[Federal Register Volume 65, Number 126 (Thursday, June 29, 2000)]
[Proposed Rules]
[Pages 40061-40067]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 00-16303]


 ========================================================================
 Proposed Rules
                                                 Federal Register
 ________________________________________________________________________
 
 This section of the FEDERAL REGISTER contains notices to the public of 
 the proposed issuance of rules and regulations. The purpose of these 
 notices is to give interested persons an opportunity to participate in 
 the rule making prior to the adoption of the final rules.
 
 ========================================================================
 

  Federal Register / Vol. 65, No. 126 / Thursday, June 29, 2000 / 
Proposed Rules  

[[Page 40061]]



FEDERAL RESERVE SYSTEM

12 CFR Part 205

[Regulation E; Docket No. R-1074]


Electronic Fund Transfers

AGENCY: Board of Governors of the Federal Reserve System.

ACTION: Proposed rule; official staff interpretation.

-----------------------------------------------------------------------

SUMMARY: The Board is publishing for comment a proposal to revise the 
Official Staff Commentary to Regulation E (Electronic Fund Transfers). 
The commentary interprets the requirements of Regulation E to 
facilitate compliance by financial institutions that offer electronic 
fund transfer services to consumers. The proposed revisions provide 
guidance on electronic authorization of recurring debits from a 
consumer's account, Regulation E coverage of electronic check 
conversion transactions, telephone-initiated fund transfers, and other 
issues.

DATES: Comments must be received on or before August 31, 2000.

ADDRESSES: Comments, which should refer to Docket No. R-1074, may be 
mailed to Jennifer J. Johnson, Secretary, Board of Governors of the 
Federal Reserve System, 20th Street and Constitution Avenue, NW., 
Washington, DC 20551 or mailed electronically to 
[email protected]. Comments addressed to Ms. Johnson may 
also be delivered to the Board's mail room between 8:45 a.m. and 5:15 
p.m. weekdays, and to the security control room at all other times. The 
mail room and the security control room, both in the Board's Eccles 
Building, are accessible from the courtyard entrance on 20th Street 
between Constitution Avenue and C Street, NW. Comments may be inspected 
in room MP-500 in the Board's Martin Building between 9:00 a.m. and 
5:00 p.m., pursuant to the Board's Rules Regarding the Availability of 
Information, 12 CFR part 261.

FOR FURTHER INFORMATION CONTACT: Kyung Cho-Miller, Natalie E. Taylor, 
or John C. Wood, Counsels, Division of Consumer and Community Affairs, 
Board of Governors of the Federal Reserve System, Washington, DC 20551, 
at (202) 452-2412 or (202) 452-3667. For the hearing impaired only, 
contact Janice Simms, Telecommunications Device for the Deaf (TDD), at 
(202) 872-4984.

SUPPLEMENTARY INFORMATION:

I. Background

    The Electronic Fund Transfer Act (EFTA) (15 U.S.C. 1693 et seq.), 
enacted in 1978, provides a basic framework establishing the rights, 
liabilities, and responsibilities of participants in electronic fund 
transfer (EFT) systems. The EFTA is implemented by the Board's 
Regulation E (12 CFR part 205). Types of transfers covered by the act 
and regulation include transfers initiated through an automated teller 
machine (ATM), point-of-sale (POS) terminal, automated clearinghouse 
(ACH), telephone bill-payment plan, or remote banking program. The act 
and regulation require disclosure of terms and conditions of an EFT 
service; documentation of electronic transfers by means of terminal 
receipts and periodic account statements; limitations on consumer 
liability for unauthorized transfers; procedures for error resolution; 
and certain rights related to preauthorized electronic transfers. The 
act and regulation also prescribe restrictions on the unsolicited 
issuance of ATM cards and other access devices.
    The Official Staff Commentary (12 CFR part 205 (Supp. I)) is 
designed to facilitate compliance and provide protection from civil 
liability, under Sec. 915(d)(1) of the act, for financial institutions. 
The commentary is updated periodically, as necessary, to address 
significant questions that arise.

II. Proposed Revisions

Supplement I--Official Staff Interpretations

Section 205.2--Definitions
2(a) Access Device
    Several issues under Regulation E are raised by check conversion 
programs that allow a merchant to use a consumer's check as a source 
document to provide the routing, serial, and account numbers used to 
initiate an EFT. The Board has been asked whether the type of 
transaction described herein is covered by Regulation E and whether the 
check is an access device under Regulation E. Such a transaction is 
generally covered by Regulation E, but proposed comment 2(a)-2 would be 
added to clarify that a check used as a source document to initiate an 
EFT is not an access device. Proposed comment 3(b)-1(v) also addresses 
check conversion programs.
2(h) Electronic Terminal
    Comment 2(h)-2 states that a POS terminal that captures data 
electronically is an electronic terminal if a debit card is used to 
initiate an EFT. Some have interpreted the provision narrowly to apply 
only when a debit card is used to initiate an EFT. Comment 2(h)-2 would 
be revised to reflect that a POS terminal that captures data 
electronically to initiate electronic transfers is an electronic 
terminal even if no access device is used to initiate an EFT such as 
when a check is used as a source document. Thus, the receipt 
requirements of Sec. 205.9 would apply.
2(k) Preauthorized Electronic Fund Transfer
    Section 205.2(k) defines a ``preauthorized electronic fund 
transfer'' as ``an EFT authorized in advance to recur at substantially 
regular intervals.'' Beyond that authorization, no further action by 
the consumer is required to initiate the transfer. Proposed comment 
2(k)-1 would be added to clarify the definition.
2(m) Unauthorized Electronic Fund Transfer
    Payments such as payroll or government benefits often are made by 
direct deposit to a consumer's account through the ACH. Rules of the 
National Automated Clearing House Association (NACHA) permit reversal 
of payments made in error in limited circumstances. Proposed comment 
2(m)-5 would be added to clarify that reversals of certain direct 
deposits that were made in error are not unauthorized electronic 
transfers.
Section 205.3--Coverage
3(b) Electronic Fund Transfer
    NACHA has established rules for a program in which a merchant may 
obtain information from a consumer's check to initiate a one-time ACH 
debit from the consumer's account for

[[Page 40062]]

purchases or payments made in person by the consumer. The merchant uses 
electronic equipment to scan the MICR (Magnetic Ink Character 
Recognition) encoding on the check for the routing, account, and serial 
numbers of the check, and enters the amount to be debited from the 
consumer's account. Other entities have or are planning similar 
programs. Proposed comment 3(b)-1(v) would be added to clarify that 
where a check is provided at POS as a source document to initiate an 
EFT, the resulting transfer is covered by the regulation (see also 
proposed comment 2(a)-2).
    NACHA has also considered rules for a variation on the electronic 
check conversion program described above in which the consumer provides 
a check, and the merchant or the merchant's financial institution would 
retain the check after it had been scanned. NACHA has solicited comment 
on this ``merchant or financial institution-as-keeper'' type of 
program, but has not yet approved its use. Some merchants, however, may 
be conducting electronic check programs of this type.
    Regulation E applies where the consumer provides a blank or 
partially completed check as a source document that is scanned and 
retained by the merchant or the merchant's financial institution. To 
clarify the rights and responsibilities of the parties to a transaction 
where the check used as a source document is completed and signed by 
the consumer and is scanned and retained by the merchant, the 
transaction is an EFT and thus subject to Regulation E if the consumer 
authorizes it as such. (See cf. comment 3b-1(i).) Specific comment is 
solicited on this position and the extent to which merchants are 
currently carrying out transactions of the sort described.
    NACHA has established rules for a pilot referred to as the ``lock-
box'' program in which a merchant converts completed and signed checks 
received by mail to ACH debits. Consumers are informed of how the check 
payment will be processed. These transactions would not be covered by 
Regulation E since transfers originated by check are excluded from 
coverage. See Sec. 205.3(c)(1).
    Proposed comment 3(b)-1(vi) would be added to provide guidance on 
the regulation's coverage of bill-payment services where a consumer 
initiates payments via computer and the financial institution carries 
out the payment by check or draft. The definition of ``electronic fund 
transfer'' in Sec. 205.3(b) covers these payments unless the terms of 
the bill-payment service explicitly state that payment by the bill 
payer will be made solely via check, draft or similar paper instrument.
3(c) Exclusions from Coverage
3(c)(1)--Checks
    Proposed comment 3(c)(1)-1 would be added to provide guidance on 
NACHA's re-presented check entry (RCK) program, in which merchant 
payees (or their financial institutions or agents) re-present returned 
checks electronically. Written authorization from the consumer for the 
RCK debit is not obtained, although, the merchant payee usually has 
provided notice to the consumer that any returned item may be collected 
electronically if returned for insufficient or uncollected funds. The 
comment would clarify that an RCK transaction is not covered by 
Regulation E because the transfer is originated by check.
    In some cases, a payee may impose a fee on the consumer, such as a 
collection or NSF fee, because the consumer's check was returned. The 
NACHA rules provide that the RCK debit must be in the amount of the 
original check. Therefore, the amount of the RCK debit may not be 
increased to include a fee, and the payee would have to initiate a 
separate debit to collect the fee electronically. Because an 
electronically debited fee would not be a part of the RCK debit, and 
appears to meet the definition of an EFT under Regulation E, it would 
be covered by the regulation and must be authorized by the consumer.
    Proposed comment 3(c)(1)-2 would be added to provide a cross 
reference to proposed comment 3(b)-1(v), which provides guidance on the 
regulation's coverage of an EFT at POS where a consumer provides a 
check as a source document.
3(c)(6)--Telephone-Initiated Transfers
    A transfer initiated by telephone is covered by Regulation E if it 
occurs pursuant to a telephone bill-payment or other written plan. 
Comment 3(c)(6)-1 would be revised to provide additional guidance on 
what constitutes a written plan. Proposed comment 3(c)(6)-2(v) would be 
added to clarify coverage of transfers initiated by audio or voice 
response telephone systems.
Section 205.6--Liability of Consumer for Unauthorized Transfers
6(b) Limitations on Amount of Liability
6(b)(1)--Timely Notice Given
    Section 205.6 provides rules for a consumer's liability for an 
unauthorized transfer. The limitation on the consumer's liability 
depends, in part, on whether the unauthorized transfer takes place 
within or after two business days of the consumer's learning of the 
loss or theft of the access device. Proposed comment 6(b)(1)-3 would be 
added to clarify the timing on the two-business-day period.
Section 205.7--Initial Disclosures
7(a) Timing of Disclosures
    The regulation generally requires that disclosures be provided at 
the time the consumer contracts for an EFT service or before the first 
transfer is made to or from the consumer's account. Comment 7(a)-2 
currently provides an exception to the disclosure timing rules when the 
first EFT is a direct deposit. If the account-holding institution does 
not have prior notice of a direct deposit arrangement between the 
consumer and a third party, the institution must provide the Regulation 
E disclosures as soon as reasonably possible after the first direct 
deposit.
    Comment 7(a)-2 would be revised to clarify that the special timing 
rules apply both to single and to recurring debits or credits. The 
account-holding institution may not always receive prior notice of a 
one-time or recurring credit to or debit from the consumer's account. 
For example, the consumer may authorize a third party to debit the 
account (without notifying the institution), and the third party's 
financial institution may fail to send prior notice to the consumer's 
institution.
7(b) Content of Disclosures
7(b)(10) Error Resolution
    An error resolution notice must be provided as a part of a 
financial institution's initial disclosures under Sec. 205.7 and 
annually under Sec. 205.8. Comment 7(b)(10)-2 provides that a financial 
institution must have disclosed the longer error resolution time 
periods for resolving errors under Sec. 205.11(c)(3) in order to use 
the longer times. In September 1998, Sec. 205.11(c)(3) was amended to 
extend the error resolution time periods for new accounts (63 FR 5211, 
September 29, 1998). Comment 7(b)(10)-2 would be revised to reflect the 
amendment to Sec. 205.11(c)(3).
Section 205.8--Change-in-terms Notice; Error Resolution Notice
8(b) Error Resolution Notice
    If an institution seeks to use the longer error resolution time 
periods in Sec. 205.11(c)(3), it must disclose them in the annual error 
resolution notice. Comment 8(b)-2 would be added to cross reference 
comment 7(b)(10)-2, which provides this guidance.

[[Page 40063]]

Section 205.9--Receipts at Electronic Terminals; Periodic Statements
9(a) Receipts at Electronic Terminals
9(a)(5) Terminal Location
    Section 205.9(a)(5) requires that an ATM or POS terminal receipt 
contain the location of the terminal where the transfer is initiated, 
or an identification such as a code or terminal number. This section 
has been interpreted by some institutions to require a full description 
of the location (such as the street address) rather than simply a code. 
Comment 9(a)(5)-1 would be revised to clarify that a code may be 
disclosed. Comments 9(a)(5)(iv)-1 and -2 would be redesignated as 
comments 9(a)(5)-3 and -4.
9(b) Periodic Statements
    Comment 9(b)-4 provides that an institution may permit, but not 
require, consumers to ``call for'' periodic statements. For clarity, 
the comment would be revised by changing the reference ``call for'' to 
``pick up;'' no substantive change is intended.
9(c) Exceptions to the Periodic Statement Requirements for Certain 
Accounts
9(c)(1)--Preauthorized Transfers to Accounts
    Section 205.9(c) lists the circumstances in which a periodic 
statement for EFT transactions is not required. Proposed comment 
9(c)(1)-1 would be added to provide further guidance on the exceptions 
to the periodic statement requirements.
    Proposed comment 9(c)(1)-2 would be added to clarify that the 
exceptions in Sec. 205.9(c) apply to reversals of deposits made in 
error. (See also proposed comment 2(m)-5.)
Section 205.10--Preauthorized Transfers
10(b) Written Authorization for Preauthorized Transfers from Consumer's 
Account
    Section 205.10(b) provides that recurring electronic debits from a 
consumer's account ``may be authorized only by a writing signed or 
similarly authenticated by the consumer.'' The phrase ``similarly 
authenticated'' was added to Regulation E in 1996 (61 FR 19678, May 2, 
1996), and was intended to permit electronic authorizations. The 
supplemental information indicated that the authentication method 
should provide the same assurance as a signature in a paper-based 
system, and cited security codes and digital signatures as examples of 
authentication devices that could meet the requirements of 
Sec. 205.10(b); and comment 10(b)-5 was added to the staff commentary 
to provide guidance on electronic authorizations.
    The issue of electronic authentication methods has been further 
discussed in two Regulation E rulemakings in the past two years--first, 
in a March 1998 rulemaking in which the Board issued an interim rule 
permitting financial institutions to deliver electronically disclosures 
that are required to be given in writing (63 FR 14528); and second, in 
a September 1999 rulemaking in which the Board proposed more 
comprehensive rules for providing electronic disclosures under 
Regulation E (64 FR 49699) and certain other Board regulations. In 
these rulemakings, the Board again gave examples of authentication 
devices and expressed interest in learning about other electronic 
authentication methods.
    Industry commenters suggested various alternatives for verifying a 
consumer's identity such as alphanumeric codes (combination of letters 
and numbers) or combination of unique identifiers (such as account 
numbers combined with a number representing algorithms of the account 
numbers). Some commenters requested additional examples of appropriate 
electronic authentication devices; many stated their concern that 
limiting the examples to security codes and digital signatures could be 
viewed as the Board's endorsement of particular methods, which could 
hinder the development of alternative authentication mechanisms. Other 
commenters disfavored examples of particular authentication mechanisms; 
they recommended that the Board defer to general principles set forth 
in various state and federal laws and legislative proposals. Consumer 
advocates, on the other hand, suggested that the Board should limit 
authentication methods to those that prevent documents from being 
altered without detection after the authentication is affixed, such as 
digital signatures.
    The Congress has passed electronic commerce legislation that 
addresses, among other things, the use and acceptance of electronic 
signatures (broadly defined in the legislation) and records for 
electronic commerce in general. If the legislation becomes law, the 
``similarly authenticated'' standard in Regulation E may become 
unnecessary. In the meantime, to ensure that institutions have 
flexibility in establishing authentication methods for purposes of 
Sec. 205.10(b), comment 10(b)-5 would be revised. Any authentication 
mechanism that provides similar assurance to a paper-based signature 
(such as a mechanism that identifies the consumer and evidences the 
consumer's assent to the authorization) will satisfy the ``similarly 
authenticated'' standard. The word ``text'' is also substituted by 
``term,'' no substantive change is intended.
    The comment currently states that the person obtaining an 
electronic authorization from a consumer must make a paper copy of the 
authorization available to the consumer, either automatically or upon 
request. For consistency with Board rulemakings permitting the 
electronic delivery of disclosures, comment 10(b)-5 would also be 
revised to permit the person obtaining the authorization to provide a 
copy of the authorization to the consumer either in paper form or 
electronically.
    The supplementary information to the Official Staff Commentary, 
discussing comment 10(b)-5 at the time of its adoption in 1996, stated 
that for home-banking systems, a security code used to ``similarly 
authenticate'' preauthorized transfers pursuant to Sec. 205.10(b) must 
originate with the paying (account-holding) institution. The Board's 
position reflected concerns about the potential for increased liability 
for account-holding institutions associated with unauthorized use when 
a party other than the institution issued the code. Under NACHA 
operating rules, however (as well as operating rules of debit card 
networks), an account-holding institution is permitted to charge back 
to the payee's financial institution any transaction that was not 
properly authorized; thus, the payee's institution (or the payee) would 
bear the liability for unauthorized transfers. Accordingly, it seems 
unnecessary to require that a security code originate with the paying 
institution, provided the code meets the general standards for similar 
authentication discussed above.
    Proposed comment 10(b)-7 would be added to address a situation 
where a consumer authorizes recurring charges against a credit card but 
in fact provides information for the consumer's debit card, for 
example, in an on-line transaction or in a telephone conversation with 
a merchant. Unlike Regulation E, Regulation Z and the Truth in Lending 
Act (12 CFR part 226) do not require a written, signed or ``similarly 
authenticated'' authorization for recurring charges to a consumer's 
credit card account. The proposed comment would clarify that when the 
consumer's account in fact involves a debit card, the payee is required 
to obtain an authorization in accordance with Sec. 205.10(b), but may 
rely on the bona fide error provision in section

[[Page 40064]]

915(c) of the EFTA, provided procedures are in place to prevent such 
errors from occurring.
10(e) Compulsory Use
    Section 205.10(e) prohibits a person from requiring a consumer to 
establish an account with a particular institution to receive 
electronic transfers, as a condition of employment. Comment 10(e)(2)-1 
would be revised to clarify that an employer (including a financial 
institution) may specify an institution to receive direct deposits 
provided the employer also gives employees the option to receive their 
salary by check or cash.
Section 205.11--Procedures for Resolving Errors
11(a) Exception to the Periodic Statement Requirements for Certain 
Accounts
    Comment 11(a)-2 would be revised to provide additional examples of 
when the error resolution rules are inapplicable because the consumer 
has not asserted an error.
Section 205.12--Relation to Other Laws
12(a) Relation to Truth in Lending
    Comment 12(a)-1 would be revised to distinguish between two types 
of unauthorized transfers: those where a consumer's access device is 
used to withdraw funds from a checking account with an overdraft 
protection feature, and those where the consumer's access device is 
also a credit card separately used to obtain cash advances. Examples 
would illustrate how these rules apply in various situations.

Aggregation of Consumer Financial Information

    The Board has been asked about the possible application of 
Regulation E to a service sometimes referred to as ``aggregation'' or 
``screen-scraping.'' Aggregation is a service made available to 
consumers through an Internet web site, in which consumers are able to 
view their financial information from multiple sources, such as credit 
card, securities, and deposit accounts at a number of institutions. To 
enable the service provider (the ``aggregator'') to obtain the 
information and make it available to the consumer at the aggregator's 
web site, the consumer may provide the aggregator with account numbers 
and passwords to access the consumer's accounts. In addition to 
allowing consumers to view accounts in one location, aggregators may 
offer consumers EFT services such as bill-payment.
    To assist the Board in providing any needed guidance on Regulation 
E's potential coverage, comment is solicited on how these services that 
aggregate consumer financial information operate or plan to operate. 
Are aggregators providing or planning to provide bill-payment or other 
EFT services (in addition to information services)? To what extent do 
agreements exist between aggregators and account-holding institutions, 
governing matters such as procedures for access to information and for 
electronic transfers?
    In addition, comment is solicited on the implications of a 
determination that aggregators are or are not financial institutions 
for purposes of Regulation E generally or under Sec. 205.14. Typically, 
only one access device is contemplated to initiate an EFT to or from a 
consumer's account. Nevertheless, if a consumer enters a security code 
issued by the aggregator to access information on the aggregator's web 
site and the consumer initiates an EFT using a security code provided 
by the account-holding institution, the security code issued by the 
aggregator arguably meets the definition of an ``access device.'' Two 
access codes (the one provided by the aggregator and the other by the 
account-holding institution) are needed to initiate electronic 
transfers from the consumer's account from the aggregator's web site. 
Thus, the aggregator would be a financial institution for purposes of 
Regulation E.
    If the aggregator is not a financial institution and an 
unauthorized EFT occurs through an aggregator's service, comment 2(m)-2 
could be read to suggest that a consumer who has given the aggregator 
access to the consumer's account assumes liability for the transfers. 
The guidance in the comment, however, was not originally provided to 
address this situation.

III. Form of Comment Letters

    Comment letters should refer to Docket No. R-1074, and when 
possible, should use a standard typeface with a type size of 10 or 12 
characters per inch. This will enable the Board to convert the text 
into machine-readable form through electronic scanning, and will 
facilitate automated retrieval of comments for review. Also, if 
accompanied by an original document in paper form, comments may be 
submitted on 3\1/2\ inch computer diskettes in any IBM-compatible DOS- 
or Windows-based format. Alternatively, comments may be mailed 
electronically to [email protected].

List of Subjects in 12 CFR Part 205

    Consumer protection, Electronic fund transfers, Federal Reserve 
System, Reporting and recordkeeping requirements.

Text of Proposed Revisions

    For the reasons set forth in the preamble, the Board proposes to 
amend the Official Staff Commentary, 12 CFR part 205, as set forth 
below. Certain conventions have been used to highlight the proposed 
changes to the commentary. New language is shown inside bold-faced 
arrows, while language that would be deleted is set off with bold-faced 
brackets.

PART 205--ELECTRONIC FUND TRANSFERS (REGULATION E)

    1. The authority citation for part 205 would be revised to read as 
follows:

    Authority: 15 U.S.C. 1693b.

    2. In Supplement I to Part 205, the following amendments would be 
made:
    a. Under Section 205.2--Definitions, under 2(a) Access Device, a 
new paragraph 2. would be added;
    b. Under Section 205.2--Definitions, under 2(h) Electronic 
Terminal, paragraph 2. would be revised;
    c. Under Section 205.2--Definitions, a new heading 2(k) 
Preauthorized Electronic Fund Transfer, and a new paragraph 1. would be 
added;
    d. Under Section 205.2--Definitions, under 2(m) Unauthorized 
Electronic Fund Transfer, a new paragraph 5. would be added;
    e. Under Section 205.3--Coverage, under 3(b) Electronic Fund 
Transfer, new paragraphs 1.v. and 1.vi. would be added;
    f. Under Section 205.3--Coverage, under 3(c) Exclusions from 
Coverage, a new heading ``Paragraph 3(c)(1)--Checks'' would be added;
    g. Under Section 205.3--Coverage, under 3(c) Exclusions from 
Coverage, under newly added heading Paragraph 3(c)(1)--Checks, 
paragraphs 1. and 2. would be added;
    h. Under Section 205.3--Coverage, under 3(c) Exclusions from 
Coverage, under Paragraph 3(c)(6)--Telephone--Initiated Transfers, 
paragraph 1. would be revised and paragraph 2.v. would be added;
    i. Under Section 205.6--Liability of Consumer for Unauthorized 
Transfers, under Paragraph 6(b)(1)--Timely Notice Given, new paragraph 
3. would be added;
    j. Under Section 205.7--Initial Disclosures, under 7(a) Timing of 
Disclosures, paragraph 2. would be revised;

[[Page 40065]]

    k. Under Section 205.7--Initial Disclosures, under Paragraph 
7(b)(10) Error Resolution, paragraph 2. would be revised;
    l. Under Section 205.8--Change-in-Terms Notice; Error Resolution 
Notice, under 8(b) Error Resolution Notice, a new paragraph 2. would be 
added;
    m. Under Section 205.9--Receipts at Electronic Terminals; Periodic 
Statements, under Paragraph 9(a)(5)--Terminal Location, paragraph 1. 
would be revised;
    n. Under Section 205.9--Receipts at Electronic Terminals; Periodic 
Statements, under Paragraph 9(a)(5)(iv), paragraphs 1. and 2. are 
redesignated as paragraphs 3. and 4. under paragraph 9(a)(5) and 
republished;
    o. Under Section 205.9--Receipts at Electronic Terminals; Periodic 
Statements, Paragraph 9(a)(5)(iv) would be removed;
    p. Under Section 205.9--Receipts at Electronic Terminals; Periodic 
Statements, under 9(b) Periodic Statements, paragraph 4. would be 
revised;
    q. Under Section 205.9--Receipts at Electronic Terminals; Periodic 
Statements, under 9(c) Exceptions to the Periodic Statement 
Requirements for Certain Accounts, a new heading, Paragraph 9(c)(1)--
Preauthorized Transfers to Accounts would be added and new paragraphs 
1. and 2. would be added to the newly designated heading;
    r. Under Section 205.10--Preauthorized Transfers, under 10(b) 
Written Authorization for Preauthorized Transfers from Consumer's 
Account, paragraph 5. would be revised, and new paragraph 7 would be 
added;
    s. Under Section 205.10--Preauthorized Transfers, under Paragraph 
10(e)(2)--Employment or Government Benefit, paragraph 1. would be 
revised;
    t. Under Section 205.11--Procedures for Resolving Errors, under 
11(a) Definition of Error, paragraph 2. would be revised; and
    u. Under Section 205.12--Relation to Other Laws, under 12(a) 
Relation to Truth in Lending, paragraph 1. would be revised.

SUPPLEMENT I TO PART 205--OFFICIAL STAFF INTERPRETATIONS

Section 205.2--Definitions

2(a) Access Device

* * * * *
    2. Check used as a source document. The term ``access 
device'' does not include a check or draft used as a source document 
to initiate an EFT. For example, a merchant may use equipment to 
scan the MICR (Magnetic Ink Character Recognition) encoding on a 
check (for the serial, account, and routing numbers) to initiate a 
one-time ACH debit from a consumer's account. The check is not an 
access device under Regulation E (12 CFR part 205), although the 
transaction is covered by the regulation (see comment 3(b)-
1(v)).
* * * * *

2(h) Electronic Terminal

* * * * *
    2. POS terminals. A POS terminal that captures data 
electronically, for debiting or crediting to a consumer's asset 
account, is an electronic terminal for purposes of Regulation E [if 
a debit card] even if no access device is used 
to initiate the transaction. (See Sec. 205.9 for receipt 
requirements.)
* * * * *

(2(k) Preauthorized Electronic Fund Transfer

    1. Advance authorization. A ``preauthorized electronic fund 
transfer'' under Regulation E is one authorized by the consumer in 
advance of a transfer which will take place on a recurring basis, at 
substantially regular intervals, and require no further action by 
the consumer to initiate the transfer. In a bill-payment system, for 
example, if the consumer authorizes a financial institution to make 
monthly payments to a payee, and the payments take place without 
further action by the consumer, the payments are preauthorized EFTs. 
In contrast, if the consumer must take action each month to initiate 
a payment (such as by entering instructions on a touch-tone 
telephone or home computer), the payments are not preauthorized 
EFTs.
* * * * *

2(m) Unauthorized Electronic Fund Transfer

* * * * *
    5. Reversal of direct deposits. A reversal of a 
direct deposit made in error is not an unauthorized EFT when it 
involves:
    i. A credit made to the wrong consumer's account;
    ii. A duplicate credit made to a consumer's account; or
    iii. A credit in the wrong amount made to a consumer's account 
(for example, when the amount credited differs from the amount in 
the transmittal instructions). If, however, there is a dispute 
whether the account holder is entitled to a certain amount (for 
example, a salary or a government benefit payment) the reversal may 
be an unauthorized EFT, depending on the facts and 
circumstances.
* * * * *

Section 205.3--Coverage

* * * * *

3(b) Electronic Fund Transfer

    1. Fund transfers covered. * * *
    v. A transfer from the consumer's account at POS 
where the merchant uses a consumer's check or draft as a source 
document to obtain the serial, account, and routing numbers.
    vi. A payment made by a bill payer under a bill-payment service 
available to a consumer via computer or other electronic means, 
unless the terms of the bill-payment service explicitly state that 
payment will be solely by check, draft, or similar paper 
instrument.
* * * * *

3(c) Exclusions from Coverage

Paragraph 3(c)(1)--Checks
    1. Re-presented checks. Electronic re-presentment of a returned 
check is not covered by Regulation E because the transfer originated 
by check. Regulation E does apply, however, to any fee debited 
electronically from the consumer's account for re-presenting the 
check electronically.
    2. Check used as a source document. See comment 3(b)-1(v) 
regarding coverage of certain EFTs at POS where a consumer provides 
a check as a source document.
* * * * *
Paragraph 3(c)(6)--Telephone-Initiated Transfers
    1. Written plan or agreement. A transfer that the consumer 
initiates by telephone is covered by Regulation 
E[only] if the transfer is made under a written plan or 
agreement between the consumer and the financial institution making 
the transfer. A written statement available to the public 
or to account holders that describes a service allowing a consumer 
to initiate transfers by telephone constitutes a plan--for example, 
a brochure, or material included with periodic statements. However, 
t [T]he following do not, by themselves, constitute a 
written plan or agreement:
    i. A hold-harmless agreement on a signature card that protects 
the institution if the consumer requests a transfer.
    ii. A legend on a signature card, periodic statement, or 
passbook that limits the number of telephone-initiated transfers the 
consumer can make from a savings account because of reserve 
requirements under Regulation D (12 CFR part 204).
    iii. An agreement permitting the consumer to approve by 
telephone the rollover of funds at the maturity of an instrument.
    2. Examples of covered transfers. * * * 
    v. The consumer initiates the transfer using a 
financial institution's audio response or voice response telephone 
system.
* * * * *

Section 205.6--Liability of Consumer for Unauthorized Transfers

* * * * *

6(b) Limitations on Amount of Liability

* * * * *
Paragraph 6(b)(1)--Timely Notice Given
* * * * *
    3. Two-business-day rule. The two-business-day period 
runs from midnight of the first business day after the consumer 
learns of the loss or theft and ends at midnight two business days 
later. The financial institution's business hours or the hour the 
consumer learns of the loss or theft does not govern the two-
business-day period. For example, a consumer learns of the loss or 
theft at 6 p.m. on Friday. Assuming that the following Saturday is a 
business day and Sunday is not, the two-business-day period expires 
at midnight on Monday.

[[Page 40066]]

Section 205.7--Initial Disclosures

7(a) Timing of Disclosures

* * * * *
    2. [Lack of prenotification of direct deposit. In some 
instances, before direct deposit of government payments such as 
Social Security takes place, the consumer and the financial 
institution both will complete Form 1199A (or a comparable form 
providing notice to the institution) and the institution can make 
disclosures at that time. If an institution has not received advance 
notice that direct deposits are to be made to a consumer's account, 
the institution must provide the required disclosures as soon as 
reasonably possible after the first direct deposit is made, unless 
the institution has previously given disclosures.]Lack of 
advance notice of a transfer. Where a consumer authorizes a third 
party to debit or credit the consumer's account, an account-holding 
institution that has not received advance notice of a transfer or 
transfers must provide the required disclosures as soon as 
reasonably possible after the first debit or credit is made, unless 
the institution has previously given the disclosures.
* * * * *
Paragraph 7(b)(10)--Error Resolution
* * * * *
    2. Exception from provisional crediting. To take advantage of 
the longer time periods for resolving errors under Sec. 205.11(c)(3) 
(for 
    new accounts, transfers initiated outside the United 
States, or resulting from POS debit-card transactions), a financial 
institution must have disclosed these longer time periods. 
Similarly, an institution that relies on the exception from 
provisional crediting in Sec. 205.11(c)(2) for accounts subject to 
Regulation T (12 CFR part 220) must disclose accordingly.

Section 205.8--Change-in-Terms Notice; Error Resolution Notice

8(b) Error Resolution Notice

* * * * *
    2. Exception from provisional crediting. See comment 
7(b)(10)-2.

Section 205.9--Receipts at Electronic Terminals; Periodic Statements

9(a) Receipts at Electronic Terminals

* * * * *
Paragraph 9(a)(5)--Terminal Location
    1. [Location code]Options for identifying terminal. 
The institution may provide either:
    (i) The city, state or foreign country, and the information in 
Secs. 205.9(a)(5)(i), (ii), or (iii), or
    (ii) A number or a code identifying the terminal. If the 
institution chooses the second option, the [A] code or 
terminal number identifying the terminal where the transfer is 
initiated may be given as part of a transaction code.
* * * * *
    3. Omission of a state. A state may be omitted from 
the location information on the receipt if:
    i. All the terminals owned or operated by the financial 
institution providing the statement (or by the system in which it 
participates) are located in that state, or
    ii. All transfers occur at terminals located within 50 miles of 
the financial institution's main office.
    4. Omission of a city and state. A city and state may be omitted 
if all the terminals owned or operated by the financial institution 
providing the statement (or by the system in which it participates) 
are located in the same city.
* * * * *

9(b) Periodic Statements

* * * * *
    4. Statement[Customer] pickup. A financial 
institution may permit, but may not require, consumers to 
pick up[call for] their periodic statements 
at the financial institution.
* * * * *

9(c) Exceptions to the Periodic Statement Requirements for Certain 
Accounts

* * * * *
Paragraph 9(c)(1)--Preauthorized Transfers to 
Accounts
    1. Accounts that may be accessed only by 
preauthorized transfers to the account. The exception for ``accounts 
that may be accessed only by preauthorized transfers to the 
account'' includes accounts that can be accessed by means other than 
EFTs, such as checks. If, however, an account may be accessed by any 
EFT other than preauthorized credits to the account, such as 
preauthorized debits or ATM transactions, the account does not 
qualify for the exception.
    2. Reversal of direct deposits. For direct-deposit-only 
accounts, a financial institution must send a periodic statement at 
least quarterly. A reversal of a direct deposit to correct an error 
does not trigger the monthly statement requirement when the error 
represented a credit to the wrong consumer's account, a duplicate 
credit to a consumer's account, or a credit in the wrong amount to a 
consumer's account. (See comment 2(m)-5 for guidance on the reversal 
of direct deposits and the rules for unauthorized EFTs.)
* * * * *

Section 205.10--Preauthorized Transfers

* * * * *

10(b) Written Authorization for Preauthorized Transfers from 
Consumer's Account

* * * * *
    5. Similarly authenticated. An example of a consumer's 
authorization that is not in the form of a signed writing but is 
instead ``similarly authenticated'' is a consumer's authorization 
via a home banking system[.]
    or other electronic communication system. An 
authentication device or procedure satisfies the ``similarly 
authenticated'' requirement if it provides similar assurance to a 
written signature (such as a device or procedure that verifies the 
consumer's identity and evidences the consumer's assent to the 
authorization). Examples include, but are not limited to, digital 
signatures and security codes. [To satisfy the 
requirements of this section, there must be some means to identify 
the consumer (such as a security code) and to make available a paper 
copy of the authorization (automatically or upon request).] The 
[text] terms of the electronic authorization 
would have to be displayed on a computer screen or other visual 
display which enables the consumer to read the communication. 
The person that obtains the authorization must provide a 
copy of the terms of the authorization to the consumer. 
Only the consumer may authorize the transfer and not, for example, a 
third-party merchant on behalf of the consumer.
* * * * *
    7. Bona fide error. Consumers sometimes authorize, by 
telephone or on-line, third-party payees to submit recurring charges 
against a credit card account. If the consumer indicates use of a 
credit card when in fact a debit card is being used, the payee is 
not in violation of the requirement to obtain a written 
authorization if the failure to obtain written authorization was not 
intentional and resulted from a bona fide error, and the payee 
maintains procedures reasonably adapted to avoid any such error. If 
the payee is unable to determine whether a credit or debit card 
number is involved, at the time of the authorization, but later 
finds that the card used was a debit card, the payee must obtain a 
written and signed or (where appropriate) a similarly authenticated 
authorization as soon as reasonably possible, or cease debiting the 
consumer's account.
* * * * *

10(e) Compulsory Use

* * * * *
Paragraph 10(e)(2)-Employment or Government Benefit
    1. Payroll. [A financial institution (as an employer)] 
An employer (including a financial 
institution) may not require its employees to receive 
their salary by direct deposit [to that same institution or] to any 
[other] particular institution. An employer may require direct 
deposit of salary by electronic means if employees are allowed to 
choose the institution that will receive the direct deposit. 
Alternatively, an employer may give employees the choice of having 
their salary deposited at a particular institution 
(designated by the employer) (, or receiving 
their salary by another means, such as by check or cash.

Section 205.11--Procedures for Resolving Errors

11(a) Definition of Error

* * * * *
    2. Verifying a payment or an account 
deposit. If the consumer [merely] calls to ascertain 
whether a payment (for example, in a home-banking or 
bill-payment program) was made electronically or whether 
a deposit made via ATM, preauthorized transfer, or any other type of 
EFT was credited to the account, without asserting an error, the 
error resolution procedures do not apply.
* * * * *

Section 205.12--Relation to Other Laws

12(a) Relation to Truth in Lending

    1. Determining applicable regulation. i. 
For transactions involving access devices

[[Page 40067]]

that also constitute credit cards, whether Regulation E or 
Regulation Z (12 CFR part 226) applies, depends on the nature of the 
transaction. For example, if the transaction [is purely]  
solely involves  an extension of credit, and does not 
include a debit to a
checking account (or other consumer asset account), the liability 
limitations and error resolution requirements of Regulation Z [(12 
CFR part 226)] apply. If the transaction only
debits a checking account (with no credit extended), the provisions 
of Regulation E apply. [Finally, if]  If  the 
transaction
debits a checking account but also draws on an overdraft line of 
credit  attached to the account , [the 
Regulation E provisions
apply, as well as] Secs. 226.13(d) and (g) of Regulation
Z[.]  apply, as well as the Regulation E provisions, 
because there was an extension of credit associated with the 
overdraft feature on the checking account.
In such a transaction, the liability provisions under Regulation E 
apply. Finally, if a consumer's access device is also a credit card 
and the device is used to make unauthorized withdrawals from a 
checking account, but also is used to obtain unauthorized cash 
advances directly from a separate line of credit unattached to the 
checking account, the liability limitations under both Regulation E 
and Regulation Z apply. In such a transaction, the consumer is 
potentially liable under Regulation Z for the unauthorized use of 
the credit card and, in addition, up to $50, $500, or an unlimited 
amount (not to exceed the amount of the unauthorized transfer) under 
Regulation E for the unauthorized use of the debit card 
[In such a transaction, the consumer might be liable for up to $50 
under Regulation Z (12 CFR 226) and, in addition, for $50, $500, or 
an unlimited amount under Regulation E].
     ii. The following examples illustrate these 
principles:
    A. A consumer has a card that can be used either as a credit 
card or a debit card. When used as a debit card, the card draws on 
the consumer's checking account. When used as a credit card, the 
card draws only on a separate line of credit. If the card is stolen 
and used as a credit card to make purchases or to get cash advances 
from ATMs, the liability limits and error resolution provisions of 
Regulation Z apply; Regulation E does not apply.
    B. In the same situation, if the card is stolen and is instead 
used as a debit card to make purchases or to get cash withdrawals 
from ATMs, the liability limits and error resolution provisions of 
Regulation E apply; Regulation Z does not apply.
    C. In the same situation, the card is stolen and used both as a 
debit card and as a credit card; for example, the thief makes some 
purchases using the card as a debit card, and other purchases using 
the card as a credit card. Here, the liability limits and error 
resolution provisions of Regulation E apply to the unauthorized 
transactions in which the card was used as a debit card, and the 
corresponding provisions of Regulation Z apply to the unauthorized 
transactions in which the card was used as a credit card.
    D. Assume a somewhat different type of card, one that draws on 
the consumer's checking account and can also draw on an overdraft 
line of credit attached to the checking account. There is no 
separate line of credit, other than the overdraft line, associated 
with the card. In this situation, if the card is stolen and used, 
the liability limits and the error resolution provisions of 
Regulation E apply. In addition, if the use of the card has resulted 
in accessing the overdraft line of credit, the error resolution 
provisions of Sec. 226.13(d) and (g) of Regulation Z also apply; 
however, the other error resolution provisions of Regulation Z do 
not apply. 
* * * * *

    By order of the Board of Governors of the Federal Reserve 
System, acting through the Director of the Division of Consumer and 
Community Affairs under delegated authority, June 22, 2000.
Jennifer J. Johnson,
Secretary of the Board.
[FR Doc. 00-16303 Filed 6-28-00; 8:45 am]
BILLING CODE 6210-01-P