On Monday, November 23, the CFPB released a new Compliance Bulletin to remind financial entities of their requirements when obtaining consumer authorizations for preauthorized electronic fund transfers (EFT). Mortgage servicers, student loan servicers, debt collectors, and short-term, small-dollar lenders are specifically highlighted in the Compliance Bulletin as entities engaged in preauthorized EFT transactions. These entities will want to take notice of the CFPB’s explanation of the Electronic Fund Transfer Act (EFTA) and Regulation E requirements.

Many consumers elect to participate in automatic payment plans via preauthorized EFTs that allow entities to debit funds directly from consumers’ bank accounts. This practice has boomed in recent years because it allows consumers to automatically pay recurring bills for their utilities, credit cards, car payments, or mortgages and avoid potential late fees. Preauthorized EFTs are different from recurring bill pay, where consumers grant their bank permission to send payments to a company.  

The Compliance Bulletin explained that the CFPB is concerned that some entities fail to meet the requirements set by the EFTA and Regulation E. Regulation E requires consumers’ authorization for preauthorized EFTs through a signed writing or a similar authentication. Entities must also provide a copy of the authorization to the consumer and clearly describe the terms of preauthorized automatic debits. Entities that fail to comply with these requirements could face CFPB supervisory or enforcement action, which can include assessment of monetary penalties.

The CFPB expects entities to have a working knowledge of the legal requirements before initiating preauthorized EFTs. For example, through its examinations the CFPB found that an entity did not violate the EFTA and Regulation E where it obtained consumer preauthorization by telephone. These preauthorizations were signed or authenticated by consumers orally or by entering a code with their telephone keypad.  However, this form of preauthorization has specific requirements, including that the entity retain the consumer’s oral authorization. Thus entities can successfully obtain preauthorization in a variety of ways suited to their business needs, but this will require a detailed review of their procedures under the Compliance Bulletin’s guidance, EFTA, and Regulation E.

In addition to explaining the legal requirements for entities through the Compliance Bulletin, the CFPB’s accompanying blog post and press release include four sample form letters for consumers to send to entities to revoke permission to automatically debit their accounts and to provide notice of unauthorized debits from consumers’ accounts.