Why it matters

Preauthorized electronic fund transfers (EFTs) were the subject of a new Compliance Bulletin issued by the Consumer Financial Protection Bureau (CFPB), discussing the requirements under the Electronic Fund Transfer Act (EFTA) and Regulation E for obtaining consumer authorization for such transactions. The guidance resulted from observations during examinations that some entities are not complying with the relevant laws, the Bureau said, citing companies that failed to provide consumers with the necessary confirmation of terms under Regulation E, for example. The CFPB reminded companies that although consumers may provide their consent for a preauthorized EFT over the phone, the mandates of the Electronic Signatures in Global and National Commerce Act must still be satisfied. In addition, once authorization has been obtained, consumers must be provided with a copy of their authorization in either written or electronic form, providing information on the "important terms" of the authorization such as the recurring nature of the payments, the amount, and the timing of when they will occur. In addition to the industry guidance, the Bureau published tips for consumers about their rights with regard to EFTs, providing sample letters to communicate with their credit union or bank to stop allowing a merchant to take payments from the customer's account. Although these requirements for preauthorized EFTs have been in place for some time, the CFPB's Bulletin likely will draw increased plaintiff's lawyer and regulator attention to merchants that offer "autopay" options for consumers to pay for goods and services.

Detailed discussion

Don't forget the obligations that arise under the Electronic Fund Transfer Act (EFTA) and Regulation E when obtaining consumer authorizations for preauthorized electronic fund transfers (EFTs) from a customer, the Consumer Financial Protection Bureau (CFPB) recently reminded merchants and financial institutions.

Examinations and other observations have shown the Bureau that some entities are not achieving full compliance with the relevant laws and that some are unclear about what the requirements are. Noting that companies across many industries—from mortgage servicing to debt collection to short-term, small-dollar lending—solicit authorizations from consumers for payment via EFTs, the CFPB released Compliance Bulletin 2015-06 to help companies follow the rules.

Defined as an "electronic fund transfer authorized in advance to recur at substantially regular intervals," both the EFTA and Regulation E establish requirements for the use of preauthorized EFTs. First, companies must obtain the proper authorization from consumers. Per Regulation E, authorization can be achieved by a "writing" that is signed "or similarly authenticated by the consumer," and a copy of the authorization must also be provided to the consumer.

There are several ways to obtain the necessary customer approval, the CFPB explained. Authorization is permitted in paper form, electronically, and even over the phone if the requirements for electronic records and signatures under the Electronic Signatures in Global and National Commerce Act (E-Sign Act) are met. That statute establishes the criteria for a valid electronic signature or record.

"Regulation E may be satisfied if a consumer authorizes preauthorized EFTs by entering a code into their telephone keypad, or … the company records and retains the consumer's oral authorization, provided in both cases the consumer intends to sign the record as required by the E-Sign Act," the Bureau said.

Entities should note that any recording of a telephone conversation with a consumer must be conducted in accordance with applicable state law, the CFPB noted.

In addition to obtaining proper authorization, companies need to provide a copy of the terms of the EFT authorization to the consumer. In either paper or electronic form, the company must share important terms such as the timing and amount of the recurring transfers from the consumer's account, the Bulletin said.

CFPB examiners observed in at least one examination that one or more companies provided consumers with a notice of terms for preauthorized EFTs from a consumer's account that did not satisfy Regulation E "because the notices did not disclose important authorization terms such as the recurring nature of the preauthorized EFTs, or the amount and timing of all the payments to which the consumer agreed."

Entities do have an alternative option to providing a copy of the authorization after its execution if they use a confirmation form. "For instance, a company may provide a consumer with two copies of a preauthorization form, and ask the consumer to sign and return one and to retain the second copy," the Bureau said. "However, a company does not satisfy Regulation E by only making a copy of the authorization available upon request in lieu of providing the copy."

With the reminder available to all entities, the CFPB said it expects companies obtaining consumer authorizations for preauthorized EFTs to know and comply with all legal requirements, obtaining the necessary authorization before initiating the EFTs, providing a copy of the authorization to consumers and, when practical, encouraging entities to provide the copy of the authorization to the consumer before the first preauthorized EFT is initiated.

"If the CFPB determines that an entity has engaged in acts or practices that violate EFTA and Regulation E, or any other Federal consumer financial law, it will take appropriate supervisory or enforcement action to address the violations and seek all appropriate corrective measures, including remediation of harm to consumers and assessment of civil money penalties," the Bureau warned.

EFTA provides for a private right of action for violations of the EFTA, including requirements applicable to preauthorized EFTs. The CFPB Bulletin, suggesting that some merchants or financial institutions are not in compliance with EFTA and Regulation E autopay requirements, may attract plaintiff's attorney attention.

To read the CFPB's Compliance Bulletin 2015-06, click here.