consumer compliance handbook - cfpa guideconsumer compliance handbook contents about this handbook...

ConsumerComplianceHandbookDivision of Consumer and Community Affairs

Inquiries or comments relating to the contents of this manual should be addressed to:

Manager, Reserve Bank Oversight and PolicyDivision of Consumer and Community AffairsBoard of Governors of the Federal Reserve SystemWashington, D.C. 20551

To obtain copies of this handbook, contact Publications Fulfillment at:

Publications FulfillmentMail Stop N-127Board of Governors of the Federal Reserve SystemWashington, D.C. 20551

202-452-3244

[email protected]

The Board makes semiannual updates to the handbook. The updates are made available free of chargeonline at www.federalreserve.gov/boarddocs/supmanual.

About this Handbook

Since the late 1960s, Congress has enacted anumber of consumer protection and civil rightslaws directly related to the activities of financialinstitutions. Most transactions involving consum-ers and financial institutions are covered by theselaws. In 2010, Congress enacted the Dodd-FrankWall Street Reform and Consumer Protection Act(the Dodd-Frank Act), which established a newregulator, the Consumer Financial ProtectionBureau (CFPB). Under the Dodd-Frank Act, theCFPB has authority to examine insured depositoryinstitutions and insured credit unions with consoli-dated assets of more than $10 billion and theiraffiliates, to assess compliance with the require-ments of 18 enumerated federal consumer finan-cial laws, and to assess risks to consumers andfinancial markets from consumer financial prod-ucts and services.

The Federal Reserve retains supervisory respon-sibility for: 1) state member banks with consoli-dated assets of more than $10 billion for theircompliance with consumer protection laws notspecifically transferred to the CFPB, and 2) statemember banks with consolidated assets of $10 bil-lion or less for their compliance with all consumerprotection laws. The Federal Reserve also retainsresponsibility for conducting Community Reinvest-ment Act (CRA) examinations for state memberbanks, regardless of asset size. In addition, theFederal Reserve remains the consolidated super-visor for all bank holding companies and has takenon additional supervisory responsibility as thededicated supervisor for savings and loan holdingcompanies.

Oversight is assigned to the Board’s Division ofConsumer and Community Affairs (DCCA); directsupervision of institutions is largely the responsibil-ity of the Federal Reserve Banks, operating underdelegated authority. Specially trained consumercompliance examination staff help carry out theBoard’s consumer compliance supervisionprogram.

Intended Use

This Consumer Compliance Handbook providesFederal Reserve examiners (and other Systemcompliance personnel) with background on theconsumer compliance regulations and statutescovered by the Board’s consumer compliancesupervision program and guidelines for conductingconsumer compliance examinations. Others in thecompliance profession may also find it useful.

The Handbook describes each regulation (or, ifno regulation exists, the statute) and, for most of theregulations, provides examination objectives,examination procedures, and a detailed examina-tion checklist. Although most of the regulations arediscussed in some detail, the discussions are notintended as a substitute for the regulation (or thestatute). For complete information, examinersshould refer to the regulation itself, as well as thestatute, official interpretations, and any related CALetters issued by the Division of Consumer andCommunity Affairs.

The Handbook primarily concerns examinationsof state member banks, but it also covers supervi-sory activities related to foreign banking offices. Forsimplicity, most discussions refer to ‘‘state memberbanks’’ (or just ‘‘banks’’), even when they mayapply to foreign banking offices.

Contents

The first part of the Handbook covers aspects ofthe examination process in general; the remainingparts focus on individual regulations (or, in somecases, individual statutes):

I. Risk-focused consumer compliance supervision

II. Deposit-related regulations and statutes

III. Credit-related regulations and statutes

IV. Other regulations, rules, policies, and statutes

V. Federal fair lending regulations and statutes

VI. Community Reinvestment Act

Relationship toFFIEC-Issued Material

The Handbook has been prepared specifically forFederal Reserve examiners. Some of the chaptersconcerning regulations or statutes for which theFFIEC has issued supervisory materials are adaptedfrom FFIEC documents. The differences betweenthe Handbook and FFIEC materials are not sub-stantive and primarily involve formatting or otherminor changes to increase consistency amongindividual Handbook chapters.

Updates

Informal updates will be provided to System staffthrough CA Letters, conference calls, and othermeans of internal communication, as circum-

Consumer Compliance Handbook iii (11/13)

stances dictate. Formal updates will be distributedat least annually.

Questions

Questions and comments about this Handbookshould be directed to the Manager, Reserve Bank

Oversight, Division of Consumer and CommunityAffairs.

An electronic version of this printed handbook isavailable on the Board’s web site, atwww.federalreserve.gov/boarddocs/SupManual/default.htm.

About this Handbook

iv (11/13) Consumer Compliance Handbook

Consumer Compliance Handbook

Contents

About this Handbook

I. Community Bank Risk-Focused Consumer Compliance Supervision Program

II. Deposit-Related Regulations and Statutes

Regulation E (Electronic Fund Transfers)

Regulations Q and D (Interest on Demand Deposits/Reserve Requirements)

Regulation CC (Availability of Funds and Collection of Checks)

Regulation DD (Truth in Savings)

Garnishment of Accounts

III. Credit-Related Regulations and Statutes

Regulation C (Home Mortgage Disclosure)

Regulation H (Flood Insurance)

Fair Credit Reporting

Regulation Z (Truth in Lending)

Fair Debt Collection Practices Act

Homeowners Protection Act

Homeownership Counseling

Real Estate Settlement Procedures Act

Special Provisions for Service Members (Talent Amendment)

Servicemembers Civil Relief Act

IV. Other Regulations, Rules, Policies, and Statutes

Regulation G (Disclosure and Reporting of CRA-Related Agreements: CRA Sunshine Requirements)

Regulation H (Section 109 of the Riegle–Neal Interstate Banking and Branching Efficiency Act)

Regulation M (Consumer Leasing)

Regulation P (Privacy of Consumer Financial Information)

Regulation AA (Unfair or Deceptive Acts or Practices: Credit Practices Rule)

Federal Trade Commission Act (Section 5)

Branch Closings

Children’s Online Privacy Protection Act

Right to Financial Privacy Act

Protecting Tenants at Foreclosure

Consumer Compliance Handbook v (11/13)

V. Federal Fair Lending Regulations and Statutes

Overview

Regulation B (Equal Credit Opportunity)

Fair Housing Act

Examination procedures

Appendix

Alternative Examination Approach for Low-Risk Banks

VI. Community Reinvestment Act

Regulation BB (Community Reinvestment)

Small Institutions

Intermediate Small Institutions

Large Institutions

Institutions with Strategic Plans

Wholesale or Limited-Purpose Institutions

Supplementary Guidance

Contents

Consumer Compliance Handbookvi (11/13)

Federal Reserve Community Bank Risk-Focused ConsumerCompliance Supervision Program

Executive Summary

The Community Bank Risk-Focused ConsumerCompliance Supervision Program (‘‘Program’’)promotes strong compliance risk managementpractices and consumer protection within statemember banks with assets of $10 billion or lessand their subsidiaries. The Program provides aframework that allows examiners to evaluatewhether a financial institution is effectively control-ling compliance risk. This framework is foundedon the following principles of successful supervi-sion:

• Risk-Focused. Evaluates a financial institution’scompliance culture and processes for identify-ing, measuring, monitoring, and controlling risksand practices regarding the treatment of consum-ers, the potential for consumer harm, and com-pliance with consumer protection laws andregulations.

• Proactive and Scalable. Balances the nature andbreadth of supervision with the level of risk toconsumers and financial institutions.

• Efficient. Incorporates procedures and pro-cesses to ensure good stewardship of examinerresources.

• Clear. Provides guidance, policies, procedures,and examination findings clearly.

• Collaborative. Engages other disciplines andsupervisory agencies, as appropriate, to ensurea coordinated supervisory approach.

Understanding the Institution

The starting point for risk-focused supervision isdeveloping an understanding of the institution,

taking into account environmental factors and thelegal and regulatory landscape in which it oper-ates. Information on a financial institution’s busi-ness model and strategy, major business activities,and risk tolerance serves as the foundation forassessing its associated risks and supports theexaminer’s observations captured in an institutionalprofile. The consumer compliance examiner willdevelop an institutional profile to provide a conciseportrait of an organization’s structure and businessactivities and allow the examiner to understand thescope of activities that give rise to potentialconsumer harm and consumer compliance risk.

Examiners will contact bank management todevelop and maintain an understanding of theinstitution and the market(s) in which it operates.Such contact typically involves a specific informa-tion request that provides the opportunity to learnabout any changes that would affect the profile.These changes might include changes in manage-ment personnel, organizational structure, or theinstitution’s strategic direction, including any newproducts, markets, or delivery channels the institu-tion has introduced or entered or is consideringintroducing or entering.

The Program discusses in detail the processesdepicted in the diagram on the following page.

Consumer Compliance Handbook ESUM • 1 (11/13)

Executive Summary

2 (11/13) • ESUM Consumer Compliance Handbook

Assessing the Institution’s Risk

The institutional profile serves as the primarysource of information for developing the riskassessment, a vital part of the supervisory process.The risk assessment presents a comprehensiveview of the financial institution, delineating theareas of supervisory concern, and serves as aplatform for the supervisory plan. While the riskassessment process evaluates a financial institu-tion’s compliance management program as awhole, the process also evaluates the effectivenessof the institution’s compliance risk controls forindividual products, services, and businessactivities.

Inherent risk considers the likelihood and impactof noncompliance with consumer laws and regula-tions prior to considering any mitigating effects ofrisk management processes. Risk managementand controls are evaluated in the context of theirlikely effectiveness in achieving compliance withlaws and regulations. Residual risk is determinedby balancing the overall level of inherent risk of anactivity (product or service) with the overall strengthof risk controls for that activity.

The goal of the risk assessment is to allowsupervisory staff to establish reasonable assurancethat material residual consumer compliance risksare identified. The risk assessment can then berelied upon as the determinant of the scope ofexamination activities. As a result, examinationresources will be focused on areas of elevatedresidual risk and not on those areas where inherentrisk is well controlled and residual risk is limited orlow.

The risk assessment process requires the exam-iner to determine: (1) products, services, andactivities that are considered material to theorganization; (2) the level of inherent risk associ-ated with these products, services, and activities;(3) the adequacy of management systems used tomeasure, monitor, and control associated risks;and (4) the residual consumer compliance riskassociated with each material product, service,and activity, as well as for the institution overall,based on the level of inherent risk and theadequacy of risk controls. The examiner willaggregate the residual risk determined for each ofthe financial institution’s material products to cap-ture the residual risk for the institution as a whole.

Fair lending (the Fair Housing Act, the EqualCredit Opportunity Act, and Regulation B) and

unfair or deceptive acts or practices (UDAP)(Section 5 of the Federal Trade Commission Actand Sections 1031 and 1036 of the Dodd–FrankWall Street Reform and Consumer Protection Act)are two of the most significant risk areas forfinancial institutions. Violations in these areas oftencause significant consumer harm as well as legal,financial, and reputational risk to the institution.Therefore, fair lending and UDAP will always beaddressed during the risk assessment process. Forfair lending, as with the examiner’s evaluation of theoverall compliance management program, thelevel of examination intensity for a particularproduct will generally be commensurate with thelevel of residual risk identified in the risk assess-ment process. However, in circumstances whereinherent risk is high, examiners generally will testthe risk controls before concluding that theyeffectively mitigate the high inherent risk.

Examination Scoping and Planning

Establishing a thorough knowledge of a financialinstitution’s inherent risk and an understanding ofan institution’s compliance management program,including the risk controls used to mitigate inherentrisk, is a critical part of examination scoping andplanning. Ultimately, the risk assessment shoulddrive the scope of activities that will be carried outduring the examination.

The scoping process provides an opportunity tocustomize examination activities so that they areconsistent with the size, complexity, and risk profileof the financial institution. In this way, it is expectedthat a broad range of examination activities will beconsidered for products, services, and businesslines targeted for additional review. Moreover, it isexpected that planned activities involve varyinglevels of intensity and be carried out in a way thathelps the examination team draw reasonableconclusions about the adequacy of an institution’scompliance management program.

The examination work program and proceduresused to assess the risk management practices of afinancial institution with respect to a particularproduct or service or across business lines will becommensurate with the level of residual riskidentified in the risk assessment process. Thus, theexamination work program may include a range ofexamination activities, as depicted in the diagramon the following page.

Executive Summary


After assessing the financial institution’s risk andidentifying the areas targeted for additional review,the examiner will develop a tailored, risk-focusedwork program for each product, service, or busi-ness line selected. In many cases, examinationobjectives for material products or for the overallinstitution may have been largely met as part of therisk assessment process. When the quality ofcompliance management systems is assessed asbeing at least satisfactory or there is a reasonablebasis for reliance on the institution’s controls, andresidual risk is not elevated, examiners may needto conduct no additional work or only limitedfollow-up work during the examination.

Management and policy-related examinationanalysis performed during the risk assessmentprocess may result in the identification of proce-dural weaknesses or other risks that cannot beaddressed simply through limited follow-up. Insuch cases, the examiner should document theneed for transaction testing in the examination

scope memorandum detailing the overall examina-tion strategy.

The risk assessment and scoping processes willresult in communication to the institution’s manage-ment of a request for any additional information tobe sent to the Reserve Bank or made available onsite upon examiners’ arrival. To the extent possible,information requests will avoid asking for informa-tion already available.

Examination Work

The examiner in charge will meet with the financialinstitution’s senior management and the compli-ance officer to discuss the nature and scope of theexamination. Because the issues identified in thescoping process and the suggested levels ofreview may differ from the previous examination,the examiner will provide bank management withan understanding of the risk-focused examinationprocess and how it will be applied to the institution.

Executive Summary

4 (11/13) • ESUM Consumer Compliance Handbook

The examiner in charge will inform bank manage-ment of the examination’s progress and issues thatmay have arisen that could result or have resultedin a change to the scope of the examination. Bankmanagement will be given an opportunity torespond to issues and resolve them if possible, asearly in the examination process as is practical.

Formal final discussions are held to communi-cate examination findings and obtain, when neces-sary, management’s commitment for correctiveaction. The board of directors has the ultimateresponsibility for operating the financial institutionin compliance with the law and for ensuring thatappropriate corrective action is taken. A meetingwith the board of directors may be appropriate incertain circumstances, such as if the programweaknesses or legal violations involve the potentialfor significant administrative and civil liability or ifthe Reserve Bank is contemplating issuing asupervisory action.

Supervisory findings are communicated in writ-ing through formal reports and letters summarizingthe results of reviews. These communications,

including the Consumer Affairs Report of Examina-tion for community banks, constitute the officialrecord of the examination and are the primary toolfor conveying examination findings to the institu-tion’s board of directors and senior management.

Ongoing Supervision

Ongoing supervision of a financial institutionbetween examinations, typically a supervisorycontact close to the mid-cycle between consumercompliance examinations, is critical in identifyingsignificant changes or deteriorating trends in atimely manner. Proactive monitoring also confirmswhether the institution’s board and senior manage-ment have appropriately addressed previous ex-amination findings and allows for identification ofnew product lines, business activities, or otherorganizational changes. In some cases when theinstitution’s risk profile is high or it changesmaterially as a result of the addition of morecomplex or higher-risk strategies, more frequentcontacts may be appropriate.

Executive Summary


Regulation E

Electronic Fund Transfer Act

The Electronic Fund Transfer Act (EFTA) (15 U.S.C.1693 et seq.) of 1978 is intended to protectindividual consumers engaging in electronic fundtransfers (EFTs) and remittance transfers. Theseservices include

• transfers through automated teller machines(ATMs);

• point-of-sale (POS) terminals;

• automated clearinghouse (ACH) systems;

• telephone bill-payment plans in which periodic orrecurring transfers are contemplated;

• remote banking programs; and

• remittance transfers.

The EFTA is implemented through Regulation E,which includes official interpretations.

In 2009, the Federal Reserve Board (Board)amended Regulation E to prohibit institutions fromcharging overdraft fees for ATM and one-time debitcard transactions, unless the consumer opts in oraffirmatively consents to the institution’s overdraftservices (74 Fed. Reg. 59033 (Nov. 17, 2009) and75 Fed. Reg. 31665 (June 4, 2010)). The Boardalso amended Regulation E to restrict fees andexpiration dates on gift cards and to require thatgift card terms be stated clearly (75 Fed. Reg.16580 (April 1, 2010)).1

The Dodd−Frank Wall Street Reform and Con-sumer Protection Act (Dodd−Frank Act) transferredrulemaking authority under the EFTA from theBoard of Governors of the Federal Reserve Systemto the Consumer Financial Protection Bureau(CFPB).2, 3 The Dodd−Frank Act also amended theEFTA and created a new system of consumerprotections for remittance transfers sent by con-sumers in the United States to individuals andbusinesses in foreign countries. In December

2011, the CFPB restated the Board’s implementingRegulation E at 12 CFR Part 1005 (76 Fed. Reg.81020) (December 27, 2011). In February 2012, theCFPB added subpart B (Requirements for Remit-tance Transfers) to Regulation E to implement thenew remittance protections set forth in the Dodd−Frank Act (77 Fed. Reg. 6194) (February 7, 2012),effective on February 7, 2013.4 In July 2012, theCFPB amended the February 2012 rule to effectcertain technical corrections primarily related toformatting of the model forms in the rule. In August2012, the CFPB again amended the February 2012rule to modify the definition of ‘‘remittance transferprovider.’’ The August amendment also revisedseveral aspects of the rule regarding remittancetransfers that are scheduled before the date oftransfer, including preauthorized remittance trans-fers (77 Fed. Reg. 50244) (August 20, 2012). InJanuary 2013, the rule’s February 21, 2013,effective date was delayed pending finalization of aproposal to address three specific issues in therule. In May 2013, the CFPB finalized the proposal,which modified the disclosure requirements forcertain fees and foreign taxes, revised someaspects of the error resolution requirements, andestablished a new effective date of October 28,2013 (78 Fed. Reg. 30661) (May 22, 2013).

Information in this narrative is provided forsubpart A and subpart B in the order listed below.Note that the order, particularly as it relates tosubpart A, does not strictly follow the order of theregulatory text. For ease of use by the examiner,however, the examination procedures and check-list follow the order of the regulation.

Subpart A

I. Scope and Key Definitions (12 CFR 1005.2,1005.3, 1005.17, 1005.20)

II. Disclosures (12 CFR 1005.4, 1005.7, 1005.8,1005.16, 1005.17, 1005.20)

III. Electronic Transaction Overdraft Service OptIn (12 CFR 1005.17)

IV. Issuance of Access Devices (12 CFR 1005.5,1005.18)

V. Consumer Liability and Error Resolution (12CFR 1005.6, 1005.11)

VI. Receipts and Periodic Statements (12 CFR1005.9, 1005.18)

VII. Gift Cards (12 CFR 1005.20)

1. The Board also implemented a legislative extension of timefor complying with the gift card disclosure requirements untilJanuary 31, 2011. 75 Fed. Reg. 50683 (August 17, 2010).

2. Dodd−Frank Act §§1002(12)(C), 1024(b)-(c), and 1025(b)-(c); 12 U.S.C. §§5481(12)(C), 5514(b)-(c), and 5515(b)-(c).Section 1029 of the Dodd−Frank Act generally excludes from thistransfer of authority, subject to certain exceptions, any rulemakingauthority over a motor vehicle dealer that is predominantlyengaged in the sale and servicing of motor vehicles, the leasingand servicing of motor vehicles, or both. The transfer of authorityalso did not include section 920 of EFTA, which concerns debitcard interchange fees charged to merchants. Section 920 of EFTAis implemented by Board regulations at 12 CFR Part 235. Section920 is not addressed here or in the accompanying examinationprocedures and checklist.

3. The agency responsible for supervising and enforcingcompliance with Regulation E will depend on the person subjectto the EFTA (e.g., for financial institutions, jurisdiction will dependon the size and charter of the institution).

4. The amendment designated 12 CFR 1005.1 through 1005.20as subpart A.

Consumer Compliance Handbook Reg. E • 1 (11/13)

VIII. Other Requirements (12 CFR 1005.10,1005.14, 1005.15)

IX. Relation to Other Laws (12 CFR 1005.12)

Subpart B

Requirements for remittance transfers

X. Remittance Transfer Definitions (12 CFR1005.30)

XI. Disclosures (12 CFR 1005.31)

XII. Estimates (12 CFR 1005.32)

XIII. Procedures for Resolving Errors (12 CFR1005.33)

XIV. Procedures for Cancellation and Refund ofRemittance Transfers (12 CFR 1005.34)

XV. Acts of Agents (12 CFR 1005.35)

XVI. Transfers Scheduled Before the Date ofTransfer (12 CFR 1005.36)

Sections Applicable to BothSubpart A and Subpart B

XVII. Preemption

XVIII. Administrative Enforcement and Record Re-tention (12 CFR 1005.13)

XIX. Miscellaneous (EFTA provisions not reflectedin Regulation E)

SUBPART A

I. Scope

Key Definitions—12 CFR 1005.2

Access device is a card, code, or other means ofaccess to a consumer’s account or a combinationof these used by the consumer to initiate EFTs.Access devices include debit cards, personalidentification numbers (PINs), telephone transferand telephone bill payment codes, and othermeans to initiate an EFT to or from a consumeraccount (12 CFR 1005.2(a)(1) and 12 CFR Part1005, Supp. I, Comment 2(a)-1).

Access devices do not include either of thefollowing:

• magnetic tape or other devices used internally bya financial institution to initiate electronic trans-fers

• a check or draft used to capture the MICR(Magnetic Ink Character Recognition) encodingor routing, account, and serial numbers to initiatea one-time ACH debit (Comments 2(a)-1 and2(a)-2)

Accepted access device is an access device

that a consumer

• requests and receives, signs, or uses (or autho-

rizes another to use) to transfer money between

accounts or to obtain money, property, or

services

• requests to be validated even if it was issued on

an unsolicited basis

• receives as a renewal or substitute for an

accepted access device from either the financial

institution that initially issued the device or a

successor (12 CFR 1005.2(a)(2))

Account includes the following:

• checking, savings, or other consumer asset

accounts held by a financial institution (directly or

indirectly), including certain club accounts, es-

tablished primarily for personal, family, or house-hold purposes

• payroll card account, established through anemployer (directly or indirectly), to which EFTs ofthe consumer’s wages, salary, or other employeecompensation (such as commissions), are madeon a recurring basis. The payroll card accountcan be operated or managed by the employer, athird-party processor, a depository institution, orany other person. All transactions involving thetransfer of funds to or from a payroll card accountare covered by the regulation (12 CFR 1005.2(b)(2) and Comment 2(b)-2).

An account does not include:

• an account held by a financial institution under abona fide trust agreement

• an occasional or incidental credit balance in acredit plan

• profit-sharing and pension accounts establishedunder a bona fide trust agreement

• escrow accounts such as for payments of realestate taxes, insurance premiums, or completionof repairs

• accounts for purchasing U.S. savings bonds (12CFR 1005.2(b)(3) and Comment 2(b)-3)

A payroll card account does not include a cardused

• solely to disburse incentive-based payments(other than commissions when they represent theprimary means through which a consumer ispaid) that are unlikely to be a consumer’s primarysource of salary or other compensation;

• solely to make disbursements unrelated to com-pensation, such as petty cash reimbursements ortravel per diem payments; or

• in isolated instances to which an employertypically does not make recurring payments


2 (11/13) • Reg. E Consumer Compliance Handbook

(Comment 2(b)-2).

Activity means any action that results in an

increase or decrease of the funds underlying a

certificate or card, other than the imposition of a

fee, or an adjustment due to an error or a reversal

of a prior transaction (12 CFR 1005.20(a)(7)).

ATM operator is any person that operates an

ATM at which a consumer initiates an EFT or a

balance inquiry and that does not hold the account

to or from which the transfer is made or about which

the inquiry is made (12 CFR 1005.16(a)).

Dormancy fee and inactivity fee mean a fee for

non-use of or inactivity on a gift certificate, store gift

card, or general-use prepaid card (12 CFR 1005.20

(a)(5)).

Electronic check conversion (ECK) transactions

are transactions where a check, draft, or similar

paper instrument is used as a source of information

to initiate a one-time electronic fund transfer from a

consumer’s account. The consumer must authorize

the transfer (12 CFR 1005.3(b)(2))

Electronic fund transfer (EFT) is a transfer of

funds initiated through an electronic terminal,

telephone, computer (including online banking) or

magnetic tape for the purpose of ordering, instruct-

ing, or authorizing a financial institution to debit or

credit a consumer’s account. EFTs include, but are

not limited to, point-of-sale (POS) transfers; auto-

mated teller machine (ATM) transfers; direct depos-

its or withdrawals of funds; transfers initiated by

telephone; and transfers resulting from debit card

transactions, whether or not initiated through an

electronic terminal (12 CFR 1005.3(b)).

Electronic terminal is an electronic device, other

than a telephone call by a consumer, through

which a consumer may initiate an EFT. The term

includes, but is not limited to, point-of-sale termi-nals, automated teller machines, and cash-dispensing machines (12 CFR 1005.2(h)).

Exclusions from gift card definition. The followingcards, codes, or other devices are excluded andnot subject to the substantive restrictions onimposing dormancy, inactivity, or service fees, oron expiration dates if they are (12 CFR 1005.20(b))

• usable solely for telephone services;

• reloadable and not marketed or labeled as a giftcard or gift certificate. For purposes of thisexception, the term ‘‘reloadable’’ includes atemporary non-reloadable card issued solely inconnection with a reloadable card, code, or otherdevice;

• a loyalty, award, or promotional gift card (exceptthat these must disclose on the card or deviceitself, information such as the date the fundsexpire, fee information and a toll-free number) (12

CFR 1005.20(a)(4) and (c)(4));

• not marketed to the general public;

• issued in paper form only; or

• redeemable solely for admission to events or

venues at a particular location or group of

affiliated locations, or to obtain goods or services

in conjunction with admission to such events or

venues, at the event or venue or at specific

locations affiliated with and in geographic prox-

imity to the event or venue.

General-use prepaid card is a card, code, or

other device

• issued on a prepaid basis primarily for personal,

family, or household purposes to a consumer in a

specified amount, whether or not that amount

may be increased or reloaded, in exchange for

payment; and

• that is redeemable upon presentation at multiple,

unaffiliated merchants for goods or services, orthat may be usable at automated teller machines(12 CFR 1005.20(a)(3)). See ‘‘Exclusions from giftcard definition.’’

Gift certificate is a card, code, or other deviceissued on a prepaid basis primarily for personal,family, or household purposes to a consumer in aspecified amount that may not be increased orreloaded in exchange for payment and redeem-able upon presentation at a single merchant or anaffiliated group of merchants for goods or services(12 CFR 1005.20(a)(1)). See ‘‘Exclusions from giftcard definition.’’

Loyalty, award, or promotional gift card is a card,code, or other device (1) issued on a prepaid basisprimarily for personal, family, or household pur-poses to a consumer in connection with a loyalty,award, or promotional program; (2) that is redeem-able upon presentation at one or more merchantsfor goods or services, or usable at automated tellermachines; and (3) that sets forth certain disclo-sures, including a statement indicating that thecard, code, or other device is issued for loyalty,award, or promotional purposes (12 CFR 1005.20(a)(4)). See ‘‘Exclusions from gift card definition.’’

Overdraft services. A financial institution pro-vides an overdraft service if it assesses a fee orcharge for paying a transaction (including a checkor other item) when the consumer has insufficient orunavailable funds in the account to pay thetransaction. However, an overdraft service doesnot include payments made from the following:

• a line of credit subject to Regulation Z, such as acredit card account, a home equity line of credit,or an overdraft line of credit;

• funds transferred from another account heldindividually or jointly by the consumer; or



• a line of credit or other transaction from a

securities or commodities account held by a

broker–dealer registered with the Securities and

Exchange Commission (SEC) or the Commodity

Futures Trading Commission (CFTC). (12 CFR

1005.17(a)).

Preauthorized electronic fund transfer is an EFT

authorized in advance to recur at substantially

regular intervals (12 CFR 1005.2(k)).

Service fee means a periodic fee for holding or

use of a gift certificate, store gift card, or general-use prepaid card. A periodic fee includes any feethat may be imposed on a gift certificate, store giftcard, or general-use prepaid card from time to timefor holding or using the certificate or card (12 CFR1005.20(a)(6)). For example, a service fee mayinclude a monthly maintenance fee, a transactionfee, an ATM fee, a reload fee, a foreign currencytransaction fee, or a balance inquiry fee, whether ornot the fee is waived for a certain period of time oris only imposed after a certain period of time.However, a service fee does not include a one-timefee or a fee that is unlikely to be imposed more thanonce while the underlying funds are still valid, suchas an initial issuance fee, a cash-out fee, asupplemental card fee, or a lost or stolen certificateor card replacement fee (Comment 20(a)(6)-1).

State means any state, territory, or possession ofthe United States; the District of Columbia; theCommonwealth of Puerto Rico; or any of theirpolitical subdivisions (12 CFR 1005.2(l)).

Store gift card is a card, code, or other deviceissued on a prepaid basis primarily for personal,family, or household purposes to a consumer in aspecified amount, whether or not that amount maybe increased or reloaded, in exchange for pay-ment, and redeemable upon presentation at asingle merchant or an affiliated group of merchantsfor goods or services (12 CFR 1005.20(a)(2)). See‘‘Exclusions from gift card definition.’’

Unauthorized electronic fund transfer is an EFTfrom a consumer’s account initiated by a personother than the consumer without authority to initiatethe transfer and from which the consumer receivesno benefit. This does not include an EFT initiated inany of the following ways:

• by a person who was furnished the accessdevice to the consumer’s account by the con-sumer, unless the consumer has notified thefinancial institution that transfers by that personare no longer authorized;

• with fraudulent intent by the consumer or anyperson acting in concert with the consumer; or

• by the financial institution or its employee (12CFR 1005.2(m)).

Coverage—12 CFR 1005.3

Subpart A of Regulation E applies to any electronicfund transfer (EFT) that authorizes a financialinstitution to debit or credit a consumer’s account.The requirements of subpart A of Regulation Eapply only to accounts for which there is anagreement for EFT services to or from the accountbetween (i) the consumer and the financial institu-tion or (ii) the consumer and a third party, when theaccount-holding financial institution has receivednotice of the agreement and the fund transfershave begun (Comment 3(a)-1).

Regulation E applies to all persons, includingoffices of foreign financial institutions in the UnitedStates, that offer EFT services to residents of anystate, and it covers any account located in theUnited States through which EFTs are offered to aresident of a state, no matter where a particulartransfer occurs or where the financial institution ischartered (Comment 3(a)-3). Regulation E does notapply to a foreign branch of a U.S. financialinstitution unless the EFT services are offered inconnection with an account in a state, as defined in12 CFR 1005.2(l) (Comment 3(a)-3).

Exclusions from Coverage

12 CFR 1005.3(c) describes transfers that are notEFTs and are therefore not covered by the EFTAand Regulation E:

• transfers of funds originated by check, draft, orsimilar paper instrument;

• check guarantee or authorization services that donot directly result in a debit or credit to aconsumer’s account;

• any transfer of funds for a consumer within asystem that is used primarily to transfer fundsbetween financial institutions or businesses, e.g.,Fedwire or other similar network;

• any transfer of funds that has as its primarypurpose the purchase or sale of securities orcommodities regulated by the SEC or the CFTC,purchased or sold through a broker−dealerregulated by the SEC or through a futurescommission merchant regulated by the CFTC, orheld in book-entry form by a Federal ReserveBank or federal agency;

• intra-institutional automatic transfers under anagreement between a consumer and a financialinstitution;

• transfers initiated by telephone between a con-sumer and a financial institution provided thetransfer is not a function of a written plancontemplating periodic or recurring transfers. Awritten statement available to the public, such as



a brochure, that describes a service allowing aconsumer to initiate transfers by telephone con-stitutes a written plan; or

• preauthorized transfers to or from accounts atfinancial institutions with assets of less than $100million on the preceding December 31. Suchpreauthorized transfers, however, remain subjectto the compulsory use prohibition under Section913 of the EFTA and 12 CFR 1005.10(e), as wellas the civil and criminal liability provisions ofSections 915 and 916 of the EFTA. A smallfinancial institution that provides EFT servicesbesides preauthorized transfers must complywith the requirements of subpart A for those otherservices (Comment 3(c)(7)-1). For example, asmall financial institution that offers ATM servicesmust comply with subpart A in regard to theissuance of debit cards, terminal receipts, peri-odic statements, and other requirements.

Electronic Check Conversion (ECK) andCollection of Returned-Item Fees

Subpart A covers electronic check conversion(ECK) transactions. In an ECK transaction, aconsumer provides a check to a payee andinformation from the check is used to initiate aone-time EFT from the consumer’s account. Al-though transfers originated by checks are notcovered by subpart A, an ECK is treated as an EFTand not a payment originated by check. Payeesmust obtain the consumer’s authorization for eachECK transaction. A consumer authorizes a one-time EFT for an ECK transaction when the con-sumer receives notice that the transaction will ormay be processed as an EFT and goes forwardwith the underlying transaction5 (12 CFR 1005.3(b)(2)(i) and (ii) and Comment 3(b)(2)-3).

If a payee re-presents electronically a checkthat has been returned unpaid, the transaction isnot an EFT, and subpart A does not applybecause the transaction originated by check(Comment 3(c)(1)-1).

However, subpart A applies to a fee collectedelectronically from a consumer’s account for acheck or EFT returned unpaid. A consumer autho-rizes a one-time EFT from the consumer’s accountto pay the fee for the returned item or transfer if theperson collecting the fee provides notice to theconsumer stating the amount of the fee and that theperson may electronically collect the fee, and theconsumer goes forward with the underlying trans-action6 (12 CFR 1005.3(b)(3)). These authorization

requirements do not apply to fees imposed by theaccount-holding financial institution for returningthe check or EFT or paying the amount of anoverdraft (Comment 3(b)(3)-1).

II. Disclosures

Disclosures Generally—12 CFR 1005.4

Required disclosures must be clear and readilyunderstandable, in writing, and in a form theconsumer may keep. The required disclosures maybe provided to the consumer in electronic form, ifthe consumer affirmatively consents after receivinga notice that complies with the E-Sign Act (12 CFR1005.4(a)(1)).

Disclosures may be made in a language otherthan English, if the disclosures are made availablein English upon the consumer’s request (12 CFR1005.4(a)(2)).

A financial institution has the option of disclosingadditional information and combining disclosuresrequired by other laws (for example, Truth inLending disclosures) with Regulation E disclosures(12 CFR 1005.4(b)).

A financial institution may combine requireddisclosures into a single statement if a consumerholds two or more accounts at the financialinstitution. Thus, a single periodic statement orerror resolution notice is sufficient for multipleaccounts. In addition, it is only necessary for afinancial institution to provide one set of disclosuresfor a joint account (12 CFR 1005.4(c)(l) and (2)).

Two or more financial institutions that jointlyprovide EFT services may contract among them-selves to meet the requirements that the regulationimposes on any or all of them. When making initialdisclosures (see 12 CFR 1005.7) and disclosuresof a change in terms or an error resolution notice(see 12 CFR 1005.8), a financial institution in ashared system only needs to make disclosures thatare within its knowledge and apply to its relation-ship with the consumer for whom it holds anaccount (12 CFR 1005.4(d)).

Initial Disclosure of Terms andConditions—12 CFR 1005.7

Financial institutions must provide initial disclo-sures of the terms and conditions of EFT servicesbefore the first EFT is made or at the time theconsumer contracts for an EFT service. They mustgive a summary of various consumer rights underthe regulation, including the consumer’s liability forunauthorized EFTs, the types of EFTs the consumer5. For POS transactions, the notice must be posted in a

prominent and conspicuous location and a copy of the noticemust be provided to the consumer at the time of the transaction(12 CFR 1005.3(b)(2)(i) and (ii) and Comment 3(b)(2)-3).

6. For POS transactions, the notice must be posted in aprominent and conspicuous location and a copy of the notice

must either be provided to the consumer at the time of thetransaction or mailed to the consumer’s address as soon asreasonably practicable after the person initiates the EFT to collectthe fee (12 CFR 1005.3(b)(3)).



may make, limits on the frequency or dollar amount,

fees charged by the financial institution, and the

error-resolution procedures. Appendix A to Part

1005 provides model clauses that financial institu-

tions may use to provide the disclosures.

Timing of disclosures. Financial institutions must

make the required disclosures at the time a

consumer contracts for an electronic fund transfer

service or before the first electronic fund transfer is

made involving the consumer’s account (12 CFR

1005.7(a)).

Disclosures given by a financial institution earlier

than the regulation requires (for example, when the

consumer opens a checking account) need not be

repeated when the consumer later authorizes anelectronic check conversion or agrees with a thirdparty to initiate preauthorized transfers to or fromthe consumer’s account, unless the terms andconditions differ from the previously disclosedterm. This interpretation also applies to any noticeprovided about one-time EFTs from a consumer’saccount initiated using information from the con-sumer’s check. On the other hand, if an agreementfor EFT services to be provided by an account-holding financial institution is directly between theconsumer and the account-holding financial insti-tution, disclosures must be given in close proximityto the event requiring disclosure, for example,when the consumer contracts for a new service(Comment 7(a)-1).

Where a consumer authorizes a third party todebit or credit the consumer’s account, an account-holding financial institution that has not receivedadvance notice of the transfer or transfers mustprovide the required disclosures as soon asreasonably possible after the first debit or credit ismade, unless the financial institution has previouslygiven the disclosures (Comment 7(a)-2).

If a consumer opens a new account permittingEFTs at a financial institution, and the consumerhas already received subpart A disclosures foranother account at that financial institution, thefinancial institution need only disclose terms andconditions that differ from those previously given(Comment 7(a)-3).

If a financial institution joins an interchange orshared network system (which provides access toterminals operated by other financial institutions),disclosures are required for additional EFT servicesnot previously available to consumers if the termsand conditions differ from those previously dis-closed (Comment 7(a)-4).

A financial institution may provide disclosurescovering all EFT services that it offers, even if someconsumers have not arranged to use all services(Comment 7(a)-5).

Addition of EFT services. A financial institution

must make disclosures for any new EFT service

added to a consumer’s account if the terms and

conditions are different from those described in the

initial disclosures. ECK transactions may be a new

type of transfer requiring new disclosures (See

Appendix A-2 and Comment 7(c)-1).

Content of disclosures. 12 CFR 1005.7(b) re-

quires a financial institution to provide the following

disclosures as they apply:

• Liability of consumers for unauthorized electronic

fund transfers. The financial institution must

include a summary of the consumer’s liability

(under 12 CFR 1005.6, state law, or other

applicable law or agreement) for unauthorized

transfers (12 CFR 1005.7(b)(1)). A financial

institution does not need to provide the liability

disclosures if it imposes no liability. If it later

decides to impose liability, it must first provide

the disclosures (Comment 7(b)(1)-1). The finan-

cial institution can choose to include advice on

promptly reporting unauthorized transfers or theloss or theft of the access device (Comment7(b)(1)-3).

• Telephone number and address. A financialinstitution must provide a specific telephonenumber and address, on or with the disclosurestatement, for reporting a lost or stolen accessdevice or a possible unauthorized transfer (Com-ment 7(b)(2)-2). Except for the telephone numberand address for reporting a lost or stolen accessdevice or a possible unauthorized transfer, thedisclosure may insert a reference to a telephonenumber that is readily available to the consumer,such as ‘‘Call your branch office. The number isshown on your periodic statement’’ (Comment7(b)(2)-2).

• Business days. The financial institution’s busi-ness days (12 CFR 1005.7(b)(3)).

• Types of transfers; limitations on frequency ordollar amount. Limitations on the frequency anddollar amount of transfers generally must bedisclosed in detail (12 CFR 1005.7(b)(4)). If theconfidentiality of certain details is essential to thesecurity of an account or system, these detailsmay be withheld (but the fact that limitations existmust still be disclosed).7 A limitation on accountactivity that restricts the consumer’s ability tomake EFTs must be disclosed even if therestriction also applies to transfers made by

7. For example, if a financial institution limits cash ATMwithdrawals to $100 per day, the financial institution may disclosethat daily withdrawal limitations apply and need not disclose thatthe limitations may not always be in force (such as during periodswhen its ATMs are off-line) (Comment 7(b)(4)-1).



non-electronic means.8 Financial institutions arenot required to list preauthorized transfers amongthe types of transfers that a consumer can make(Comment 7(b)(4)-3). Financial institutions mustdisclose the fact that one-time EFTs initiatedusing information from a consumer’s check areamong the types of transfers that a consumer canmake (See Appendix A-2 and Comment 7(b)(4)-4).

• Fees. A financial institution must disclose all feesfor EFTs or for the right to make EFTs (12 CFR1005.7(b)(5)). Other fees, for example, minimum-balance fees, stop-payment fees, account over-drafts, or ATM inquiry fees, may, but need not, bedisclosed under Regulation E (see RegulationDD, 12 CFR Part 1030) and (Comment 7(b)(5)-1).A per-item fee for EFTs must be disclosed even ifthe same fee is imposed on non-electronictransfers. If a per-item fee is imposed only undercertain conditions, such as when the transactionsin the cycle exceed a certain number, thoseconditions must be disclosed. Itemization of thevarious fees may be on the disclosure statementor on an accompanying document referenced inthe statement (Comment 7(b)(5)-2).

A financial institution must disclose that net-works used to complete the EFT as well as anATM operator, may charge a fee for an EFT or forbalance inquiries (12 CFR 1005.7(b)(11)).

• Documentation. A summary of the consumer’sright to receipts and periodic statements, asprovided in 12 CFR 1005.9, and notices regard-ing preauthorized transfers as provided in 12CFR 1005.10(a) and 1005.10(d) (12 CFR 1005.7(b)(6)).

• Stop payment. A summary of the consumer’sright to stop payment of a preauthorized elec-tronic fund transfer and the procedure for placinga stop-payment order, as provided in 12 CFR1005.10(c) and 12 CFR 1005.7(b)(7).

• Liability of institution. A summary of the financialinstitution’s liability to the consumer under Sec-tion 910 of the EFTA for failure to make or to stopcertain transfers (12 CFR 1005.7(b)(8)).

• Confidentiality. The circumstances under which,in the ordinary course of business, the financialinstitution may provide information concerningthe consumer’s account to third parties (12 CFR1005.7(b)(9)). A financial institution must de-scribe the circumstances under which any infor-mation relating to an account to or from whichEFTs are permitted will be made available to third

parties, not just information concerning those

EFTs. Third parties include other subsidiaries of

the same holding company (Comment 7(b)(9)-1).

• Error resolution. The error-resolution notice mustbe substantially similar to Model Form A-3 inAppendix A of Part 1005. A financial institutionmay use different wording so long as thesubstance of the notice remains the same, maydelete inapplicable provisions (for example, therequirement for written confirmation of an oralnotification), and may substitute substantive statelaw requirements affording greater consumerprotection than Regulation E (Comment 7(b)(10)-1). To take advantage of the longer time periodsfor resolving errors under 12 CFR 1005.11(c)(3)(for new accounts as defined in Regulation CC,transfers initiated outside the United States, ortransfers resulting from POS debit card transac-tions), a financial institution must have disclosedthese longer time periods. Similarly, a financialinstitution relying on the exception from provi-sional crediting in 12 CFR 1005.11(c)(2) foraccounts relating to extensions of credit bysecurities brokers and dealers (Regulation T, 12CFR Part 220) must disclose accordingly (Com-ment 7(b)(10)-2).

• ATM fees. A notice that a fee may be imposed byan automated teller machine operator as definedin §1005.16(a), when the consumer initiates anelectronic fund transfer or makes a balanceinquiry, and by any network used to complete thetransaction.

Change in Terms; Error ResolutionNotice—12 CFR 1005.8

If a financial institution contemplates a change interms, it must mail or deliver a written or electronicnotice to the consumer at least 21 days before theeffective date of any change in a term or conditionrequired to be disclosed under 12 CFR 1005.7(b) ifthe change would result in any of the following:

• increased fees or charges;

• increased liability for the consumer;

• fewer types of available EFTs; or

• stricter limitations on the frequency or dollaramounts of transfers (12 CFR 1005.8(a)(1)).

If an immediate change in terms or conditions isnecessary to maintain or restore the security of anEFT system or account, the financial institutiondoes not need to give prior notice. However, if thechange is to be permanent, the financial institutionmust provide notice in writing of the change to theconsumer on or with the next regularly scheduledperiodic statement or within 30 days, unlessdisclosures would jeopardize the security of the

8. For example, Regulation D (12 CFR 1004) restricts thenumber of payments to third parties that may be made from amoney market deposit account; a financial institution that does notexecute fund transfers in excess of those limits must disclose therestriction as a limitation on the frequency of EFTs (Comment7(b)(4)-2).



system or account (12 CFR 1005.8(a)(2)).

For accounts to or from which EFTs can bemade, the financial institution must mail, deliver, orprovide electronically to the consumer at least onceeach calendar year, the error resolution notice in 12CFR 1005 Appendix A—Model Form A-3, or onesubstantially similar. Alternatively, the financialinstitution may include an abbreviated error reso-lution notice substantially similar to the notice setout in Appendix A (Model Form A-3) with eachperiodic statement (12 CFR 1005.8(b)).

Disclosures at Automated TellerMachines—12 CFR 1005.16

An ATM operator that charges a fee is required toprovide notice that a fee will be imposed anddisclose the amount of the fee. The notice must beprovided either by showing it on the screen of theautomated teller machine or on paper before theconsumer is committed to paying a fee (12 CFR1005.16(b) and (c)).

The ‘‘clear and readily understandable standard’’under 12 CFR 1005.4(a) applies to the content ofthe notice. The requirement that the notice be in aretainable format only applies to printed notices(not those on the ATM screen).

The fee may be imposed by the ATM operatoronly if: (1) the consumer is provided the requirednotice, and (2) the consumer elects to continue thetransaction or inquiry after receiving such notice(12 CFR 1005.16(d)).

These fee disclosures are not required where anetwork owner is not charging a fee directly to theconsumer (i.e., some network owners charge aninterchange fee to financial institutions whosecustomers use the network) (Comment 7(b)(5)-3). Ifthe network practices change such that the net-work charges the consumer directly, these feedisclosure requirements would apply to the net-work (12 CFR 1005.7(c)).

Overdraft Service Disclosures—12 CFR1005.17

Disclosure requirements for overdraft services areaddressed in Section III of this document.

Gift Card Disclosures—12 CFR1005.20(c)

Disclosures must be clear and conspicuous andgenerally in a written or electronic form (except forcertain pre-purchase disclosures, which may begiven orally) that the consumer may retain. The feesand terms and conditions of expiration that arerequired to be disclosed prior to purchase may not

be changed after purchase.

A number of disclosures must be made on theactual card. Making such disclosures in an accom-panying terms and conditions document, on pack-aging surrounding a certificate or card, or on asticker or other label affixed to the certificate orcard does not constitute a disclosure on thecertificate or card. Those disclosures include thefollowing:

• the existence, amount, and frequency of anydormancy, inactivity, or service fee;

• the expiration date for the underlying funds (orthe fact that the funds do not expire);

• a toll-free telephone number and (if any) awebsite that the consumer may use to obtain areplacement certificate or card if the certificate orcard expires while underlying funds are stillavailable;

• a statement that the certificate or card expires,but the underlying funds do not expire or expirelater than the certificate or card, as well as astatement that the consumer may contact theissuer for a replacement card;9 and

• a toll-free telephone number and (if any) awebsite that the consumer may use to obtaininformation about fees.

Additional disclosure requirements regarding fees.

In addition to the disclosure requirements related todormancy, inactivity, or service fees, all other feesmust be disclosed as well. These disclosures mustbe provided on or with the certificate or card anddisclosed prior to purchase. The certificate or cardmust also disclose a toll-free telephone numberand website, if one is maintained, that a consumermay use to obtain fee information or replacementcertificates or cards (12 CFR 1005.20(f)).

Disclosure requirements for loyalty, award, or

promotional gift cards (12 CFR 1005.20(a)(4)). Toqualify for the exclusion for loyalty, award, orpromotional gift cards, the following must bedisclosed:

• a statement indicating that the card, code, orother device is issued for loyalty, award, orpromotional purposes, which must be includedon the front of the card, code, or other device;

• the expiration date for the underlying funds,which must be included on the front of the card,code, or other device;

• the amount of any fees that may be imposed inconnection with the card, code, or other device,and the conditions under which they may be

9. This requirement does not apply to non-reloadable certifi-cates or cards that expire seven years or more after the date ofmanufacture.



imposed, which must be provided on or with thecard, code, or other device; and

• a toll-free telephone number and, if one ismaintained, a website, that a consumer may useto obtain fee information, which must be includedon the card, code, or other device.

Amendments to Regulation E were issued onAugust 11, 2010. The amendments implementedlegislation that modified the effective date of certaindisclosure and card expiration requirements in thegift card provisions of the Credit Card Accountabil-ity Responsibility and Disclosure Act of 2009 forcards produced prior to April 1, 2010.

The disclosures and card expiration require-ments are

1. disclosures required to be made prior to pur-chase (see 12 CFR 1005.20(c)(3));

2. disclosures that must be stated on the certificateor card regarding the fees and expiration dates(see 12 CFR 1005.20(d)(2), (e)(1) & (e)(3)); and

3. disclosures that may be provided on or with thecertificate or card (see 12 CFR 1005.20(f)).

Gift cards must comply with all other provisionsof the gift card rule.

Issuers must make the following disclosures onin-store signs, messages during customer servicecalls, websites, and general advertising:

• the funds underlying the gift card do not expire;

• consumers have the right to receive a freereplacement card, along with the packaging andmaterials that typically accompany the gift card;and

• the issuer will charge dormancy, inactivity, orservice fees only if the fee is permitted by the giftcard rule.

The issuer was required to make the disclosuresvia customer service call center and website untilJanuary 31, 2013. See 12 CFR 1005.20(h).

III. Electronic Transaction OverdraftServices Opt-In—12 CFR 1005.17

In recent years overdraft protection services havebeen extended to cover overdrafts resulting fromnon-check transactions, including ATM withdraw-als, debit card transactions at point of sale, onlinetransactions, preauthorized transfers, and ACHtransactions. Generally, institutions charge a flatfee each time an overdraft is paid, although someinstitutions have a tiered fee structure and chargehigher fees based on the amount of the negativebalance at the end of the day or as the number ofoverdrafts increases. Institutions commonly chargethe same amount for paying check and ACHoverdrafts as they would if they returned the item

unpaid. Some institutions also impose a fee foreach day the account remains overdrawn. Fordebit card overdrafts, the[a0]dollar amount of thefee and multiple assessments can exceed thedollar amount of the overdrafts.

In 2005, the agencies10 issued guidance con-cerning the marketing, disclosure, and implemen-tation of overdraft programs. The guidance alsocovers safety and soundness considerations, andestablishes a number of best practices financialinstitutions should incorporate into their overdraftprograms. The 2009 revisions to Regulation Esupersede portions of the guidance related to ATMand one-time debit card overdraft transactions.However, in addition to the revised Regulation Erequirements, institutions should incorporate theiragency’s overdraft guidance into their overdraftprotection programs.

12 CFR 1005.17 was added in the 2009 revisionto Regulation E.11 It provides consumers with achoice to opt into their institution’s overdraftprotection program and be charged a fee foroverdrafts for ATM and one-time debit card trans-actions. It also requires disclosure of the fees andterms associated with the institution’s overdraftservice. Before an institution may assess overdraftfees, the consumer must opt in, or affirmativelyconsent, to the overdraft service for ATM andone-time debit card transactions, and the con-sumer has an ongoing right to revoke consent.Institutions may not require an opt in for ATM andone-time debit transactions as a condition to thepayment of overdrafts for checks and other trans-actions. The account terms, conditions and fea-tures must be the same for consumers who opt inand for those who do not.

Opt-in requirement for overdraft services. Thefinancial institution may assess a fee for paying anATM or one-time debit card transaction pursuant toan overdraft service only if it has met the followingrequirements:

• the financial institution has provided the con-sumer with a written (or, if the consumer agrees,electronic) notice, segregated from all otherinformation, describing the overdraft service;

• the financial institution has provided a reason-able opportunity for the consumer to affirmativelyconsent (opt in) to the overdraft service for ATM

10. The Office of the Comptroller of the Currency, the Board ofGovernors of the Federal Reserve System, the Federal DepositInsurance Corporation, and the National Credit Union Administra-tion, collectively issued joint guidance concerning a serviceoffered by insured depository institutions commonly referred to as‘‘bounced-check protection’’ or ‘‘overdraft protection.’’ This creditservice is sometimes offered on both consumer and smallbusiness transaction accounts as an alternative to traditionalmeans of covering overdrafts. Joint Guidance on OverdraftProtection Programs (February 18, 2005).

11. 74 Fed. Reg. 59033, Nov. 17, 2009; 75 Fed. Reg. 31665,June 4, 2010.



and one-time debit card transactions;

• the financial institution has obtained the consum-

er’s affirmative consent (opt in) for ATM and

one-time debit card transactions; and

• the financial institution has mailed or delivered

written (or, if the consumer agrees, electronic)

confirmation of the consent, including a state-

ment informing the consumer of the right to

revoke consent. An institution complies if it

adopts reasonable procedures to ensure that it

assesses overdraft fees only for transactions

paid after mailing or delivering the confirmation to

the consumer (12 CFR 1005.17(b)(1); Comment

17(b)-7).

Fee prohibitions. As a general rule, an institution

may not charge overdraft fees for paying an ATM or

one-time debit card transaction unless the con-

sumer has opted in. The fee prohibition also

applies to an institution that has a policy and

practice of not paying an ATM or one-time debit

card overdraft when it reasonably believes at thetime of the authorization request that the consumerdoes not have sufficient funds available to pay thetransaction, although the institution does not haveto comply with the notice and opt-in requirements(Comment17(b)-1(iv)).

Lack of consent does not prohibit the financialinstitution from paying ATM or one-time debit cardoverdrafts. However, the financial institution maycharge a fee only if the consumer has consented tothe institution’s overdraft service for ATM andone-time debit card transactions (Comment 17(b)-2). Conversely, the financial institution is notrequired to pay an ATM or one-time debit cardoverdraft even if the consumer has consented topay a fee (Comment 17(b)-3).

For a consumer who has not opted in, if a fee orcharge is based on the amount of the outstandingnegative balance, an institution may not charge afee for a negative balance that is solely attributableto an ATM or one-time debit card transaction.However, an institution may assess a fee if thenegative balance is attributable in whole or in partto a check, ACH transaction or other type oftransaction not subject to the prohibition on assess-ing overdraft fees (Comment 17(b)-8).

For a consumer who has not opted in, theinstitution may not assess daily or sustainednegative balance, overdraft, or similar fees for anegative balance, based solely on ATM or one-timedebit card transactions. However, if the negativebalance is attributable in part to a check, ACHtransaction, or other type of transaction not subjectto the prohibition on assessing overdraft fees, theinstitution may charge a daily or sustained over-draft or similar fee, even if the consumer has notopted in. The date the fee may be charged is

based on the date on which the check, ACH, orother type of transaction is paid into overdraft(Comment 17(b)-9).

Contents and format of notice. The noticedescribing the overdraft service must be substan-tially similar to Model Form A-9. The notice mustinclude all of the following items and may notcontain any other information not expressly speci-fied or otherwise permitted:

• a brief description of the overdraft service andthe types of transactions for which the financialinstitution may charge a fee;

• the dollar amount of any fee that may be chargedfor an ATM or one-time debit card transaction,including any daily or other overdraft fees;12

• the maximum number of fees that may becharged per day, or, if applicable, that there is nolimit;

• an explanation of the right to affirmatively consentto the overdraft service, including the methods bywhich the consumer may consent;13 and

• the availability of a line of credit or a service thattransfers funds from another account to coveroverdrafts, if the financial institution offers thosealternatives14 (12 CFR 1005.17(d)(1) through(d)(5)).

The financial institution also may (but is notrequired to) include the following information, to theextent applicable:

• disclosure of the right to opt into, or out of, thepayment of overdrafts for other types of transac-tions (e.g., checks, ACH transactions, or auto-matic bill payments) and a means for theconsumer to exercise such choices;

• disclosure of the financial institution’s returneditem fee, as well as the fact that merchants maycharge additional fees; and

• disclosure of the right to revoke consent (12 CFR1005.17(d)(6)).

Reasonable opportunity to consent. The financial

12. If the amount of the fee may vary based on the number oftimes the consumer has overdrawn the account, the amount of theoverdraft, or other factors, the financial institution must disclosethe maximum fee.

13. Institutions may tailor the response portion of Model FormA-9 to the methods offered. For example, a tear-off portion ofModel Form A-9 is not necessary if consumers may only opt in bytelephone or electronically (Comment 17(d)-3).

14. If the institution offers both a line of credit subject toRegulation Z (12 CFR Part 1026) and a service that transfers fundsfrom another account of the consumer held at the institution tocover overdrafts, the institution must state in its opt-in notice thatboth alternative plans are offered. If the institution offers one, butnot the other, it must state in its opt-in notice the alternative planthat it offers. If the institution does not offer either plan, it shouldomit the reference to the alternative plans (Comment 17(d)-5). Ifthe financial institution offers additional alternatives for payingoverdrafts, it may (but is not required to) disclose thosealternatives (12 CFR 1005.17(d)(5)).



institution must provide a reasonable opportunity to

consent. Reasonable methods of consent include

mail, if the financial institution provides a form for

the consumer to fill out and mail; telephone, if the

financial institution provides a readily available

telephone line that the consumer may call; elec-

tronic means, if the financial institution provides a

form that can be accessed and processed at its

website, where the consumer may click on a box to

consent and click on a button to affirm consent; or

in person, if the financial institution provides a form

for the consumer to complete and present at a

branch or office (Comment 17(b)-4). The financialinstitution may provide the opportunity to consentand require the consumer to make a choice as astep to opening an account (Comment 17(b)-5).

Affirmative consent is necessary. An importantfeature of the opt in is that the consumer’saffirmative consent is necessary before the institu-tion may charge overdraft fees for paying an ATMor one-time debit card transaction (12 CFR 1005.17(b)(iii)). The consent must be separate from otherconsents or acknowledgments (including a con-sent to receive disclosures electronically). Checkboxes are allowed, but the check box and theconsumer’s signature may only apply to theconsumer’s consent to opt in. Preprinted disclo-sures about the overdraft service provided with asignature card or contract do not constitute affir-mative consent (Comment 17(b)-6).

Confirmation and consumer’s right to revoke. Notonly must the consumer affirmatively consent, butthe institution must mail or deliver to the consumera written confirmation (or electronic, if the con-sumer agrees) that the consumer has consented,along with a statement informing the consumer ofthe right to revoke the consent at any time (12 CFR1005.17(b)(iv) and Comment 17(b)-7). An institu-tion complies with the confirmation requirement if ithas adopted reasonable procedures to ensure thatoverdraft fees are assessed only on transactionspaid after the confirmation is mailed or delivered tothe consumer (Comment 17(b)-7)).

Assessing fees. For consumers who have notopted in, institutions are prohibited from chargingoverdraft fees for paying those transactions. Thisprohibition applies to daily or sustained overdraft,negative balance, or similar fees. However, the ruledoes not prohibit an institution from assessingthese fees if the negative balance is attributable, inwhole or part, to a check, ACH or other transactionnot subject to the fee prohibition. However, if thenegative balance is attributable in part to an ATMtransaction, for example, and in part to a check, afee may be assessed based on the date when thecheck is paid into overdraft, not the date of the ATMor one-time debit transaction.

Conditioning payment of other overdrafts. The

financial institution may not condition the paymentof other types of overdraft transactions on theconsumer’s affirmative consent, and the financialinstitution may not decline to pay other types ofoverdraft transactions because the consumer hasnot affirmatively consented to the payment of ATMand one-time debit card overdrafts (12 CFR1005.17(b)(2)). In other words, the financial institu-tion may not use different criteria for paying othertypes of overdraft transactions for consumers whohave consented and for consumers who have notconsented (Comment 17(b)(2)-1).

Same account terms, conditions, and features. Inaddition, the financial institution must provide toconsumers who do not affirmatively consent thesame account terms, conditions, and features(except the payment of ATM and one-time debitoverdrafts) that are available to consumers who doaffirmatively consent (12 CFR 1005.17(b)(3)). Thatrequirement includes, but is not limited to

• interest rates paid;

• fees assessed;

• the type of ATM or debit card provided to thedepositor;15

• minimum balance requirements; and

• online bill payment services (Comment17(b)(3)-1).

Joint accounts. Any one account holder mayconsent, or revoke consent, for payment of ATM orone-time debit card transactions from a jointaccount (12 CFR 1005.17(e)).

Continuing right to consent or revoke. A con-sumer may consent to the payment of ATM andone-time debit card overdrafts at any time. Aconsumer may also revoke consent at any time.The financial institution must implement a revoca-tion as soon as reasonably practicable (12 CFR1005.17(f)). The financial institution need not waiveoverdraft fees assessed before it implements theconsumer’s revocation (Comment 17(f)-1).

Duration of consent. Consent remains effectiveuntil the consumer revokes it, unless the financialinstitution terminates the overdraft service (12 CFR1005.17(g)). The financial institution may terminatethe overdraft service, for example, if the consumermakes excessive use of the service (Comment17(g)-1).

Effective date. The overdraft services rule be-came effective on January 19, 2010, and compli-ance became mandatory on July 1, 2010. Foraccounts opened on or after July 1, 2010, the

15. For example, the financial institution may not provide aPIN-only debit card to consumers who do not opt in and a debitcard with both PIN and signature-debit features to consumers whodo opt in.



financial institution must obtain consent beforecharging a fee for payment of any ATM or one-timedebit overdraft. However, for accounts openedbefore July 1, 2010, the financial institution may notcharge a fee for paying any ATM or one-time debitoverdraft on or after August 15, 2010, unless it hasobtained consent (See 12 CFR 1005.17(c)).

IV. Issuance of Access Devices—12 CFR 1005.5 and 1005.18

In general, a financial institution may issue anaccess device to a consumer only in the followingcases:

• the consumer requested it in writing or orally.16

• it is a renewal of, or a substitute for, an acceptedaccess device (as defined in 12 CFR 1005.2(a)).See 12 CFR 1005.5(a).

Only one renewal or substitute device mayreplace a previously issued device. A financialinstitution may provide additional devices at thetime it issues the renewal or substitute accessdevice provided the institution complies with therequirements for issuing unsolicited access de-vices for the additional devices (Comments 5(a)(2)-1 and 5(b)-5).

A financial institution may issue an unsolicitedaccess device only if the access device meets allof the following criteria. The access device is

• not validated—that is, it cannot be used to initiatean EFT.

• accompanied by the explanation that it is notvalidated and how the consumer may dispose ofit if the consumer does not wish to validate it.

• accompanied by a complete disclosure, inaccordance with 12 CFR 1005.7, of the consum-er’s rights and liabilities that will apply if theaccess device is validated.

• validated only upon oral or written request fromthe consumer and after a verification of theconsumer’s identity by some reasonable means(12 CFR 1005.5(b)).

The financial institution may use any reasonablemeans of verifying the consumer’s identity, but theconsumer is not liable for any unauthorized trans-fers if an imposter succeeds in validating theaccess device (Comment 5(b)-4).

Payroll card access devices. Consistent with 12CFR 1005.5(a), a financial institution may issue apayroll card access device only in response to anoral or written request for the device or as a renewalor substitute for an accepted access device. A

consumer is deemed to request an access devicefor a payroll account when the consumer choosesto receive salary or other compensation through apayroll card account (Comment 18(a)-1).

EFT added to credit card. The EFTA andRegulation E apply when the capability to initiateEFTs is added to an accepted credit card (asdefined under Regulation Z). The EFTA andRegulation E also apply to the issuance of anaccess device that permits credit extensions undera preexisting agreement between the consumerand a financial institution to extend credit only tocover overdrafts (or to maintain a specified mini-mum balance). The Truth in Lending Act andRegulation Z govern the addition of a credit featureto an accepted access device, and except asdiscussed above, the issuance of a credit card thatis also an access device. For information on therelationship of Regulation E to other laws, includingTruth in Lending, see 12 CFR 1005.12.

V. Consumer Liability and ErrorResolution

Liability of Consumers for UnauthorizedTransfers—12 CFR 1005.6

A consumer may be liable for an unauthorized EFT(defined in 12 CFR 1005.2(m)) depending on whenthe consumer notifies the financial institution andwhether an access device was used to conduct thetransaction. Under the EFTA, there is no bright-linetime limit within which consumers must reportunauthorized EFTs (71 Fed. Reg. 1638, 1653 (Jan.10, 2006)).

The extent of the consumer’s liability is deter-mined solely by the consumer’s promptness innotifying the financial institution (Comment 6(b)-3).Other factors may not be used as a basis to holdconsumers liable. 12 CFR 1005.6 expressly prohib-its the following factors as the basis for imposinggreater liability than is permissible: the consumerwas negligent (e.g., wrote a PIN on an ATM card),an agreement between the consumer and thefinancial institution provides for greater liability, orthe consumer is liable for a greater amount understate law (Comment 6(b)-2 and 6(b)-3).

A consumer may only be held liable for anunauthorized transaction, within the limitations setforth in 12 CFR 1005.6(b), if

• the financial institution has provided all of thefollowing written disclosures to the consumer:

– a summary of the consumer’s liability forunauthorized EFTs

– the telephone number and address for report-ing that an unauthorized EFT has been or maybe made

16. For a joint account, a financial institution may issue anaccess device to each account holder for whom the requestingholder specifically requests an access device (Comment5(a)(1)-1).



– the financial institution’s business days

• any access device used to affect the EFT was an

accepted access device (as defined in 12 CFR

1005.2(a)).

• the financial institution has provided a means to

identify the consumer to whom the access device

was issued (12 CFR 1005.6(a)).

12 CFR 1005.6 allows, but does not require, the

financial institution to provide a separate means to

identify each consumer of a multiple-user account(Comment 6(a)-2).

The limitations on the amount of consumerliability for unauthorized EFTs, the time limits withinwhich consumers must report unauthorized EFTs,and the liability for failing to adhere to those timelimits, are listed in the chart below. The financialinstitution may impose less consumer liability thanis provided by 12 CFR 1005.6 based on state law orthe deposit agreement (12 CFR 1005.6(b)(6)).

Consumer Liability for Unauthorized Transfers

Event

Timing of Consumer Notice to

Financial Institution Maximum Liability

Loss or theft of access device1 Within two business days afterlearning of loss or theft

Lesser of $50 or total amount ofunauthorized transfers

Loss or theft of access device More than two business daysafter learning of loss or theft upto 60 calendar days aftertransmittal of statement showingfirst unauthorized transfer madewith access device

Lesser of $500 or the sum of:(a) $50 or the total amount of

unauthorized transfersoccurring in the first twobusiness days, whichever isless, and

(b) The amount of unauthorizedtransfers occurring after twobusiness days and beforenotice to the financialinstitution.2

Loss or theft of access device More than 60 calendar days aftertransmittal of statement showingfirst unauthorized transfer madewith access device

For transfers occurring within the60-day period, the lesser of $500or the sum of(a) Lesser of $50 or the amount

of unauthorized transfers infirst two business days, and

(b) The amount of unauthorizedtransfers occurring after twobusiness days.

For transfers occurring after the60-day period, unlimited liability(until the financial institution isnotified).3

Unauthorized transfer(s) notinvolving loss or theft of anaccess device

Within 60 calendar days aftertransmittal of the periodicstatement on which theunauthorized transfer firstappears

No liability.

Unauthorized transfer(s) notinvolving loss or theft of anaccess device

More than 60 calendar days aftertransmittal of the periodicstatement on which theunauthorized transfer firstappears

Unlimited liability forunauthorized transfers occurring60 calendar days after theperiodic statement and beforenotice to the financial institution.

1. Includes a personal identification number (PIN) if usedwithout a card in a telephone transaction, for example.

2. Provided the financial institution demonstrates that thesetransfers would not have occurred had notice been given withinthe two-business-day period.

3. Provided the financial institution demonstrates that thesetransfers would not have occurred had notice been given withinthe 60-day period.



Knowledge of loss or theft. The fact that a

consumer has received a periodic statement

reflecting an unauthorized transaction is a factor,

but not conclusive evidence, in determining whether

the consumer had knowledge of a loss or theft of

the access device (Comment 6(b)(1)-2).

Timing of notice. If a consumer’s delay in

notifying a financial institution was due to extenu-

ating circumstances, such as extended travel or

hospitalization, the time periods for notification

specified above must be extended to a reasonable

time (12 CFR 1005.6(b)(4); Comment 6(b)(4)-1).

Notice to the financial institution. A consumergives notice to a financial institution about unau-thorized use when the consumer takes reasonablesteps to provide the financial institution with thepertinent information, whether or not a particularemployee actually receives the information (12 CFR1005.6(b)(5)(i)). Even if the consumer is unable toprovide the account number or the card number,the notice effectively limits the consumer’s liability ifthe consumer sufficiently identifies the account inquestion, for example, by giving the name on theaccount and the type of account (Comment6(b)(5)-3). At the consumer’s option, notice may begiven in person, by telephone, or in writing (12 CFR1005.6(b)(5)(ii)). Notice in writing is consideredgiven at the time the consumer mails the notice ordelivers the notice for transmission by any otherusual means to the financial institution. Notice mayalso be considered given when the financialinstitution becomes aware of circumstances lead-ing to the reasonable belief that an unauthorizedtransfer has been or may be made (12 CFR1005.6(b)(5)(iii)).

Relation of error resolution to Truth in Lending.

The liability and error resolution provisions in 12CFR 1005.6 and 1005.11 apply to an extension ofcredit that occurs under an agreement between theconsumer and a financial institution to extend creditwhen the consumer’s account is overdrawn, tomaintain a specified minimum balance in theconsumer’s account, or under an overdraft service(12 CFR 1005.12(a)(1)(ii)). As provided in 12 CFR1005.12 and related commentary, for transactionsinvolving access devices that also function ascredit cards, the liability and error resolutionprovisions in 12 CFR 1005.6 and 1005.11 orRegulation Z will apply depending on the nature ofthe transaction:

• If the unauthorized use of a combined accessdevice−credit card solely involves an extensionof credit, other than an extension of creditdescribed under 12 CFR 1005.12(a)(1)(iii), anddoes not involve an EFT, for example, when thecard is used to draw cash advances directly froma credit line, only the error resolution provisions ofRegulation Z will apply.

• If the unauthorized use of a combined accessdevice−credit card involves only an EFT, forexample, debit card purchases or cash withdraw-als at an ATM from a checking account, only theerror resolution provisions of 12 CFR 1005.6 and1005.11 will apply.

• If a combined access device−credit card isstolen and unauthorized transactions are madeby using the card as both a debit card and acredit card, 12 CFR 1005.6 and 1005.11 willapply to the unauthorized transactions in whichthe card was used as a debit card, andRegulation Z will apply to the unauthorizedtransactions in which the card was used as acredit card.

Procedures for Resolving Errors—12 CFR 1005.11

This section defines the term error and describesthe steps the consumer must take when assertingan error in order to receive the protection of theEFTA and 12 CFR 1005.11, and the proceduresthat a financial institution must follow to resolve analleged error under this section.

An error includes any of the following:

• an unauthorized EFT

• an incorrect EFT to or from the consumer’saccount

• the omission from a periodic statement of an EFTto or from the consumer’s account that

consumer compliance handbook - cfpa guideconsumer compliance handbook contents about this handbook...

Documents