CUNA Comment Letter

Federal Reserve's Proposed Revision to Regulation E - Official Staff Commentary

August 31, 2000

Ms. Jennifer J. Johnson
Secretary
Board of Governors of the
Federal Reserve System
20th Street and Constitution Avenue, NW
Washington, D.C. 20551

Re: Docket No. R-1074, Electronic Fund Transfers
Proposed Rule – Official Staff Commentary

Dear Ms. Johnson:

The Credit Union National Association (CUNA) appreciates this opportunity to comment on behalf of its members on the proposed revisions to the Official Staff Commentary to Regulation E. As a national trade association, CUNA represents more than 90 percent of the nation’s over 10,500 state and federal credit unions and solicits the opinions of these credit unions on relevant matters. The following comments were developed by CUNA with input from credit unions and our Subcommittee on Payment Systems, led by Mr. Stan Hollen, President and CEO of The Golden 1 Credit Union in Sacramento, California. This subcommittee includes officials of credit unions from around the country which provide financial services, including electronic fund transfer (EFT) services, to their credit union members.

Coverage

CUNA appreciates the rationale behind the Board’s clarification in comment 3(b)-1(v) to Section 205.3 indicating that Regulation E covers transactions when a check is used as a source document by a consumer at the point of sale (POS) to launch an EFT transaction and the consumer retains the check. Adoption of this clarification would eliminate confusion among consumers, merchants, and financial institutions regarding the appropriate legal foundation for NACHA’s POS conversion programs. In general, CUNA believes that Regulation E offers more protections to financial institutions. Credit unions acting as Receiving Depository Institutions (RDFIs) are less likely to take a loss on an unauthorized check if it is processed electronically through the ACH Network. The risk is lower because ACH network rules, which must comply with Regulation E, allow RDFIs to rerun items for up to sixty days from the settlement date of the entry under certain circumstances. In contrast, the UCC allows only two or four days for an RDFI to return an item. If an RDFI fails to return a check by its deadline, it could potentially be liable for the amount of the check. In many instances, the institution would be obligated to recredit the consumer’s account, resulting a loss for the institution.

However, CUNA has concerns about extending this rationale to "financial-institution-as-keeper" programs, where a valid check/share draft is tendered to the POS merchant under an agreement providing for retention of the item by merchant. Under the Board’s proposal, a transaction conducted under the "financial-institution-as-keeper" program would fall within the ambit of Regulation E only "if the consumer authorizes it as such". CUNA is concerned about using a legal fiction to bring such transactions under Regulation E as an EFT. CUNA finds no authority under check law for the consumer or merchant to redefine a check transaction as an EFT and thereby create liability for institutions under Regulation E. CUNA questions whether a consumer can sign away their Regulation CC and UCC rights by simply signing an EFT authorization. Of particular concern is whether the consumer understands and appreciates the distinction that is being made between a check being collected electronically and a transaction being considered an EFT for purposes of Regulation E. Consumers cannot reasonably be expected to be familiar with the relevant laws and regulations. CUNA feels it is inappropriate to expect the consumer to do such an analysis at the POS. Further, in these circumstances where the consumer gives his check to the merchant to keep, consumers expect the same options/services that they currently have in terms of the way checks/drafts are listed on their statements, requesting copies of their checks, and so forth. CUNA also feels that in many instances the member owners of credit unions enjoy more protections under the UCC than they do under Regulation E. For example, a consumer is given a much longer window of time to report an unauthorized transaction under the UCC/Regulation CC than under Regulation E (two-business-day rule) and may even completely avoid liability for such an item.

In addition, the Board’s broad definition of an EFT as "[a] transfer from the consumer’s account at POS where the merchant uses a consumer’s check or draft as a source document to obtain the serial, account and routing numbers" in comment 3(b)-1(v) to Section 205.3 may create unnecessary confusion in the marketplace, especially among consumers, because it would create inconsistencies. The proposal defines completed checks handed to a merchant at the POS differently from completed checks mailed to a merchant in a "lockbox" program despite the fact that the merchant retains the check and converts the check into an ACH debit in both situations. This creates a problem for consumers and merchants trying to understand which laws apply to such transactions. If the Board, however, ultimately decides that the "financial-institution-as-keeper" type programs should fall under Regulation E, then for consistency "lockbox" transactions should also be covered by Regulation E. Otherwise, consumers will be confused as discussed previously.

CUNA urges the Board to meet with stakeholders involved in these check conversion transactions – merchants, consumer groups, NACHA, and financial institutions – to study this issue more carefully before making a final determination as to the appropriate legal framework which should apply.

Reversal of Direct Deposits

Under proposed comment 2(m)-5 of Section 205.2, reversals of direct deposits under certain circumstances would not be covered under the definition of "unauthorized electronic fund transfer". These exceptions include deposits to the wrong account, duplicate deposits, and deposits in the wrong amount. CUNA agrees with this approach because such reversals are legitimate corrections of an incorrect entry.

Bill-Payment Programs

CUNA believes that Regulation E should apply to all bill-payment programs in which a consumer initiates payments via computer, regardless of whether the payment is ultimately paid by check/draft. A payment transaction that is initiated through an electronic terminal should be covered by Regulation E. In many cases, neither the consumer nor his financial institution knows if the actual payment is made by check or electronic debit until the transaction is investigated. Treating all bill-payment transactions initiated electronically as Regulation E transactions helps ensure that consumers and financial institutions will understand the rules and procedures each time such transactions are processed.

Re-Presented Checks

CUNA agrees that fees for re-presented checks should be covered by Regulation E. However, CUNA recommends that proposed comment 3(c)(1)-1 to Section 205.3 of the Staff Commentary be revised to recognize that a consumer’s authorization/consent is necessary before re-presented check fees may be debited electronically.

Two-Business-Day Rule

CUNA believes it is useful to clarify the timing of the two business day period in which a consumer must report a lost or stolen access device in order to limit his liability. However, the "two- business-day rule" language in proposed comment 6(b)(1)-3 to Section 205.6 is confusing. It is unclear whether midnight signifies the beginning or ending of a business day. CUNA recommends using the following verbiage: "The two day business period runs from the beginning of the day on the first business day after the consumer learns of the loss or theft and ends at the end of the day on the second business day."

Aggregation of Consumer Financial Information

"Screen scrapers" or financial aggregators allow users to consolidate their banking, credit card, investment, and other financial account information on one Web page. CUNA believes "screen scrapers" that provide the capability for consumers to perform electronic fund transfers should be considered financial institutions and, therefore, be subject to the provisions of Regulation E. CUNA supports the view that the security codes issued to consumers by such "screen scrapers" should be considered access devices. Consumers are able to use those security codes to log onto the web page that contains their financial information, enter the passwords issued by their financial institutions to get access to their individual accounts, and make EFT transactions.

CUNA encourages the Board to propose guidance that addresses the responsibilities of aggregators. "Screen scrapers" gives consumers access to account information and transactions; accordingly, they should have the responsibility for researching errors/questions and resolving the disputes created through their system. CUNA is especially concerned about credit union members giving their PINs out to financial aggregators to enable the aggregators to obtain the information from the various financial institutions and make it available on the aggregator’s Web site. Unscrupulous "screen scrapers" may use those PINs to conduct transactions without the consumer’s knowledge or authorization. Consequently, CUNA urges the Board to propose rigorous encryption, network security, and fraud detection system guidelines for "screen scrapers". Such standards will help to protect consumers from fraud and abuse by the aggregators as well as from theft/tampering by hackers. In addition, aggregators oftentimes cull data from various financial institution Web sites without the institution’s knowledge or authorization. Guidance by the Board should also protect the account holding institution from liability resulting from an aggregator’s activities.

In closing, CUNA supports the proposed revisions to the Staff Commentary to Regulation E as mentioned above with the exception of the provision regarding the "financial-institution-as-keeper"- type of programs. If you have any questions, please contact Mary Dunn or Catherine Orr at (202) 682- 4200.

Sincerely,

Mary Mitchell Dunn
Associate General Counsel

Catherine A. Orr
Regulatory Advocacy Attorney