6500 - Consumer Protection
SUPPLEMENT I TO PART 205OFFICIAL STAFF INTERPRETATIONS
2(a) Access Device
1. Examples. The term access device includes debit cards, personal identification numbers (PINs), telephone transfer and telephone bill payment codes, and other means that may be used by a consumer to initiate an electronic fund transfer (EFT) to or from a consumer account. The term does not include magnetic tape or other devices used internally by a financial institution to initiate electronic transfers.
2. Checks used to capture information. The term "access device" does not include a check or draft used to capture the MICR (Magnetic Ink Character Recognition) encoding to initiate a one-time ACH debit. For example, if a consumer authorizes a one-time ACH debit from the consumer's account using a blank, partially completed, or fully completed and signed check for the merchant to capture the routing, account, and serial numbers to initiate the debit, the check is not an access device. (Although the check is not an access device under Regulation E, the transaction is nonetheless covered by the regulation. See comment 3(b)(1)--1.v)
1. Consumer asset account. The term consumer asset account includes:
i. Club accounts, such as vacation clubs. In many cases, however, these accounts are exempt from the regulation under § 205.3(c)(5) because all electronic transfers to or from the account have been preauthorized by the consumer and involve another account of the consumer at the same institution.
ii. A retail repurchase agreement (repo), which is a loan made to a financial institution by a consumer that is collateralized by government or government-insured securities.
2. Certain employment-related cards not covered. The term "payroll card account" does not include a card used solely to disburse incentive-based payments (other than commissions which can represent the primary means through which a consumer is paid), such as bonuses, which are unlikely to be a consumer's primary source of salary or other compensation. The term also does not include a card used solely to make disbursements unrelated to compensation, such as petty cash reimbursements or travel per diem payments. Similarly, a payroll card account does not include a card that is used in isolated instances to which an employer typically does not make recurring payments, such as when providing final payments or in emergency situations when other payment methods are unavailable. However, all transactions involving the transfer of funds to or from a payroll card account are covered by the regulation, even if a particular transaction involves payment of a bonus, other incentive-based payment, or reimbursement, or the transaction does not represent a transfer of wages, salary, or other employee compensation.
3. Examples of accounts not covered by Regulation E (12 CFR part 205) include:
i. Profit-sharing and pension accounts established under a trust agreement, which are exempt under § 205.2(b)(2).
ii. Escrow accounts, such as those established to ensure payment of items such as real estate taxes, insurance premiums, or completion of repairs or improvements.
iii. Accounts for accumulating funds to purchase U.S. savings bonds.
1. Bona fide trust agreements. The term bona fide trust agreement is not defined by the act or regulation; therefore, financial institutions must look to state or other applicable law for interpretation.
2. Custodial agreements. An account held under a custodial agreement that qualifies as a trust under the Internal Revenue Code, such as an individual retirement account, is considered to be held under a trust agreement for purposes of Regulation E.
2(d) Business Day
1. Duration. A business day includes the entire 24-hour period ending at midnight, and a notice required by the regulation is effective even if given outside normal business hours. The regulation does not require, however, that a financial institution make telephone lines available on a 24-hour basis.
2. Substantially all business functions. "Substantially all business functions" include both the public and the back-office operations of the institution. For example, if the offices of an institution are open on Saturdays for handling some consumer transactions (such as deposits, withdrawals, and other teller transactions), but not for performing internal functions (such as investigating account errors), then Saturday is not a business day for that institution. In this case, Saturday does not count toward the business-day standard set by the regulation for reporting lost or stolen access devices, resolving errors, etc.
3. Short hours. A financial institution may determine, at its election, whether an abbreviated day is a business day. For example, if an institution engages in substantially all business functions until noon on Saturdays instead of its usual 3:00 p.m. closing, it may consider Saturday a business day.
4. Telephone line. If a financial institution makes a telephone line available on Sundays for reporting the loss or theft of an access device, but performs no other business functions, Sunday is not a business day under the "substantially all business functions" standard.
2(h) Electronic Terminal
1. Point-of-sale (POS) payments initiated by telephone. Because the term electronic terminal excludes a telephone operated by a consumer, a financial institution need not provide a terminal receipt when:
i. A consumer uses a debit card at a public telephone to pay for the call.
ii. A consumer initiates a transfer by a means analogous in function to a telephone, such as by home banking equipment or a facsimile machine.
2. POS terminals. A POS terminal that captures data electronically, for debiting or crediting to a consumer's asset account, is an electronic terminal for purposes of Regulation E if no access device is used to initiate the transaction. (See § 205.9 for receipt requirements.)
2(k) Preauthorized Electronic Fund Transfer
1. Advance authorization. A "preauthorized electronic fund transfer" under Regulation E is one authorized by the consumer in advance of a transfer that will take place on a recurring basis, at substantially regular intervals, and will require no further action by the consumer to initiate the transfer. In a bill-payment system, for example, if the consumer authorizes a financial institution to make monthly payments to a payee by means of EFTs, and the payments take place without further action by the consumer, the payments are preauthorized EFTs. In contrast, if the consumer must take action each month to initiate a payment (such as by entering instructions on a touch-tone telephone or home computer), the payments are not preauthorized EFTs.
3. Teller-operated terminals. A terminal or other computer equipment operated by an employee of a financial institution is not an electronic terminal for purposes of the regulation. However, transfers initiated at such terminals by means of a consumer's access device (using the consumer's PIN, for example) are EFTs and are subject to other requirements of the regulation. If an access device is used only for identification purposes or for determining the account balance, the transfers are not EFTs for purposes of the regulation.
2(m) Unauthorized Electronic Fund Transfer
1. Transfer by institution's employee. A consumer has no liability for erroneous or fraudulent transfers initiated by an employee of a financial institution.
2. Authority. If a consumer furnishes an access device and grants authority to make transfers to a person (such as a family member or co-worker) who exceeds the authority given, the consumer is fully liable for the transfers unless the consumer has notified the financial institution that transfers by that person are no longer authorized.
3. Access device obtained through robbery or fraud. An unauthorized EFT includes a transfer initiated by a person who obtained the access device from the consumer through fraud or robbery.
4. Forced initiation. An EFT at an automated teller machine (ATM) is an unauthorized transfer if the consumer has been induced by force to initiate the transfer.
5. Reversal of direct deposits. The reversal of a direct deposit made in error is not an unauthorized EFT when it involves:
i. A credit made to the wrong consumer's account;
ii. A duplicate credit made to a consumer's account; or
1. Accounts covered. The requirements of the regulation apply only to an account for which an agreement for EFT services to or from the account has been entered into between:
i. The consumer and the financial institution (including an account for which an access device has been issued to the consumer, for example);
ii. The consumer and a third party (for preauthorized debits or credits, for example), when the account-holding institution has received notice of the agreement and the fund transfers have begun.
2. Automated clearing house (ACH) membership. The fact that membership in an ACH requires a financial institution to accept EFTs to accounts at the institution does not make every account of that institution subject to the regulation.
3. Foreign applicability. Regulation E applies to all persons (including branches and other offices of foreign banks located in the United States) that offer EFT services to residents of any state, including resident aliens. It covers any account located in the United States through which EFTs are offered to a resident of a state. This is the case whether or not a particular transfer takes place in the United States and whether or not the financial institution is chartered in the United States or a foreign country. The regulation does not apply to a foreign branch of a U.S. bank unless the EFT services are offered in connection with an account in a state as defined in § 205.2(1).
3(b) Electronic fund transfer
3(b)(1)1 Fund transfers covered. The term electronic fund transfer includes:
i. A deposit made at an ATM or other electronic terminal (including a deposit in cash or by check) provided a specific agreement exists between the financial institution and the consumer for EFTs to or from the account to which the deposit is made.
ii. A transfer sent via ACH. For example, social security benefits under the U.S. Treasury's direct-deposit program are covered, even if the listing of payees and payment amounts reaches the account-holding institution by means of a computer printout from a correspondent bank.
iii. A preauthorized transfer credited or debited to an account in accordance with instructions contained on magnetic tape, even if the financial institution holding the account sends or receives a composite check.
iv. A transfer from the consumer's account resulting from a debit-card transaction at a merchant location, even if no electronic terminal is involved at the time of the transaction, if the consumer's asset account is subsequently debited for the amount of the transfer.
v. A transfer via ACH where a consumer has provided a check to enable the merchant or other payee to capture the routing, account, and serial numbers to initiate the transfer, whether the check is blank, partially completed, or fully completed and signed; whether the check is presented at POS or is mailed to a merchant or other payee or lockbox and later converted to an EFT; or whether the check is retained by the consumer, the merchant or other payee, or the payee's financial institution.
vi. A payment made by a bill payer under a bill-payment service available to a consumer via computer or other electronic means, unless the terms of the bill-payment service explicitly state that all payments, or all payments to a particular payee or payees, will be solely by check, draft, or similar paper instrument drawn on the consumer's account, and the payee or payees that will be paid in this manner are identified to the consumer.
3(b)(1)2 Fund transfers not covered. The term electronic fund transfer does not include:
i. A payment that does not debit or credit a consumer asset account, such as a payroll allotment to a creditor to repay a credit extension (which is deducted from salary).
ii. A payment made in currency by a consumer to another person at an electronic terminal.
iii. A preauthorized check drawn by the financial institution on the consumer's account (such as an interest or other recurring payment to the consumer or another party), even if the check is computer-generated.
Paragraph 3(b)(2)--Electronic Fund Transfer Using Information From a Check
1. Notice at POS not furnished due to inadvertent error. If the copy of the notice under section 205.3(b)(2)(ii) for ECK transactions is not provided to the consumer at POS because of a bona fide unintentional error, such as when a terminal printing mechanism jams, no violation results if the payee maintains procedures reasonably adapted to avoid such occurrences.
2. Authorization to process a transaction as an EFT or as a check. In order to process a transaction as an EFT or alternatively as a check, the payee must obtain the consumer's authorization to do so. A payee may, at its option, specify the circumstances under which a check may not be converted to an EFT. (See model clauses in Appendix A--6.)
3. Notice for each transfer. Generally, a notice to authorize an electronic check conversion transaction must be provided for each transaction. For example, a consumer must receive a notice that the transaction will be processed as an EFT for each transaction at POS or each time a consumer mails a check in an accounts receivable (ARC) transaction to pay a bill, such as a utility bill, if the payee intends to convert a check received as payment. Similarly, the consumer must receive notice if the payee intends to collect a service fee for insufficient or uncollected funds via an EFT for each transaction whether at POS or if the consumer mails a check to pay a bill. The notice about when funds may be debited from a consumer's account and the non-return of consumer checks by the consumer's financial institution must also be provided for each transaction. However, if in an ARC transaction, a payee provides a coupon book to a consumer, for example, for mortgage loan payments, and the payment dates and amounts are set out in the coupon book, the payee may provide a single notice on the coupon book stating all of the required disclosures under paragraph (b)(2) of this section in order to obtain authorization for each conversion of a check and any debits via EFT to the consumer's account to collect any service fees imposed by the payee for insufficient or uncollected funds in the consumer's account. The notice must be placed on a conspicuous location of the coupon book that a consumer can retain--for example, on the first page, or inside the front cover.
4. Multiple payments/multiple consumers. If a merchant or other payee will use information from a consumer's check to initiate an EFT from the consumer's account, notice to a consumer listed on the billing account that a check provided as payment during a single billing cycle or after receiving an invoice or statement will be processed as a one-time EFT or as a check transaction constitutes notice for all checks provided in payment for the billing cycle or the invoice for which notice has been provided, whether the check(s) is submitted by the consumer or someone else. The notice applies to all checks provided in payment for the billing cycle or invoice until the provision of notice on or with the next invoice or statement. Thus, if a merchant or other payee receives a check as payment for the consumer listed on the billing account after providing notice that the check will be processed as a one-time EFT, the authorization from that consumer constitutes authorization to convert any other checks provided for that invoice or statement. Other notices required under this paragraph (b)(2) (for example, to collect a service fee for insufficient or uncollected funds via an EFT) provided to the consumer listed on the billing account also constitutes notice to any other consumer who may provide a check for the billing cycle or invoice.
5. Additional disclosures about ECK transactions at POS. When a payee initiates an EFT at POS using information from the consumer's check, and returns the check to the consumer at POS, the payee need not provide a notice to the consumer that the check will not be returned by the consumer's financial institution.
Paragraph 3(b)(3)--Collection of Returned Item Fees via Electronic Fund Transfer
1. Fees imposed by account-holding institution. The requirement to obtain a consumer's authorization to collect a fee via EFT for the return of an EFT or check unpaid applies only to the person that intends to initiate an EFT to collect the returned item fee from the consumer's account. The authorization requirement does not apply to any fees assessed by the consumer's account-holding financial institution when it returns the unpaid underlying EFT or check or pays the amount of an overdraft.
2. Accounts receivable transactions. In an accounts receivable (ARC) transaction where a consumer sends in a payment for amounts owed (or makes an in-person payment at a biller's physical location, such as when a consumer makes a loan payment at a bank branch or places a payment in a dropbox), a person seeking to electronically collect a fee for items returned unpaid must obtain the consumer's authorization to collect the fee in this manner. A consumer authorizes a person to electronically collect a returned item fee when the consumer receives notice, typically on an invoice or statement, that the person may collect the fee through an EFT to the consumer's account, and the consumer goes forward with the underlying transaction by providing payment. The notice must also state the dollar amount of the fee. However, an explanation of how that fee will be determined may be provided in place of the dollar amount of the fee if the fee may vary due to the amount of the transaction or due to other factors, such as the number of days the underlying transaction is left outstanding. For example, if a state law permits a maximum fee of $30 or 10% of the underlying transaction, whichever is greater, the person collecting the fee may explain how the fee is determined rather than state a specific dollar amount for the fee.
3. Disclosure of dollar amount of fee for POS transactions. The notice provided to the consumer in connection with a POS transaction under § 205.3(b)(3)(ii) must state the amount of the fee for a returned item if the dollar amount of the fee can be calculated at the time the notice is provided or mailed. For example, if notice is provided to the consumer at the time of the transaction, if the applicable state law sets a maximum fee that may be collected for a returned item based on the amount of the underlying transaction (such as where the amount of the fee is expressed as a percentage of the underlying transaction), the person collecting the fee must state the actual dollar amount of the fee on the notice provided to the consumer. Alternatively, if the amount of the fee to be collected cannot be calculated at the time of the transaction (for example, where the amount of the fee will depend on the number of days a debt continues to be owed), the person collecting the fee may provide a description of how the fee will be determined on both the posted notice as well as on the notice provided at the time of the transaction. However, if the person collecting the fee elects to send the consumer notice after the person has initiated an EFT to collect the fee, that notice must state the amount of the fee to be collected.
4. Third party providing notice. The person initiating an EFT to a consumer's account to electronically collect a fee for an item returned unpaid may obtain the authorization and provide the notices required under § 205.3(b)(3) through third parties, such as merchants.
3(c) Exclusion From Coverage
1. Re-presented checks. The electronic re-presentment of a returned check is not covered by Regulation E because the transaction originated by check. Regulation E does apply, however, to any fee debited via an EFT from a consumer's account by the payee because the check was returned for insufficient or uncollected funds. The person debiting the fee electronically must obtain the consumer's authorization.
2. Check used to capture information for a one-time EFT. See comment 3(b)(1)--1.v.
Paragraph 3(c)(2)--Check Guarantee or Authorization
1. Memo posting. Under a check guarantee or check authorization service, debiting of the consumer's account occurs when the check or draft is presented for payment. These services are exempt from coverage, even when a temporary hold on the account is memo-posted electronically at the time of authorization.
Paragraph 3(c)(3)--Wire or Other Similar Transfers
1. Fedwire and ACH. If a financial institution makes a fund transfer to a consumer's account after receiving funds through Fedwire or a similar network, the transfer by ACH is covered by the regulation even though the Fedwire or network transfer is exempt.
2. Article 4A. Financial institutions that offer telephone-initiated Fedwire payments are subject to the requirements of UCC section 4A--202, which encourages verification of Fedwire payment orders pursuant to a security procedure established by agreement between the consumer and the receiving bank. These transfers are not subject to Regulation E and the agreement is not considered a telephone plan if the service is offered separately from a telephone bill-payment or other prearranged plan subject to Regulation E. The Board's Regulation J (12 CFR part 210) specifies the rules applicable to funds handled by Federal Reserve Banks. To ensure that the rules for all fund transfers through Fedwire are consistent, the Board used its preemptive authority under UCC section 4A--107 to determine that subpart B of Regulation J (12 CFR part 210), including the provisions of Article 4A, applies to all fund transfers through Fedwire, even if a portion of the fund transfer is governed by the EFTA. The portion of the fund transfer that is governed by the EFTA is not governed by subpart B of Regulation J (12 CFR part 210).
3. Similar fund transfer systems. Fund transfer systems that are similar to Fedwire include the Clearing House Interbank Payments System (CHIPS), Society for Worldwide Interbank Financial Telecommunication (SWIFT), Telex, and transfers made on the books of correspondent banks.
Paragraph 3(c)(4)--Securities and Commodities Transfers
1. Coverage. The securities exemption applies to securities and commodities that may be sold by a registered broker-dealer or futures commission merchant, even when the security or commodity itself is not regulated by the Securities and Exchange Commission or the Commodity Futures Trading Commission.
2. Example of exempt transfer. The exemption applies to a transfer involving a transfer initiated by a telephone order to a stockbroker to buy or sell securities or to exercise a margin call.
3. Examples of nonexempt transfers. The exemption does not apply to a transfer involving:
i. A debit card or other access device that accesses a securities or commodities account such as a money market mutual fund and that the consumer uses for purchasing goods or services or for obtaining cash.
ii. A payment of interest or dividends into the consumer's account (for example, from a brokerage firm or from a Federal Reserve Bank for government securities).
Paragraph 3(c)(5)--Automatic Transfers by Account-Holding Institution
1. Automatic transfers exempted. The exemption applies to:
i. Electronic debits or credits to consumer accounts for check charges, stop-payment charges, NSF charges, overdraft charges, provisional credits, error adjustments, and similar items that are initiated automatically on the occurrence of certain events.
iii. EFTs between a thrift institution and its paired commercial bank in the state of Rhode Island, which are deemed under state law to be intra-institutional.
iv. Automatic transfers between a consumer's accounts within the same financial institution, even if the account holders on the two accounts are not identical.
2. Automatic transfers not exempted. Transfers between accounts of the consumer at affiliated institutions (such as between a bank and its subsidiary or within a holding company) are not intra-institutional transfers, and thus do not qualify for the exemption.
Paragraph 3(c)(6)--Telephone-Initiated Transfers
1. Written plan or agreement. A transfer that the consumer initiates by telephone is covered by Regulation E if the transfer is made under a written plan or agreement between the consumer and the financial institution making the transfer. A written statement available to the public or to account holders that describes a service allowing a consumer to initiate transfers by telephone constitutes a plan--for example, a brochure, or material included with periodic statements. The following, however, do not, by themselves, constitute a written plan or agreement:
i. A hold-harmless agreement on a signature card that protects the institution if the consumer requests a transfer.
ii. A legend on a signature card, periodic statement, or passbook that limits the number of telephone-initiated transfers the consumer can make from a savings account because of reserve requirements under Regulation D (12 CFR part 204).
iii. An agreement permitting the consumer to approve by telephone the rollover of funds at the maturity of an instrument.
2. Examples of covered transfers. When a written plan or agreement has been entered into, a transfer initiated by a telephone call from a consumer is covered even though:
i. An employee of the financial institution completes the transfer manually (for example, by means of a debit memo or deposit slip).
ii. The consumer is required to make a separate request for each transfer.
iii. The consumer uses the plan infrequently.
iv. The consumer initiates the transfer via a facsimile machine.
v. The consumer initiates the transfer using a financial institution's audio-response or voice-response telephone system.
Paragraph 3(c)(7)--Small Institutions
1. Coverage. This exemption is limited to preauthorized transfers; institutions that offer other EFTs must comply with the applicable sections of the regulation as to such services. The preauthorized transfers remain subject to sections 913, 915, and 916 of the act and § 205.10(e), and are therefore exempt from UCC Article 4A.
Section 205.4--General Disclosure Requirements; Jointly Offered Services
4(a) Form of Disclosures
1. General. Although no particular rules govern type size, number of pages, or the relative conspicuousness of various terms, the disclosures must be in a clear and readily understandable written form that the consumer may retain. Numbers or codes are considered readily understandable if explained elsewhere on the disclosure form.
2. Foreign language disclosures. Disclosures may be made in languages other than English, provided they are available in English upon request.
Section 205.5--Issuance of Access Devices
1. Coverage. The provisions of this section limit the circumstances under which a financial institution may issue an access device to a consumer. Making an additional account accessible through an existing access device is equivalent to issuing an access device and is subject to the limitations of this section.
5(a) Solicited Issuance
1. Joint account. For a joint account, a financial institution may issue an access device to each account holder if the requesting holder specifically authorizes the issuance.
1. One-for-one rule. In issuing a renewal or substitute access device, only one renewal or substitute device may replace a previously issued device. For example, only one new card and PIN may replace a card and PIN previously issued. A financial institution may provide additional devices at the time it issues the renewal or substitute access device, however, provided the institution complies with § 205.5(b). (See comment 5(b)--5.) If the replacement device or the additional device permits either fewer or additional types of electronic fund transfer services, a change-in-terms notice or new disclosures are required.
2. Renewal or substitution by a successor institution. A successor institution is an entity that replaces the original financial institution (for example, following a corporate merger or acquisition) or that acquires accounts or assumes the operation of an EFT system.
5(b) Unsolicited Issuance
1. Compliance. A financial institution may issue an unsolicited access device (such as the combination of a debit card and PIN) if the institution's ATM system has been programmed not to accept the access device until after the consumer requests and the institution validates the device. Merely instructing a consumer not to use an unsolicited debit card and PIN until after the institution verifies the consumer's identity does not comply with the regulation.
2. PINS. A financial institution may impose no liability on a consumer for unauthorized transfers involving an unsolicited access device until the device becomes an "accepted access device" under the regulation. A card and PIN combination may be treated as an accepted access device once the consumer has used it to make a transfer.
3. Functions of PIN. If an institution issues a PIN at the consumer's request, the issuance may constitute both a way of validating the debit card and the means to identify the consumer (required as a condition of imposing liability for unauthorized transfers).
4. Verification of identity. To verify the consumer's identity, a financial institution may use any reasonable means, such as a photograph, fingerprint, personal visit, signature comparison, or personal information about the consumer. However, even if reasonable means were used, if an institution fails to verify correctly the consumer's identity and an imposter succeeds in having the device validated, the consumer is not liable for any unauthorized transfers from the account.
5. Additional access devices in a renewal or substitution. A financial institution may issue more than one access device in connection with the renewal or substitution of a previously issued accepted access device, provided that any additional access device (beyond the device replacing the accepted access device) is not validated at the time it is issued, and the institution complies with the other requirements of § 205.5(b). The institution may, if it chooses, set up the validation procedure such that both the device replacing the previously issued device and the additional device are not validated at the time they are issued, and validation will apply to both devices. If the institution sets up the validation procedure in this way, the institution should provide a clear and readily understandable disclosure to the consumer that both devices are unvalidated and that validation will apply to both devices.
Section 205.6--Liability of Consumer for Unauthorized Transfers
6(a) Conditions for Liability
1. Means of identification. A financial institution may use various means for identifying the consumer to whom the access device is issued, including but not limited to:
i. Electronic or mechanical confirmation (such as a PIN).
ii. Comparison of the consumer's signature, fingerprint, or photograph.
6(b) Limitations on Amount of Liability
1. Application of liability provisions. There are three possible tiers of consumer liability for unauthorized EFTs depending on the situation. A consumer may be liable for (1) up to $50; (2) up to $500; or (3) an unlimited amount depending on when the unauthorized EFT occurs. More than one tier may apply to a given situation because each corresponds to a different (sometimes overlapping) time period or set of conditions.
2. Consumer negligence. Negligence by the consumer cannot be used as the basis for imposing greater liability than is permissible under Regulation E. Thus, consumer behavior that may constitute negligence under state law, such as writing the PIN on a debit card or on a piece of paper kept with the card, does not affect the consumer's liability for unauthorized transfers. (However, refer to comment 2(m)-2 regarding termination of the authority of given by the consumer to another person.)
3. Limits on liability. The extent of the consumer's liability is determined solely by the consumer's promptness in reporting the loss or theft of an access device. Similarly, no agreement between the consumer and an institution may impose greater liability on the consumer for an unauthorized transfer than the limits provided in Regulation E.
Paragraph 6(b)(1)--Timely Notice Given
1. $50 limit applies. The basic liability limit is $50. For example, the consumer's card is lost or stolen on Monday and the consumer learns of the loss or theft on Wednesday. If the consumer notifies the financial institution within two business days of learning of the loss or theft (by midnight Friday), the consumer's liability is limited to $50 or the amount of the unauthorized transfers that occurred before notification, whichever is less.
2. Knowledge of loss or theft of access device. The fact that a consumer has received a periodic statement that reflects unauthorized transfers may be a factor in determining whether the consumer had knowledge of the loss or theft, but cannot be deemed to represent conclusive evidence that the consumer had such knowledge.
3. Two-business-day rule. The two-business-day period does not include the day the consumer learns of the loss or theft or any day that is not a business day. The rule is calculated based on two 24-hour periods, without regard to the financial institution's business hours or the time of day that the consumer learns of the loss or theft. For example, a consumer learns of the loss or theft at 6 p.m. on Friday. Assuming that Saturday is a business day and Sunday is not, the two-business-day period begins on Saturday and expires at 11:59 p.m. on Monday, not at the end of the financial institution's business day on Monday.
Paragraph 6(b)(2)--Timely Notice Not Given
1. $500 limit applies. The second tier of liability is $500. For example, the consumer's card is stolen on Monday and the consumer learns of the theft that same day. The consumer reports the theft on Friday. The $500 limit applies because the consumer failed to notify the financial institution within two business days of learning of the theft (which would have been by midnight Wednesday). How much the consumer is actually liable for, however, depends on when the unauthorized transfers take place. In this example, assume a $100 unauthorized transfer was made on Tuesday and a $600 unauthorized transfer on Thursday. Because the consumer is liable for the amount of the loss that occurs within the first two business days (but no more than $50), plus the amount of the unauthorized transfers that occurs after the first two business days and before the consumer gives notice, the consumer's total liability is $500 ($50 of the $100 transfer plus $450 of the $600 transfer, in this example). But if $600 was taken on Tuesday and $100 on Thursday, the consumer's maximum liability would be $150 ($50 of the $600 plus $100).
Paragraph 6(b)(3)--Periodic Statement; Timely Notice Not Given
1. Unlimited liability applies. The standard of unlimited liability applies if unauthorized transfers appear on a periodic statement, and may apply in conjunction with the first two tiers of liability. If a periodic statement shows an unauthorized transfer made with a lost or stolen debit card, the consumer must notify the financial institution within 60 calendar days after the periodic statement was sent; otherwise, the consumer faces unlimited liability for all unauthorized transfers made after the 60-day period. The consumer's liability for unauthorized transfers before the statement is sent, and up to 60 days following, is determined based on the first two tiers of liability: up to $50 if the consumer notifies the financial institution within two business days of learning of the loss or theft of the card and up to $500 if the consumer notifies the institution after two business days of learning of the loss or theft.
2. Transfers not involving access device. The first two tiers of liability do not apply to unauthorized transfers from a consumer's account made without an access device. If, however, the consumer fails to report such unauthorized transfers within 60 calendar days of the financial institution's transmittal of the periodic statement, the consumer may be liable for any transfers occurring after the close of the 60 days and before notice is given to the institution. For example, a consumer's account is electronically debited for $200 without the consumer's authorization and by means other than the consumer's access device. If the consumer notifies the institution within 60 days of the transmittal of the periodic statement that shows the unauthorized transfer, the consumer has no liability. However, if in addition to the $200, the consumer's account is debited for a $400 unauthorized transfer on the 61st day and the consumer fails to notify the institution of the first unauthorized transfer until the 62nd day, the consumer may be liable for the full $400.
Paragraph 6(b)(4)--Extension of Time Limits
1. Extenuating circumstances. Examples of circumstances that require extension of the notification periods under this section include the consumer's extended travel or hospitalization.
Paragraph 6(b)(5)--Notice to Financial Institution
1. Receipt of notice. A financial institution is considered to have received notice for purposes of limiting the consumer's liability if notice is given in a reasonable manner, even if the consumer notifies the institution but uses an address or telephone number other than the one specified by the institution.
2. Notice by third party. Notice to a financial institution by a person acting on the consumer's behalf is considered valid under this section. For example, if a consumer is hospitalized and unable to report the loss or theft of an access device, notice is considered given when someone acting on the consumer's behalf notifies the bank of the loss or theft. A financial institution may require appropriate documentation from the person representing the consumer to establish that the person is acting on the consumer's behalf.
3. Content of notice. Notice to a financial institution is considered given when a consumer takes reasonable steps to provide the institution with the pertinent account information. Even when the consumer is unable to provide the account number or the card number in reporting a lost or stolen access device or an unauthorized transfer, the notice effectively limits the consumer's liability if the consumer otherwise identifies sufficiently the account in question. For example, the consumer may identify the account by the name on the account and the type of account in question.
Section 205.7--Initial Disclosures
7(a) Timing of Disclosures
1. Early disclosures. Disclosures given by a financial institution earlier than the regulation requires (for example, when the consumer opens a checking account) need not be repeated when the consumer later enters into an agreement with a third party to initiate preauthorized transfers to or from the consumer's account, unless the terms and conditions differ from those that the institution previously disclosed. This interpretation also applies to any notice provided about one-time EFTs from a consumer's account initiated using information from the consumer's check. On the other hand, if an agreement for EFT services to be provided by an account-holding institution is directly between the consumer and the account-holding institution, disclosures must be given in close proximity to the event requiring disclosure, for example, when the consumer contracts for a new service.
2. Lack of advance notice of a transfer. Where a consumer authorizes a third party to debit or credit the consumer's account, an account-holding institution that has not received advance notice of the transfer or transfers must provide the required disclosures as soon as reasonably possible after the first debit or credit is made, unless the institution has previously given the disclosures.
3. Addition of new accounts. If a consumer opens a new account permitting EFTs at a financial institution, and the consumer already has received Regulation E disclosures for another account at that institution, the institution need only disclose terms and conditions that differ from those previously given.
4. Addition of service in interchange systems. If a financial institution joins an interchange or shared network system (which provides access to terminals operated by other institutions), disclosures are required for additional EFT services not previously available to consumers if the terms and conditions differ from those previously disclosed.
5. Disclosures covering all EFT services offered. An institution may provide disclosures covering all EFT services that it offers, even if some consumers have not arranged to use all services.
7(b) Content of Disclosures
Paragraph 7(b)(1)--Liability of Consumer
1. No liability imposed by financial institution. If a financial institution chooses to impose zero liability for unauthorized EFTs, it need not provide the liability disclosures. If the institution later decides to impose liability, however, it must first provide the disclosures.
2. Preauthorized transfers. If the only EFTs from an account are preauthorized transfers, liability could arise if the consumer fails to report unauthorized transfers reflected on a periodic statement. To impose such liability on the consumer, the institution must have disclosed the potential liability and the telephone number and address for reporting unauthorized transfers.
3. Additional information. At the institution's option, the summary of the consumer's liability may include advice on promptly reporting unauthorized transfers or the loss or theft of the access device.
Paragraph 7(b)(2)--Telephone Number and Address
1. Disclosure of telephone numbers. An institution may use the same or different telephone numbers in the disclosures for the purpose of:
i. Reporting the loss or theft of an access device or possible unauthorized transfers;
ii. Inquiring about the receipt of a preauthorized credit;
iii. Stopping payment of a preauthorized debit;
iv. Giving notice of an error.
2. Location of telephone number. The telephone number need not be incorporated into the text of the disclosure; for example, the institution may instead insert a reference to a telephone number that is readily available to the consumer, such as "Call your branch office. The number is shown on your periodic statement." However, an institution must provide a specific telephone number and address, on or with the disclosure statement, for reporting a lost or stolen access device or a possible unauthorized transfer.
Paragraph 7(b)(4)--Types of Transfers; Limitations
1. Security limitations. Information about limitations on the frequency and dollar amount of transfers generally must be disclosed in detail, even if related to security aspects of the system. If the confidentiality of certain details is essential to the security of an account or system, these details may be withheld (but the fact that limitations exist must still be disclosed). For example, an institution limits cash ATM withdrawals to $100 per day. The institution may disclose that daily withdrawal limitations apply and need not disclose that the limitations may not always be in force (such as during periods when its ATMs are off-line).
2. Restrictions on certain deposit accounts. A limitation on account activity that restricts the consumer's ability to make EFTs must be disclosed even if the restriction also applies to transfers made by nonelectronic means. For example, Regulation D (12 CFR Part 204) restricts the number of payments to third parties that may be made from a money market deposit account; an institution that does not execute fund transfers in excess of those limits must disclose the restriction as a limitation on the frequency of EFTs.
3. Preauthorized transfers. Financial institutions are not required to list preauthorized transfers among the types of transfers that a consumer can make.
4. One-time EFTs initiated using information from a check. Financial institutions must disclose the fact that one-time EFTs initiated using information from a consumer's check are among the types of transfers that a consumer can make. (See Appendix A--2.)
1. Disclosure of EFT fees. An institution is required to disclose all fees for EFTs or the right to make them. Others fees (for example, minimum-balance fees, stop-payment fees, or account overdrafts) may, but need not, be disclosed (but see Regulation DD, 12 CFR Part 230). An institution is not required to disclose fees for inquiries made at an ATM since no transfer of funds is involved.
2. Fees also applicable to non-EFT. A per-item fee for EFTs must be disclosed even if the same fee is imposed on nonelectronic transfers. If a per-item fee is imposed only under certain conditions, such as when the transactions in the cycle exceed a certain number, those conditions must be disclosed. Itemization of the various fees may be provided on the disclosure statement or on an accompanying document that is referenced in the statement.
3. Interchange system fees. Fees paid by the account-holding institution to the operator of a shared or interchange ATM system need not be disclosed, unless they are imposed on the consumer by the account-holding institution. Fees for use of an ATM that are debited directly from the consumer's account by an institution other than the account-holding institution (for example, fees included in the transfer amount) need not be disclosed. (See § 205.7(b)(11) for the general notice requirement regarding fees that may be imposed by ATM operators and by a network used to complete the transfer.)
1. Information provided to third parties. An institution must describe the circumstances under which any information relating to an account to or from which EFTs are permitted will be made available to third parties, not just information concerning those EFTs. The term "third parties" includes affiliates such as other subsidiaries of the same holding company.
Paragraph 7(b)(10)--Error Resolution
1. Substantially similar. The error resolution notice must be substantially similar to the model form in appendix A of part 205. An institution may use different wording so long as the substance of the notice remains the same, may delete inapplicable provisions (for example, the requirement for written confirmation of an oral notification), and may substitute substantive state law requirements affording greater consumer protection than Regulation E.
2. Extended time-period for certain transactions. To take advantage of the longer time periods for resolving errors under § 205.11(c)(3) (for new accounts as defined in Regulation CC (12 CFR part 229), transfers initiated outside the United States, or transfers resulting from POS debit-card transactions), a financial institution must have disclosed these longer time periods. Similarly, an institution that relies on the exception from provisional crediting in § 205.11(c)(2) for accounts subject to Regulation T (12 CFR part 220) must have disclosed accordingly.
7(c) Addition of Electronic Fund Transfer Services
1. Addition of electronic check conversion services. One-time EFTs initiated using information from a consumer's check are a new type of transfer requiring new disclosures, as applicable. (See Appendix A--2.)
Section 205.8--Change-in-Terms Notice; Error Resolution Notice
8(a) Change-in-Terms Notice
1. Form of notice. No specific form or wording is required for a change-in-terms notice. The notice may appear on a periodic statement, or may be given by sending a copy of a revised disclosure statement, provided attention is directed to the change (for example, in a cover letter referencing the changed term).
i. Closing some of an institution's ATMs;
ii. Cancellation of an access device.
3. Limitations on transfers. When the initial disclosures omit details about limitations because secrecy is essential to the security of the account or system, a subsequent increase in those limitations need not be disclosed if secrecy is still essential. If, however, an institution had no limits in place when the initial disclosures were given and now wishes to impose limits for the first time, it must disclose at least the fact that limits have been adopted. (See also § 205.7(b)(4) and the related commentary.)
4. Change in telephone number or address. When a financial institution changes the telephone number or address used for reporting possible unauthorized transfers, a change-in-terms notice is required only if the institution will impose liability on the consumer for unauthorized transfers under § 205.6. (See also § 205.6(a) and the related commentary.)
8(b) Error Resolution Notice
1. Change between annual and periodic notice. If an institution switches from an annual to a periodic notice, or vice versa, the first notice under the new method must be sent no later than 12 months after the last notice sent under the old method.
2. Exception for new accounts. For new accounts, disclosure of the longer error resolution time periods under § 205.11(c)(3) is not required in the annual error resolution notice or in the notice that may be provided with each periodic statement as an alternative to the annual notice.
Section 205.9--Receipts at Electronic Terminals; Periodic Statements
9(a) Receipts at Electronic Terminals
1. Receipts furnished only on request. The regulation requires that a receipt be "made available." A financial institution may program its electronic terminals to provide a receipt only to consumers who elect to receive one.
2. Third party providing receipt. An account-holding institution may make terminal receipts available through third parties such as merchants or other financial institutions.
3. Inclusion of promotional material. A financial institution may include promotional material on receipts if the required information is set forth clearly (for example, by separating it from the promotional material). In addition, a consumer may not be required to surrender the receipt or that portion containing the required disclosures in order to take advantage of a promotion.
4. Transfer not completed. The receipt requirement does not apply to a transfer that is initiated but not completed (for example, if the ATM is out of currency or the consumer decides not to complete the transfer).
5. Receipts not furnished due to inadvertent error. If a receipt is not provided to the consumer because of a bona fide unintentional error, such as when a terminal runs out of paper or the mechanism jams, no violation results if the financial institution maintains procedures reasonably adapted to avoid such occurrences.
6. Multiple transfers. If the consumer makes multiple transfers at the same time, the financial institution may document them on a single or on separate receipts.
1. Disclosure of transaction fee. The required display of a fee amount on or at the terminal may be accomplished by displaying the fee on a sign at the terminal or on the terminal screen for a reasonable duration. Displaying the fee on a screen provides adequate notice, as long as consumers are given the option to cancel the transaction after receiving notice of a fee. (See § 205.16 for the notice requirements applicable to ATM operators that impose a fee for providing EFT services.)
2. Relationship between § 205.9(a)(1) and § 205.16. The requirements of §§ 205.9(a)(1) and 205.16 are similar but not identical.
i. Section 205.9(a)(1) requires that if the amount of the transfer as shown on the receipt will include the fee, then the fee must be disclosed either on a sign on or at the terminal, or on the terminal screen. Section 205.16 requires disclosure both on a sign on or at the terminal (in a prominent and conspicuous location) and on the terminal screen. Section 205.16 permits disclosure on a paper notice as an alternative to the on-screen disclosure.
ii. The disclosure of the fee on the receipt under § 205.9(a)(1) cannot be used to comply with the alternative paper disclosure procedure under § 205.16, if the receipt is provided at the completion of the transaction because, pursuant to the statute, the paper notice must be provided before the consumer is committed to paying the fee.
iii. Section 205.9(a)(1) applies to any type of electronic terminal as defined in Regulation E (for example, to POS terminals as well as to ATMs), while § 205.16 applies only to ATMs.
1. Calendar date. The receipt must disclose the calendar date on which the consumer uses the electronic terminal. An accounting or business date may be disclosed in addition if the dates are clearly distinguished.
1. Identifying transfer and account. Examples identifying the type of transfer and the type of the consumer's account include "withdrawal from checking," "transfer from savings to checking," or "payment from savings."
2. Exception. Identification of an account is not required when the consumer can access only one asset account at a particular time or terminal, even if the access device can normally be used to access more than one account. For example, the consumer may be able to access only one particular account at terminals not operated by the account-holding institution, or may be able to access only one particular account when the terminal is off-line. The exception is available even if, in addition to accessing one asset account, the consumer also can access a credit line.
3. Access to multiple accounts. If the consumer can use an access device to make transfers to or from different accounts of the same type, the terminal receipt must specify which account was accessed, such as "withdrawal from checking I" or "withdrawal from checking II." If only one account besides the primary checking account can be debited, the receipt can identify the account as "withdrawal from other account."
4. Generic descriptions. Generic descriptions may be used for accounts that are similar in function, such as share draft or NOW accounts and checking accounts. In a shared system, for example, when a credit union member initiates transfers to or from a share draft account at a terminal owned or operated by a bank, the receipt may identify a withdrawal from the account as a "withdrawal from checking."
5. Point-of-sale transactions. There is no prescribed terminology for identifying a transfer at a merchant's POS terminal. A transfer may be identified, for example, as a purchase, a sale of goods or services, or a payment to a third party. When a consumer obtains cash from a POS terminal in addition to purchasing goods, or obtains cash only, the documentation need not differentiate the transaction from one involving the purchase of goods.
Paragraph 9(a)(5)--Terminal Location
1. Options for identifying terminal. The institution may provide either:
i. The city, state or foreign country, and the information in §§ 205.9(a)(5)(i), (ii), or (iii), or
ii. A number or a code identifying the terminal. If the institution chooses the second option, the code or terminal number identifying the terminal where the transfer is initiated may be given as part of a transaction code.
2. Omission of city name. The city may be omitted if the generally accepted name (such as a branch name) contains the city name.
3. Omission of a state. A state may be omitted from the location information on the receipt if:
i. All the terminals owned or operated by the financial institution providing the statement (or by the system in which it participates) are located in that state, or
ii. All transfers occur at terminals located within 50 miles of the financial institution's main office.
4. Omission of a city and state. A city and state may be omitted if all the terminals owned or operated by the financial institution providing the statement (or by the system in which it participates) are located in the same city.
1. Street address. The address should include number and street (or intersection); the number (or intersecting street) may be omitted if the street alone uniquely identifies the terminal location.
1. Generally accepted name. Examples of a generally accepted name for a specific location include a branch of the financial institution, a shopping center, or an airport.
1. Name of owner or operator of terminal. Examples of an owner or operator of a terminal are a financial institution or a retail merchant.
Paragraph 9(a)(6)--Third Party Transfer
1. Omission of third-party name. The receipt need not disclose the third-party name if the name is provided by the consumer in a form that is not machine readable (for example, if the consumer indicates the payee by depositing a payment stub into the ATM). If, on the other hand, the consumer keys in the identity of the payee, the receipt must identify the payee by name or by using a code that is explained elsewhere on the receipt.
2. Receipt as proof of payment. Documentation required under the regulation constitutes prima facie proof of a payment to another person, except in the case of a terminal receipt documenting a deposit.
9(b) Periodic Statements
1. Periodic cycles. Periodic statements may be sent on a cycle that is shorter than monthly. The statements must correspond to periodic cycles that are reasonably equal, that is, do not vary by more than four days from the regular cycle. The requirement of reasonably equal cycles does not apply when an institution changes cycles for operational or other reasons, such as to establish a new statement day or date.
2. Interim statements. Generally, a financial institution must provide periodic statements for each monthly cycle in which an EFT occurs, and at least quarterly if a transfer has not occurred. Where EFTs occur between regularly-scheduled cycles, interim statements must be provided. For example, if an institution issues quarterly statements at the end of March, June, September and December, and the consumer initiates an EFT in February, an interim statement for February must be provided. If an interim statement contains interest or rate information, the institution must comply with Regulation DD, 12 CFR 230.6.
3. Inactive accounts. A financial institution need not send statements to consumers whose accounts are inactive as defined by the institution.
4. Statement pickup. A financial institution may permit, but may not require, consumers to pick up their periodic statements at the financial institution.
5. Periodic statements limited to EFT activity. A financial institution that uses a passbook as the primary means for displaying account activity, but also allows the account to be debited electronically, may provide a periodic statement requirement that reflects only the EFTs and other required disclosures (such as charges, account balances, and address and telephone number for inquiries). (See § 205.9(c)(1)(i) for the exception applicable to preauthorized transfers for passbook accounts.)
6. Codes and accompanying documents. To meet the documentation requirements for periodic statements, a financial institution may:
i. Include copies of terminal receipts to reflect transfers initiated by the consumer at electronic terminals;
ii. Enclose posting memos, deposit slips, and other documents that, together with the statement, disclose all the required information;
iii. Use codes for names of third parties or terminal locations and explain the information to which the codes relate on an accompanying document.
Paragraph 9(b)(1)--Transaction Information
1. Information obtained from others. While financial institutions must maintain reasonable procedures to ensure the integrity of data obtained from another institution, a merchant, or other third parties, verification of each transfer that appears on the periodic statement is not required.
1. Incorrect deposit amount. If a financial institution determines that the amount actually deposited at an ATM is different from the amount entered by the consumer, the institution need not immediately notify the consumer of the discrepancy. The periodic statement reflecting the deposit may show either the correct amount of the deposit or the amount entered by the consumer along with the institution's adjustment.
1. Type of transfer. There is no prescribed terminology for describing a type of transfer. Placement of the amount of the transfer in the debit or the credit column is sufficient if other information on the statement, such as a terminal location or third-party name, enables the consumer to identify the type of transfer.
1. Nonproprietary terminal in network. An institution need not reflect on the periodic statement the street addresses, identification codes, or terminal numbers for transfers initiated in a shared or interchange system at a terminal operated by an institution other than the account-holding institution. The statement must, however, specify the entity that owns or operates the terminal, plus the city and state.
1. Recurring payments by government agency. The third-party name for recurring payments from federal, state, or local governments need not list the particular agency. For example, "U.S. gov't" or "N.Y. sal" will suffice.
2. Consumer as third-party payee. If a consumer makes an electronic fund transfer to another consumer, the financial institution must identify the recipient by name (not just by an account number, for example).
3. Terminal location/third party. A single entry may be used to identify both the terminal location and the name of the third party to or from whom funds are transferred. For example, if a consumer purchases goods from a merchant, the name of the party to whom funds are transferred (the merchant) and the location of the terminal where the transfer is initiated will be satisfied by a disclosure such as "XYZ Store, Anytown, Ohio."
4. Account-holding institution as third party. Transfers to the account-holding institution (by ATM, for example) must show the institution as the recipient, unless other information on the statement (such as, "loan payment from checking") clearly indicates that the payment was to the account-holding institution.
5. Consistency in third-party identity. The periodic statement must disclose a third-party name as it appeared on the receipt, whether it was, for example, the "dba" (doing business as) name of the third party or the parent corporation's name.
6. Third-party identity on deposits at electronic terminal. A financial institution need not identify third parties whose names appear on checks, drafts, or similar paper instruments deposited to the consumer's account at an electronic terminal.
1. Disclosure of fees. The fees disclosed may include fees for EFTs and for other nonelectronic services, and both fixed fees and per-item fees; they may be given as a total or may be itemized in part or in full.
2. Fees in interchange system. An account-holding institution must disclose any fees it imposes on the consumer for EFTs, including fees for ATM transactions in an interchange or shared ATM system. Fees for use of an ATM imposed on the consumer by an institution other than the account-holding institution and included in the amount of the transfer by the terminal-operating institution need not be separately disclosed on the periodic statement.
3. Finance charges. The requirement to disclose any fees assessed against the account does not include a finance charge imposed on the account during the statement period.
Paragraph 9(b)(4)--Account Balances
1. Opening and closing balances. The opening and closing balances must reflect both EFTs and other account activity.
Paragraph 9(b)(5)--Address and Telephone Number for Inquiries
1. Telephone number. A single telephone number, preceded by the "direct inquiries to" language, will satisfy the requirements of § 205.9(b)(5) and (6).
Paragraph 9(b)(6)--Telephone Number for Preauthorized Transfers
1. Telephone number. See comment 9(b)(5)--1.
9(c) Exceptions to the Periodic Statement Requirements for Certain Accounts
1. Transfers between accounts. The regulation provides an exception from the periodic statement requirement for certain intra-institutional transfers between a consumer's accounts. The financial institution must still comply with the applicable periodic statement requirements for any other EFTs to or from the account. For example, a Regulation E statement must be provided quarterly for an account that also receives payroll deposits electronically, or for any month in which an account is also accessed by a withdrawal at an ATM.
Paragraph 9(c)(1)--Preauthorized Transfers to Accounts
1. Accounts that may be accessed only by preauthorized transfers to the account. The exception for "accounts that may be accessed only by preauthorized transfers to the account" includes accounts that can be accessed by means other than EFTs, such as checks. If, however, an account may be accessed by any EFT other than preauthorized credits to the account, such as preauthorized debits or ATM transactions, the account does not qualify for the exception.
2. Reversal of direct deposits. For direct-deposit-only accounts, a financial institution must send a periodic statement at least quarterly. A reversal of a direct deposit to correct an error does not trigger the monthly statement requirement when the error represented a credit to the wrong consumer's account, a duplicate credit, or a credit in the wrong amount. (See also comment 2(m)--5.)
9(d) Documentation for Foreign-Initiated Transfers
1. Foreign-initiated transfers. An institution must make a good faith effort to provide all required information for foreign-initiated transfers. For example, even if the institution is not able to provide a specific terminal location, it should identify the country and city in which the transfer was initiated.
Section 205.10--Preauthorized Transfers
10(a) Preauthorized Transfers to Consumer's Account
Paragraph 10(a)(1)--Notice by Financial Institution
1. Content. No specific language is required for notice regarding receipt of a preauthorized transfer. Identifying the deposit is sufficient; however, simply providing the current account balance is not.
2. Notice of credit. A financial institution may use different methods of notice for various types or series of preauthorized transfers, and the institution need not offer consumers a choice of notice methods.
3. Positive notice. A periodic statement sent within two business days of the scheduled transfer, showing the transfer, can serve as notice of receipt.
4. Negative notice. The absence of a deposit entry (on a periodic statement sent within two business days of the scheduled transfer date) will serve as negative notice.
5. Telephone notice. If a financial institution uses the telephone notice option, it should be able in most instances to verify during a consumer's initial call whether a transfer was received. The institution must respond within two business days to any inquiry not answered immediately.
6. Phone number for passbook accounts. The financial institution may use any reasonable means necessary to provide the telephone number to consumers with passbook accounts that can only be accessed by preauthorized credits and that do not receive periodic statements. For example, it may print the telephone number in the passbook, or include the number with the annual error resolution notice.
7. Telephone line availability. To satisfy the readily-available standard, the financial institution must provide enough telephone lines so that consumers get a reasonably prompt response. The institution need only provide telephone service during normal business hours. Within its primary service area, an institution must provide a local or toll-free telephone number. It need not provide a toll-free number or accept collect long-distance calls from outside the area where it normally conducts business.
10(b) Written Authorization for Preauthorized Transfers From Consumer's Account
1. Preexisting authorizations. The financial institution need not require a new authorization before changing from paper-based to electronic debiting when the existing authorization does not specify that debiting is to occur electronically or specifies that the debiting will occur by paper means. A new authorization also is not required when a successor institution begins collecting payments.
2. Authorization obtained by third party. The account-holding financial institution does not violate the regulation when a third-party payee fails to obtain the authorization in writing or fails to give a copy to the consumer; rather, it is the third-party payee that is in violation of the regulation.
3. Written authorization for preauthorized transfers. The requirement that preauthorized EFTs be authorized by the consumer "only by a writing" cannot be met by a payee's signing a written authorization on the consumer's behalf with only an oral authorization from the consumer.
4. Use of a confirmation form. A financial institution or designated payee may comply with the requirements of this section in various ways. For example, a payee may provide the consumer with two copies of a preauthorization form, and ask the consumer to sign and return one and to retain the second copy.
5. Similarly authenticated. The similarly authenticated standard permits signed, written authorizations to be provided electronically. The writing and signature requirements of this section are satisfied by complying with the Electronic Signatures in Global and National Commerce Act, 15 U.S.C. 7001 et seq., which defines electronic records and electronic signatures. Examples of electronic signatures include, but are not limited to, digital signatures and security codes. A security code need not originate with the account-holding institution. The authorization process should evidence the consumer's identity and assent to the authorization. The person that obtains the authorization must provide a copy of the terms of the authorization to the consumer either electronically or in paper form. Only the consumer may authorize the transfer and not, for example, a third-party merchant on behalf of the consumer.
6. Requirements of an authorization. An authorization is valid if it is readily identifiable as such and the terms of the preauthorized transfer are clear and readily understandable.
7. Bona fide error. Consumers sometimes authorize third-party payees, by telephone or on-line, to submit recurring charges against a credit card account. If the consumer indicates use of a credit card account when in fact a debit card is being used, the payee does not violate the requirement to obtain a written authorization if the failure to obtain written authorization was not intentional and resulted from a bona fide error, and if the payee maintains procedures reasonably adapted to avoid any such error. Procedures reasonably adapted to avoid error will depend upon the circumstances. Generally, requesting the consumer to specify whether the card to be used for the authorization is a debit (or check) card or a credit card is a reasonable procedure. Where the consumer has indicated that the card is a credit card (or that the card is not a debit or check card), the payee may rely on the consumer's statement without seeking further information about the type of card. If the payee believes, at the time of the authorization, that a credit card is involved, and later finds that the card used is a debit card (for example, because the consumer later brings the matter to the payee's attention), the payee must obtain a written and signed or (where appropriate) a similarly authenticated authorization as soon as reasonably possible, or cease debiting the consumer's account.
10(c) Consumer's Right to Stop Payment
1. Stop-payment order. The financial institution must honor an oral stop-payment order made at least three business days before a scheduled debit. If the debit item is resubmitted, the institution must continue to honor the stop-payment order (for example, by suspending all subsequent payments to the payee-originator until the consumer notifies the institution that payments should resume).
2. Revocation of authorization. Once a financial institution has been notified that the consumer's authorization is no longer valid, it must block all future payments for the particular debit transmitted by the designated payee-originator. (However, see comment 10(c)-3.) The institution may not wait for the payee-originator to terminate the automatic debits. The institution may confirm that the consumer has informed the payee-originator of the revocation (for example, by requiring a copy of the consumer's revocation as written confirmation to be provided within 14 days of an oral notification). If the institution does not receive the required written confirmation within the 14 day period, it may honor subsequent debits to the account.
3. Alternative procedure for processing a stop-payment request. If an institution does not have the capability to block a preauthorized debit from being posted to the consumer's account--as in the case of a preauthorized debit made through a debit card network or other system, for example--the institution may instead comply with the stop-payment requirements by using a third party to block the transfer(s), as long as the consumer's account is not debited for the payment.
10(d) Notice of Transfers Varying in Amount
1. Range. A financial institution or designated payee that elects to offer the consumer a specified range of amounts for debiting (in lieu of providing the notice of transfers varying in amount) must provide an acceptable range that could be anticipated by the consumer. For example, if the transfer is for payment of a gas bill, an appropriate range might be based on the highest bill in winter and the lowest bill in summer.
2. Transfers to an account of the consumer held at another institution. A financial institution need not provide a consumer the option of receiving notice with each varying transfer, and may instead provide notice only when a debit to an account of the consumer falls outside a specified range or differs by more than a specified amount from the most recent transfer, if the funds are transferred and credited to an account of the consumer held at another financial institution. The specified range or amount, however, must be one that reasonably could be anticipated by the consumer, and the institution must notify the consumer of the range or amount at the time the consumer provides authorization for the preauthorized transfers. For example, if the transfer is for payment of interest for a fixed-rate certificate of deposit account, an appropriate range might be based on a month containing 28 days and a month containing 31 days.
10(e) Compulsory Use
1. Loan payments. Creditors may not require repayment of loans by electronic means on a preauthorized, recurring basis. A creditor may offer a program with a reduced annual percentage rate or other cost-related incentive for an automatic repayment feature, provided the program with the automatic payment feature is not the only loan program offered by the creditor for the type of credit involved. Examples include:
i. Mortgages with graduated payments in which a pledged savings account is automatically debited during an initial period to supplement the monthly payments made by the borrower.
ii. Mortgage plans calling for preauthorized biweekly payments that are debited electronically to the consumer's account and produce a lower total finance charge.
2. Overdraft. A financial institution may require the automatic repayment of an overdraft credit plan even if the overdraft extension is charged to an open-end account that may be accessed by the consumer in ways other than by overdrafts.
Paragraph 10(e)(2)--Employment or Government Benefit
1. Payroll. An employer (including a financial institution) may not require its employees to receive their salary by direct deposit to any particular institution. An employer may require direct deposit of salary by electronic means if employees are allowed to choose the institution that will receive the direct deposit. Alternatively, an employer may give employees the choice of having their salary deposited at a particular institution (designated by the employer) or receiving their salary by another means, such as by check or cash.
Section 205.11--Procedures for Resolving Errors
11(a) Definition of Error
1. Terminal location. With regard to deposits at an ATM, a consumer's request for the terminal location or other information triggers the error resolution procedures, but the financial institution need only provide the ATM location if it has captured that information.
2. Verifying account debit or credit. If the consumer contacts the financial institution to ascertain whether a payment (for example, in a home-banking or bill-payment program) or any other type of EFT was debited to the account, or whether a deposit made via ATM, preauthorized transfer, or any other type of EFT was credited to the account, without asserting an error, the error resolution procedures do not apply.
3. Loss or theft of access device. A financial institution is required to comply with the error resolution procedures when a consumer reports the loss or theft of an access device if the consumer also alleges possible unauthorized use as a consequence of the loss or theft.
4. Error asserted after account closed. The financial institution must comply with the error resolution procedures when a consumer properly asserts an error, even if the account has been closed.
5. Request for documentation or information. A request for documentation or other information must be treated as an error unless it is clear that the consumer is requesting a duplicate copy for tax or other record-keeping purposes.
6. Terminal receipts for transfers of $15 or less. The fact that an institution does not make a terminal receipt available for a transfer of $15 or less in accordance with § 205.9(e) is not an error for purposes of §§ 205.11(a)(1)(vi) or (vii).
11(b) Notice of Error From Consumer
Paragraph 11(b)(1)--Timing; Contents
1. Content of error notice. The notice of error is effective even if it does not contain the consumer's account number, so long as the financial institution is able to identify the account in question. For example, the consumer could provide a Social Security number or other unique means of identification.
2. Investigation pending receipt of information. While a financial institution may request a written, signed statement from the consumer relating to a notice of error, it may not delay initiating or completing an investigation pending receipt of the statement.
3. Statement held for consumer. When a consumer has arranged for periodic statements to be held until picked up, the statement for a particular cycle is deemed to have been transmitted on the date the financial institution first makes the statement available to the consumer.
4. Failure to provide statement. When a financial institution fails to provide the consumer with a periodic statement, a request for a copy is governed by this section if the consumer gives notice within 60 days from the date on which the statement should have been transmitted.
5. Discovery of error by institution. The error resolution procedures of this section apply when a notice of error is received from the consumer, and not when the financial institution itself discovers and corrects an error.
6. Notice at particular phone number or address. A financial institution may require the consumer to give notice only at the telephone number or address disclosed by the institution, provided the institution maintains reasonable procedures to refer the consumer to the specified telephone number or address if the consumer attempts to give notice to the institution in a different manner.
7. Effect of late notice. An institution is not required to comply with the requirements of this section for any notice of error from the consumer that is received by the institution later than 60 days from the date on which the periodic statement first reflecting the error is sent. Where the consumer's assertion of error involves an unauthorized EFT, however, the institution must comply with § 205.6 before it may impose any liability on the consumer.
Paragraph 11(b)(2)--Written Confirmation
1. Written confirmation-of-error notice. If the consumer sends a written confirmation of error to the wrong address, the financial institution must process the confirmation through normal procedures. But the institution need not provisionally credit the consumer's account if the written confirmation is delayed beyond 10 business days in getting to the right place because it was sent to the wrong address.
11(c) Time Limits and Extent of Investigation
1. Notice to consumer. Unless otherwise indicated in this section, the financial institution may provide the required notices to the consumer either orally or in writing.
2. Written confirmation of oral notice. A financial institution must begin its investigation promptly upon receipt of an oral notice. It may not delay until it has received a written confirmation.
3. Charges for error resolution. If a billing error occurred, whether as alleged or in a different amount or manner, the financial institution may not impose a charge related to any aspect of the error-resolution process (including charges for documentation or investigation). Since the act grants the consumer error-resolution rights, the institution should avoid any chilling effect on the good-faith assertion of errors that might result if charges are assessed when no billing error has occurred.
4. Correction without investigation. A financial institution may make, without investigation, a final correction to a consumer's account in the amount or manner alleged by the consumer to be in error, but must comply with all other applicable requirements of § 205.11.
5. Correction notice. A financial institution may include the notice of correction on a periodic statement that is mailed or delivered within the 10-business-day or 45-calendar-day time limits and that clearly identifies the correction to the consumer's account. The institution must determine whether such a mailing will be prompt enough to satisfy the requirements of this section, taking into account the specific facts involved.
6. Correction of an error. If the financial institution determines an error occurred, within either the 10-day or 45-day period, it must correct the error (subject to the liability provisions of §§ 205.6 (a) and (b)) including, where applicable, the crediting of interest and the refunding of any fees imposed by the institution. In a combined credit/EFT transaction, for example, the institution must refund any finance charges incurred as a result of the error. The institution need not refund fees that would have been imposed whether or not the error occurred.
7. Extent of required investigation. A financial institution complies with its duty to investigate, correct, and report its determination regarding an error described in § 205.11(a)(1)(vii) by transmitting the requested information, clarification, or documentation within the time limits set forth in § 205.11(c). If the institution has provisionally credited the consumer's account in accordance with § 205.11(c)(2), it may debit the amount upon transmitting the requested information, clarification, or documentation.
1. Compliance with all requirements. Financial institutions exempted from provisionally crediting a consumer's account under § 205.11(c)(2)(i) (A) and (B) must still comply with all other requirements of § 205.11.
Paragraph 11(c)(3)--Extension of Time Periods
1. POS debit card transactions. The extended deadlines for investigating errors resulting from POS debit card transaction apply to all debit card transactions, including those for cash only, at merchants' POS terminals, and also including mail and telephone orders. The deadlines do not apply to transactions at an ATM, however, even though the ATM may be in a merchant location.
1. Third parties. When information or documentation requested by the consumer is in the possession of a third party with whom the financial institution does not have an agreement, the institution satisfies the error resolution requirement by so advising the consumer within the specified time period.
2. Scope of investigation. When an alleged error involves a payment to a third party under the financial institution's telephone bill-payment plan, a review of the institution's own records is sufficient, assuming no agreement exists between the institution and the third party concerning the bill-payment service.
3. POS transfers. When a consumer alleges an error involving a transfer to a merchant via a POS terminal, the institution must verify the information previously transmitted when executing the transfer. For example, the financial institution may request a copy of the sales receipt to verify that the amount of the transfer correctly corresponds to the amount of the consumer's purchase.
4. Agreement. An agreement that a third party will honor an access device is an agreement for purposes of this paragraph. A financial institution does not have an agreement for purposes of § 205.11(c)(4)(ii) solely because it participates in transactions that occur under the federal recurring payments programs, or that are cleared through an ACH or similar arrangement for the clearing and settlement of fund transfers generally, or because it agrees to be bound by the rules of such an arrangement.
5. No EFT agreement. When there is no agreement between the institution and the third party for the type of EFT involved, the financial institution must review any relevant information within the institution's own records for the particular account to resolve the consumer's claim. The extent of the investigation required may vary depending on the facts and circumstances. However, a financial institution may not limit its investigation solely to the payment instructions where additional information within its own records pertaining to the particular account in question could help to resolve a consumer's claim.
Information that may be reviewed as part of an investigation might include:
i. The ACH transaction records for the transfer;
ii. The transaction history of the particular account for a reasonable period of time immediately preceding the allegation of error;
iii. Whether the check number of the transaction in question is notably out-of-sequence;
iv. The location of either the transaction or the payee in question relative to the consumer's place of residence and habitual transaction area;
v. Information relative to the account in question within the control of the institution's third-party service providers if the financial institution reasonably believes that it may have records or other information that could be dispositive; or
vi. Any other information appropriate to resolve the claim.
11(d) Procedures if Financial Institution Determines No Error or Different Error Occurred
1. Error different from that alleged. When a financial institution determines that an error occurred in a manner or amount different from that described by the consumer, it must comply with the requirements of both § 205.11 (c) and (d), as relevant. The institution may give the notice of correction and the explanation separately or in a combined form.
Paragraph 11(d)(1)--Written Explanation
1. Request for documentation. When a consumer requests copies of documents, the financial institution must provide the copies in an understandable form. If an institution relied on magnetic tape it must convert the applicable data into readable form, for example, by printing it and explaining any codes.
Paragraph 11(d)(2)--Debiting Provisional Credit
1. Alternative procedure for debiting of credited funds. The financial institution may comply with the requirements of this section by notifying the consumer that the consumer's account will be debited five business days from the transmittal of the notification, specifying the calendar date on which the debiting will occur.
2. Fees for overdrafts. The financial institution may not impose fees for items it is required to honor under § 205.11. It may, however, impose any normal transaction or item fee that is unrelated to an overdraft resulting from the debiting. If the account is still overdrawn after five business days, the institution may impose the fees or finance charges to which it is entitled, if any, under an overdraft credit plan.
11(e) Reassertion of Error
1. Withdrawal of error; right to reassert. The financial institution has no further error resolution responsibilities if the consumer voluntarily withdraws the notice alleging an error. A consumer who has withdrawn an allegation of error has the right to reassert the allegation unless the financial institution had already complied with all of the error resolution requirements before the allegation was withdrawn. The consumer must do so, however, within the original 60-day period.
Section 205.12--Relation to Other Laws
12(a) Relation to Truth in Lending
1. Determining applicable regulation. i. For transactions involving access devices that also function as credit cards, whether Regulation E or Regulation Z (12 CFR part 226) applies, depends on the nature of the transaction. For example, if the transaction solely involves an extension of credit, and does not include a debit to a checking account (or other consumer asset account), the liability limitations and error resolution requirements of Regulation Z apply. If the transaction debits a checking account only (with no credit extended), the provisions of Regulation E apply. If the transaction debits a checking account but also draws on an overdraft line of credit attached to the account, Regulation E's liability limitations apply, in addition to §§ 226.13(d) and (g) of Regulation Z (which apply because of the extension of credit associated with the overdraft feature on the checking account). If a consumer's access device is also a credit card and the device is used to make unauthorized withdrawals from a checking account, but also is used to obtain unauthorized cash advances directly from a line of credit that is separate from the checking account, both Regulation E and Regulation Z apply.
A. A consumer has a card that can be used either as a credit card or a debit card. When used as a debit card, the card draws on the consumer's checking account. When used as a credit card, the card draws only on a separate line of credit. If the card is stolen and used as a credit card to make purchases or to get cash advances at an ATM from the line of credit, the liability limits and error resolution provisions of Regulation Z apply; Regulation E does not apply.
B. In the same situation, if the card is stolen and is used as a debit card to make purchases or to get cash withdrawals at an ATM from the checking account, the liability limits and error resolution provisions of Regulation E apply; Regulation Z does not apply.
C. In the same situation, assume the card is stolen and used both as a debit card and as a credit card; for example, the thief makes some purchases using the card as a debit card, and other purchases using the card as a credit card. Here, the liability limits and error resolution provisions of Regulation E apply to the unauthorized transactions in which the card was used as a debit card, and the corresponding provisions of Regulation Z apply to the unauthorized transactions in which the card was used as a credit card.
D. Assume a somewhat different type of card, one that draws on the consumer's checking account and can also draw on an overdraft line of credit attached to the checking account. There is no separate line of credit, only the overdraft line, associated with the card. In this situation, if the card is stolen and used, the liability limits and the error resolution provisions of Regulation E apply. In addition, if the use of the card has resulted in accessing the overdraft line of credit, the error resolution provisions of § 226.13(d) and (g) of Regulation Z also apply, but not the other error resolution provisions of Regulation Z.
2. Issuance rules. For access devices that also constitute credit cards, the issuance rules of Regulation E apply if the only credit feature is a preexisting credit line attached to the asset account to cover overdrafts (or to maintain a specified minimum balance) or an overdraft service, as defined in § 205.17(a). Regulation Z (12 CFR part 226) rules apply if there is another type of credit feature, for example; one permitting direct extensions of credit that do not involve the asset account.
3. Overdraft service. The addition of an overdraft service, as that term is defined in § 205.17(a), to an accepted access device does not constitute the addition of a credit feature subject to Regulation Z. Instead, the provisions of Regulation E apply, including the liability limitations (§ 205.6) and the requirement to obtain consumer consent to the service before any fees or charges for paying an overdraft may be assessed on the account (§ 205.17).
12(b) Preemption of Inconsistent State Laws
1. Specific determinations. The regulation prescribes standards for determining whether state laws that govern EFTs are preempted by the act and the regulation. A state law that is inconsistent may be preempted even if the Board has not issued a determination. However, nothing in§ 205.12(b) provides a financial institution with immunity for violations of state law if the institution chooses not to make state disclosures and the Board later determines that the state law is not preempted.
2. Preemption determination. The Board determined that certain provisions in the state law of Michigan are preempted by the federal law, effective March 30, 1981:
i. Definition of unauthorized use. Section 5(4) is preempted to the extent that it relates to the section of state law governing consumer liability for unauthorized use of an access device.
ii. Consumer liability for unauthorized use of an account. Section 14 is inconsistent with § 205.6 and is less protective of the consumer than the federal law. The state law places liability on the consumer for the unauthorized use of an account in cases involving the consumer's negligence. Under the federal law, a consumer's liability for unauthorized use is not related to the consumer's negligence and depends instead on the consumer's promptness in reporting the loss or theft of the access device.
iii. Error resolution. Section 15 is preempted because it is inconsistent with § 205.11 and is less protective of the consumer than the federal law. The state law allows financial institutions up to 70 days to resolve errors, whereas the federal law generally requires errors to be resolved within 45 days.
iv. Receipts and periodic statements. Sections 17 and 18 are preempted because they are inconsistent with § 205.9. The state provisions require a different disclosure of information than does the federal law. The receipt provision is also preempted because it allows the consumer to be charged for receiving a receipt if a machine cannot furnish one at the time of a transfer.
Section 205.13--Administrative Enforcement; Record Retention
13(B) Record Retention
1. Requirements. A financial institution need not retain records that it has given disclosures and documentation to each consumer; it need only retain evidence demonstrating that its procedures reasonably ensure the consumers' receipt of required disclosures and documentation.
Section 205.14--Electronic Fund Transfer Service Provider Not Holding Consumer's Account
14(a) Electronic Fund Transfer Service Providers Subject to Regulation
1. Applicability. This section applies only when a service provider issues an access device to a consumer for initiating transfers to or from the consumer's account at a financial institution and the two entities have no agreement regarding this EFT service. If the service provider does not issue an access device to the consumer for accessing an account held by another institution, it does not qualify for the treatment accorded by § 205.14. For example, this section does not apply to an institution that initiates preauthorized payroll deposits to consumer accounts on behalf of an employer. By contrast, § 205.14 can apply to an institution that issues a code for initiating telephone transfers to be carried out through the ACH from a consumer's account at another institution. This is the case even if the consumer has accounts at both institutions.
2. ACH agreements. The ACH rules generally do not constitute an agreement for purposes of this section. However, an ACH agreement under which members specifically agree to honor each other's debit cards is an "agreement," and thus this section does not apply.
14(b) Compliance by Electronic Fund Transfer Service Provider
1. Liability. The service provider is liable for unauthorized EFTs that exceed limits on the consumer's liability under § 205.6.
Paragraph 14(b)(1)--Disclosures and Documentation
1. Periodic statements from electronic fund transfer service provider. A service provider that meets the conditions set forth in this paragraph does not have to issue periodic statements. A service provider that does not meet the conditions need only include on periodic statements information about transfers initiated with the access device it has issued.
Paragraph 14(b)(2)--Error Resolution
1. Error resolution. When a consumer notifies the service provider of an error, the EFT service provider must investigate and resolve the error in compliance with § 205.11 as modified by § 205.14(b)(2). If an error occurred, any fees or charges imposed as a result of the error, either by the service provider or by the account-holding institution (for example, overdraft or dishonor fees) must be reimbursed to the consumer by the service provider.
14(c) Compliance by Account-Holding Institution
1. Periodic statements from account-holding institution. The periodic statement provided by the account-holding institution need only contain the information required by § 205.9(b)(1).
Section 205.16--Disclosures at Automated Teller Machines
1. Specific notices. An ATM operator that imposes a fee for a specific type of transaction--such as a cash withdrawal, but not for a balance inquiry, or for some cash withdrawals, but not for others (such as where the card was issued by a foreign bank or by a card issuer that has entered into a special contractual relationship with the ATM operator regarding surcharges)--may provide a notice on or at the ATM that a fee will be imposed or a notice that a fee may be imposed for providing EFT services or may specify the type of EFT for which a fee is imposed. If, however, a fee will be imposed in all instances, the notice must state that a fee will be imposed.
Section 205.17--Requirements for Overdraft Services
1. Exempt securities- and commodities-related lines of credit. Section 205.17(a)(3) does not apply to transactions in a securities or commodities account pursuant to which credit is extended by a broker-dealer registered with the Securities and Exchange Commission or the Commodity Futures Trading Commission.
17(b) Opt-In Requirement
i. Account-holding institutions. Section 205.17(b) applies to ATM and one-time debit card transactions made with a debit card issued by or on behalf of the account-holding institution. Section 205.17(b) does not apply to ATM and one-time debit card transactions made with a debit card issued by or through a third party unless the debit card is issued on behalf of the account-holding institution.
ii. Coding of transactions. A financial institution complies with the rule if it adapts its systems to identify debit card transactions as either one-time or recurring. If it does so, the financial institution may rely on the transaction's coding by merchants, other institutions, and other third parties as a one-time or a preauthorized or recurring debit card transaction.
iii. One-time debit card transactions. The opt-in applies to any one-time debit card transaction, whether the card is used, for example, at a point-of-sale, in an on-line transaction, or in a telephone transaction.
iv. Application of fee prohibition. The prohibition on assessing overdraft fees under § 205.17(b)(1) applies to all institutions. For example, the prohibition applies to an institution that has a policy and practice of declining to authorize and pay any ATM or one-time debit card transactions when the institution has a reasonable belief at the time of the authorization request that the consumer does not have sufficient funds available to cover the transaction. However, the institution is not required to comply with §§ 205.17(b)(1)(i)--(iv), including the notice and opt-in requirements, if it does not assess overdraft fees for paying ATM or one-time debit card transactions that overdraw the consumer's account. Assume an institution does not provide an opt-in notice, but authorizes an ATM or one-time debit card transaction on the reasonable belief that the consumer has sufficient funds in the account to cover the transaction. If, at settlement, the consumer has insufficient funds in the account (for example, due to intervening transactions that post to the consumer's account), the institution is not permitted to assess an overdraft fee or charge for paying that transaction.
2. No affirmative consent. A financial institution may pay overdrafts for ATM and one-time debit card transactions even if a consumer has not affirmatively consented or opted in to the institution's overdraft service. If the institution pays such an overdraft without the consumer's affirmative consent, however, it may not impose a fee or charge for doing so. These provisions do not limit the institution's ability to debit the consumer's account for the amount overdrawn if the institution is permitted to do so under applicable law.
3. Overdraft transactions not required to be authorized or paid. Section 205.17 does not require a financial institution to authorize or pay an overdraft on an ATM or one-time debit card transaction even if the consumer has affirmatively consented to an institution's overdraft service for such transactions.
4. Reasonable opportunity to provide affirmative consent. A financial institution provides a consumer with a reasonable opportunity to provide affirmative consent when, among other things, it provides reasonable methods by which the consumer may affirmatively consent. A financial institution provides such reasonable methods, if--
i. By mail. The institution provides a form for the consumer to fill out and mail to affirmatively consent to the service.
ii. By telephone. The institution provides a readily-available telephone line that consumers may call to provide affirmative consent.
iii. By electronic means. The institution provides an electronic means for the consumer to affirmatively consent. For example, the institution could provide a form that can be accessed and processed at its Web site, where the consumer may click on a check box to provide consent and confirm that choice by clicking on a button that affirms the consumer's consent.
iv. In person. The institution provides a form for the consumer to complete and present at a branch or office to affirmatively consent to the service.
5. Implementing opt-in at account-opening. A financial institution may provide notice regarding the institution's overdraft service prior to or at account-opening. A financial institution may require a consumer, as a necessary step to opening an account, to choose whether or not to opt into the payment of ATM or one-time debit card transactions pursuant to the institution's overdraft service. For example, the institution could require the consumer, at account opening, to sign a signature line or check a box on a form (consistent with comment 17(b)--6) indicating whether or not the consumer affirmatively consents at account opening. If the consumer does not check any box or provide a signature, the institution must assume that the consumer does not opt in. Or, the institution could require the consumer to choose between an account that does not permit the payment of ATM or one-time debit card transactions pursuant to the institution's overdraft service and an account that permits the payment of such overdrafts, provided that the accounts comply with § 205.17(b)(2) and § 205.17(b)(3).
6. Affirmative consent required. A consumer's affirmative consent, or opt-in, to a financial institution's overdraft service must be obtained separately from other consents or acknowledgements obtained by the institution, including a consent to receive disclosures electronically. An institution may obtain a consumer's affirmative consent by providing a blank signature line or check box that the consumer could sign or select to affirmatively consent, provided that the signature line or check box is used solely for purposes of evidencing the consumer's choice whether or not to opt into the overdraft service and not for other purposes. An institution does not obtain a consumer's affirmative consent by including preprinted language about the overdraft service in an account disclosure provided with a signature card or contract that the consumer must sign to open the account and that acknowledges the consumer's acceptance of the account terms. Nor does an institution obtain a consumer's affirmative consent by providing a signature card that contains a pre-selected check box indicating that the consumer is requesting the service.
Paragraph 17(b)(3)--Same Account Terms, Conditions, and Features
7. Confirmation. A financial institution may comply with the requirement in § 205.17(b)(1)(iv) to provide confirmation of the consumer's affirmative consent by mailing or delivering to the consumer a copy of the consumer's completed opt-in notice, or by mailing or delivering to the consumer a letter or notice acknowledging that the consumer has elected to opt into the institution's service. The confirmation, which must be provided in writing, or electronically if the consumer agrees, must include a statement informing the consumer of the right to revoke the opt-in at any time. See § 205.17(d)(6), which permits institutions to include the revocation statement on the initial opt-in notice. An institution complies with the confirmation requirement if it has adopted reasonable procedures designed to ensure that overdraft fees are assessed only in connection with transactions paid after the confirmation has been mailed or delivered to the consumer.
8. Outstanding Negative Balance. If a fee or charge is based on the amount of the outstanding negative balance, an institution is prohibited from assessing any such fee if the negative balance is solely attributable to an ATM or one-time debt card transaction, unless the consumer has opted into the institution's overdraft service for ATM or one-time debit card transactions. However, the rule does not prohibit an institution from assessing such a fee if the negative balance is attributable in whole or in part to a check, ACH, or other type of transaction not subject to the prohibition on assessing overdraft fees in § 205.17(b)(1).
9. Daily or Sustained Overdraft, Negative Balance, or Similar Fee or Charge
i. Daily or sustained overdraft, negative balance, or similar fees or charges. If a consumer has not opted into the institution's overdraft service for ATM or one-time debit card transactions, the fee prohibition in § 205.17(b)(1) applies to all overdraft fees or charges for paying those transactions, including but not limited to daily or sustained overdraft, negative balance, or similar fees or charges. Thus, where a consumer's negative balance is solely attributable to an ATM or one-time debit card transaction, the rule prohibits the assessment of such fees unless the consumer has opted in. However, the rule does not prohibit an institution from assessing daily or sustained overdraft, negative balance, or similar fees or charges if a negative balance is attributable in whole or in part to a check, ACH, or other type of transaction not subject to the fee prohibition. When the negative balance is attributable in part to an ATM or one-time debit card transaction, and in part to a check, ACH, or other type of transaction not subject to the fee prohibition, the date on which such a fee may be assessed is based on the date on which the check, ACH, or other type of transaction is paid into overdraft.
ii. Examples. The following examples illustrate how an institution complies with the fee prohibition. For each example, assume the following: (a) The consumer has not opted into the payment of ATM or one-time debit card overdrafts; (b) these transactions are paid into overdraft because the amount of the transaction at settlement exceeded the amount authorized or the amount was not submitted for authorization; (c) under the account agreement, the institution may charge a per-item fee of $20 for each overdraft, and a one-time sustained overdraft fee of $20 on the fifth consecutive day the consumer's account remains overdrawn; (d) the institution posts ATM and debit card transactions before other transactions; and (e) the institution allocates deposits to account debits in the same order in which it posts debits.
a. Assume that a consumer has a $50 account balance on March 1. That day, the institution posts a one-time debit card transaction of $60 and a check transaction of $40. The institution charges an overdraft fee of $20 for the check overdraft but cannot assess an overdraft fee for the debit card transaction. At the end of the day, the consumer has an account balance of negative $70. The consumer does not make any deposits to the account, and no other transactions occur between March 2 and March 6. Because the consumer's negative balance is attributable in part to the $40 check (and associated overdraft fee), the institution may charge a sustained overdraft fee on March 6 in connection with the check.
b. Same facts as in a., except that on March 3, the consumer deposits $40 in the account. The institution allocates the $40 to the debit card transaction first, consistent with its posting order policy. At the end of the day on March 3, the consumer has an account balance of negative $30, which is attributable to the check transaction (and associated overdraft fee). The consumer does not make any further deposits to the account, and no other transactions occur between March 4 and March 6. Because the remaining negative balance is attributable to the March 1 check transaction, the institution may charge a sustained overdraft fee on March 6 in connection with the check.
c. Assume that a consumer has a $50 account balance on March 1. That day, the institution posts a one-time debit card transaction of $60. At the end of that day, the consumer has an account balance of negative $10. The institution may not assess an overdraft fee for the debit card transaction. On March 3, the institution pays a check transaction of $100 and charges an overdraft fee of $20. At the end of that day, the consumer has an account balance of negative $130. The consumer does not make any deposits to the account, and no other transactions occur between March 4 and March 8. Because the consumer's negative balance is attributable in part to the check, the institution may assess a $20 sustained overdraft fee. However, because the check was paid on March 3, the institution must use March 3 as the start date for determining the date on which the sustained overdraft fee may be assessed. Thus, the institution may charge a $20 sustained overdraft fee on March 8.
iii. Alternative approach. For a consumer who does not opt into the institution's overdraft service for ATM and one-time debit card transactions, an institution may also comply with the fee prohibition in § 205.17(b)(1) by not assessing daily or sustained overdraft, negative balance, or similar fees or charges unless a consumer's negative balance is attributable solely to check, ACH or other types of transactions not subject to the fee prohibition while that negative balance remains outstanding. In such case, the institution would not have to determine how to allocate subsequent deposits that reduce but do not eliminate the negative balance. For example, if a consumer has a negative balance of $30, of which $10 is attributable to a one-time debit card transaction, an institution complies with the fee prohibitions if it does not assess a sustained overdraft fee while that negative balance remains outstanding.
1. Variations in terms, conditions, or features. A financial institution may not vary the terms, conditions, or features of an account provided to a consumer who does not affirmatively consent to the payment of ATM or one-time debit card transactions pursuant to the institution's overdraft service. This includes, but is not limited to:
i. Interest rates paid and fees assessed;
ii. The type of ATM or debit card provided to the consumer. For instance, an institution may not provide consumers who do not opt in a PIN-only card while providing a debit card with both PIN and signature-debit functionality to consumers who opt in;
iii. Minimum balance requirements; or
iv. Account features such as on-line bill payment services.
2. Limited-feature bank accounts. Section 205.17(b)(3) does not prohibit institutions from offering deposit account products with limited features, provided that a consumer is not required to open such an account because the consumer did not opt in. For example, § 205.17(b)(3) does not prohibit an institution from offering a checking account designed to comply with state basic banking laws, or designed for consumers who are not eligible for a checking account because of their credit or checking account history, which may include features limiting the payment of overdrafts. However, a consumer who applies, and is otherwise eligible, for a full-service or other particular deposit account product may not be provided instead with the account with more limited features because the consumer has declined to opt in.
1. Early compliance. A financial institution may provide the notice required by § 205(b)(1)(i) and obtain the consumer's affirmative consent to the financial institution's overdraft service for ATM and one-time debit card transactions prior to July 1, 2010, provided that the financial institution complies with all of the requirements of this section.
2. Permitted fees or charges. Fees or charges for ATM and one-time debit card overdrafts may be assessed only for overdrafts paid on or after the date the financial institution receives the consumer's affirmative consent to the institution's overdraft services. See also comment 17(b)--7.
17(d) Content and Format
1. Overdraft service. The description of the institution's overdraft service should indicate that the consumer has the right to affirmatively consent, or opt into payment of overdrafts for ATM and one-time debit card transactions. The description should also disclose the institution's policies regarding the payment of overdrafts for other transactions, including checks, ACH transactions, and automatic bill payments, provided that this content is not more prominent than the description of the consumer's right to opt into payment of overdrafts for ATM and one-time debit card transactions. As applicable, the institution also should indicate that it pays overdrafts at its discretion, and should briefly explain that if the institution does not authorize and pay an overdraft, it may decline the transaction.
2. Maximum fee. If the amount of a fee may vary from transaction to transaction, the financial institution may indicate that the consumer may be assessed a fee "up to" the maximum fee. The financial institution must disclose all applicable overdraft fees, including but not limited to:
i. Per item or per transaction fees;
ii. Daily overdraft fees;
iii. Sustained overdraft fees, where fees are assessed when the consumer has not repaid the amount of the overdraft after some period of time (for example, if an account remains overdrawn for five or more business days); or
iv. Negative balance fees.
3. Opt-in methods. The opt-in notice must include the methods by which the consumer may consent to the overdraft service for ATM and one-time debit card transactions. Institutions may tailor Model Form A--9 to the methods offered to consumers for affirmatively consenting to the service. For example, an institution need not provide the tear-off portion of Model Form A--9 if it is only permitting consumers to opt-in telephonically or electronically. Institutions may, but are not required, to provide a signature line or check box where the consumer can indicate that he or she declines to opt in.
4. Identification of consumer's account. An institution may use any reasonable method to identify the account for which the consumer submits the opt-in notice. For example, the institution may include a line for a printed name and an account number, as shown in Model Form A--9. Or, the institution may print a bar code or use other tracking information. See also comment 17(b)--6, which describes how an institution obtains a consumer's affirmative consent.
5. Alternative plans for covering overdrafts. If the institution offers both a line of credit subject to the Board's Regulation Z (12 CFR part 226) and a service that transfers funds from another account of the consumer held at the institution to cover overdrafts, the institution must state in its opt-in notice that both alternative plans are offered. For example, the notice might state "We also offer overdraft protection plans, such as a link to a savings account or to an overdraft line of credit, which may be less expensive than our standard overdraft practices." If the institution offers one, but not the other, it must state in its opt-in notice the alternative plan that it offers. If the institution does not offer either plan, it should omit the reference to the alternative plans.
17(f) Continuing Right To Opt-In or To Revoke the Opt-In
1. Fees or charges for overdrafts incurred prior to revocation. Section 205.17(f)(1) provides that a consumer may revoke his or her prior consent at any time. If a consumer does so, this provision does not require the financial institution to waive or reverse any overdraft fees assessed on the consumer's account prior to the institution's implementation of the consumer's revocation request.
17(g) Duration of Opt-In.
1. Termination of overdraft service. A financial institution may, for example, terminate the overdraft service when the consumer makes excessive use of the service.
Section 205.18 Requirements for Institutions Offering Payroll Card Accounts
1. Issuance of access device. Consistent with section 205.5(a), a financial institution may issue an access device only in response to an oral or written request for the device, or as a renewal or substitute for an accepted access device. A consumer is deemed to request an access device for a payroll card account when the consumer chooses to receive salary or other compensation through a payroll card account.
2. Application to employers and service providers. Typically, employers and third-party service providers do not meet the definition of a "financial institution" subject to the regulation because they neither hold payroll card accounts nor issue payroll cards and agree with consumers to provide EFT services in connection with payroll card accounts. However, to the extent an employer or a service provider undertakes either of these functions, it would be deemed a financial institution under the regulation.
18(b) Alternative to Periodic Statements
1. Posted transactions. A history of transactions provided under §§ 205.18(b)(1) (ii) and (iii) shall reflect transfers once they have been posted to the account. Thus, an institution does not need to include transactions that have been authorized, but that have not yet posted to the account.
2. Electronic history. The electronic history required under § 205.18(b)(1)(ii) must be provided in a form that the consumer may keep, as required under § 205.4(a)(1). Financial institutions may satisfy this requirement if they make the electronic history available in a format that is capable of being retained. For example, an institution satisfies the requirement if it provides a history at an Internet Web site in a format that is capable of being printed or stored electronically using an Internet web browser.
18(c) Modified Requirements
1. Error resolution safe harbor provision. Institutions that choose to investigate notices of error provided up to 120 days from the date a transaction has posted to a consumer's account may still disclose the error resolution time period required by the regulation (as set forth in the Model Form in Appendix A--7). Specifically, an institution may disclose to payroll card account holders that the institution will investigate any notice of error provided within 60 days of the consumer electronically accessing an account or receiving a written history upon request that reflects the error, even if, for some or all transactions, the institution investigates any notice of error provided up to 120 days from the date that the transaction alleged to be in error has posted to the consumer's account. Similarly, an institution's summary of the consumer's liability (as required under § 205.7(b)(1)) may disclose that liability is based on the consumer providing notice of error within 60 days of the consumer electronically accessing an account or receiving a written history reflecting the error, even if, for some or all transactions, the institution allows a consumer to assert a notice of error up to 120 days from the date of posting of the alleged error.
2. Electronic access. A consumer is deemed to have accessed a payroll card account electronically when the consumer enters a user identification code or password or otherwise complies with a security procedure used by an institution to verify the consumer's identity. An institution is not required to determine whether a consumer has in fact accessed information about specific transactions to trigger the beginning of the 60-day periods for liability limits and error resolution under §§ 205.6 and 205.11.
3. Untimely notice of error. An institution that provides a transaction history under § 205.18(b)(1) is not required to comply with the requirements of § 205.11 for any notice of error from the consumer pertaining to a transfer that occurred more than 60 days prior to the earlier of the date the consumer electronically accesses the account or the date the financial institution sends a written history upon the consumer's request. (Alternatively, as provided in § 205.18(c)(4) (ii), an institution need not comply with the requirements of § 205.11 with respect to any notice of error received from the consumer more than 120 days after the date of posting of the transfer allegedly in error.) Where the consumer's assertion of error involves an unauthorized EFT, however, the institution must comply with § 205.6 before it may impose any liability on the consumer.
Appendix AModel Disclosure Clauses and Forms
1. Review of forms. The Board will not review or approve disclosure forms or statements for financial institutions. However, the Board has issued model clauses for institutions to use in designing their disclosures. If an institution uses these clauses accurately to reflect its service, the institution is protected from liability for failure to make disclosures in proper form.
2. Use of the forms. The appendix contains model disclosure clauses for optional use by financial institutions to facilitate compliance with the disclosure requirements of §§ 205.5(b)(2) and (b)(3), 205.6(a), 205.7, 205.8(b), 205.14(b)(1)(ii), 205.15(d) (1) and (d)(2), and 205.18(c)(1) and (c)(2). The use of appropriate clauses in making disclosures will protect a financial institution from liability under sections 915 and 916 of the act provided the clauses accurately reflect the institution's EFT services.
3. Altering the clauses. Financial institutions may use clauses of their own design in conjunction with the Board's model clauses. The inapplicable words or portions of phrases in parentheses should be deleted. The catchlines are not part of the clauses and need not be used. Financial institutions may make alterations, substitutions, or additions in the clauses to reflect the services offered, such as technical changes (including the substitution of a trade name for the word "card," deletion of inapplicable services, or substitution of lesser liability limits). Several of the model clauses include references to a telephone number and ad- dress. Where two or more of these clauses are used in a disclosure, the telephone number and address may be referenced and need not be repeated.
[Source: 46 Fed. Reg. 46877, September 23, 1981, effective September 24, 1981; amended at 46 Fed. Reg. 60190, December 9, 1981; 48 Fed. Reg. 14881, April 6, 1983, effective April 1, 1983; 49 Fed. Reg. 40798, October 18, 1984, effective October 16, 1984; 50 Fed. Reg. 13181, April 3, 1985, effective April 1, 1985, except for the revision to question 7-18.5 applicable to foreign-initiated transfers, which is effective October 1, 1985; 51 Fed. Reg. 13485, April 21, 1986, effective April 16, 1986; 52 Fed. Reg. 10734, April 3, 1987, effective April 1, 1987; 53 Fed. Reg. 11046, April 5, 1988, effective April 1, 1988; 54 Fed. Reg. 9417, March 7, 1989, effective April 1, 1989; 61 Fed. Reg. 19686, May 2, 1996; 66 Fed. Reg. 15192, March 16, 2001, effective March 15, 2001; however, to allow time for any necessary operational changes, the mandatory compliance date is January 1, 2002; 66 Fed. Reg. 13413, March 6, 2001, effective March 9, 2001, however, compliance date is delayed until October 1, 2001; 66 Fed. Reg. 17793, March 30, 2001, effective March 30, 2001; 71 Fed. Reg. 1661 January 10, 2006, effective February 9, 2006; 71 Fed. Reg. 1483, January 10, 2006, effective July 1, 2007; 71 Fed. Reg. 41450, August 30, 2006, effective July 1, 2007; 71 Fed. Reg. 51457, August 30, 2006, effective July 1, 2007; 71 Fed. Reg. 69437, December 1, 2006, effective January 1, 2007; 72 Fed. Reg. 36593, July 5, 2007, effective August 6, 2007; 72 Fed. Reg. 63456, November 9, 2007, effective December 10, 2007, the mandatory compliance date is October 1, 2008; 74 Fed. Reg. 59055, November 17, 2009, effective January 19, 2010, mandatory compliance July 1, 2010]