CFPB Issues New FAQs Regarding Unauthorized Electronic Fund Transfers and Errors Under Regulation E

In a world of rapidly evolving technology, banks must accordingly respond in ensuring compliance with regulation regarding electronic fund transfers (EFTs). Regulation E implements the Electronic Fund Transfer Act and ensures consumers are protected when they engage in EFTs. Earlier this month, the Consumer Financial Protection Bureau (CFPB) issued out an updated set of frequently asked questions covering the area of unauthorized electronic fund transfers and errors under the regulation. Regulation E contains provisions that allow consumers to dispute certain transactions classified as errors. If a consumer submits a notice of an error because of an EFT, the bank is required to undergo an investigation process to determine the legitimacy of the error and can involve provisional or final credit to the consumer regarding that transaction.

A common Regulation E dispute involves an unauthorized transaction. The regulation defines an unauthorized transaction as an EFT from a consumer’s account initiated by a person other than the consumer without actual authority to initiate the transfer. Traditionally, a situation in which a transaction is made from an account other than the person who owns the account would fall under this definition assuming the person making the transaction did not have authority to do so. This would generally mean that a transaction made by the person who owns the account would not be considered as a Regulation E error. However, the FAQ seeks to clarify that there can be situations in fraud where it may not be as clear.

The FAQ emphasizes that if a third party induces a consumer into sharing account information used to initiate an EFT, then it would be considered an unauthorized EFT and therefore an error under Regulation E. This would apply in the situations where a fraudster calls the consumer pretending to be a bank representative to induce the furnishing of account information as well as accessing a consumer’s computer to obtain the information and initiates the EFT.

The FAQ also states that when assessing liability for an unauthorized EFT under Reg. E, a consumer’s negligence cannot be considered by the bank. The regulation prohibits negligence being used as the basis for greater liability than what is allowed under the regulation. The permissible parameters of liability under the Regulation come from 1005.6 and depends on certain circumstances such as the timing of the consumer alerting the bank of an error.

It is important to note that with any EFT dispute, banks should also review any relevant contracts such as the underlying account agreement or contractual agreement with card providers or private networks. The FAQ underscores the fact that banks and consumers cannot contract their way out of Regulation E obligations, but it is indeed possible that these documents can contractually obligate the bank to investigate and take certain action on disputes that are not otherwise covered by the Regulation. As always, Compliance Alliance will always be here to assist you with any of your needs. In the meantime, our Regulation E toolkit can be helpful as a great starting point.