TOPICS

Thursday, May 23, 2019

ACH Transactions: Disclosure Requirements

QUESTION
In revising our EFT policy, we want to be sure we have sections for all the areas involving ACH transactions. Also, we want to begin the policy with the types of information that must be disclosed to a consumer or financial institution. What are the areas involving ACH transactions? Also, what types of information must be disclosed?

ANSWER
The Electronic Fund Transfer Act (EFTA) establishes the rights, liabilities, and responsibilities of consumers and financial institutions as they relate to electronic fund transfers. Its implementing regulation is Regulation E, which is updated and enforced by the Consumer Financial Protection Bureau (CFPB). An automated clearing house or ACH transaction takes place in an electronic network for financial transactions, such as credit transfers and direct debits.

Certain ACH transactions fall under Regulation E’s definition of “electronic fund transfers.”

The ACH transactions that are subject to Regulation E are:
  • Prearranged payments and deposits (PPD);
  • Point-of-purchase entries (POP);
  • Accounts receivable entries (ARC);
  • Internet-initiated/mobile entries (WEB);
  • Telephone transfer entries (TEL);
  • Machine transfer entries (MTE);
  • Point-of-sale (POS);
  • Shared network transaction (SHR); and,
  • Consumer-to-consumer or consumer-to-business international ACH transactions (IAT).

It should be noted, though, that Regulation E covers many types of electronic fund transfers, not just ACH transactions. Other types of electronic fund transfers addressed in Regulation E include telephone transfers (non-ACH), transfers made at point-of-sale terminals (non-ACH), automated teller machine (ATM) transfers, and debit card transfers. This section focuses on Regulation E as it applies to ACH transactions.

Generally, the rule or regulation that provides the greatest protection to the consumer is the one that takes precedent. In cases where there is an overlap between Regulation E and the ACH Rules, a comparison is usually made to provide clarification as to how each one applies and to indicate which one takes precedence.

With respect to the types of information that mandate disclosure, certain information must be disclosed to consumers by their financial institutions prior to the first ACH debit or credit transaction that ever posts to the consumers’ accounts. The information may be provided in a document along with other disclosure information that must be supplied to the consumer, or it may be provided as a separate document. I’ve seen both methods in active use.

The receiving depository financial institution, or RDFI, is the financial institution qualified to receive ACH entries. These institutions are required to abide by the NACHA Rules, the rules of the National Automated Clearing House Association. The RDFI interlinks the receiver's account with the card association network.

The RDFI has no way of knowing when an ACH debit or credit might be received, so our clients' ACH policies usually state that it is best to give consumers this information at the time they open an account.

At a minimum, the RDFI must provide the following information:
  • A summary of the consumer’s liability when unauthorized ACH transactions are posted to his or her account;
  • A contact phone number and/or address for reporting unauthorized transactions that appear on the account;
  • A definition of “business days” for the financial institution;
  • What types of transfers are allowed and whether there are limitations on either the dollar amount of the transfers or the number of transfers;
  • Fees that may be charged for ACH transactions;
  • Summary of the consumer’s right to receive receipts and periodic statements;
  • Summary of the consumer’s right to place a stop payment on an ACH transaction and the procedure the consumer must follow to place the stop payment;
  • The financial institution’s liability if it fails to stop payment or fails to make a certain transfer; and,
  • The error resolution process the financial institution will follow when an unauthorized ACH transaction is reported. Note: The error resolution process needs to be provided not only initially, but also annually unless it is printed on every periodic statement.
Consider reviewing the appendices to Regulation E for the model forms and disclosures that financial institutions may use to assist them with compliance.

Jonathan Foxx, PhD, MBA
Managing Director
Lenders Compliance Group