Listen to this post

On September 17, the CFPB issued a circular stating that financial institutions can be found liable for violating the Electronic Funds Transfer Act by charging overdraft fees if the there is no proof of consumers’ affirmative consent to such overdraft services.

Under Regulation E, financial institutions must provide consumers a “reasonable opportunity to affirmatively consent, or opt in” and obtain the consumers’ “affirmative consent, or opt in” before charging fees for ATM or one-time debit transactions.   Financial institutions are also required to give written or electronic notice of their overdraft services prior to obtaining consent and must provide confirmation of the consumers’ enrollment, along with notice of the consumers’ right to revoke consent.

The circular reminds financial institutions that Regulation E sets forth an opt-in, rather than opt-out, process before those institutions are permitted to assess fees for covered overdraft services.  Absent affirmative enrollment by consumers, the default status for consumers is to not be enrolled in covered overdraft services.  The Bureau noted that in supervisory examinations, examiners have found that some institutions have been unable to provide evidence that consumers had opted into overdraft coverage before they were charged fees.

The circular instructs regulators to inspect a financial institution’s records for evidence of affirmative consent to enrollment in covered overdraft service.  This can include:

  • A signed or initialed copy of the form for consumers opting in through in-person or mail;
  • A recording of the phone call for consumers opting in via telephone; and
  • A securely stored, unalterable electronic signature for consumers opting in online or through a mobile app.

Putting It Into Practice: Recordkeeping is crucial for ensuring compliance with Reg E’s opt-in provisions.  Notably, Regulation E has specific record-keeping requirements; companies are required to retain evidence of compliance with the Act for at least two years.  12 C.F.R. § 1005.13(b)(1).  But what if financial institutions destroyed a customer records after the statutorily-required two-year time frame?  While such a practice should not violate the law, the Bureau seems to suggest that institutions will now be penalized for it.