On June 4, 2021 the CFPB published a new compliance aid – some frequently asked questions about Regulation E. Specifically, these FAQs address issues surrounding unauthorized use and investigations of these claims by members. As a reminder, Regulation E establishes limitations on consumers’ liability for unauthorized electronic fund transfers (EFTs), set forth in section 1005.6. The rule also addresses how to investigate claims of errors, which by definition includes but is not limited to unauthorized EFTs. Section 1005.11 provides the requirements for the error resolution process, including time limitations, the extent of investigation and the requirement to provisionally credit a consumer’s account if more than ten business days is needed to complete an investigation. Several past NAFCU Compliance Blog posts discuss these issues, such as this one on unauthorized use and this one on member liability under Regulation E.
Some of the FAQs seem to stem from the bureau’s Summer 2020 Supervisory Highlights, which noted issues with Regulation E compliance like waivers and investigations of errors. Some of the CFPB’s FAQs are rather straight-forward. For example, FAQ number three addresses whether a member’s negligence can be considered when determining potential liability for an unauthorized EFT. For example, what if a member “wrote the PIN on a debit card or on a piece of paper kept with the card”? The FAQ notes that this actually is clearly addressed in comment (6)(b)-2 in the official staff commentary, which states that “negligence by the consumer cannot be used as the basis for imposing greater liability” than what is allowed under the rule. So, the answer is no, negligence does not affect a member’s liability for unauthorized transfers.
FAQs number one and two address issues when a third party “fraudulently induces” a member into sharing account access information. These kinds of fraud are increasingly common, and the first question discusses whether these situations are “unauthorized EFTs” as defined in the rule. The CFPB indicated that the answer is yes because obtaining an access device through fraud or robbery is an unauthorized EFT and gives a few specific examples:
continue reading »