“What can we do?” Has been a common question we have received regarding the responsibility and liability related to Electronic Fund Transfers – Regulation E.
Unfortunately, we do not always have a clear black and white answer. The interpretation of the regulation always leans more to what is in the best interests of the customer, not the financial institution. Many of the questions we receive are related to payment applications. We have also noticed an increase of findings related to the timing of final notices. I will try to explain my interpretation of the rules surrounding payment applications and the timing of final notices.
Payment Applications
Section 14 of the regulation is geared towards payment applications; however, it does not relieve the financial institution from responsibility. Per the regulation there are three checkpoints used to determine if the financial institution has responsibility or the service provider (payment application) does.
- Account: Who provided the account – the financial institution or the payment application? The answer to this question will usually be the payment application. Payment applications typically have an account set up for each user.
- Access Device: Who provided the access device – the financial institution or the payment application? The answer to this question will usually be the payment application. Payment applications typically provide the access device through login credentials and sometimes a debit card.
- Agreement: Who has the agreement to use the account and access device? This is where the gray comes in. The payment application may hold the account and the access device and not have an agreement with the account-holding institution; however, there are various scenarios that results in section 14 not being applicable and the financial institution being responsible if the customer comes to them.
- If the payment application is using a financial institution’s debit card information, section 14 DOES NOT apply because the bank does have an agreement with the customer related to that debit card, no matter how the access is being granted.
- If the payment application uses automated clearing house (ACH) an agreement is in play and section 14 DOES NOT apply.
All three of the answers to these items must be “no” for the financial institution to not be responsible, but the agreement part is rarely a no. If the financial institution can say “NO” to all three items and provide good documentation, then the liability goes back to the payment application (service provider) and the financial institution is responsible for providing documentation related to the error to the service provider and to honor the transactions from the service provider related to the resolution of the error.
Following are example scenarios related to payment application transactions:
- Sally Customer sets up a Venmo account using her financial institution’s routing number and checking account number or her debit card information as the means to make payments – through the application. Sally decides to buy a clock and uses her Venmo application to make the payment. Sally never receives the clock. Sally comes to the financial institution to report this fraud. Who is liable in this scenario? This scenario does not constitute an unauthorized transaction. The financial institution will need to start the investigation process, but if it is determined Sally was the one to authorize the payment, she is then liable.
- Sally Customer has a Venmo account using her financial institution’s routing number and checking account number or her debit card information as the means to make payments – through the application. Upon reviewing her statement Sally realizes a Venmo transaction has occurred she is not aware of. Sally notifies the bank of this transaction. Who is liable in this scenario? This scenario does appear to be an unauthorized transaction and the investigation will most likely conclude her Venmo login was compromised. The financial institution will need to start an investigation and Regulation E Error Resolution procedures will need to be followed. The amount of liability for Sally will be determined based on consumer liability conditions and the results of the investigation.
- John Customer does not use payment applications but shared his account and/or debit card information with an online vendor to purchase a mower. John never receives the mower. John comes to the financial institution to report this fraud. Who is liable in this scenario? This scenario does not constitute an unauthorized transaction. The financial institution will need to start the investigation process, but if it is determined John was the one to authorize the payment, he is then liable.
- John Customer receives his statement and discovers an additional transaction from the above mentioned online vendor. John does not know what this transaction is for. John notifies the financial institution. Who is liable in this scenario? This scenario does appear to be an unauthorized transaction and the investigation will conclude John’s account information, provided for an authorized transaction, was used again without his authorization. The financial institution will need to start an investigation and Regulation E Error Resolution procedures will need to be followed. The amount of liability for John will be determined based on consumer liability conditions and the results of the investigation.
Final Notice Timing
In the past few months, we have come across financial institutions concluding Error Disputes as soon as a “provisional credit” is received from the financial institution’s processor and then up to a month later discovering an error did not occur and trying to debit the customer’s account. Our suggestion is for the financial institution to not finalize the investigation until the processor has completed its investigation. Per the regulation the financial institution must correct the error and notify the customer after determining an error has or has not occurred. The final notice should not be sent until the investigation is completed. Error resolution timelines will need to be followed, but a “provisional credit” from the processor does not constitute the investigation is complete.
There are several aspects related to Regulation E and the resolution of errors. We like to refer to the Consumer Financial Protection Bureau for our interpretation of this regulation and several others.
Connect with our Pinion financial institution team with any questions you may have surrounding Regulation E.
