Advanced Search

Electronic Fund Transfer


Published: 2007-11-09

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now for only USD$40 per month.
ACTION:
Final rule; official staff interpretation.
SUMMARY:
The Board is amending Regulation E, which implements the Electronic Fund Transfer Act, and the official staff commentary to the regulation, to withdraw portions of the interim final rules for the electronic delivery of disclosures issued March 30, 2001. The interim final rules addressed the timing and delivery of electronic disclosures, consistent with the requirements of the Electronic Signatures in Global and National Commerce Act (E-Sign Act). Because compliance with the 2001 interim final rules has not been mandatory, withdrawal of these provisions from the Code of Federal Regulations reduces confusion about the status of the provisions and simplifies the regulation. Similar rules are being adopted under other consumer fair lending and financial services regulations administered by the Board.
DATES:
The final rule is effective December 10, 2007. The mandatory compliance date is October 1, 2008.
FOR FURTHER INFORMATION CONTACT:
John C. Wood, Counsel, Division of Consumer and Community Affairs, at (202) 452-2412 or (202) 452-3667. For users of Telecommunications Device for the Deaf (TDD) only, contact (202) 263-4869.
SUPPLEMENTARY INFORMATION:
I. Statutory Background
The purpose of the Electronic Fund Transfer Act (EFTA), 15 U.S.C. 1693 et seq. , is to provide a basic framework establishing the rights, liabilities, and responsibilities of participants in electronic fund transfer (EFT) systems, and to provide individual consumer rights. The Board's Regulation E (12 CFR part 205) implements the EFTA. Examples of types of transfers covered by the EFTA and Regulation E include transfers initiated through an automated teller machine (ATM), point-of-sale (POS) terminal, automated clearinghouse (ACH), telephone bill-payment plan, or remote banking service. The EFTA and Regulation E require financial institutions to provide certain disclosures to consumers in writing, including but not limited to initial disclosures of terms and conditions of an EFT service, documentation of EFTs by means of terminal receipts and periodic account activity statements, and change in terms notices. Certain persons other than financial institutions are also required to comply with specific disclosure provisions of Regulation E.
The Electronic Signatures in Global and National Commerce Act (the E-Sign Act), 15 U.S.C. 7001 et seq. , was enacted in 2000. The E-Sign Act provides that electronic documents and electronic signatures have the same validity as paper documents and handwritten signatures. The E-Sign Act contains special rules for the use of electronic disclosures in consumer transactions. Under the E-Sign Act, consumer disclosures required by other laws or regulations to be provided or made available in writing may be provided or made available, as applicable, in electronic form if the consumer affirmatively consents after receiving a notice that contains certain information specified in the statute, and if certain other conditions are met.
The E-Sign Act, including the special consumer notice and consent provisions, became effective October 1, 2000, and did not require implementing regulations. Thus, financial institutions are currently permitted to provide in electronic form any disclosures that are required to be provided or made available to the consumer in writing under Regulation E if the consumer affirmatively consents to receipt of electronic disclosures in the manner required by section 101(c) of the E-Sign Act.
II. Board Proposals and Interim Rules Regarding Electronic Disclosures
On April 4, 2001, the Board published for comment interim final rules to establish uniform standards for the electronic delivery of disclosures required under Regulation E (66 FR 17786). Similar interim final rules for Regulations B, M, Z, and DD (implementing the Equal Credit Opportunity Act, the Consumer Leasing Act, the Truth in Lending Act, and the Truth in Savings Act, respectively) were published on March 30, 2001 (66 FR 17322 and 66 FR 17329) (Regulations M and Z, respectively), and April 4, 2001 (66 FR 17779 and 66 FR 17795) (Regulations B and DD, respectively). Each of the interim final rules incorporated, but did not interpret, the requirements of the E-Sign Act. Financial institutions and other persons, as applicable, generally were required to obtain consumers' affirmative consent to provide disclosures electronically, consistent with the requirements of the E-Sign Act. The interim final rules also incorporated many of the provisions that were part of earlier regulatory proposals issued by the Board regarding electronic disclosures. 1
Under the 2001 interim final rules, disclosures could be sent to an e-mail address designated by the consumer, or could be made available at another location, such as an Internet Web site. If the disclosures were not sent by e-mail, financial institutions would have to provide a notice to consumers (typically by e-mail) alerting them to the availability of the disclosures. Disclosures posted on a Web site would have to be available for at least 90 days to allow consumers adequate time to access and retain the information. Institutions also would be required to make a good faith attempt to redeliver electronic disclosures that were returned undelivered, using the address information available in their files.
Commenters on the interim final rules identified significant operational and information security concerns with respect to the requirement to send the disclosure or an alert notice to an e-mail address designated by the consumer. For example, commenters stated that some consumers who choose to receive electronic disclosures do not have e-mail addresses or may not want personal financial information sent to them by e-mail. Commenters also noted that e-mail is not a secure medium for delivering confidential information and that consumers' e-mail addresses frequently change. The commenters also opposed the requirement for redelivery in the event a disclosure was returned undelivered. In addition, many commenters asserted that making the disclosures available for at least 90 days, as required by the interim final rule, would increase costs and would not be necessary for consumer protection.
In August 2001, in response to comments received, the Board lifted the previously established October 1, 2001 mandatory compliance date for all of the interim final rules. (66 FR 41439, August 8, 2001.) Thus, institutions are not required to comply with the interim final rules. Since that time, the Board had not taken further action with respect to the interim final rules on electronic disclosures in order to allow electronic commerce, including electronic disclosure practices, to continue to develop without regulatory intervention and to allow the Board to gather further information about such practices.
In April 2007, the Board proposed to amend Regulation E and the official staff commentary by (1) withdrawing portions of the 2001 interim final rule that restate or cross-reference provisions of the E-Sign Act and accordingly are unnecessary; (2) withdrawing other portions of the interim final rule that the Board now believes may impose undue burdens on electronic banking and commerce and may be unnecessary for consumer protection; and (3) adding certain provisions to provide guidance regarding electronic disclosures. (72 FR 21131, April 30, 2007.) Similar amendments were also proposed by the Board under Regulations B, M, Z, and DD. (72 FR 21125, 72 FR 21135, 72 FR 21141, and 72 FR 21155, respectively).
III. Summary of the Final Rule
The Board received about 25 comments on the April 2007 proposal, primarily from financial institutions and their representatives. Most of the financial industry commenters generally supported the proposal, although some provided suggestions for clarifications or changes to particular elements of the proposal. A comment letter was also submitted on behalf of four consumer groups. The consumer group commenters suggested a number of changes to strengthen consumer protections. The comments are discussed in more detail in the Section-by-Section Analysis below.
For the reasons discussed below, the Board is now adopting amendments to Regulation E in final form, largely as proposed in April 2007. As stated in the proposal, because compliance with the 2001 interim final rules has not been mandatory, the final rule will reduce confusion about the status of the electronic disclosure provisions and simplify the regulation. (Certain provisions in the 2001 interim rules, including provisions addressing foreign language disclosures, were not affected by the lifting of the mandatory compliance date and became final in 2001; thus, those provisions are not dealt with in this rulemaking.)
Since 2001, industry and consumers have gained considerable experience with electronic disclosures. During that period, the Board has received no indication that consumers have been harmed by the fact that compliance with the interim final rules is not mandatory. The Board also has reconsidered certain aspects of the interim final rules, such as sending disclosures by e-mail, in light of concerns about data security, identity theft, and “phishing” ( i.e. , prompting consumers to reveal confidential personal or financial information through fraudulent e-mail requests that appear to originate from a financial institution, government agency, or other trusted entity) that have become more pronounced since 2001. The Board is eliminating certain aspects of the 2001 interim final rules, such as provisions regarding the availability and retention of electronic disclosures, as unnecessary in light of current industry practices.
Finally, as proposed, certain provisions that restate or cross-reference the E-Sign Act's general rules regarding electronic disclosures (including the consumer consent provisions) and electronic signatures are being deleted as unnecessary, because the E-Sign Act is a self-effectuating statute. The revisions to Regulation E and the official staff commentary are described more fully below in the Section-by-Section Analysis.
IV. Section-by-Section Analysis
12 CFR Part 205 (Regulation E)
Section 205.4General Disclosure Requirements; Jointly Offered Services
Section 205.4 contains the general disclosure requirements under Regulation E, including provisions relating to the form of disclosure. Section 205.4(a)(1) generally requires financial institutions to provide disclosures in writing and in a form that the consumer may keep. As proposed, the Board is revising § 205.4(a)(1) to clarify that institutions may provide disclosures to consumers in electronic form, subject to compliance with the consumer consent and other applicable provisions of the E-Sign Act. Some institutions may provide disclosures to consumers both in paper and electronic form and rely on the paper form of the disclosures to satisfy their compliance obligations. For those institutions, the duplicate electronic form of the disclosures may be provided to consumers without regard to the consumer consent or other provisions of the E-Sign Act because the electronic form of the disclosure is not used to satisfy the regulation's disclosure requirements.
Section 205.4(c) in the 2001 interim final rule refers to § 205.17, the section of the interim final rule setting forth general rules for electronic disclosures. Because the Board is deleting § 205.17, as discussed below, the Board is also deleting § 205.4(c), as proposed. Sections 205.4(d) (multiple accounts and account holders) and (e) (services offered jointly) are renumbered as §§ 205.4(c) and (d) respectively.
Section 205.17 Requirements for Electronic Communication
Section 205.17 was added by the 2001 interim final rule to address the general requirements for electronic communications. In the April 2007 proposal, the Board proposed to delete § 205.17 from Regulation E and the accompanying sections of the staff commentary. Financial institution commenters largely supported the proposed deletion, and § 205.17 and the accompanying commentary are deleted in the final rule, reserving that section for future use.
In the interim rule, § 205.17(a) defined the term “electronic communication” to mean a message transmitted electronically that can be displayed on equipment as visual text, such as a message displayed on a personal computer monitor screen. The deletion of § 205.17(a) does not change applicable legal requirements under the E-Sign Act.
Section 205.17(b) incorporated by reference the provisions of the E-Sign Act, such as the provision allowing disclosures to be provided in electronic form. The deletion of this provision has no impact on the general applicability of the E-Sign Act to Regulation E disclosures. Section 205.17(e) was added in the 2001 interim final rule to clarify that persons, other than financial institutions, that are required to comply with the regulation may use electronic disclosures. This provision is deleted as unnecessary because the E-Sign Act is a self-effectuating statute and permits any person to use electronic records subject to the conditions set forth in the Act.
Sections 205.17(c) and (d) addressed specific timing and delivery requirements for electronic disclosures under Regulation E, such as the requirement to send disclosures to a consumer's e-mail address (or post the disclosures on a Web site and send a notice alerting the consumer to the disclosures). The Board stated in the proposal that it no longer believed that these additional provisions were necessary or appropriate. The Board noted that electronic disclosures have evolved since 2001, as industry and consumers have gained experience with them, and also noted concerns about e-mail related to data security, identity theft, and phishing.
The consumer group commenters urged the Board to require the use of e-mail to provide required disclosures in electronic form, arguing that e-mail is the only reliable way to ensure that consumers are able to actually access, receive, and retain disclosures. The consumer groups also disagreed with the statement that concerns relating to phishing, identity theft, and data security are a valid reason for not requiring the use of e-mail, noting that phishing involves gathering information from the consumer, while disclosures would be provided to the consumer, and need not include sensitive information.
While the consumer's receipt of an e-mail message that is actually from the consumer's financial institution would not in general pose a security risk, consumers might ignore or delete e-mails from financial institutions (real or purported), in order to avoid falling victim to fraud schemes. Thus, disclosures sent by consumers' financial institutions may not receive the attention they should. Consequently, some financial institutions may be reluctant to communicate by e-mail. To the extent consumers are instructed not to ignore electronic mail messages from their financial institutions, the risk of consumers being victimized by fraudulent e-mail might be increased. In any event, the Board believes it is preferable not to mandate the use of any particular means of electronic delivery of disclosures, but instead to allow flexibility for institutions to use whatever method may be best suited to particular types of disclosure (for example, account-opening, periodic statements, or change in terms).
With regard to the requirement to attempt to redeliver returned electronic disclosures, institutions would be required to search their files for an additional e-mail address to use, and might be required to use a postal mail address for redelivery if no additional e-mail address was available. As stated in the April 2007 proposal, the Board continues to believe that both requirements would likely be unduly burdensome.
Under the April 2007 proposed rule, the requirement in the 2001 interim final rule for institutions to maintain disclosures posted on a Web site for at least 90 days would be deleted. Financial institution commenters supported the proposed deletion; consumer group commenters expressed concern about its impact on consumers. As stated in the proposal, based on a review of industry practices, it appears that many institutions maintain disclosures posted on an Internet Web site for several months, and, in a number of cases, for more than a year. For example, it appears that institutions that offer online periodic statements to consumers typically make those statements available without charge for six months or longer in electronic form. This practice has developed even though Regulation E does not currently require institutions to maintain disclosures for any specific period of time. In addition, the Board continues to believe that an appropriate time period consumers may want electronic disclosures to be available may vary depending upon the type of disclosure, and is reluctant to establish specific time periods that would vary depending on the disclosures, which would increase the compliance burden. Therefore, the 90-day retention provision is deleted as proposed.
Nevertheless, while the Board is not requiring disclosures to be maintained on an Internet Web site for any specific time period, the general requirements of Regulation E continue to apply to electronic disclosures, such as the requirement to provide disclosures to consumers at certain specified times and in a form that the consumer may keep. The Board expects institutions to maintain disclosures on Web sites for a reasonable period of time (which may vary depending upon the particular disclosure) so that consumers have an opportunity to access, view, and retain the disclosures. As stated in the April 2007 proposal, the Board will monitor institutions' electronic disclosure practices with regard to the ability of consumers to retain Regulation E disclosures and would consider further revisions to the regulation to address this issue if necessary.
V. Other Issues Raised by Commenters
Clear and Readily Understandable Disclosures
An issue raised in the comments on the April 2007 proposal related to small hand-held electronic devices through which consumers may conduct financial transactions using the Internet or other electronic means (for example, Internet-enabled cellphones, personal digital assistants, and similar devices). One commenter requested clarification on whether financial institutions would be deemed to comply with the requirement to provide disclosures in a clear and readily understandable form, even when the consumer views them on a small screen of a hand-held electronic device. The commenter noted that the institution has no control over what devices consumers choose to use, for example, to view disclosures on a web page. The Board believes that disclosures comply with the “clear and readily understandable” requirement as long as they are provided in a manner such that they would be clear and readily understandable when viewed on a typical home personal computer monitor.
Retainable Form
Several industry commenters requested guidance on how financial institutions can be sure of meeting the requirement to provide disclosures in a form that the consumer can keep. The consumer group commenters were concerned about retainability of disclosures in light of the deletion of the requirement to maintain disclosures on a Web site for at least 90 days. They urged that the final regulations require that disclosures be delivered in a format that is both downloadable and printable.
The Board believes that institutions satisfy the requirement for providing electronic disclosures in a form the consumer can retain if they are provided in a standard electronic format that can be downloaded and saved or printed on a typical home personal computer. Typically any document that can be downloaded by the consumer can also be printed. The Board will, however, monitor financial institutions' practices to evaluate whether further guidance is needed on this issue. In a situation where the consumer is provided electronic disclosures through equipment under the institution's control—such as a terminal or kiosk in the institution's offices—the institution could, for example, provide a printer that automatically prints the disclosures.
Exceptions From E-Sign Notice and Consent Requirements
A few commenters suggested that the Board adopt various exceptions from the E-Sign notice and consent requirements. Some of these commenters encouraged the Board to allow the delivery of the Regulation E account-opening disclosures under § 205.7 (as well as similar disclosures under the other four regulations involved in the parallel rulemakings) electronically, without regard to the consumer consent provisions of E-Sign, using the Board's authority under the E-Sign Act as well as the statutes underlying the regulations. One of the commenters asserted that, since Internet commerce has expanded greatly over the past few years, when consumers choose to conduct financial transactions online, they presume that they will receive related disclosures online as well. Other suggested exceptions from the E-Sign consent provisions included (1) the copy of a consumer's written authorization for recurring debits under § 205.10(b) and (2) the notice of recurring debits varying in amount under § 205.10(d). The commenter suggesting the latter exception also recommended that the regulation permit the notice to be given orally, such as by toll-free telephone. The Board believes that, at this time, there is insufficient evidence that the consent requirements are a burden on electronic commerce in these situations.
VI. Use of “Plain Language”
Section 722 of the Gramm-Leach-Bliley Act of 1999 requires the Board to use “plain language” in all proposed and final rules published after January 1, 2000. In the proposal, the Board invited comments on whether the proposed rules are clearly stated and effectively organized, and how the Board might make the proposed text easier to understand. No comments were received on “plain language” issues involving Regulation E.
VII. Final Regulatory Flexibility Analysis
The Board prepared an initial regulatory flexibility analysis as required by the Regulatory Flexibility Act (5 U.S.C. 601 et seq. ) (RFA) in connection with the April 2007 proposal. The Board received no comments on its initial regulatory flexibility analysis.
The RFA generally requires an agency to perform an assessment of the impact a rule is expected to have on small entities. However, under section 605(b) of the RFA, 5 U.S.C. 605(b), the regulatory flexibility analysis otherwise required under section 604 of the RFA is not required if an agency certifies, along with a statement providing the factual basis for such certification, that the rule will not have a significant economic impact on a substantial number of small entities. Based on its analysis and for the reasons stated below, the Board certifies that the rule will not have a significant economic impact on a substantial number of small entities.
1. Statement of the need for, and objectives of, the final rule. The Board is adopting revisions to Regulation E to withdraw the 2001 interim final rule on electronic communication. The Board is also clarifying that Regulation E disclosures may be provided to consumers in electronic form in accordance with the consumer consent and other applicable provisions of the E-Sign Act.
The EFTA was enacted to provide a basic framework establishing the rights, liabilities, and responsibilities of participants in electronic fund transfer (EFT) systems. The primary purpose of the act is the provision of individual consumer rights. 15 U.S.C. 1593. The EFTA authorizes the Board to prescribe regulations to carry out the purposes of the statute. 15 U.S.C. 1693b. The Act expressly states that the Board's regulations may contain “such classifications, differentiations, or other provisions, * * * as, in the judgment of the Board, are necessary or proper to carry out the purposes of [the Act], to prevent circumvention or evasion [of the Act], or to facilitate compliance [with the Act].” 15 U.S.C. 1693b(c). The Board believes that the revisions to Regulation E discussed above are within Congress's broad grant of authority to the Board to adopt provisions that carry out the purposes of the statute.
2. Issues raised by comments in response to the initial regulatory flexibility analysis. In accordance with section 603(a) of the RFA, the Board conducted an initial regulatory flexibility analysis in connection with the proposed rule. The Board did not receive any comments on its initial regulatory flexibility analysis.
3. Small entities affected by the final rule. The final rule deletes provisions of Regulation E that are not in effect on a mandatory basis and, accordingly, the final rule does not change the legal requirements applicable to any financial institutions, regardless of their size. Therefore, the final rule would not have a significant economic impact on small entities. The number of small entities affected by this final rule is unknown.
4. Other federal rules. The Board believes no federal rules duplicate, overlap, or conflict with the final revisions to Regulation E.
5. Significant alternatives to the proposed revisions. The Board solicited comment on any significant alternatives that could provide additional ways to reduce regulatory burden associated with the proposed rule. Commenters did not suggest any significant alternatives to the proposed rule.
VIII. Paperwork Reduction Act
In accordance with the Paperwork Reduction Act of 1995 (44 U.S.C. Ch. 3506; 5CFR Part 1320 Appendix A.1), the Board reviewed the rule under the authority delegated to the Board by the Office of Management and Budget (OMB). The collection of information that is subject to the PRA by this final rulemaking is found in 12 CFR Part 205. The Federal Reserve may not conduct or sponsor, and an organization is not required to respond to, this information collection unless it displays a currently valid OMB control number. The OMB control number is 7100-0200.
Section 904 of the Electronic Fund Transfer Act (EFTA) (15 U.S.C. 1693b) authorizes the Board to issue regulations to carry out the purposes of the Act. This information collection is mandatory. Since the Federal Reserve does not collect any information, no issue of confidentiality normally arises. However, in the event the Board were to retain records during the course of an examination, the information may be protected from disclosure under exemptions (b)(4), (6), and (8) of the Freedom of Information Act (5 U.S.C. 552 (b)(4), (6), and (8)). The disclosures required by the rule and information about error allegations and their resolution are confidential between the institution and the consumer.
The EFTA and Regulation E are designed to ensure adequate disclosure of basic terms, costs, and rights relating to electronic fund transfer (EFT) services provided to consumers. Institutions offering EFT services must disclose to consumers certain information, including: initial and updated EFT terms, transaction information, periodic statements of activity, the consumer's potential liability for unauthorized transfers, and error resolution rights and procedures. These disclosures are triggered by certain events specified in the EFTA and Regulation E. Institutions are required to retain evidence of compliance for not less than two years from the date that disclosures are required to be made or action is required to be taken; however, the regulation does not specify the types of records that must be retained. To ease institutions' burden and cost of complying with the disclosure requirements of Regulation E (particularly for small entities), the Federal Reserve publishes model forms and disclosure clauses. Regulation E applies to all financial institutions that engage in EFT transactions. The Board has determined that no new requirements or revisions to existing requirements are contained in this final rulemaking.
The estimated annual burden for the entities supervised by the Federal Reserve is approximately 74,141 hours for the 1,172 financial institutions that are deemed respondents for purposes of the PRA. As mentioned in the Preamble, on April 30, 2007, a notice of proposed rulemaking was published in the Federal Register (72 FR 21131). No comments specifically addressing the burden estimate were received.
The Federal Reserve has a continuing interest in the public's opinions of our collections of information. At any time, comments regarding the burden estimate, or any other aspect of this collection of information, including suggestions for reducing the burden, may be sent to: Secretary, Board of Governors of the Federal Reserve System, 20th and C Streets, NW., Washington, DC 20551; and to the Office of Management and Budget, Paperwork Reduction Project (7100-0200), Washington, DC 20503.
List of Subjects in 12 CFR Part 205
Consumer protection, Electronic fund transfers, Federal Reserve System, Reporting and recordkeeping requirements.
For the reasons set forth in the preamble, the Board amends 12 CFR part 205 as set forth below:
PART 205—ELECTRONIC FUND TRANSFERS (REGULATION E)
1. The authority citation for part 205 continues to read as follows:
Authority:
15 U.S.C. 1693b.
2. Section 205.4 is amended by revising paragraph (a)(1), removing paragraph (c), and redesignating paragraph (d) as paragraph (c), and paragraph (e) as paragraph (d), respectively, as follows:
§ 205.4
(a)(1) Form of disclosures. Disclosures required under this part shall be clear and readily understandable, in writing, and in a form the consumer may keep. The disclosures required by this part may be provided to the consumer in electronic form, subject to compliance with the consumer consent and other applicable provisions of the Electronic Signatures in Global and National Commerce Act (E-Sign Act)(15 U.S.C. 7001 et seq. ). A financial institution may use commonly accepted or readily understandable abbreviations in complying with the disclosure requirements of this part.
§ 205.17
3. Section 205.17 is removed and reserved.
4. In Supplement I to Part 205, section 205.17—Requirements for Electronic Communication is removed and reserved.
By order of the Board of Governors of the Federal Reserve System, October 31, 2007.
Jennifer J. Johnson,
Secretary of the Board.
[FR Doc. E7-21698 Filed 11-8-07; 8:45 am]
BILLING CODE 6210-01-P