July 22, 2013 Eric Dewey, CRCM FDIC Compliance Examiner 1 This presentation does not constitute legal advice or provide the official position of the FDIC. It also does not provide sufficient information to make final determinations about your institution’s approach to EFT error-resolution compliance. As appropriate, consult with legal counsel regarding your institution’s specific approach. 2 • • Definition of Error - includes some “merchant disputes” Notice from consumer by any means, oral or written within 60 days of periodic statement • • Reasonable investigation Resolution within prescribed time limits 10 days 45 days with provisional credit Extended time limits for certain types of transactions • Notice of resolution Honoring items for 5 days post-notification in cases of no error 3 • Regulation E rules are federal law • VISA/MC and NACHA rules are simply contractual agreements • VISA/MC or NACHA rules with regard to timeframes for bank’s chargeback rights cannot be used to justify the denial of the consumer’s rights under Regulation E • If Regulation E error-resolution rules require crediting the consumer, but VISA/MC or NACHA chargeback rights have expired, the bank may be required to take the loss 4 What follows are some fact patterns that have resulted in banks being cited for violations of Regulation E. Please keep in mind that: • Examinations are risk-focused • Examiners have differing levels of awareness of errorresolution processes • “Industry standard” practices may not be fully compliant with the law 5 Your bank uses the standard template Regulation E disclosures offered by your third-party provider, which meet all regulatory requirements. When a customer orally disputes an electronic debit on their deposit account, your bank requires the customer to complete a sworn affidavit before the customers claim is investigated. In addition, whenever your bank “feels” that the customer is making a false dispute claim, the customer is required to file a police report and agree in writing to appear in court as a witness, before their dispute will be processed. What do you think? 6 In addition to violating Regulation E, the FDIC found these practices to be unfair. Requiring consumers to satisfy significant additional requirements beyond the regulation may amount to denial of the claim. Although the amount of each error resolution claim might be small, in the aggregate they are likely to be substantial. In this case, one transaction involved an alleged error of more than $5,000. The injuries were not reasonably avoidable by the consumer. There were no countervailing benefits identified. 7 Your bank uses the standard template Regulation E disclosures offered by your third-party provider, which meet all regulatory requirements. When a customer notifies the Bank of a dispute involving a third-party merchant transaction, before the Bank will begin its investigation the customer is instructed to contact the merchant and try to resolve the error. If the merchant denies the error, the customer may return to the Bank to begin the dispute process. What do you think? 8 In addition to violating Regulation E, the FDIC found these practices to be deceptive. The Initial Disclosure was misleading. It states that telephone notice was the best way to reduce losses, but when customers called the bank declined to initiate an investigation until the customer attempted to resolve the matter with the merchant. A reasonable consumer would think that the Bank would follow the procedures in the Initial Disclosure, and would not know that the additional requirement violated Regulation E. The bank's additional requirements, which violate Regulation E, are material. 9 Consider this situation: You shop for medications online, and find one merchant offering a 3 month supply of your medications for only $50. You carefully authorize an EFT for $50 to purchase the medications. However, when your statement arrives, the merchant has charged you $150 for the medications. (As a good financial professional, you carefully read all of the disclosures from the merchant, and there is nothing that authorizes the additional $100 charge). Do you have dispute rights under Regulation E? 10 Now consider this situation: You shop for clothes online, and find a merchant offering a jacket for $50 that you like. You carefully authorize an EFT for $50 to purchase the jacket. However, when your jacket arrives, it is not the size or color you ordered. Do you have dispute rights under Regulation E? Why, or why not? 11 Your bank uses the standard template Regulation E disclosures offered by your third-party provider, which meet all regulatory requirements. In addition, your bank discloses a $25 Debit Card Chargeback fee on disputed EFT transactions. Is this fee allowed under Regulation E? 12 See Comment 3 to Section 11(c) of Regulation E. It states that, if a billing error has occurred you cannot not impose a charge related to any aspect of the errorresolution process (including charges for documentation or investigation). It goes on to say that, because the EFTA grants the consumer error-resolution rights, the institution “should avoid any chilling effect on the good-faith assertion of errors that might result if charges are assessed” even when no billing error has occurred. 13 Your bank uses the standard template Regulation E disclosures offered by your third-party provider, which meet all regulatory requirements. A customer calls to report unauthorized use within two days of the occurrence. Your bank imposes $250 of liability on the customer (more than the $50 limit) because the customer wrote their PIN number on the back of the card. What do you think? 14 Comments 2 to Section 6(b) in the Official Interpretations of Regulation E comes into play here: Comment 2 states that negligence by the consumer cannot be used as the basis for imposing greater liability than is permissible under Regulation E, and specifically uses the example of writing the PIN on a debit card or on a piece of paper kept with the card. 15 Your bank uses the standard template Regulation E disclosures offered by your third-party provider, which meet all regulatory requirements. However, due to the higher incidence of fraud on non-US transactions, you also require customers to waive their dispute rights for any transactions conducted outside the state or country. What do you think? 16 Now look at Comment 3 to Section 6(b) in the Official Interpretations of Regulation E: Comment 3 states that the extent of the consumer's liability is determined solely by the consumer's promptness in reporting the loss or theft of an access device, and that no agreement between the consumer and an institution may impose greater liability for an unauthorized transfer than the limits provided in Regulation E. 17 Will customers/auditors/examiners think is there a gap between what your disclosures say and what you’re actually doing? Whose perspective is more important in thinking about what is “reasonable” – the bank’s or the consumer’s? Reg E disputes can be expensive to process. Are they more expensive than a UD(A)AP violation? What’s that third-party up to, anyway? (Even if they are your core processor). Now that I’ve covered the regulatory requirements, what about UD(A)AP risks? If every bank is doing it, does that make it okay, or is it really just abusive? 18 FIL 26-2004 “Unfair or Deceptive Acts or Practices by State-Chartered Banks”, March 11, 2004 FTC Policy Statement on Deception (October 14, 1983), appended to Cliffdale Associates, Inc., 103 F.T.C. 110, 174 (1984) http://www.ftc.gov/bcp/policystmt/ad-decept.htm FTC Policy Statement on Unfairness (October 14, 1983), appended to International Harvester Co. , Inc., 103 F.T.C. 949, 1070 (1984) http://www.ftc.gov/bcp/policystmt/ad-unfair.htm 19 FDIC Examination Manual on Abusive practices http://www.fdic.gov/regulations/compliance/manu al/pdf/VII-1.1.pdf CFPB Examination Manual http://www.consumerfinance.gov/guidance/ supervision/manual/ 12 C.F.R. 1005 and Official Interpretations http://www.ecfr.gov/ 20