Laws and Regulations
The limitation-of-liability and error resolution requirements of the EFTA and Regulation E are applicable to erroneous and unauthorized consumer payments conducted through Same Day ACH, Zelle, and RTP. Under Regulation E, consumers may notify their financial institution of errors (as defined in the regulation) within 60 days from when it sends the periodic statement that reflects the error. If notified of the error within the appropriate timeframe, a financial institution must investigate the error, report the results of its investigation to the consumer, and correct the error if it is determined that an error occurred. Accordingly, if a consumer claims that an error has been made with respect to a Same Day ACH, Zelle, or RTP Payment, the consumer’s financial institution must investigate the error, report the results of the investigation, and correct any error.
The requirements of Article 4-A of the New York Uniform Commercial Code apply with respect to erroneous or unauthorized transactions that are not subject to the EFTA, and applies to both commercial RTP transactions and commercial Same Day ACH credits. Article 4-A allocates responsibility for various errors between the parties to a funds transfer. With respect to commercial Same Day ACH credits (but not debits) and commercial RTP transactions, liability as between the payer and the payer’s financial institution will be determined based upon Article 4-A’s loss allocation framework.
General Loss Allocation Principles
The ultimate allocation of loss for an erroneous or unauthorized transaction differs based on the nature of the payment and, in particular, whether it is a debit or credit transaction, and often takes into consideration which party is best positioned to prevent the loss. For example, in a credit push system like RTP, the payer’s financial institution will have Regulation E obligations for unauthorized transactions from a consumer payer’s account. This obligation is independent of whether the consumer’s financial institution is able to recover funds from the payee’s financial institution. In other words, the financial responsibility for unauthorized RTP transactions falls to the sending financial institution. At a high level, the principle underlying this approach is that the payer’s financial institution should bear the loss because it is responsible for authenticating its customer and submitting the payment into the system, whereas the payee’s financial institution has simply received the transaction in a passive role. This is in contrast to debit-pull payment systems in which the payee’s financial institution (which originates the debit into the system) will generally have an obligation to repay another financial institution for an unauthorized transaction (through return or charge back rights) to a customer’s account at that institution. This includes, for example, the NACHA authorization warranty referenced above.
Which party is best positioned to prevent the loss is also an important principle underlying the allocation of loss between a consumer and a financial institution under the EFTA and Regulation E. Specifically, Regulation E’s error resolution and limitation-of-liability provisions are based on the premise that financial institutions are better positioned than consumers to prevent unauthorized transactions, and are expected to be responsible for errors caused by their systems. However, it is important to note that the EFTA and Regulation E are not intended to provide consumers with a remedy for all circumstances where they may have a complaint related to a payment, or where a consumer causes an erroneous transaction.
Evolving Regulatory Expectations
Not surprisingly, regulators are paying close attention to these new payment services and systems. For example, the CFPB has identified certain “long term actions” that are “potential rulemakings” to begin “beyond the immediate next 12 month period.” The list includes a “Regulation E modernization” effort to address, among other things, issues raised by new payment systems. The CFPB has noted it intends to consider and address how “providers of new and innovative products and services comply with regulatory requirements” and indicates that updates to disclosure provisions and error resolution requirements are under consideration. As the CFPB evaluates potential actions that may modify existing consumer rights and the related requirements for financial institutions, it will likely consider the features of the new, faster payment types described above and the efficacy of their payment system operating rules and existing consumer protection regulations. It will also be important that any such changes take into consideration appropriate incentives for both financial institutions and consumers to manage risk.