The Consumer Financial Protection Bureau released a compliance bulletin dated November 23, 2015 to help entities that currently fail to comply with the requirements imposed by the Electronic Funds Transfer Act (EFTA) and Regulation E or entities that are simply confused about their obligations under such. In my experience, the majority of the entities in today’s environment fall under the latter, so this bulletin should be well received.
As many entities are well aware, EFTA and Regulation E establish specific requirements needed to obtain consumer authorizations for pre-authorized EFTs. Regulation E specifically requires that consumer EFTs be authorized “only by a writing signed or similarly authenticated by the consumer.”[1] This is where the confusion starts for most entities when determining whether electronic signatures meet the requirement. The commentary to Regulation E states that electronic authorization must meet the requirements of the E-Sign Act.[2]
The E-Sign act provides certain criteria that must be met to find an electronic signature enforceable. Although an interpretation of the E-Sign Act may restrict the use of oral recordings as electronic signatures, the CFBP noted that this only applies “where a statute, regulation or other rule of law requires that information…be provided or made available to a consumer in writing[3],” and since Regulation E does not require entities to provide this in writing, this restriction would not apply.
The CFPB provided a known example of an examination where this interpretation was enforced; the Supervision concluded that an entity did not violate EFTA or Regulation E when it obtained telephone authorizations. Both the authorizations provided — entering a code into the keypad and oral authorizations — met the requirements as provided by the E-Sign Act.
In addition to the CFBP’s position on oral authorization, the CFBP also spoke as it related to providing a copy of the authorization to the Consumer. Regulation E requires that consumer be provided a copy of the terms of any pre-authorized EFT[4], both in paper form and electronically[5]. They point out the fact that two of the most significant terms are timing and amount[6]. A question that many entities still have is addressed specifically: the timing in which the written authorization must be provided. The CFPB answers the question by saying that you can obtain an E-Sign Signature and then provide the writing separately, after the transaction, either in paper or as an E-Sign electronic record. During recent examinations, they did, however, note that providing the terms from a consumer’s account failed to meet the requirements, as it did not provide important authorization terms such as the reoccurring nature, amount and timing of the payments agreed upon[7]. In addition, they also noted that it was acceptable to provide a consumer a copy of the authorization by providing the consumer two forms, having them return one and retain the other. However, an entity does not comply with Regulation E by only making a copy available upon request[8].
[1] 12 CFR § 1005.10(b)
[2] 15 U.S.C § 7001(a)(1)
[3] 12 CFR § 1005.10(b)
[4] Id.
[5] See 12 CFR part 1005, Supp. I, comment 10(b)-5.
[6]12 CFR § 1005.10(k)
[7] See 12 CFR part 1005, Supp. I, comment 10(b)-4
[8] 12 CFR § 1005.10(b)
