preamble, the Board amends the
Official Staff Commentary, 12 CFR part 205, as set forth below.
PART 205--ELECTRONIC FUND TRANSFERS (REGULATION E)
1. The authority citation for part 205 is revised to read as
follows:
Authority: 15 U.S.C. 1693b.
2. In Supplement I to Part 205, the following amendments are made:
a. Under Section 205.2--Definitions, under 2(a) Access Device, a
new paragraph 2. is added;
b. Under Section 205.2--Definitions, under 2(h) Electronic
Terminal, paragraph 2. is revised;
c. Under Section 205.2--Definitions, a new heading 2(k)
Preauthorized Electronic Fund Transfer, and a new paragraph 1. are
added;
d. Under Section 205.2--Definitions, under 2(m) Unauthorized
Electronic Fund Transfer, a new paragraph 5. is added;
e. Under Section 205.3--Coverage, under 3(b) Electronic Fund
Transfer, new paragraphs 1.v., 1.vi., and 3. are added;
f. Under Section 205.3--Coverage, under 3(c) Exclusions from
Coverage, a new heading ``Paragraph 3(c)(1)--Checks'' is added;
g. Under Section 205.3--Coverage, under 3(c) Exclusions from
Coverage, under newly added heading Paragraph 3(c)(1)--Checks,
paragraphs 1. and 2. are added;
h. Under Section 205.3--Coverage, under 3(c) Exclusions from
Coverage, under Paragraph 3(c)(6)--Telephone--Initiated Transfers,
paragraph 1. is revised and paragraph 2.v. is added;
i. Under Section 205.6--Liability Of Consumer For Unauthorized
Transfers, under Paragraph 6(b)(1)--Timely Notice Given, new paragraph
3. is added;
j. Under Section 205.7--Initial Disclosures, under 7(a) Timing of
Disclosures, paragraph 2. is revised;
k. Under Section 205.7--Initial Disclosures, under Paragraph
7(b)(10) Error Resolution, paragraph 2. is revised;
l. Under Section 205.8--Change-In-Terms Notice; Error Resolution
Notice, under 8(b) Error Resolution Notice, a new paragraph 2. is
added;
m. Under Section 205.9--Receipts At Electronic Terminals; Periodic
Statements, under Paragraph 9(a)(5)--Terminal Location, paragraph 1. is
revised;
n. Under Section 205.9--Receipts At Electronic Terminals; Periodic
Statements, under Paragraph 9(a)(5)(iv), paragraphs 1. and 2. are
redesignated as paragraphs 3. and 4. under paragraph 9(a)(5) and
republished;
o. Under Section 205.9--Receipts At Electronic Terminals; Periodic
Statements, Paragraph 9(a)(5)(iv) is removed;
p. Under Section 205.9--Receipts At Electronic Terminals; Periodic
Statements, under 9(b) Periodic Statements, paragraph 4. is revised;
q. Under Section 205.9--Receipts At Electronic Terminals; Periodic
[[Page 15193]]
Statements, under 9(c) Exceptions to the Periodic Statement
Requirements for Certain Accounts, a new heading, Paragraph 9(c)(1)--
Preauthorized Transfers to Accounts is added and new paragraphs 1. and
2. are added to the newly designated heading;
r. Under Section 205.10--Preauthorized Transfers, under 10(b)
Written Authorization for Preauthorized Transfers from Consumer's
Account, paragraph 5. is revised, and new paragraph 7. is added;
s. Under Section 205.10--Preauthorized Transfers, under Paragraph
10(e)(2)--Employment or Government Benefit, paragraph 1. is revised;
t. Under Section 205.11--Procedures For Resolving Errors, under
11(a) Definition of Error, paragraph 2. is revised; and
u. Under Section 205.12--Relation To Other Laws, under 12(a)
Relation to Truth in Lending, paragraph 1. is revised.
SUPPLEMENT I TO PART 205--OFFICIAL STAFF INTERPRETATIONS
Section 205.2--Definitions
2(a) Access Device
* * * * *
2. Checks used to capture information. The term ``access
device'' does not include a check or draft used to capture the MICR
(Magnetic Ink Character Recognition) encoding to initiate a one-time
ACH debit. For example, if a consumer authorizes a one-time ACH
debit from the consumer's account using a blank, partially
completed, or fully completed and signed check for the merchant to
capture the routing, account, and serial numbers to initiate the
debit, the check is not an access device. (Although the check is not
an access device under Regulation E, the transaction is nonetheless
covered by the regulation. See comment 3(b)-1(v).)
* * * * *
2(h) Electronic Terminal
* * * * *
2. POS terminals. A POS terminal that captures data
electronically, for debiting or crediting to a consumer's asset
account, is an electronic terminal for purposes of Regulation E even
if no access device is used to initiate the transaction. (See
Sec. 205.9 for receipt requirements.)
* * * * *
2(k) Preauthorized Electronic Fund Transfer
1. Advance authorization. A ``preauthorized electronic fund
transfer'' under Regulation E is one authorized by the consumer in
advance of a transfer that will take place on a recurring basis, at
substantially regular intervals, and will require no further action
by the consumer to initiate the transfer. In a bill-payment system,
for example, if the consumer authorizes a financial institution to
make monthly payments to a payee by means of EFTs, and the payments
take place without further action by the consumer, the payments are
preauthorized EFTs. In contrast, if the consumer must take action
each month to initiate a payment (such as by entering instructions
on a touch-tone telephone or home computer), the payments are not
preauthorized EFTs.
* * * * *
2(m) Unauthorized Electronic Fund Transfer
* * * * *
5. Reversal of direct deposits. The reversal of a direct deposit
made in error is not an unauthorized EFT when it involves:
i. A credit made to the wrong consumer's account;
ii. A duplicate credit made to a consumer's account; or
iii. A credit in the wrong amount (for example, when the amount
credited to the consumer's account differs from the amount in the
transmittal instructions).
* * * * *
Section 205.3--Coverage
* * * * *
3(b) Electronic Fund Transfer
1. Fund transfers covered. * * *
v. A transfer via ACH where a consumer has provided a check to
enable the merchant or other payee to capture the routing, account,
and serial numbers to initiate the transfer, whether the check is
blank, partially completed, or fully completed and signed; whether
the check is presented at POS or is mailed to a merchant or other
payee or lockbox and later converted to an EFT; or whether the check
is retained by the consumer, the merchant or other payee, or the
payee's financial institution.
vi. A payment made by a bill payer under a bill-payment service
available to a consumer via computer or other electronic means,
unless the terms of the bill-payment service explicitly state that
all payments, or all payments to a particular payee or payees, will
be solely by check, draft, or similar paper instrument drawn on the
consumer's account, and the payee or payees that will be paid in
this manner are identified to the consumer.
* * * * *
3. Authorization of one-time EFT initiated using MICR encoding
on a check. A consumer authorizes a one-time EFT (in providing a
check to a merchant or other payee for the MICR encoding), where the
consumer receives notice that the transaction will be processed as
an EFT and completes the transaction. Examples of notice include,
but are not limited to, signage at POS and written statements.
* * * * *
3(c) Exclusions From Coverage
Paragraph 3(c)(1)--Checks
1. Re-presented checks. The electronic re-presentment of a
returned check is not covered by Regulation E because the
transaction originated by check. Regulation E does apply, however,
to any fee authorized by the consumer to be debited electronically
from the consumer's account because the check was returned for
insufficient funds. Authorization occurs where the consumer has
received notice that a fee imposed for returned checks will be
debited electronically from the consumer's account.
2. Check used to capture information for a one-time EFT. See
comment 3(b)-1(v).
* * * * *
Paragraph 3(c)(6)--Telephone-Initiated Transfers
1. Written plan or agreement. A transfer that the consumer
initiates by telephone is covered by Regulation E if the transfer is
made under a written plan or agreement between the consumer and the
financial institution making the transfer. A written statement
available to the public or to account holders that describes a
service allowing a consumer to initiate transfers by telephone
constitutes a plan--for example, a brochure, or material included
with periodic statements. The following, however, do not by
themselves constitute a written plan or agreement:
i. A hold-harmless agreement on a signature card that protects
the institution if the consumer requests a transfer.
ii. A legend on a signature card, periodic statement, or
passbook that limits the number of telephone-initiated transfers the
consumer can make from a savings account because of reserve
requirements under Regulation D (12 CFR part 204).
iii. An agreement permitting the consumer to approve by
telephone the rollover of funds at the maturity of an instrument.
2. Examples of covered transfers. * * *
v. The consumer initiates the transfer using a financial
institution's audio-response or voice-response telephone system.
* * * * *
Section 205.6--Liability of Consumer for Unauthorized Transfers
* * * * *
6(b) Limitations on Amount of Liability
* * * * *
Paragraph 6(b)(1)--Timely Notice Given
* * * * *
3. Two-business-day rule. The two-business-day period does not
include the day the consumer learns of the loss or theft or any day
that is not a business day. The rule is calculated based on two 24-
hour periods, without regard to the financial institution's business
hours or the time of day that the consumer learns of the loss or
theft. For example, a consumer learns of the loss or theft at 6 p.m.
on Friday. Assuming that Saturday is a business day and Sunday is
not, the two-business-day period begins on Saturday and expires at
11:59 p.m. on Monday, not at the end of the financial institution's
business day on Monday.
* * * * *
Section 205.7--Initial Disclosures
7(a) Timing of Disclosures
* * * * *
2. Lack of advance notice of a transfer. Where a consumer
authorizes a third party to debit or credit the consumer's account,
an account-holding institution that has not
[[Page 15194]]
received advance notice of the transfer or transfers must provide
the required disclosures as soon as reasonably possible after the
first debit or credit is made, unless the institution has previously
given the disclosures.
* * * * *
Paragraph 7(b)(10)--Error Resolution
* * * * *
2. Extended time-period for certain transactions. To take
advantage of the longer time periods for resolving errors under
Sec. 205.11(c)(3) (for new accounts as defined in Regulation CC (12
CFR part 229), transfers initiated outside the United States, or
transfers resulting from POS debit-card transactions), a financial
institution must have disclosed these longer time periods.
Similarly, an institution that relies on the exception from
provisional crediting in Sec. 205.11(c)(2) for accounts subject to
Regulation T (12 CFR part 220) must have disclosed accordingly.
Section 205.8--Change-in-Terms Notice; Error Resolution Notice
* * * * *
8(b) Error Resolution Notice
* * * * *
2. Exception for new accounts. For new accounts, disclosure of
the longer error resolution time periods under Sec. 205.11(c)(3) is
not required in the annual error resolution notice or in the notice
that may be provided with each periodic statement as an alternative
to the annual notice.
Section 205.9--Receipts at Electronic Terminals; Periodic Statements
9(a) Receipts at Electronic Terminals
* * * * *
Paragraph 9(a)(5)--Terminal Location
1. Options for identifying terminal. The institution may provide
either:
i. The city, state or foreign country, and the information in
Secs. 205.9(a)(5) (i), (ii), or (iii), or
ii. A number or a code identifying the terminal. If the
institution chooses the second option, the code or terminal number
identifying the terminal where the transfer is initiated may be
given as part of a transaction code.
* * * * *
3. Omission of state. The state may be omitted from the location
information on the receipt if:
i. All the terminals owned or operated by the financial
institution providing the statement (or by the system in which it
participates) are located in that state, or
ii. All transfers occur at terminals located within 50 miles of
the financial institution's main office.
4. Omission of city and state. The city and state may be omitted
if all the terminals owned or operated by the financial institution
providing the statement (or by the system in which it participates)
are located in the same city.
* * * * *
9(b) Periodic Statements
* * * * *
4. Statement pickup. A financial institution may permit, but may
not require, consumers to pick up their periodic statements at the
financial institution.
* * * * *
9(c) Exceptions to the Periodic Statement Requirements for Certain
Accounts
* * * * *
Paragraph 9(c)(1)--Preauthorized Transfers to Accounts
1. Accounts that may be accessed only by preauthorized transfers
to the account. The exception for ``accounts that may be accessed
only by preauthorized transfers to the account'' includes accounts
that can be accessed by means other than EFTs, such as checks. If,
however, an account may be accessed by any EFT other than
preauthorized credits to the account, such as preauthorized debits
or ATM transactions, the account does not qualify for the exception.
2. Reversal of direct deposits. For direct-deposit-only
accounts, a financial institution must send a periodic statement at
least quarterly. A reversal of a direct deposit to correct an error
does not trigger the monthly statement requirement when the error
represented a credit to the wrong consumer's account, a duplicate
credit, or a credit in the wrong amount. (See also comment 2(m)-5.)
* * * * *
Section 205.10--Preauthorized Transfers
* * * * *
10(b) Written Authorization for Preauthorized Transfers From
Consumer's Account
* * * * *
5. Similarly authenticated. The similarly authenticated standard
permits signed, written authorizations to be provided
electronically. The writing and signature requirements of this
section are satisfied by complying with the Electronic Signatures in
Global and National Commerce Act, 15 U.S.C. 7001 et seq., which
defines electronic records and electronic signatures. Examples of
electronic signatures include, but are not limited to, digital
signatures and security codes. A security code need not originate
with the account-holding institution. The authorization process
should evidence the consumer's identity and assent to the
authorization. The person that obtains the authorization must
provide a copy of the terms of the authorization to the consumer
either electronically or in paper form. Only the consumer may
authorize the transfer and not, for example, a third-party merchant
on behalf of the consumer.
* * * * *
7. Bona fide error. Consumers sometimes authorize third-party
payees, by telephone or on-line, to submit recurring charges against
a credit card account. If the consumer indicates use of a credit
card account when in fact a debit card is being used, the payee does
not violate the requirement to obtain a written authorization if the
failure to obtain written authorization was not intentional and
resulted from a bona fide error, and if the payee maintains
procedures reasonably adapted to avoid any such error. If the payee
is unable to determine, at the time of the authorization, whether a
credit or debit card number is involved, and later finds that the
card used is a debit card, the payee must obtain a written and
signed or (where appropriate) a similarly authenticated
authorization as soon as reasonably possible, or cease debiting the
consumer's account.
* * * * *
10(e) Compulsory Use
* * * * *
Paragraph 10(e)(2)--Employment or Government Benefit
1. Payroll. An employer (including a financial institution) may
not require its employees to receive their salary by direct deposit
to any particular institution. An employer may require direct
deposit of salary by electronic means if employees are allowed to
choose the institution that will receive the direct deposit.
Alternatively, an employer may give employees the choice of having
their salary deposited at a particular institution (designated by
the employer) or receiving their salary by another means, such as by
check or cash.
Section 205.11--Procedures for Resolving Errors
11(a) Definition of Error
* * * * *
2. Verifying an account debit or credit. If the consumer
contacts the financial institution to ascertain whether a payment
(for example, in a home-banking or bill-payment program) or any
other type of EFT was debited to the account, or whether a deposit
made via ATM, preauthorized transfer, or any other type of EFT was
credited to the account, without asserting an error, the error
resolution procedures do not apply.
* * * * *
Section 205.12--Relation to Other Laws
12(a) Relation to Truth in Lending
1. Determining applicable regulation. i. For transactions
involving access devices that also function as credit cards, whether
Regulation E or Regulation Z (12 CFR part 226) applies depends on
the nature of the transaction. For example, if the transaction
solely involves an extension of credit, and does not include a debit
to a checking account (or other consumer asset account), the
liability limitations and error resolution requirements of
Regulation Z apply. If the transaction debits a checking account
only (with no credit extended), the provisions of Regulation E
apply. If the transaction debits a checking account but also draws
on an overdraft line of credit attached to the account, Regulation
E's liability limitations apply, in addition to Secs. 226.13 (d) and
(g) of Regulation Z (which apply because of the extension of credit
associated with the overdraft feature on the checking account). If a
consumer's access device is also a credit card and the device is
used to make unauthorized withdrawals from a checking account, but
also is used to obtain unauthorized cash advances directly from a
line of credit that is separate from the
[[Page 15195]]
checking account, both Regulation E and Regulation Z apply.
ii. The following examples illustrate these principles:
A. A consumer has a card that can be used either as a credit
card or a debit card. When used as a debit card, the card draws on
the consumer's checking account. When used as a credit card, the
card draws only on a separate line of credit. If the card is stolen
and used as a credit card to make purchases or to get cash advances
at an ATM from the line of credit, the liability limits and error
resolution provisions of Regulation Z apply; Regulation E does not
apply.
B. In the same situation, if the card is stolen and is used as a
debit card to make purchases or to get cash withdrawals at an ATM
from the checking account, the liability limits and error resolution
provisions of Regulation E apply; Regulation Z does not apply.
C. In the same situation, assume the card is stolen and used
both as a debit card and as a credit card; for example, the thief
makes some purchases using the card as a debit card, and other
purchases using the card as a credit card. Here, the liability
limits and error resolution provisions of Regulation E apply to the
unauthorized transactions in which the card was used as a debit
card, and the corresponding provisions of Regulation Z apply to the
unauthorized transactions in which the card was used as a credit
card.
D. Assume a somewhat different type of card, one that draws on
the consumer's checking account and can also draw on an overdraft
line of credit attached to the checking account. There is no
separate line of credit, only the overdraft line, associated with
the card. In this situation, if the card is stolen and used, the
liability limits and the error resolution provisions of Regulation E
apply. In addition, if the use of the card has resulted in accessing
the overdraft line of credit, the error resolution provisions of
Sec. 226.13(d) and (g) of Regulation Z also apply, but not the other
error resolution provisions of Regulation Z.
* * * * *
By order of the Board of Governors of the Federal Reserve
System, acting through the Director of the Division of Consumer and
Community Affairs under delegated authority, March 12, 2001.
Jennifer J. Johnson,
Secretary of the Board.
[FR Doc. 01-6560 Filed 3-15-01; 8:45 am]
BILLING CODE 6210-01-P
|
