CUNA Regulatory Comment Call
July 5, 2000
Regulation E Revisions
- The Federal Reserve Board (Fed) is requesting comments on proposed revisions to the Official Staff Commentary to Regulation E, the Electronic Fund Transfer (EFT) Act.
- The revisions are intended to provide guidance on electronic authorization of recurring debits from a consumer's account, applicability of electronic check conversion transactions, telephone-initiated fund transfers, and other issues.
- The Fed is also requesting comment on how Regulation E should apply to aggregation or "screen scraping" services. These are services made available through an Internet website where consumers are able to view at that website their financial information from all institutions where they may have an account, such as credit card, securities, or deposit accounts.
Comments on the proposal are due by August 31, 2000. Please submit your comments to CUNA by August 25, 2000. Please feel free to fax your responses to CUNA at 202-371-8240; e-mail them to Associate General Counsel Mary Dunn at firstname.lastname@example.org or to Assistant General Counsel Jeffrey Bloch at email@example.com; or mail them to Mary or Jeff in c/o CUNA's Regulatory Advocacy Department, 805 15th Street, NW, Suite 300, Washington, DC 20005. If commenting directly to the Fed, you must refer to Docket No. R-1074. You may also contact us if you would like a copy of the proposal or you may access it here.
The EFT Act establishes the rights, liabilities, and responsibilities of participants in the EFT systems. Regulation E implements the EFT Act. The EFT Act and Regulation E include transfers initiated through the following:
- automatic teller machines (ATMs);
- point of sale (POS) terminals;
- automated clearing house (ACH);
- telephone bill-payment plans; and
- remote banking programs.
The EFT Act and Regulation E require the following:
- disclosure of terms and conditions;
- documentation by means of terminal receipts and periodic account statements;
- limitations on consumer liability for unauthorized transfers;
- procedures for error resolution;
- certain rights for preauthorized transfers; and
- restrictions on unsolicited issuance of access devices, such as ATM cards.
Regulation E includes Official Staff Commentary that interprets Regulation E to facilitate compliance and provide protection for civil liability. Contact Jeff Bloch for more information about Regulation E.
DESCRIPTION OF THE PROPOSAL
The proposed revisions to the Official Staff Commentary are described below, corresponding to the section of Regulation E that the revisions apply to.
Section 205.2 - Definitions
The Fed has determined that Regulation E covers check conversion programs where a merchant uses a consumer's check as a source document in order to provide the information needed to initiate an EFT. The Official Staff Commentary would be revised so that these checks would not be considered an "access device," such as an ATM or debit card.
The term "electronic terminal" would be clarified to include POS terminals even if an access device is not used to initiate the transaction, such as when a check is used as a source document. This means the requirements for providing a receipt will apply when such a check is used.
An additional section would be added regarding the definition of "preauthorized electronic fund transfer." Regulation E defines this term as an EFT authorized in advance to recur at substantially regular intervals. The Official Staff Commentary would clarify that this only includes transfers that require no further actions by the consumer. This would not include, for example, bill-payment systems where the consumer must initiate the transaction each month.
The Official Staff Commentary would also clarify that reversals of direct deposits made in error are not covered under the definition of "unauthorized electronic fund transfer." These include deposits to the wrong account, duplicate deposits, or deposits that are the wrong amount. A possible exception, depending on the circumstances, may be when there is a dispute as to whether the consumer is entitled to a certain amount of money.
Section 205.3 - Coverage
The National Automated Clearing House Association (NACHA) has established rules for a program where a merchant obtains information from a consumer's check in order to initiate a one-time ACH debit from the consumer's account for payments made in person. The Official Staff Commentary would clarify that such transactions are covered under Regulation E. The reasoning is that in such transactions, the check merely serves as the source of information for the electronic transaction and Regulation E would apply instead of the Uniform Commercial Code (UCC), which normally governs paper check transactions.
NACHA is also now considering similar rules where the merchant, and not the consumer, would retain the check. The Official Staff Commentary would also clarify that such transactions are covered under Regulation E, but the Fed has specifically requested comment on this interpretation.
NACHA has also established rules for a pilot program where the merchant converts signed and completed checks received by mail into ACH debits. These transactions would not be covered by Regulation E because, unlike the other NACHA rules described above, these are considered transactions initiated by checks, which are covered under the UCC, not Regulation E.
The Official Staff Commentary would also provide guidance regarding bill-payment services where a consumer initiates payments by computer. These transactions would be covered, unless the terms of the service state that payment will be made solely by check, draft, or similar paper instrument.
Guidance would also be provided regarding NACHA's re-presented check (RCK) entry program. Under RCK, if a check is returned due to insufficient or uncollected funds, the merchant may re-present the returned check electronically. This re- presentment would not be covered under Regulation E because the original transaction was originated by a signed and completed check. However, the merchant may impose a fee for the returned check, but a separate debit would have to be initiated in order to collect this fee electronically. This would be covered by Regulation E because such a transaction was not originated by check. The transaction for this fee would have to be authorized by the consumer.
Currently, a transfer initiated by telephone is covered under Regulation E if it occurs pursuant to a written plan. This would be clarified to include written statements available to the public or to account holders that describe such a service, such as a brochure or material included with periodic statements. An example would be added to clarify that such transfers by telephone include use of an audio or voice response telephone system.
Section 205.6 - Liability of Consumer for Unauthorized Transactions
Currently, liability for an unauthorized electronic fund transfer is limited to the lesser of $50 or the amount of the transfer if the loss is reported within two business days. The Official Staff Commentary would clarify that the two-day period would begin on midnight of the first business day after the consumer learns of the loss and would end at midnight two business days later.
Section 205.7 - Initial Disclosures
Regulation E currently requires that disclosures be provided at the time the consumer contracts for an EFT service or before the first transfer is made to or from the consumer's account. An exception is provided when the first EFT is a direct deposit and the financial institution does not have prior notice of a direct deposit arrangement. Here, disclosures may be made as soon as reasonably practical after the first direct deposit. The Official Staff Commentary would clarify that this exception would apply to both one-time and recurring payments.
Financial institutions generally have 10 days to investigate after receiving notice of an error. Under certain circumstances, this may be extended up to 45 days after receiving the notice. Regulation E was amended in 1998 to extend these time periods for new accounts, generally defined as accounts where the first deposit was made within 30 days of the EFT that is the subject of the error. For these new accounts, the 10-day period is extended to 20 days and in certain circumstances, the 45-day period is extended to 90 days. The Official Staff Commentary would be amended to reflect this 1998 rule change.
Section 205.9 - Receipts at Electronic Terminals; Periodic Statements
Regulation E currently requires that an ATM or POS terminal receipt provide either the location of the terminal or some type of identification, such as a code or terminal number. The Official Staff Commentary would clarify that such a code or number may substitute for the full description of the location, such as a street address.
Currently, periodic monthly or quarterly statements are not required for accounts that may be accessed only by preauthorized transfers to the account. The Official Staff Commentary would interpret this to include accounts that can be accessed by means other than EFTs, such as checks, but not accounts that may be accessed by EFTs other than preauthorized credits to the account, such as preauthorized debits or ATM transactions.
Monthly statements need to be sent if an EFT occurs on an account but may be sent quarterly if no EFT occurs. The Official Staff Commentary would clarify that a reversal of a direct deposit to correct an error would not trigger the monthly statement requirement if the error is a deposit to the wrong account, a duplicate deposit to the same account, or a deposit in the wrong amount.
Section 205.10 - Preauthorized Transfers
Regulation E currently requires recurring electronic debits to be authorized by a writing signed or similarly authenticated by the consumer. The Official Staff Commentary would provide flexibility to the term "similarly authenticated" so that it would include any authentication device or procedure that would provide similar assurance to a written signature. This would include any such device or procedure that identifies the consumer and shows the consumer's assent to the authorization. (The President signed the electronic signature legislation on June 30, 2000 and it will give electronic signatures and other documents the same status as paper versions. The "similarly authenticated" language in Regulation E may now be unnecessary.)
The Official Staff Commentary currently requires that the consumer must be able to receive or request a paper copy of the authorization. This would be changed to permit the party obtaining the authorization to provide the copy either electronically or in paper form.
Guidance would be provided in situations where consumers intend to authorize, either by telephone or on-line, recurring charges against a credit card but provides information from a debit card. Unlike Regulation E for debit cards, Regulation Z (Truth in Lending Act) does not require written or similarly authenticated authorization for recurring charges to credit cards. In these situations, there will be no violation of the Regulation E requirement for failure to obtain such authorization from the consumer who mistakenly uses the debit card if the failure was the result of an unintentional, bona fide error and there are procedures to avoid such errors. The authorization would have to be provided as soon as reasonably possible after the merchant or other payee discovers that a debit card was used. Otherwise, the consumer's account could no longer be debited.
The Official Staff Commentary would clarify that all employers, including financial institutions, may specify which financial institution will receive direct deposits of salary if the employees are also given the option of receiving the salary by check or cash.
Section 205.11 - Procedure for Resolving Errors
Under Regulation E, the error resolution procedures do not apply when a consumer is merely making an inquiry. An inquiry about whether an electronic payment was made under a home-banking or bill-payment program would be added as examples of situations where the error resolution procedures would not apply.
Section 205.12 - Relation to Other Laws
The Official Staff Commentary would be revised to discuss how both Regulations Z and Regulation E apply for the following types of unauthorized transactions: 1) those where a consumer's access device is used to withdraw funds from a checking account with an overdraft feature; and 2) those where the access device is also a credit card that is separately used to obtain cash advances.
REQUEST FOR COMMENT ON AGGREGATION OF CONSUMER FINANCIAL INFORMAION (SCREEN-SCRAPING)
Aggregation, or "screen-scraping," is a service made available through an Internet website where consumers are able to view at that website their financial information from all institutions where they may have an account, such as credit card, securities, or deposit accounts. In addition, these aggregators may offer EFT services, such as bill-payment.
The Fed is requesting comment on how these services operate or plan to operate in the future. Examples include whether bill-payment or EFT services will be provided and to what extent the agreements between aggregators and the institutions govern the procedures for access to the information and for electronic transfers.
Comment is also requested as to whether aggregators are "financial institutions" and therefore covered under Regulation E. The aggregator must issue a security code for the consumer to access information on the website. This is in addition to the security code that each institution issues to the consumer for purposes of initiating an EFT. Arguably, the security code issued by the aggregator could be considered an "access device" for purposes of Regulation E since that code and the code issued by the account-holding institution are both necessary in order to initiate the EFT. Therefore, the aggregator could be considered a financial institution.
If the aggregator is not considered a financial institution and an unauthorized EFT occurs through the aggregator's service, the current Official Staff Commentary suggests that a consumer assumes liability because the consumer gave the aggregator access to the account. However, the Fed indicates that this guidance was not provided to address the aggregator situation but was intended to address situations such as when a consumer gives authority to a friend or relative to make EFTs and that other person exceeds the authority given by the consumer.
QUESTIONS TO CONSIDER REGARDING THE FED'S REGULATION E PROPOSAL
- Do you agree that Regulation E should apply in an electronic transaction where the check used as a source document is completed, signed by the consumer, and then scanned and retained by the merchant? What would be the advantages or disadvantages for you or for consumers if such transactions are covered under Regulation E, as opposed to the UCC?
- To what extent do you have any experience with "screen scrapers," especially regarding matters such as procedures for access to information and for electronic transfers? Do you have information about how these services operate or plan to operate in the future, especially regarding plans to provide bill-payment or other EFT services?
- Screen scrapers issue security codes for consumers for purposes of accessing the website that contains financial information. Consumers may then use another security code to conduct an EFT. Should the screen scraper therefore be considered a "financial institution" for purposes of Regulation E since the code issued by the screen scraper could be considered an "access device," as defined by Regulation E?
- Under the proposal, reversals of direct deposits made in error under certain circumstances would not be covered under the definition of "unauthorized electronic fund transfer." These include deposits to the wrong account, duplicate deposits, or deposits in the wrong amount. Do you agree with this approach?
- In bill-payment programs, should Regulation E apply to all such programs, regardless of whether the payment is ultimately paid by check. If not, what criteria should be applied to distinguish between programs that should or should not be covered under Regulation E?
- Other comments?
Eric Richard General Counsel (202) 508-6742 firstname.lastname@example.org |
Mary Mitchell Dunn SVP & Associate General Counsel (202) 508-6736 email@example.com
Jeffrey Bloch Assistant General Counsel (202) 508-6732 firstname.lastname@example.org
Catherine Orr Senior Regulatory Counsel (202) 508-6743 email@example.com